/** * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int) */ public Socket createSocket(String host, int port) throws IOException { Socket sslSocket = SSLSocketFactory.getDefault().createSocket( host, port ); verifyHostName(host, (SSLSocket) sslSocket, hostNameVerifier); return sslSocket; }
/** * @see SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean) */ public Socket createSocket( Socket socket, String host, int port, boolean autoClose) throws IOException { Socket sslSocket = ((SSLSocketFactory) SSLSocketFactory.getDefault()).createSocket( socket, host, port, autoClose ); verifyHostName(host, (SSLSocket) sslSocket, hostNameVerifier); return sslSocket; }
/** * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int) */ public Socket createSocket( String host, int port, InetAddress clientHost, int clientPort) throws IOException { Socket sslSocket = SSLSocketFactory.getDefault().createSocket( host, port, clientHost, clientPort ); verifyHostName(host, (SSLSocket) sslSocket, hostNameVerifier); return sslSocket; }
/** * Extract the names from the certificate and tests host matches one of them * @param host * @param cert * @throws SSLException */ private static void verifyHostName(final String host, X509Certificate cert, String hostNameVerifier) throws SSLException { // I'm okay with being case-insensitive when comparing the host we used // to establish the socket to the hostname in the certificate. // Don't trim the CN, though. String cn = getCN(cert); String[] subjectAlts = getDNSSubjectAlts(cert); if (EncodingUtil.STRICT.equals(hostNameVerifier)) { verifyHostName(host, cn, subjectAlts, true); } else if (EncodingUtil.ALLOW_ALL.equals(hostNameVerifier)) { return; } else if (EncodingUtil.DEFAULT_AND_LOCALHOST.equals(hostNameVerifier)) { if (isLocalhost(host)) { return; } verifyHostName(host, cn, subjectAlts, false); } else { verifyHostName(host, cn, subjectAlts, false); } }
verifyHostName(host.trim().toLowerCase(Locale.US), (X509Certificate) certs[0], hostNameVerifier);
host, port, localAddress, localPort); sslSocket.setSoTimeout(params.getSoTimeout()); verifyHostName(host, (SSLSocket) sslSocket, hostNameVerifier); return sslSocket; } else { verifyHostName(host, (SSLSocket) sslSocket, hostNameVerifier); return sslSocket;