org.mariadb.jdbc.internal.protocol.tls

Class HostnameVerifierImpl

java.lang.Object

org.mariadb.jdbc.internal.protocol.tls.HostnameVerifierImpl

All Implemented Interfaces:

javax.net.ssl.HostnameVerifier

public class HostnameVerifierImpl
extends java.lang.Object
implements javax.net.ssl.HostnameVerifier

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
private static class	HostnameVerifierImpl.Extension
private class	HostnameVerifierImpl.GeneralName
private class	HostnameVerifierImpl.SubjectAltNames

Field Summary

Fields

Modifier and Type	Field and Description
private static Logger	logger

Constructor Summary

Constructors

Constructor and Description
HostnameVerifierImpl()

Method Summary

Modifier and Type	Method and Description
private static java.lang.String	extractCommonName(java.lang.String principal)
private HostnameVerifierImpl.SubjectAltNames	getSubjectAltNames(java.security.cert.X509Certificate cert)
private static boolean	matchDns(java.lang.String hostname, java.lang.String tlsDnsPattern) DNS verification : Matching is performed using the matching rules specified by [RFC2459].
private static boolean	matchWildCards(boolean hostIsIp, java.lang.String hostnameToken, java.lang.String tlsDnsToken)
private static java.lang.String	normaliseAddress(java.lang.String hostname)
private static java.lang.String	normalizedHostMsg(java.lang.String normalizedHost)
boolean	verify(java.lang.String host, javax.net.ssl.SSLSession session)
boolean	verify(java.lang.String host, javax.net.ssl.SSLSession session, long serverThreadId) Verification, like HostnameVerifier.verify() with an additional server thread id to identify connection in logs.
void	verify(java.lang.String host, java.security.cert.X509Certificate cert, long serverThreadId) Verification that throw an exception with a detailed error message in case of error.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

private static final Logger logger

Constructor Detail

HostnameVerifierImpl

public HostnameVerifierImpl()

Method Detail

matchDns

private static boolean matchDns(java.lang.String hostname,
                                java.lang.String tlsDnsPattern)
                         throws javax.net.ssl.SSLException

DNS verification : Matching is performed using the matching rules specified by [RFC2459]. If more than one identity of a given type is present in the certificate (e.g., more than one dNSName name, a match in any one of the set is considered acceptable.) Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., *.a.com matches foo.a.com but not bar.foo.a.com. f*.com matches foo.com but not bar.com.

Parameters:

hostname - hostname

tlsDnsPattern - DNS pattern (may contain wildcard)

Returns:

true if matching

Throws:

javax.net.ssl.SSLException

matchWildCards

private static boolean matchWildCards(boolean hostIsIp,
                                      java.lang.String hostnameToken,
                                      java.lang.String tlsDnsToken)
                               throws javax.net.ssl.SSLException

Throws:

javax.net.ssl.SSLException

extractCommonName

private static java.lang.String extractCommonName(java.lang.String principal)
                                           throws javax.net.ssl.SSLException

Throws:

javax.net.ssl.SSLException

normaliseAddress

private static java.lang.String normaliseAddress(java.lang.String hostname)

getSubjectAltNames

private HostnameVerifierImpl.SubjectAltNames getSubjectAltNames(java.security.cert.X509Certificate cert)
                                                         throws java.security.cert.CertificateParsingException

Throws:

java.security.cert.CertificateParsingException

verify

public boolean verify(java.lang.String host,
                      javax.net.ssl.SSLSession session)

Specified by:

verify in interface javax.net.ssl.HostnameVerifier

verify

public boolean verify(java.lang.String host,
                      javax.net.ssl.SSLSession session,
                      long serverThreadId)

Verification, like HostnameVerifier.verify() with an additional server thread id to identify connection in logs.

Parameters:

host - host to connect (DNS/IP)

session - SSL session

serverThreadId - connection id to identify connection in logs

Returns:

true if valid

verify

public void verify(java.lang.String host,
                   java.security.cert.X509Certificate cert,
                   long serverThreadId)
            throws javax.net.ssl.SSLException

Verification that throw an exception with a detailed error message in case of error.

Parameters:

host - hostname

cert - certificate

serverThreadId - server thread Identifier to identify connection in logs

Throws:

javax.net.ssl.SSLException - exception

normalizedHostMsg

private static java.lang.String normalizedHostMsg(java.lang.String normalizedHost)