eu.emi.security.authn.x509.helpers.ssl
Class HostnameToCertificateChecker
java.lang.Object
eu.emi.security.authn.x509.helpers.ssl.HostnameToCertificateChecker
public class HostnameToCertificateChecker
- extends Object
Verifies if a peer's host name matches a DN of its certificate. It is useful on client side
when connecting to a server.
By default the implementation checks the certificate's Subject Alternative Name
and Common Name, following the server identity part of RFC 2818. Additionally the
'service/hostname' syntax is supported (the service prefix is simply ignored).
If there is a name mismatch the nameMismatch() method is called.
User of this class must extend it and provide the application specific reaction
in this method.
Note that this class should be used only on SSL connections which are
authenticated with X.509 certificates.
- Author:
- Joni Hahkala, K. Benedyczak
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
HostnameToCertificateChecker
public HostnameToCertificateChecker()
checkMatching
public boolean checkMatching(String hostname,
X509Certificate certificate)
throws CertificateParsingException,
UnknownHostException
- Throws:
CertificateParsingException
UnknownHostException
checkAltNameMatching
protected boolean checkAltNameMatching(HostnameToCertificateChecker.ResultWrapper result,
String hostname,
X509Certificate certificate)
throws CertificateParsingException,
UnknownHostException
- Returns:
- true iff a dNSName in altName was found (not if the matching was successful)
RFC is unclear whether IP AltName presence is also taking the precedence over CN
so we are not enforcing such a rule.
- Throws:
CertificateParsingException
UnknownHostException
checkCNMatching
protected boolean checkCNMatching(String hostname,
X509Certificate certificate)
- Returns:
- true if a CN was found and the matching was successful ;-)
matchesDNS
public static boolean matchesDNS(String hostname,
String pattern)
makeRegexpHostWildcard
public static String makeRegexpHostWildcard(String pattern)
- Converts hostname wildcard string to Java regexp, ensuring that
literal sequences are correctly escaped.
- Parameters:
pattern
- hostname wildcard
- Returns:
- Java regular expression
matchesIP
protected boolean matchesIP(String what,
String pattern)
throws UnknownHostException
- Throws:
UnknownHostException
getMostSpecificCN
public String getMostSpecificCN(X500Principal srcP)
Copyright © 2012-2013 European Middleware Initiative. All Rights Reserved.