org.glite.security.util
Class HostNameChecker
java.lang.Object
org.glite.security.util.HostNameChecker
public class HostNameChecker
- extends java.lang.Object
A class to do hostname checking against a certificate to check whether the server answers with a certificate that is
allowed for that host. Follows the server identity part of RFC 2818.
- Author:
- Joni Hahkala
Field Summary |
static java.util.regex.Pattern |
ipPattern
The pattern to check whether the string appears to be an IP address. |
Method Summary |
static void |
checkHostname(java.lang.String hostname,
javax.net.ssl.SSLSocket socket)
Given a hostname and an open socket checks if the host presented a certificate that allows it to act as the host. |
static boolean |
checkHostName(java.lang.String inHostname,
java.security.cert.X509Certificate cert)
Checks whether the hostname is allowed by the certificate. |
Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
ipPattern
public static final java.util.regex.Pattern ipPattern
- The pattern to check whether the string appears to be an IP address.
HostNameChecker
public HostNameChecker()
checkHostname
public static void checkHostname(java.lang.String hostname,
javax.net.ssl.SSLSocket socket)
throws java.io.IOException
- Given a hostname and an open socket checks if the host presented a certificate that allows it to act as the host.
Notice that this routine does not do certificate path checking.
- Parameters:
hostname
- The name (or in rare cases an IP address) the connection was opened to.socket
- The socket where to get the host certificate.
- Throws:
java.io.IOException
- Thrown if the socket is not open, if the certificate was not understood or if the certificate
vs hostname check failed.
checkHostName
public static boolean checkHostName(java.lang.String inHostname,
java.security.cert.X509Certificate cert)
throws java.security.cert.CertificateParsingException
- Checks whether the hostname is allowed by the certificate. Checks the certificate altnames and subject DN
according to the RFC 2818. Wildcard '*' is supported both in dnsName altName and in the DN. Service prefix in DN
CN format "[service name]/[hostname]" is recognized, but ignored.
- Parameters:
inHostname
- The hostname to check against the certificate. Can be a DNS name, IP address or an URL.cert
- The certificate the hostname is checked against.
- Returns:
- True in case the hostname is allowed by the certificate.
- Throws:
java.security.cert.CertificateParsingException
- Thrown in case the certificate parsing fails.