Google Git
Sign in
apache / cxf-site / refs/heads/asf-staging / . / content / javadoc / latest-3.1.x / org / apache / cxf / transport / https / CertificateHostnameVerifier.html
blob: 0e6ef9b4bbeabc18cef92b62f33de0a211e2eca1 [file] [log] [blame]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--NewPage-->
<HTML>
<HEAD>
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<TITLE>
CertificateHostnameVerifier (Apache CXF JavaDoc 3.0.0 API)
</TITLE>
<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../stylesheet.css" TITLE="Style">
<SCRIPT type="text/javascript">
function windowTitle()
{
if (location.href.indexOf('is-external=true') == -1) {
parent.document.title="CertificateHostnameVerifier (Apache CXF JavaDoc 3.0.0 API)";
}
}
</SCRIPT>
<NOSCRIPT>
</NOSCRIPT>
</HEAD>
<BODY BGCOLOR="white" onload="windowTitle();">
<HR>
<!-- ========= START OF TOP NAVBAR ======= -->
<A NAME="navbar_top"><!-- --></A>
<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
<TR>
<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
<A NAME="navbar_top_firstrow"><!-- --></A>
<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
<TR ALIGN="center" VALIGN="top">
<TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
<TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
<TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
<TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/CertificateHostnameVerifier.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
<TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
<TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
<TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
<TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
</TR>
</TABLE>
</TD>
<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
Apache CXF API</EM>
</TD>
</TR>
<TR>
<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
&nbsp;<A HREF="../../../../../org/apache/cxf/transport/https/CertConstraintsJaxBUtils.html" title="class in org.apache.cxf.transport.https"><B>PREV CLASS</B></A>&nbsp;
&nbsp;<A HREF="../../../../../org/apache/cxf/transport/https/CertificateHostnameVerifier.AbstractVerifier.html" title="class in org.apache.cxf.transport.https"><B>NEXT CLASS</B></A></FONT></TD>
<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
<A HREF="../../../../../index.html?org/apache/cxf/transport/https/CertificateHostnameVerifier.html" target="_top"><B>FRAMES</B></A> &nbsp;
&nbsp;<A HREF="CertificateHostnameVerifier.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
&nbsp;<SCRIPT type="text/javascript">
<!--
if(window==top) {
document.writeln('<A HREF="../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
}
//-->
</SCRIPT>
<NOSCRIPT>
<A HREF="../../../../../allclasses-noframe.html"><B>All Classes</B></A>
</NOSCRIPT>
</FONT></TD>
</TR>
<TR>
<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
SUMMARY:&nbsp;<A HREF="#nested_class_summary">NESTED</A>&nbsp;|&nbsp;<A HREF="#field_summary">FIELD</A>&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
DETAIL:&nbsp;<A HREF="#field_detail">FIELD</A>&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
</TR>
</TABLE>
<A NAME="skip-navbar_top"></A>
<!-- ========= END OF TOP NAVBAR ========= -->
<HR>
<!-- ======== START OF CLASS DATA ======== -->
<H2>
<FONT SIZE="-1">
org.apache.cxf.transport.https</FONT>
<BR>
Interface CertificateHostnameVerifier</H2>
<DL>
<DT><B>All Superinterfaces:</B> <DD><A HREF="http://docs.oracle.com/javase/6/docs/api/javax/net/ssl/HostnameVerifier.html?is-external=true" title="class or interface in javax.net.ssl">HostnameVerifier</A></DD>
</DL>
<DL>
<DT><B>All Known Implementing Classes:</B> <DD><A HREF="../../../../../org/apache/cxf/transport/https/CertificateHostnameVerifier.AbstractVerifier.html" title="class in org.apache.cxf.transport.https">CertificateHostnameVerifier.AbstractVerifier</A></DD>
</DL>
<HR>
<DL>
<DT><PRE>public interface <B>CertificateHostnameVerifier</B><DT>extends <A HREF="http://docs.oracle.com/javase/6/docs/api/javax/net/ssl/HostnameVerifier.html?is-external=true" title="class or interface in javax.net.ssl">HostnameVerifier</A></DL>
</PRE>
<P>
************************************************************************
Copied from the not-yet-commons-ssl project at http://juliusdavies.ca/commons-ssl/
As the above project is accepted into Apache and its JARs become available in
the Maven 2 repos, we will have to switch to using the JARs instead
************************************************************************
<p/>
Interface for checking if a hostname matches the names stored inside the
server's X.509 certificate. Correctly implements
javax.net.ssl.HostnameVerifier, but that interface is not recommended.
Instead we added several check() methods that take SSLSocket,
or X509Certificate, or ultimately (they all end up calling this one),
String. (It's easier to supply JUnit with Strings instead of mock
SSLSession objects!)
</p><p>Our check() methods throw exceptions if the name is
invalid, whereas javax.net.ssl.HostnameVerifier just returns true/false.
<p/>
We provide the HostnameVerifier.DEFAULT, HostnameVerifier.STRICT, and
HostnameVerifier.ALLOW_ALL implementations. We also provide the more
specialized HostnameVerifier.DEFAULT_AND_LOCALHOST, as well as
HostnameVerifier.STRICT_IE6. But feel free to define your own
implementations!
<p/>
Inspired by Sebastian Hauer's original StrictSSLProtocolSocketFactory in the
HttpClient "contrib" repository.
<P>
<P>
<HR>
<P>
<!-- ======== NESTED CLASS SUMMARY ======== -->
<A NAME="nested_class_summary"><!-- --></A>
<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
<TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2">
<B>Nested Class Summary</B></FONT></TH>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>static&nbsp;class</CODE></FONT></TD>
<TD><CODE><B><A HREF="../../../../../org/apache/cxf/transport/https/CertificateHostnameVerifier.AbstractVerifier.html" title="class in org.apache.cxf.transport.https">CertificateHostnameVerifier.AbstractVerifier</A></B></CODE>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>static&nbsp;class</CODE></FONT></TD>
<TD><CODE><B><A HREF="../../../../../org/apache/cxf/transport/https/CertificateHostnameVerifier.Certificates.html" title="class in org.apache.cxf.transport.https">CertificateHostnameVerifier.Certificates</A></B></CODE>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
</TR>
</TABLE>
&nbsp;<!-- =========== FIELD SUMMARY =========== -->
<A NAME="field_summary"><!-- --></A>
<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
<TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2">
<B>Field Summary</B></FONT></TH>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>static&nbsp;<A HREF="../../../../../org/apache/cxf/transport/https/CertificateHostnameVerifier.html" title="interface in org.apache.cxf.transport.https">CertificateHostnameVerifier</A></CODE></FONT></TD>
<TD><CODE><B><A HREF="../../../../../org/apache/cxf/transport/https/CertificateHostnameVerifier.html#ALLOW_ALL">ALLOW_ALL</A></B></CODE>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;The ALLOW_ALL HostnameVerifier essentially turns hostname verification
off.</TD>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>static&nbsp;<A HREF="../../../../../org/apache/cxf/transport/https/CertificateHostnameVerifier.html" title="interface in org.apache.cxf.transport.https">CertificateHostnameVerifier</A></CODE></FONT></TD>
<TD><CODE><B><A HREF="../../../../../org/apache/cxf/transport/https/CertificateHostnameVerifier.html#DEFAULT">DEFAULT</A></B></CODE>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;The DEFAULT HostnameVerifier works the same way as Curl and Firefox.</TD>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>static&nbsp;<A HREF="../../../../../org/apache/cxf/transport/https/CertificateHostnameVerifier.html" title="interface in org.apache.cxf.transport.https">CertificateHostnameVerifier</A></CODE></FONT></TD>
<TD><CODE><B><A HREF="../../../../../org/apache/cxf/transport/https/CertificateHostnameVerifier.html#DEFAULT_AND_LOCALHOST">DEFAULT_AND_LOCALHOST</A></B></CODE>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;The DEFAULT_AND_LOCALHOST HostnameVerifier works like the DEFAULT
one with one additional relaxation: a host of "localhost",
"localhost.localdomain", "127.0.0.1", "::1" will always pass, no matter
what is in the server's certificate.</TD>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>static&nbsp;<A HREF="../../../../../org/apache/cxf/transport/https/CertificateHostnameVerifier.html" title="interface in org.apache.cxf.transport.https">CertificateHostnameVerifier</A></CODE></FONT></TD>
<TD><CODE><B><A HREF="../../../../../org/apache/cxf/transport/https/CertificateHostnameVerifier.html#STRICT">STRICT</A></B></CODE>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;The STRICT HostnameVerifier works the same way as java.net.URL in Sun
Java 1.4, Sun Java 5, Sun Java 6.</TD>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>static&nbsp;<A HREF="../../../../../org/apache/cxf/transport/https/CertificateHostnameVerifier.html" title="interface in org.apache.cxf.transport.https">CertificateHostnameVerifier</A></CODE></FONT></TD>
<TD><CODE><B><A HREF="../../../../../org/apache/cxf/transport/https/CertificateHostnameVerifier.html#STRICT_IE6">STRICT_IE6</A></B></CODE>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;The STRICT_IE6 HostnameVerifier works just like the STRICT one with one
minor variation: the hostname can match against any of the CN's in the
server's certificate, not just the first one.</TD>
</TR>
</TABLE>
&nbsp;
<!-- ========== METHOD SUMMARY =========== -->
<A NAME="method_summary"><!-- --></A>
<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
<TH ALIGN="left" COLSPAN="2"><FONT SIZE="+2">
<B>Method Summary</B></FONT></TH>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>&nbsp;void</CODE></FONT></TD>
<TD><CODE><B><A HREF="../../../../../org/apache/cxf/transport/https/CertificateHostnameVerifier.html#check(java.lang.String[], javax.net.ssl.SSLSocket)">check</A></B>(<A HREF="http://docs.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</A>[]&nbsp;hosts,
<A HREF="http://docs.oracle.com/javase/6/docs/api/javax/net/ssl/SSLSocket.html?is-external=true" title="class or interface in javax.net.ssl">SSLSocket</A>&nbsp;ssl)</CODE>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>&nbsp;void</CODE></FONT></TD>
<TD><CODE><B><A HREF="../../../../../org/apache/cxf/transport/https/CertificateHostnameVerifier.html#check(java.lang.String[], java.lang.String[], java.lang.String[])">check</A></B>(<A HREF="http://docs.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</A>[]&nbsp;hosts,
<A HREF="http://docs.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</A>[]&nbsp;cns,
<A HREF="http://docs.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</A>[]&nbsp;subjectAlts)</CODE>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Checks to see if the supplied hostname matches any of the supplied CNs
or "DNS" Subject-Alts.</TD>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>&nbsp;void</CODE></FONT></TD>
<TD><CODE><B><A HREF="../../../../../org/apache/cxf/transport/https/CertificateHostnameVerifier.html#check(java.lang.String[], java.security.cert.X509Certificate)">check</A></B>(<A HREF="http://docs.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</A>[]&nbsp;hosts,
<A HREF="http://docs.oracle.com/javase/6/docs/api/java/security/cert/X509Certificate.html?is-external=true" title="class or interface in java.security.cert">X509Certificate</A>&nbsp;cert)</CODE>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>&nbsp;void</CODE></FONT></TD>
<TD><CODE><B><A HREF="../../../../../org/apache/cxf/transport/https/CertificateHostnameVerifier.html#check(java.lang.String, javax.net.ssl.SSLSocket)">check</A></B>(<A HREF="http://docs.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</A>&nbsp;host,
<A HREF="http://docs.oracle.com/javase/6/docs/api/javax/net/ssl/SSLSocket.html?is-external=true" title="class or interface in javax.net.ssl">SSLSocket</A>&nbsp;ssl)</CODE>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>&nbsp;void</CODE></FONT></TD>
<TD><CODE><B><A HREF="../../../../../org/apache/cxf/transport/https/CertificateHostnameVerifier.html#check(java.lang.String, java.lang.String[], java.lang.String[])">check</A></B>(<A HREF="http://docs.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</A>&nbsp;host,
<A HREF="http://docs.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</A>[]&nbsp;cns,
<A HREF="http://docs.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</A>[]&nbsp;subjectAlts)</CODE>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>&nbsp;void</CODE></FONT></TD>
<TD><CODE><B><A HREF="../../../../../org/apache/cxf/transport/https/CertificateHostnameVerifier.html#check(java.lang.String, java.security.cert.X509Certificate)">check</A></B>(<A HREF="http://docs.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</A>&nbsp;host,
<A HREF="http://docs.oracle.com/javase/6/docs/api/java/security/cert/X509Certificate.html?is-external=true" title="class or interface in java.security.cert">X509Certificate</A>&nbsp;cert)</CODE>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
</TR>
<TR BGCOLOR="white" CLASS="TableRowColor">
<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
<CODE>&nbsp;boolean</CODE></FONT></TD>
<TD><CODE><B><A HREF="../../../../../org/apache/cxf/transport/https/CertificateHostnameVerifier.html#verify(java.lang.String, javax.net.ssl.SSLSession)">verify</A></B>(<A HREF="http://docs.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</A>&nbsp;host,
<A HREF="http://docs.oracle.com/javase/6/docs/api/javax/net/ssl/SSLSession.html?is-external=true" title="class or interface in javax.net.ssl">SSLSession</A>&nbsp;session)</CODE>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
</TR>
</TABLE>
&nbsp;
<P>
<!-- ============ FIELD DETAIL =========== -->
<A NAME="field_detail"><!-- --></A>
<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
<TH ALIGN="left" COLSPAN="1"><FONT SIZE="+2">
<B>Field Detail</B></FONT></TH>
</TR>
</TABLE>
<A NAME="DEFAULT"><!-- --></A><H3>
DEFAULT</H3>
<PRE>
static final <A HREF="../../../../../org/apache/cxf/transport/https/CertificateHostnameVerifier.html" title="interface in org.apache.cxf.transport.https">CertificateHostnameVerifier</A> <B>DEFAULT</B></PRE>
<DL>
<DD>The DEFAULT HostnameVerifier works the same way as Curl and Firefox.
<p/>
The hostname must match either the first CN, or any of the subject-alts.
A wildcard can occur in the CN, and in any of the subject-alts.
<p/>
The only difference between DEFAULT and STRICT is that a wildcard (such
as "*.foo.com") with DEFAULT matches all subdomains, including
"a.b.foo.com".
<P>
<DL>
</DL>
</DL>
<HR>
<A NAME="DEFAULT_AND_LOCALHOST"><!-- --></A><H3>
DEFAULT_AND_LOCALHOST</H3>
<PRE>
static final <A HREF="../../../../../org/apache/cxf/transport/https/CertificateHostnameVerifier.html" title="interface in org.apache.cxf.transport.https">CertificateHostnameVerifier</A> <B>DEFAULT_AND_LOCALHOST</B></PRE>
<DL>
<DD>The DEFAULT_AND_LOCALHOST HostnameVerifier works like the DEFAULT
one with one additional relaxation: a host of "localhost",
"localhost.localdomain", "127.0.0.1", "::1" will always pass, no matter
what is in the server's certificate.
<P>
<DL>
</DL>
</DL>
<HR>
<A NAME="STRICT"><!-- --></A><H3>
STRICT</H3>
<PRE>
static final <A HREF="../../../../../org/apache/cxf/transport/https/CertificateHostnameVerifier.html" title="interface in org.apache.cxf.transport.https">CertificateHostnameVerifier</A> <B>STRICT</B></PRE>
<DL>
<DD>The STRICT HostnameVerifier works the same way as java.net.URL in Sun
Java 1.4, Sun Java 5, Sun Java 6. It's also pretty close to IE6.
This implementation appears to be compliant with RFC 2818 for dealing
with wildcards.
<p/>
The hostname must match either the first CN, or any of the subject-alts.
A wildcard can occur in the CN, and in any of the subject-alts. The
one divergence from IE6 is how we only check the first CN. IE6 allows
a match against any of the CNs present. We decided to follow in
Sun Java 1.4's footsteps and only check the first CN.
<p/>
A wildcard such as "*.foo.com" matches only subdomains in the same
level, for example "a.foo.com". It does not match deeper subdomains
such as "a.b.foo.com".
<P>
<DL>
</DL>
</DL>
<HR>
<A NAME="STRICT_IE6"><!-- --></A><H3>
STRICT_IE6</H3>
<PRE>
static final <A HREF="../../../../../org/apache/cxf/transport/https/CertificateHostnameVerifier.html" title="interface in org.apache.cxf.transport.https">CertificateHostnameVerifier</A> <B>STRICT_IE6</B></PRE>
<DL>
<DD>The STRICT_IE6 HostnameVerifier works just like the STRICT one with one
minor variation: the hostname can match against any of the CN's in the
server's certificate, not just the first one. This behaviour is
identical to IE6's behaviour.
<P>
<DL>
</DL>
</DL>
<HR>
<A NAME="ALLOW_ALL"><!-- --></A><H3>
ALLOW_ALL</H3>
<PRE>
static final <A HREF="../../../../../org/apache/cxf/transport/https/CertificateHostnameVerifier.html" title="interface in org.apache.cxf.transport.https">CertificateHostnameVerifier</A> <B>ALLOW_ALL</B></PRE>
<DL>
<DD>The ALLOW_ALL HostnameVerifier essentially turns hostname verification
off. This implementation is a no-op, and never throws the SSLException.
<P>
<DL>
</DL>
</DL>
<!-- ============ METHOD DETAIL ========== -->
<A NAME="method_detail"><!-- --></A>
<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
<TH ALIGN="left" COLSPAN="1"><FONT SIZE="+2">
<B>Method Detail</B></FONT></TH>
</TR>
</TABLE>
<A NAME="verify(java.lang.String, javax.net.ssl.SSLSession)"><!-- --></A><H3>
verify</H3>
<PRE>
boolean <B>verify</B>(<A HREF="http://docs.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</A>&nbsp;host,
<A HREF="http://docs.oracle.com/javase/6/docs/api/javax/net/ssl/SSLSession.html?is-external=true" title="class or interface in javax.net.ssl">SSLSession</A>&nbsp;session)</PRE>
<DL>
<DD><DL>
<DT><B>Specified by:</B><DD><CODE><A HREF="http://docs.oracle.com/javase/6/docs/api/javax/net/ssl/HostnameVerifier.html?is-external=true#verify(java.lang.String, javax.net.ssl.SSLSession)" title="class or interface in javax.net.ssl">verify</A></CODE> in interface <CODE><A HREF="http://docs.oracle.com/javase/6/docs/api/javax/net/ssl/HostnameVerifier.html?is-external=true" title="class or interface in javax.net.ssl">HostnameVerifier</A></CODE></DL>
</DD>
<DD><DL>
</DL>
</DD>
</DL>
<HR>
<A NAME="check(java.lang.String, javax.net.ssl.SSLSocket)"><!-- --></A><H3>
check</H3>
<PRE>
void <B>check</B>(<A HREF="http://docs.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</A>&nbsp;host,
<A HREF="http://docs.oracle.com/javase/6/docs/api/javax/net/ssl/SSLSocket.html?is-external=true" title="class or interface in javax.net.ssl">SSLSocket</A>&nbsp;ssl)
throws <A HREF="http://docs.oracle.com/javase/6/docs/api/java/io/IOException.html?is-external=true" title="class or interface in java.io">IOException</A></PRE>
<DL>
<DD><DL>
</DL>
</DD>
<DD><DL>
<DT><B>Throws:</B>
<DD><CODE><A HREF="http://docs.oracle.com/javase/6/docs/api/java/io/IOException.html?is-external=true" title="class or interface in java.io">IOException</A></CODE></DL>
</DD>
</DL>
<HR>
<A NAME="check(java.lang.String, java.security.cert.X509Certificate)"><!-- --></A><H3>
check</H3>
<PRE>
void <B>check</B>(<A HREF="http://docs.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</A>&nbsp;host,
<A HREF="http://docs.oracle.com/javase/6/docs/api/java/security/cert/X509Certificate.html?is-external=true" title="class or interface in java.security.cert">X509Certificate</A>&nbsp;cert)
throws <A HREF="http://docs.oracle.com/javase/6/docs/api/javax/net/ssl/SSLException.html?is-external=true" title="class or interface in javax.net.ssl">SSLException</A></PRE>
<DL>
<DD><DL>
</DL>
</DD>
<DD><DL>
<DT><B>Throws:</B>
<DD><CODE><A HREF="http://docs.oracle.com/javase/6/docs/api/javax/net/ssl/SSLException.html?is-external=true" title="class or interface in javax.net.ssl">SSLException</A></CODE></DL>
</DD>
</DL>
<HR>
<A NAME="check(java.lang.String, java.lang.String[], java.lang.String[])"><!-- --></A><H3>
check</H3>
<PRE>
void <B>check</B>(<A HREF="http://docs.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</A>&nbsp;host,
<A HREF="http://docs.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</A>[]&nbsp;cns,
<A HREF="http://docs.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</A>[]&nbsp;subjectAlts)
throws <A HREF="http://docs.oracle.com/javase/6/docs/api/javax/net/ssl/SSLException.html?is-external=true" title="class or interface in javax.net.ssl">SSLException</A></PRE>
<DL>
<DD><DL>
</DL>
</DD>
<DD><DL>
<DT><B>Throws:</B>
<DD><CODE><A HREF="http://docs.oracle.com/javase/6/docs/api/javax/net/ssl/SSLException.html?is-external=true" title="class or interface in javax.net.ssl">SSLException</A></CODE></DL>
</DD>
</DL>
<HR>
<A NAME="check(java.lang.String[], javax.net.ssl.SSLSocket)"><!-- --></A><H3>
check</H3>
<PRE>
void <B>check</B>(<A HREF="http://docs.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</A>[]&nbsp;hosts,
<A HREF="http://docs.oracle.com/javase/6/docs/api/javax/net/ssl/SSLSocket.html?is-external=true" title="class or interface in javax.net.ssl">SSLSocket</A>&nbsp;ssl)
throws <A HREF="http://docs.oracle.com/javase/6/docs/api/java/io/IOException.html?is-external=true" title="class or interface in java.io">IOException</A></PRE>
<DL>
<DD><DL>
</DL>
</DD>
<DD><DL>
<DT><B>Throws:</B>
<DD><CODE><A HREF="http://docs.oracle.com/javase/6/docs/api/java/io/IOException.html?is-external=true" title="class or interface in java.io">IOException</A></CODE></DL>
</DD>
</DL>
<HR>
<A NAME="check(java.lang.String[], java.security.cert.X509Certificate)"><!-- --></A><H3>
check</H3>
<PRE>
void <B>check</B>(<A HREF="http://docs.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</A>[]&nbsp;hosts,
<A HREF="http://docs.oracle.com/javase/6/docs/api/java/security/cert/X509Certificate.html?is-external=true" title="class or interface in java.security.cert">X509Certificate</A>&nbsp;cert)
throws <A HREF="http://docs.oracle.com/javase/6/docs/api/javax/net/ssl/SSLException.html?is-external=true" title="class or interface in javax.net.ssl">SSLException</A></PRE>
<DL>
<DD><DL>
</DL>
</DD>
<DD><DL>
<DT><B>Throws:</B>
<DD><CODE><A HREF="http://docs.oracle.com/javase/6/docs/api/javax/net/ssl/SSLException.html?is-external=true" title="class or interface in javax.net.ssl">SSLException</A></CODE></DL>
</DD>
</DL>
<HR>
<A NAME="check(java.lang.String[], java.lang.String[], java.lang.String[])"><!-- --></A><H3>
check</H3>
<PRE>
void <B>check</B>(<A HREF="http://docs.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</A>[]&nbsp;hosts,
<A HREF="http://docs.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</A>[]&nbsp;cns,
<A HREF="http://docs.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</A>[]&nbsp;subjectAlts)
throws <A HREF="http://docs.oracle.com/javase/6/docs/api/javax/net/ssl/SSLException.html?is-external=true" title="class or interface in javax.net.ssl">SSLException</A></PRE>
<DL>
<DD>Checks to see if the supplied hostname matches any of the supplied CNs
or "DNS" Subject-Alts. Most implementations only look at the first CN,
and ignore any additional CNs. Most implementations do look at all of
the "DNS" Subject-Alts. The CNs or Subject-Alts may contain wildcards
according to RFC 2818.
<P>
<DD><DL>
</DL>
</DD>
<DD><DL>
<DT><B>Parameters:</B><DD><CODE>cns</CODE> - CN fields, in order, as extracted from the X.509
certificate.<DD><CODE>subjectAlts</CODE> - Subject-Alt fields of type 2 ("DNS"), as extracted
from the X.509 certificate.<DD><CODE>hosts</CODE> - The array of hostnames to verify.
<DT><B>Throws:</B>
<DD><CODE><A HREF="http://docs.oracle.com/javase/6/docs/api/javax/net/ssl/SSLException.html?is-external=true" title="class or interface in javax.net.ssl">SSLException</A></CODE> - If verification failed.</DL>
</DD>
</DL>
<!-- ========= END OF CLASS DATA ========= -->
<HR>
<!-- ======= START OF BOTTOM NAVBAR ====== -->
<A NAME="navbar_bottom"><!-- --></A>
<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
<TR>
<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
<A NAME="navbar_bottom_firstrow"><!-- --></A>
<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
<TR ALIGN="center" VALIGN="top">
<TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
<TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
<TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
<TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/CertificateHostnameVerifier.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
<TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
<TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
<TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
<TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
</TR>
</TABLE>
</TD>
<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
Apache CXF API</EM>
</TD>
</TR>
<TR>
<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
&nbsp;<A HREF="../../../../../org/apache/cxf/transport/https/CertConstraintsJaxBUtils.html" title="class in org.apache.cxf.transport.https"><B>PREV CLASS</B></A>&nbsp;
&nbsp;<A HREF="../../../../../org/apache/cxf/transport/https/CertificateHostnameVerifier.AbstractVerifier.html" title="class in org.apache.cxf.transport.https"><B>NEXT CLASS</B></A></FONT></TD>
<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
<A HREF="../../../../../index.html?org/apache/cxf/transport/https/CertificateHostnameVerifier.html" target="_top"><B>FRAMES</B></A> &nbsp;
&nbsp;<A HREF="CertificateHostnameVerifier.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
&nbsp;<SCRIPT type="text/javascript">
<!--
if(window==top) {
document.writeln('<A HREF="../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
}
//-->
</SCRIPT>
<NOSCRIPT>
<A HREF="../../../../../allclasses-noframe.html"><B>All Classes</B></A>
</NOSCRIPT>
</FONT></TD>
</TR>
<TR>
<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
SUMMARY:&nbsp;<A HREF="#nested_class_summary">NESTED</A>&nbsp;|&nbsp;<A HREF="#field_summary">FIELD</A>&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
DETAIL:&nbsp;<A HREF="#field_detail">FIELD</A>&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
</TR>
</TABLE>
<A NAME="skip-navbar_bottom"></A>
<!-- ======== END OF BOTTOM NAVBAR ======= -->
<HR>
Apache CXF
</BODY>
</HTML>