/** * Extract the names from the certificate and tests host matches one of them * @param host * @param cert * @throws SSLException */ private static void verifyHostName(final String host, X509Certificate cert, String hostNameVerifier) throws SSLException { // I'm okay with being case-insensitive when comparing the host we used // to establish the socket to the hostname in the certificate. // Don't trim the CN, though. String cn = getCN(cert); String[] subjectAlts = getDNSSubjectAlts(cert); if (EncodingUtil.STRICT.equals(hostNameVerifier)) { verifyHostName(host, cn, subjectAlts, true); } else if (EncodingUtil.ALLOW_ALL.equals(hostNameVerifier)) { return; } else if (EncodingUtil.DEFAULT_AND_LOCALHOST.equals(hostNameVerifier)) { if (isLocalhost(host)) { return; } verifyHostName(host, cn, subjectAlts, false); } else { verifyHostName(host, cn, subjectAlts, false); } }