Code clean; renamed some package private methods
git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk@1614354 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
770285d505
commit
2ad9a219de
|
@ -37,6 +37,7 @@ import javax.net.ssl.SSLSession;
|
|||
import javax.net.ssl.SSLSocket;
|
||||
|
||||
import org.apache.http.annotation.Immutable;
|
||||
import org.apache.http.util.Args;
|
||||
|
||||
/**
|
||||
* Abstract base class for all standard {@link org.apache.http.conn.ssl.X509HostnameVerifier}
|
||||
|
@ -52,10 +53,7 @@ public abstract class AbstractBaseHostnameVerifier implements X509HostnameVerifi
|
|||
@Override
|
||||
public final void verify(final String host, final SSLSocket ssl)
|
||||
throws IOException {
|
||||
if(host == null) {
|
||||
throw new NullPointerException("host to verify is null");
|
||||
}
|
||||
|
||||
Args.notNull(host, "Host");
|
||||
SSLSession session = ssl.getSession();
|
||||
if(session == null) {
|
||||
// In our experience this only happens under IBM 1.4.x when
|
||||
|
|
|
@ -54,7 +54,6 @@ import org.apache.http.annotation.Immutable;
|
|||
import org.apache.http.conn.util.InetAddressUtils;
|
||||
|
||||
/**
|
||||
/**
|
||||
* Abstract base class for all standard {@link org.apache.http.conn.ssl.X509HostnameVerifier}
|
||||
* implementations that provides methods to extract Common Name (CN) and alternative subjects
|
||||
* (subjectAlt) from {@link java.security.cert.X509Certificate} being validated as well
|
||||
|
@ -92,7 +91,7 @@ public abstract class AbstractCommonHostnameVerifier extends AbstractBaseHostnam
|
|||
throws SSLException {
|
||||
final String subjectPrincipal = cert.getSubjectX500Principal().toString();
|
||||
final String[] cns = extractCNs(subjectPrincipal);
|
||||
final String[] subjectAlts = getSubjectAlts(cert, host);
|
||||
final String[] subjectAlts = extractSubjectAlts(cert, host);
|
||||
verify(host, cns, subjectAlts);
|
||||
}
|
||||
|
||||
|
@ -233,8 +232,7 @@ public abstract class AbstractCommonHostnameVerifier extends AbstractBaseHostnam
|
|||
* @param hostname
|
||||
* @return Array of SubjectALT DNS or IP names stored in the certificate.
|
||||
*/
|
||||
private static String[] getSubjectAlts(
|
||||
final X509Certificate cert, final String hostname) {
|
||||
static String[] extractSubjectAlts(final X509Certificate cert, final String hostname) {
|
||||
final int subjectType;
|
||||
if (isIPAddress(hostname)) {
|
||||
subjectType = 7;
|
||||
|
@ -268,24 +266,6 @@ public abstract class AbstractCommonHostnameVerifier extends AbstractBaseHostnam
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Extracts the array of SubjectAlt DNS names from an X509Certificate.
|
||||
* Returns null if there aren't any.
|
||||
* <p/>
|
||||
* Note: Java doesn't appear able to extract international characters
|
||||
* from the SubjectAlts. It can only extract international characters
|
||||
* from the CN field.
|
||||
* <p/>
|
||||
* (Or maybe the version of OpenSSL I'm using to test isn't storing the
|
||||
* international characters correctly in the SubjectAlts?).
|
||||
*
|
||||
* @param cert X509Certificate
|
||||
* @return Array of SubjectALT DNS names stored in the certificate.
|
||||
*/
|
||||
public static String[] getDNSSubjectAlts(final X509Certificate cert) {
|
||||
return getSubjectAlts(cert, null);
|
||||
}
|
||||
|
||||
/**
|
||||
* Counts the number of dots "." in a string.
|
||||
* @param s string to count dots from
|
||||
|
|
|
@ -52,4 +52,22 @@ public abstract class AbstractVerifier extends AbstractCommonHostnameVerifier {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Extracts the array of SubjectAlt DNS names from an X509Certificate.
|
||||
* Returns null if there aren't any.
|
||||
* <p/>
|
||||
* Note: Java doesn't appear able to extract international characters
|
||||
* from the SubjectAlts. It can only extract international characters
|
||||
* from the CN field.
|
||||
* <p/>
|
||||
* (Or maybe the version of OpenSSL I'm using to test isn't storing the
|
||||
* international characters correctly in the SubjectAlts?).
|
||||
*
|
||||
* @param cert X509Certificate
|
||||
* @return Array of SubjectALT DNS names stored in the certificate.
|
||||
*/
|
||||
public static String[] getDNSSubjectAlts(final X509Certificate cert) {
|
||||
return extractSubjectAlts(cert, null);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue