org.glite.security.util
Class HostNameChecker

java.lang.Object
  extended by org.glite.security.util.HostNameChecker

public class HostNameChecker
extends java.lang.Object

A class to do hostname checking against a certificate to check whether the server answers with a certificate that is allowed for that host. Follows the server identity part of RFC 2818.

Author:
Joni Hahkala

Field Summary
static java.util.regex.Pattern ipPattern
          The pattern to check whether the string appears to be an IP address.
 
Constructor Summary
HostNameChecker()
           
 
Method Summary
static void checkHostname(java.lang.String hostname, javax.net.ssl.SSLSocket socket)
          Given a hostname and an open socket checks if the host presented a certificate that allows it to act as the host.
static boolean checkHostName(java.lang.String inHostname, java.security.cert.X509Certificate cert)
          Checks whether the hostname is allowed by the certificate.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ipPattern

public static final java.util.regex.Pattern ipPattern
The pattern to check whether the string appears to be an IP address.

Constructor Detail

HostNameChecker

public HostNameChecker()
Method Detail

checkHostname

public static void checkHostname(java.lang.String hostname,
                                 javax.net.ssl.SSLSocket socket)
                          throws java.io.IOException
Given a hostname and an open socket checks if the host presented a certificate that allows it to act as the host. Notice that this routine does not do certificate path checking.

Parameters:
hostname - The name (or in rare cases an IP address) the connection was opened to.
socket - The socket where to get the host certificate.
Throws:
java.io.IOException - Thrown if the socket is not open, if the certificate was not understood or if the certificate vs hostname check failed.

checkHostName

public static boolean checkHostName(java.lang.String inHostname,
                                    java.security.cert.X509Certificate cert)
                             throws java.security.cert.CertificateParsingException
Checks whether the hostname is allowed by the certificate. Checks the certificate altnames and subject DN according to the RFC 2818. Wildcard '*' is supported both in dnsName altName and in the DN. Service prefix in DN CN format "[service name]/[hostname]" is recognized, but ignored.

Parameters:
inHostname - The hostname to check against the certificate. Can be a DNS name, IP address or an URL.
cert - The certificate the hostname is checked against.
Returns:
True in case the hostname is allowed by the certificate.
Throws:
java.security.cert.CertificateParsingException - Thrown in case the certificate parsing fails.