com.ehsbe.commons.util
Class LocalHostnameVerifier

java.lang.Object
  com.ehsbe.commons.util.LocalHostnameVerifier

All Implemented Interfaces:

HostnameVerifier

Direct Known Subclasses:

JxHostnameVerifier

public class LocalHostnameVerifier
extends Object
implements HostnameVerifier

A hostname verifier, which extracts the CN name from the first certificate in peers certificate chain and compares it against the hostname used in the SSL session. If they do not match, all fully quallified host names for the given SSL session hostname are computed and compared against the CN hostname. If one matches verification ends and returns true, otherwise false.

Activated by HttpsURLConnection.setDefaultHostnameVerifier($LocalHostnameVerifier)

NOTE: A pre-requisit to get this verifier invoked, is that the certificate of the given host has been accepted by the SSLSocketFactory of the related connection. For unknown certificates one probably wants to initialize the default SSLFactory with its own TrustManagers. E.g.

        TrustManager[] localTM = new TrustManager[] {
                new LocalTrustManager(crtPath, new InvalidCertHandler() {
                        public boolean accept(X509Certificate[] chain, 
                                CertificateException ex)
                        {
                                return true;
                        }
                })
        };
        SSLContext = SSLContext.getInstance("SSL");
        sc.init(null, trustAllCerts, new SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
        HttpsURLConnection.setDefaultHostnameVerifier(new LocalHostnameVerifier());

Of course, your TrustManagers should not accept all certificates blindly!

Version:

$Revision: 463 $

Author:

Jens Elkner

See Also:

JxHostnameVerifier

Nested Class Summary

class

LocalHostnameVerifier.VerifyResult Result of the verify(String, SSLSession, VerifyResult) operation wrt. to the first certificate in the peers certificate chain.

Constructor Summary

LocalHostnameVerifier()

Method Summary

boolean	verify(String hostname, SSLSession session) If URLConnection.getAllowUserInteraction() is true, a dialog gets displayed, which asks the user, whether to accept the connection.
boolean	verify(String hostname, SSLSession session, LocalHostnameVerifier.VerifyResult result) Same as verify(String, SSLSession), but stores intermediate results into LocalHostnameVerifier.VerifyResult for later use.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

LocalHostnameVerifier

public LocalHostnameVerifier()

Method Detail

verify

public boolean verify(String hostname,
                      SSLSession session)

If URLConnection.getAllowUserInteraction() is true, a dialog gets displayed, which asks the user, whether to accept the connection.

Specified by:

verify in interface HostnameVerifier

Parameters:

hostname -

session -

Returns:

false, if the connection should be discarded because of CN name and hostname mismatch or the certificate is not yet valid/expired.

verify

public boolean verify(String hostname,
                      SSLSession session,
                      LocalHostnameVerifier.VerifyResult result)

Same as verify(String, SSLSession), but stores intermediate results into LocalHostnameVerifier.VerifyResult for later use.

Parameters:

hostname - SSL session hostname

session - SSL session

result - container for storing intermediate results. Ignored if null.

Returns:

false, if the connection should be discarded or URLConnection.getAllowUserInteraction() returned false.