|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objecteu.emi.security.authn.x509.impl.AbstractHostnameToCertificateChecker
public abstract class AbstractHostnameToCertificateChecker
Abstract implementation of the JSSE HandshakeCompletedListener
which can be registered on a SSLSocket
to verify if a peer's
host name matches a DN of its certificate. It is useful on client side
when connecting to a server.
By default the implementation checks the certificate's Subject Alternative Name and Common Name, following the server identity part of RFC 2818. Additionally the 'service/hostname' syntax is supported (the service prefix is simply ignored).
If there is a name mismatch the nameMismatch() method is called. User of this class must extend it and provide the application specific reaction in this method.
Note that this class should be used only on SSL connections which are authenticated with X.509 certificates.
Nested Class Summary | |
---|---|
protected static class |
AbstractHostnameToCertificateChecker.ResultWrapper
|
Constructor Summary | |
---|---|
AbstractHostnameToCertificateChecker()
|
Method Summary | |
---|---|
protected boolean |
checkAltNameMatching(AbstractHostnameToCertificateChecker.ResultWrapper result,
String hostname,
X509Certificate certificate)
|
protected boolean |
checkCNMatching(String hostname,
X509Certificate certificate)
|
boolean |
checkMatching(String hostname,
X509Certificate certificate)
|
String |
getMostSpecificCN(X500Principal srcP)
|
void |
handshakeCompleted(HandshakeCompletedEvent hce)
|
static String |
makeRegexpHostWildcard(String pattern)
Converts hostname wildcard string to Java regexp, ensuring that literal sequences are correctly escaped. |
protected static boolean |
matchesDNS(String hostname,
String pattern)
|
protected boolean |
matchesIP(String what,
String pattern)
|
protected abstract void |
nameMismatch(HandshakeCompletedEvent hce,
X509Certificate peerCertificate,
String hostName)
This method is called whenever peer's host name is not matching the peer's certificate DN. |
protected void |
processingError(HandshakeCompletedEvent hce,
Exception e)
This method is called whenever there is an error when processing the peer's certificate and hostname. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public AbstractHostnameToCertificateChecker()
Method Detail |
---|
public void handshakeCompleted(HandshakeCompletedEvent hce)
handshakeCompleted
in interface HandshakeCompletedListener
protected abstract void nameMismatch(HandshakeCompletedEvent hce, X509Certificate peerCertificate, String hostName)
hce
- the original event objectpeerCertificate
- peer's certificate (for convenience)hostName
- peer's host name (for convenience)protected void processingError(HandshakeCompletedEvent hce, Exception e)
IllegalStateException
.
hce
- the original event objecte
- errorpublic boolean checkMatching(String hostname, X509Certificate certificate) throws CertificateParsingException, UnknownHostException
CertificateParsingException
UnknownHostException
protected boolean checkAltNameMatching(AbstractHostnameToCertificateChecker.ResultWrapper result, String hostname, X509Certificate certificate) throws CertificateParsingException, UnknownHostException
CertificateParsingException
UnknownHostException
protected boolean checkCNMatching(String hostname, X509Certificate certificate)
protected static boolean matchesDNS(String hostname, String pattern)
public static String makeRegexpHostWildcard(String pattern)
pattern
- hostname wildcard
protected boolean matchesIP(String what, String pattern) throws UnknownHostException
UnknownHostException
public String getMostSpecificCN(X500Principal srcP)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |