Package org.mariadb.jdbc.internal.protocol.tls

Class HostnameVerifierImpl

  • All Implemented Interfaces:
    javax.net.ssl.HostnameVerifier
    public class HostnameVerifierImpl
extends java.lang.Object
implements javax.net.ssl.HostnameVerifier

    • Field Summary

      Fields 
      Modifier and Type Field Description
      private static Logger logger  

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      private static java.lang.String extractCommonName​(java.lang.String principal)  
      private HostnameVerifierImpl.SubjectAltNames getSubjectAltNames​(java.security.cert.X509Certificate cert)  
      private static boolean matchDns​(java.lang.String hostname, java.lang.String tlsDnsPattern)
      DNS verification : Matching is performed using the matching rules specified by [RFC2459].
      private static boolean matchWildCards​(boolean hostIsIp, java.lang.String hostnameToken, java.lang.String tlsDnsToken)  
      private static java.lang.String normaliseAddress​(java.lang.String hostname)  
      private static java.lang.String normalizedHostMsg​(java.lang.String normalizedHost)  
      void verify​(java.lang.String host, java.security.cert.X509Certificate cert, long serverThreadId)
      Verification that throw an exception with a detailed error message in case of error.
      boolean verify​(java.lang.String host, javax.net.ssl.SSLSession session)  
      boolean verify​(java.lang.String host, javax.net.ssl.SSLSession session, long serverThreadId)
      Verification, like HostnameVerifier.verify() with an additional server thread id to identify connection in logs.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • logger

        private static final Logger logger

    • Constructor Detail

      • HostnameVerifierImpl

        public HostnameVerifierImpl()

    • Method Detail

      • matchDns

        private static boolean matchDns​(java.lang.String hostname,
                                java.lang.String tlsDnsPattern)
                         throws javax.net.ssl.SSLException
        DNS verification : Matching is performed using the matching rules specified by [RFC2459]. If more than one identity of a given type is present in the certificate (e.g., more than one dNSName name, a match in any one of the set is considered acceptable.) Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., *.a.com matches foo.a.com but not bar.foo.a.com. f*.com matches foo.com but not bar.com.
        Parameters:
        hostname - hostname
        tlsDnsPattern - DNS pattern (may contain wildcard)
        Returns:
        true if matching
        Throws:
        javax.net.ssl.SSLException

      • matchWildCards

        private static boolean matchWildCards​(boolean hostIsIp,
                                      java.lang.String hostnameToken,
                                      java.lang.String tlsDnsToken)
                               throws javax.net.ssl.SSLException
        Throws:
        javax.net.ssl.SSLException

      • extractCommonName

        private static java.lang.String extractCommonName​(java.lang.String principal)
                                           throws javax.net.ssl.SSLException
        Throws:
        javax.net.ssl.SSLException

      • normaliseAddress

        private static java.lang.String normaliseAddress​(java.lang.String hostname)

      • normalizedHostMsg

        private static java.lang.String normalizedHostMsg​(java.lang.String normalizedHost)

      • getSubjectAltNames

        private HostnameVerifierImpl.SubjectAltNames getSubjectAltNames​(java.security.cert.X509Certificate cert)
                                                         throws java.security.cert.CertificateParsingException
        Throws:
        java.security.cert.CertificateParsingException

      • verify

        public boolean verify​(java.lang.String host,
                      javax.net.ssl.SSLSession session)
        Specified by:
        verify in interface javax.net.ssl.HostnameVerifier

      • verify

        public boolean verify​(java.lang.String host,
                      javax.net.ssl.SSLSession session,
                      long serverThreadId)
        Verification, like HostnameVerifier.verify() with an additional server thread id to identify connection in logs.
        Parameters:
        host - host to connect (DNS/IP)
        session - SSL session
        serverThreadId - connection id to identify connection in logs
        Returns:
        true if valid

      • verify

        public void verify​(java.lang.String host,
                   java.security.cert.X509Certificate cert,
                   long serverThreadId)
            throws javax.net.ssl.SSLException
        Verification that throw an exception with a detailed error message in case of error.
        Parameters:
        host - hostname
        cert - certificate
        serverThreadId - server thread Identifier to identify connection in logs
        Throws:
        javax.net.ssl.SSLException - exception