public static CertificateChainCleaner get(X509Certificate... caCerts) { return new BasicCertificateChainCleaner(caCerts); } }
/** Returns true if {@code certificate} matches {@code hostname}. */ private boolean verifyHostname(String hostname, X509Certificate certificate) { hostname = hostname.toLowerCase(Locale.US); List<String> altNames = getSubjectAltNames(certificate, ALT_DNS_NAME); for (String altName : altNames) { if (verifyHostname(hostname, altName)) { return true; } } return false; }
public boolean verify(String host, X509Certificate certificate) { return verifyAsIpAddress(host) ? verifyIpAddress(host, certificate) : verifyHostname(host, certificate); }
@Override public boolean verify(String host, SSLSession session) { try { Certificate[] certificates = session.getPeerCertificates(); return verify(host, (X509Certificate) certificates[0]); } catch (SSLException e) { return false; } }
public static List<String> allSubjectAltNames(X509Certificate certificate) { List<String> altIpaNames = getSubjectAltNames(certificate, ALT_IPA_NAME); List<String> altDnsNames = getSubjectAltNames(certificate, ALT_DNS_NAME); List<String> result = new ArrayList<>(altIpaNames.size() + altDnsNames.size()); result.addAll(altIpaNames); result.addAll(altDnsNames); return result; }
private String quotedAV() { pos++; beg = pos; end = beg; while (true) { if (pos == length) { throw new IllegalStateException("Unexpected end of DN: " + dn); } if (chars[pos] == '"') { // enclosing quotation was found pos++; break; } else if (chars[pos] == '\\') { chars[end] = getEscaped(); } else { // shift char: required for string with escaped chars chars[end] = chars[pos]; } pos++; end++; } // skip trailing space chars before comma or semicolon. // (compatibility with RFC 1779) for (; pos < length && chars[pos] == ' '; pos++) { } return new String(chars, beg, end - beg); }
public static CertificateChainCleaner get(X509Certificate... caCerts) { return new BasicCertificateChainCleaner(new BasicTrustRootIndex(caCerts)); } }
private char getEscaped() { pos++; if (pos == length) { throw new IllegalStateException("Unexpected end of DN: " + dn); } switch (chars[pos]) { case '"': case '\\': case ',': case '=': case '+': case '<': case '>': case '#': case ';': case ' ': case '*': case '%': case '_': //FIXME: escaping is allowed only for leading or trailing space char return chars[pos]; default: // RFC doesn't explicitly say that escaped hex pair is // interpreted as UTF-8 char. It only contains an example of such DN. return getUTF8(); } }
public TrustRootIndex buildTrustRootIndex(X509TrustManager trustManager) { return new BasicTrustRootIndex(trustManager.getAcceptedIssuers()); }
if (trustManager == null) throw new NullPointerException("trustManager == null"); this.sslSocketFactory = sslSocketFactory; this.certificateChainCleaner = CertificateChainCleaner.get(trustManager); return this;
public boolean verify(String host, X509Certificate certificate) { return verifyAsIpAddress(host) ? verifyIpAddress(host, certificate) : verifyHostname(host, certificate); }
/** Returns true if {@code certificate} matches {@code hostname}. */ private boolean verifyHostname(String hostname, X509Certificate certificate) { hostname = hostname.toLowerCase(Locale.US); List<String> altNames = getSubjectAltNames(certificate, ALT_DNS_NAME); for (String altName : altNames) { if (verifyHostname(hostname, altName)) { return true; } } return false; }
@Override public boolean verify(String host, SSLSession session) { try { Certificate[] certificates = session.getPeerCertificates(); return verify(host, (X509Certificate) certificates[0]); } catch (SSLException e) { return false; } }
/** Returns true if {@code certificate} matches {@code ipAddress}. */ private boolean verifyIpAddress(String ipAddress, X509Certificate certificate) { List<String> altNames = getSubjectAltNames(certificate, ALT_IPA_NAME); for (int i = 0, size = altNames.size(); i < size; i++) { if (ipAddress.equalsIgnoreCase(altNames.get(i))) { return true; } } return false; }
encoded[i] = (byte) getByte(p);
case '\\': chars[end++] = getEscaped(); pos++; break;
public CertificateChainCleaner buildCertificateChainCleaner(X509TrustManager trustManager) { return new BasicCertificateChainCleaner(trustManager.getAcceptedIssuers()); }
public boolean supportsUrl(HttpUrl url) { if (url.port() != route.address().url().port()) { return false; // Port mismatch. } if (!url.host().equals(route.address().url().host())) { // We have a host mismatch. But if the certificate matches, we're still good. return handshake != null && OkHostnameVerifier.INSTANCE.verify( url.host(), (X509Certificate) handshake.peerCertificates().get(0)); } return true; // Success. The URL is supported. }
public CertificateChainCleaner buildCertificateChainCleaner(X509TrustManager trustManager) { return new BasicCertificateChainCleaner(buildTrustRootIndex(trustManager)); }