/** * Tests whether the given domain matches any of entry from the public suffix list. */ public boolean matches(final String domain) { return matches(domain, null); }
/** * Checks whether the parameter is a valid IPv6 address (including compressed). * * @param input the address string to check for validity * @return true if the input parameter is a valid standard or compressed IPv6 address */ public static boolean isIPv6Address(final String input) { return isIPv6StdAddress(input) || isIPv6HexCompressedAddress(input); }
/** * Returns registrable part of the domain for the given domain name or {@code null} * if given domain represents a public suffix. * * @param domain * @return domain root */ public String getDomainRoot(final String domain) { return getDomainRoot(domain, null); }
private static PublicSuffixMatcher load(final InputStream in) throws IOException { final List<PublicSuffixList> lists = new PublicSuffixListParser().parseByType( new InputStreamReader(in, StandardCharsets.UTF_8)); return new PublicSuffixMatcher(lists); }
static HostNameType determineHostFormat(final String host) { if (InetAddressUtils.isIPv4Address(host)) { return HostNameType.IPv4; } String s = host; if (s.startsWith("[") && s.endsWith("]")) { s = host.substring(1, host.length() - 1); } if (InetAddressUtils.isIPv6Address(s)) { return HostNameType.IPv6; } return HostNameType.DNS; }
static void matchIPv6Address(final String host, final List<SubjectName> subjectAlts) throws SSLException { final String normalisedHost = normaliseAddress(host); for (int i = 0; i < subjectAlts.size(); i++) { final SubjectName subjectAlt = subjectAlts.get(i); if (subjectAlt.getType() == SubjectName.IP) { final String normalizedSubjectAlt = normaliseAddress(subjectAlt.getValue()); if (normalisedHost.equals(normalizedSubjectAlt)) { return; } } } throw new SSLPeerUnverifiedException("Certificate for <" + host + "> doesn't match any " + "of the subject alternative names: " + subjectAlts); }
static void matchDNSName(final String host, final List<SubjectName> subjectAlts, final PublicSuffixMatcher publicSuffixMatcher) throws SSLException { final String normalizedHost = host.toLowerCase(Locale.ROOT); for (int i = 0; i < subjectAlts.size(); i++) { final SubjectName subjectAlt = subjectAlts.get(i); if (subjectAlt.getType() == SubjectName.DNS) { final String normalizedSubjectAlt = subjectAlt.getValue().toLowerCase(Locale.ROOT); if (matchIdentityStrict(normalizedHost, normalizedSubjectAlt, publicSuffixMatcher)) { return; } } } throw new SSLPeerUnverifiedException("Certificate for <" + host + "> doesn't match any " + "of the subject alternative names: " + subjectAlts); }
public static HostnameVerifier getHostnameVerifier(TLSClientParameters tlsClientParameters) { HostnameVerifier verifier; if (tlsClientParameters.getHostnameVerifier() != null) { verifier = tlsClientParameters.getHostnameVerifier(); } else if (tlsClientParameters.isUseHttpsURLConnectionDefaultHostnameVerifier()) { verifier = HttpsURLConnection.getDefaultHostnameVerifier(); } else if (tlsClientParameters.isDisableCNCheck()) { verifier = new AllowAllHostnameVerifier(); } else { verifier = new DefaultHostnameVerifier(PublicSuffixMatcherLoader.getDefault()); } return verifier; }
static boolean matchIdentity(final String host, final String identity, final PublicSuffixMatcher publicSuffixMatcher) { return matchIdentity(host, identity, publicSuffixMatcher, false); }
public static PublicSuffixMatcher load(final URL url) throws IOException { if (url == null) { throw new IllegalArgumentException("URL is null"); } try (InputStream in = url.openStream()) { return load(in); } }
static void matchCN(final String host, final String cn, final PublicSuffixMatcher publicSuffixMatcher) throws SSLException { final String normalizedHost = host.toLowerCase(Locale.ROOT); final String normalizedCn = cn.toLowerCase(Locale.ROOT); if (!matchIdentityStrict(normalizedHost, normalizedCn, publicSuffixMatcher)) { throw new SSLPeerUnverifiedException("Certificate for <" + host + "> doesn't match " + "common name of the certificate subject: " + cn); } }
static SubjectName DNS(final String value) { return new SubjectName(value, DNS); } //CHECKSTYLE:ON
private boolean hasRule(final String rule, final DomainType expectedType) { return hasEntry(this.rules, rule, expectedType); }
private static boolean hasEntry(final Map<String, DomainType> map, final String rule, final DomainType expectedType) { if (map == null) { return false; } final DomainType domainType = map.get(rule); if (domainType == null) { return false; } return expectedType == null || domainType.equals(expectedType); }
static boolean matchIdentity(final String host, final String identity) { return matchIdentity(host, identity, null, false); }
/** * Tests whether the given domain matches any of entry from the public suffix list. * * @param domain * @param expectedType expected domain type or {@code null} if any. * @return {@code true} if the given domain matches any of the public suffixes. */ public boolean matches(final String domain, final DomainType expectedType) { if (domain == null) { return false; } final String domainRoot = getDomainRoot( domain.startsWith(".") ? domain.substring(1) : domain, expectedType); return domainRoot == null; }
static SubjectName IP(final String value) { return new SubjectName(value, IP); }
private boolean hasException(final String exception, final DomainType expectedType) { return hasEntry(this.exceptions, exception, expectedType); }
static boolean matchIdentityStrict(final String host, final String identity, final PublicSuffixMatcher publicSuffixMatcher) { return matchIdentity(host, identity, publicSuffixMatcher, true); }
static boolean matchIdentityStrict(final String host, final String identity) { return matchIdentity(host, identity, null, true); }