Package org.mariadb.jdbc.client.tls

Class HostnameVerifier

  • public class HostnameVerifier
extends java.lang.Object
    SSL host verification

    • Field Summary

      Fields 
      Modifier and Type Field Description
      private static java.util.regex.Pattern IP_V4  
      private static java.util.regex.Pattern IP_V6  
      private static java.util.regex.Pattern IP_V6_COMPRESSED  
      private static Logger logger  

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      private static java.lang.String extractCommonName​(java.lang.String principal)  
      private static HostnameVerifier.SubjectAltNames getSubjectAltNames​(java.security.cert.X509Certificate cert)  
      static boolean isIPv4​(java.lang.String ip)
      check if ip correspond to IPV4
      static boolean isIPv6​(java.lang.String ip)
      check if ip correspond to IPV6
      private static boolean matchDns​(java.lang.String hostname, java.lang.String tlsDnsPattern)
      DNS verification : Matching is performed using the matching rules specified by [RFC2459].
      private static boolean matchWildCards​(boolean hostIsIp, java.lang.String hostnameToken, java.lang.String tlsDnsToken)  
      private static java.lang.String normaliseAddress​(java.lang.String hostname)  
      private static java.lang.String normalizedHostMsg​(java.lang.String normalizedHost)  
      static void verify​(java.lang.String host, java.security.cert.X509Certificate cert, long serverThreadId)
      Verification that throw an exception with a detailed error message in case of error.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • logger

        private static final Logger logger

      • IP_V4

        private static final java.util.regex.Pattern IP_V4

      • IP_V6

        private static final java.util.regex.Pattern IP_V6

      • IP_V6_COMPRESSED

        private static final java.util.regex.Pattern IP_V6_COMPRESSED

    • Constructor Detail

      • HostnameVerifier

        public HostnameVerifier()

    • Method Detail

      • matchDns

        private static boolean matchDns​(java.lang.String hostname,
                                java.lang.String tlsDnsPattern)
                         throws javax.net.ssl.SSLException
        DNS verification : Matching is performed using the matching rules specified by [RFC2459]. If more than one identity of a given type is present in the certificate (e.g., more than one dNSName name, a match in any one of the set is considered acceptable.) Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., *.a.com matches foo.a.com but not bar.foo.a.com. f*.com matches foo.com but not bar.com.
        Parameters:
        hostname - hostname
        tlsDnsPattern - DNS pattern (may contain wildcard)
        Returns:
        true if matching
        Throws:
        javax.net.ssl.SSLException

      • matchWildCards

        private static boolean matchWildCards​(boolean hostIsIp,
                                      java.lang.String hostnameToken,
                                      java.lang.String tlsDnsToken)
                               throws javax.net.ssl.SSLException
        Throws:
        javax.net.ssl.SSLException

      • extractCommonName

        private static java.lang.String extractCommonName​(java.lang.String principal)
                                           throws javax.net.ssl.SSLException
        Throws:
        javax.net.ssl.SSLException

      • normaliseAddress

        private static java.lang.String normaliseAddress​(java.lang.String hostname)

      • normalizedHostMsg

        private static java.lang.String normalizedHostMsg​(java.lang.String normalizedHost)

      • isIPv4

        public static boolean isIPv4​(java.lang.String ip)
        check if ip correspond to IPV4
        Parameters:
        ip - ip value
        Returns:
        if ip is using IPV4 format

      • isIPv6

        public static boolean isIPv6​(java.lang.String ip)
        check if ip correspond to IPV6
        Parameters:
        ip - ip value
        Returns:
        if ip is using IPV6 format

      • getSubjectAltNames

        private static HostnameVerifier.SubjectAltNames getSubjectAltNames​(java.security.cert.X509Certificate cert)
                                                            throws java.security.cert.CertificateParsingException
        Throws:
        java.security.cert.CertificateParsingException

      • verify

        public static void verify​(java.lang.String host,
                          java.security.cert.X509Certificate cert,
                          long serverThreadId)
                   throws javax.net.ssl.SSLException
        Verification that throw an exception with a detailed error message in case of error.
        Parameters:
        host - hostname
        cert - certificate
        serverThreadId - server thread Identifier to identify connection in logs
        Throws:
        javax.net.ssl.SSLException - exception