SSLHostnameVerifier (Apache Hadoop Common 3.4.1.300-dep-1001 API)

All Superinterfaces:

javax.net.ssl.HostnameVerifier

All Known Implementing Classes:

SSLHostnameVerifier.AbstractVerifier
```
@Private
@Evolving
public interface SSLHostnameVerifier
extends javax.net.ssl.HostnameVerifier
```
Copied from the not-yet-commons-ssl project at http://juliusdavies.ca/commons-ssl/ This project is not yet in Apache, but it is Apache 2.0 licensed. Interface for checking if a hostname matches the names stored inside the server's X.509 certificate. Correctly implements javax.net.ssl.HostnameVerifier, but that interface is not recommended. Instead we added several check() methods that take SSLSocket, or X509Certificate, or ultimately (they all end up calling this one), String. (It's easier to supply JUnit with Strings instead of mock SSLSession objects!)
Our check() methods throw exceptions if the name is invalid, whereas javax.net.ssl.HostnameVerifier just returns true/false.
We provide the HostnameVerifier.DEFAULT, HostnameVerifier.STRICT, and HostnameVerifier.ALLOW_ALL implementations. We also provide the more specialized HostnameVerifier.DEFAULT_AND_LOCALHOST, as well as HostnameVerifier.STRICT_IE6. But feel free to define your own implementations!
Inspired by Sebastian Hauer's original StrictSSLProtocolSocketFactory in the HttpClient "contrib" repository.

Nested Class Summary

Nested Classes
Modifier and Type Interface Description

static class SSLHostnameVerifier.AbstractVerifier

static class SSLHostnameVerifier.Certificates

Nested Classes
Modifier and Type	Interface	Description
`static class`	`SSLHostnameVerifier.AbstractVerifier`
`static class`	`SSLHostnameVerifier.Certificates`

Field Summary

Fields
Modifier and Type	Field	Description
`static SSLHostnameVerifier`	`ALLOW_ALL`	The ALLOW_ALL HostnameVerifier essentially turns hostname verification off.
`static SSLHostnameVerifier`	`DEFAULT`	The DEFAULT HostnameVerifier works the same way as Curl and Firefox.
`static SSLHostnameVerifier`	`DEFAULT_AND_LOCALHOST`	The DEFAULT_AND_LOCALHOST HostnameVerifier works like the DEFAULT one with one additional relaxation: a host of "localhost", "localhost.localdomain", "127.0.0.1", "::1" will always pass, no matter what is in the server's certificate.
`static SSLHostnameVerifier`	`STRICT`	The STRICT HostnameVerifier works the same way as java.net.URL in Sun Java 1.4, Sun Java 5, Sun Java 6.
`static SSLHostnameVerifier`	`STRICT_IE6`	The STRICT_IE6 HostnameVerifier works just like the STRICT one with one minor variation: the hostname can match against any of the CN's in the server's certificate, not just the first one.

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method	Description
`void`	`check(java.lang.String[] hosts, java.lang.String[] cns, java.lang.String[] subjectAlts)`	Checks to see if the supplied hostname matches any of the supplied CNs or "DNS" Subject-Alts.
`void`	`check(java.lang.String[] hosts, java.security.cert.X509Certificate cert)`
`void`	`check(java.lang.String[] hosts, javax.net.ssl.SSLSocket ssl)`
`void`	`check(java.lang.String host, java.lang.String[] cns, java.lang.String[] subjectAlts)`
`void`	`check(java.lang.String host, java.security.cert.X509Certificate cert)`
`void`	`check(java.lang.String host, javax.net.ssl.SSLSocket ssl)`
`boolean`	`verify(java.lang.String host, javax.net.ssl.SSLSession session)`

- Field Detail
  - DEFAULT
```
static final SSLHostnameVerifier DEFAULT
```
    The DEFAULT HostnameVerifier works the same way as Curl and Firefox.
    The hostname must match either the first CN, or any of the subject-alts. A wildcard can occur in the CN, and in any of the subject-alts.
    The only difference between DEFAULT and STRICT is that a wildcard (such as "*.foo.com") with DEFAULT matches all subdomains, including "a.b.foo.com".
  - DEFAULT_AND_LOCALHOST
```
static final SSLHostnameVerifier DEFAULT_AND_LOCALHOST
```
    The DEFAULT_AND_LOCALHOST HostnameVerifier works like the DEFAULT one with one additional relaxation: a host of "localhost", "localhost.localdomain", "127.0.0.1", "::1" will always pass, no matter what is in the server's certificate.
  - STRICT
```
static final SSLHostnameVerifier STRICT
```
    The STRICT HostnameVerifier works the same way as java.net.URL in Sun Java 1.4, Sun Java 5, Sun Java 6. It's also pretty close to IE6. This implementation appears to be compliant with RFC 2818 for dealing with wildcards.
    The hostname must match either the first CN, or any of the subject-alts. A wildcard can occur in the CN, and in any of the subject-alts. The one divergence from IE6 is how we only check the first CN. IE6 allows a match against any of the CNs present. We decided to follow in Sun Java 1.4's footsteps and only check the first CN.
    A wildcard such as "*.foo.com" matches only subdomains in the same level, for example "a.foo.com". It does not match deeper subdomains such as "a.b.foo.com".
  - STRICT_IE6
```
static final SSLHostnameVerifier STRICT_IE6
```
    The STRICT_IE6 HostnameVerifier works just like the STRICT one with one minor variation: the hostname can match against any of the CN's in the server's certificate, not just the first one. This behaviour is identical to IE6's behaviour.
  - ALLOW_ALL
```
static final SSLHostnameVerifier ALLOW_ALL
```
    The ALLOW_ALL HostnameVerifier essentially turns hostname verification off. This implementation is a no-op, and never throws the SSLException.
- Method Detail
  - verify
```
boolean verify(java.lang.String host,
               javax.net.ssl.SSLSession session)
```
    Specified by:
    
    verify in interface javax.net.ssl.HostnameVerifier
  - check
```
void check(java.lang.String host,
           javax.net.ssl.SSLSocket ssl)
    throws java.io.IOException
```
    Throws:
    
    java.io.IOException
  - check
```
void check(java.lang.String host,
           java.security.cert.X509Certificate cert)
    throws javax.net.ssl.SSLException
```
    Throws:
    
    javax.net.ssl.SSLException
  - check
```
void check(java.lang.String host,
           java.lang.String[] cns,
           java.lang.String[] subjectAlts)
    throws javax.net.ssl.SSLException
```
    Throws:
    
    javax.net.ssl.SSLException
  - check
```
void check(java.lang.String[] hosts,
           javax.net.ssl.SSLSocket ssl)
    throws java.io.IOException
```
    Throws:
    
    java.io.IOException
  - check
```
void check(java.lang.String[] hosts,
           java.security.cert.X509Certificate cert)
    throws javax.net.ssl.SSLException
```
    Throws:
    
    javax.net.ssl.SSLException
  - check
```
void check(java.lang.String[] hosts,
           java.lang.String[] cns,
           java.lang.String[] subjectAlts)
    throws javax.net.ssl.SSLException
```
    Checks to see if the supplied hostname matches any of the supplied CNs or "DNS" Subject-Alts. Most implementations only look at the first CN, and ignore any additional CNs. Most implementations do look at all of the "DNS" Subject-Alts. The CNs or Subject-Alts may contain wildcards according to RFC 2818.
    
    Parameters:
    
    cns - CN fields, in order, as extracted from the X.509 certificate.
    
    subjectAlts - Subject-Alt fields of type 2 ("DNS"), as extracted from the X.509 certificate.
    
    hosts - The array of hostnames to verify.
    
    Throws:
    
    javax.net.ssl.SSLException - If verification failed.

Interface SSLHostnameVerifier

Nested Class Summary

Field Summary

Method Summary

Field Detail

DEFAULT

DEFAULT_AND_LOCALHOST

STRICT

STRICT_IE6

ALLOW_ALL

Method Detail

verify

check

check

check

check

check

check