You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2014/07/29 15:56:10 UTC
svn commit: r1614354 - in
/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl:
AbstractBaseHostnameVerifier.java AbstractCommonHostnameVerifier.java
AbstractVerifier.java
Author: olegk
Date: Tue Jul 29 13:56:10 2014
New Revision: 1614354
URL: http://svn.apache.org/r1614354
Log:
Code clean; renamed some package private methods
Modified:
httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractBaseHostnameVerifier.java
httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractCommonHostnameVerifier.java
httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java
Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractBaseHostnameVerifier.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractBaseHostnameVerifier.java?rev=1614354&r1=1614353&r2=1614354&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractBaseHostnameVerifier.java (original)
+++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractBaseHostnameVerifier.java Tue Jul 29 13:56:10 2014
@@ -37,6 +37,7 @@ import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import org.apache.http.annotation.Immutable;
+import org.apache.http.util.Args;
/**
* Abstract base class for all standard {@link org.apache.http.conn.ssl.X509HostnameVerifier}
@@ -52,10 +53,7 @@ public abstract class AbstractBaseHostna
@Override
public final void verify(final String host, final SSLSocket ssl)
throws IOException {
- if(host == null) {
- throw new NullPointerException("host to verify is null");
- }
-
+ Args.notNull(host, "Host");
SSLSession session = ssl.getSession();
if(session == null) {
// In our experience this only happens under IBM 1.4.x when
Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractCommonHostnameVerifier.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractCommonHostnameVerifier.java?rev=1614354&r1=1614353&r2=1614354&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractCommonHostnameVerifier.java (original)
+++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractCommonHostnameVerifier.java Tue Jul 29 13:56:10 2014
@@ -54,7 +54,6 @@ import org.apache.http.annotation.Immuta
import org.apache.http.conn.util.InetAddressUtils;
/**
- /**
* Abstract base class for all standard {@link org.apache.http.conn.ssl.X509HostnameVerifier}
* implementations that provides methods to extract Common Name (CN) and alternative subjects
* (subjectAlt) from {@link java.security.cert.X509Certificate} being validated as well
@@ -92,7 +91,7 @@ public abstract class AbstractCommonHost
throws SSLException {
final String subjectPrincipal = cert.getSubjectX500Principal().toString();
final String[] cns = extractCNs(subjectPrincipal);
- final String[] subjectAlts = getSubjectAlts(cert, host);
+ final String[] subjectAlts = extractSubjectAlts(cert, host);
verify(host, cns, subjectAlts);
}
@@ -233,8 +232,7 @@ public abstract class AbstractCommonHost
* @param hostname
* @return Array of SubjectALT DNS or IP names stored in the certificate.
*/
- private static String[] getSubjectAlts(
- final X509Certificate cert, final String hostname) {
+ static String[] extractSubjectAlts(final X509Certificate cert, final String hostname) {
final int subjectType;
if (isIPAddress(hostname)) {
subjectType = 7;
@@ -269,24 +267,6 @@ public abstract class AbstractCommonHost
}
/**
- * Extracts the array of SubjectAlt DNS names from an X509Certificate.
- * Returns null if there aren't any.
- * <p/>
- * Note: Java doesn't appear able to extract international characters
- * from the SubjectAlts. It can only extract international characters
- * from the CN field.
- * <p/>
- * (Or maybe the version of OpenSSL I'm using to test isn't storing the
- * international characters correctly in the SubjectAlts?).
- *
- * @param cert X509Certificate
- * @return Array of SubjectALT DNS names stored in the certificate.
- */
- public static String[] getDNSSubjectAlts(final X509Certificate cert) {
- return getSubjectAlts(cert, null);
- }
-
- /**
* Counts the number of dots "." in a string.
* @param s string to count dots from
* @return number of dots
Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java?rev=1614354&r1=1614353&r2=1614354&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java (original)
+++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java Tue Jul 29 13:56:10 2014
@@ -52,4 +52,22 @@ public abstract class AbstractVerifier e
}
}
+ /**
+ * Extracts the array of SubjectAlt DNS names from an X509Certificate.
+ * Returns null if there aren't any.
+ * <p/>
+ * Note: Java doesn't appear able to extract international characters
+ * from the SubjectAlts. It can only extract international characters
+ * from the CN field.
+ * <p/>
+ * (Or maybe the version of OpenSSL I'm using to test isn't storing the
+ * international characters correctly in the SubjectAlts?).
+ *
+ * @param cert X509Certificate
+ * @return Array of SubjectALT DNS names stored in the certificate.
+ */
+ public static String[] getDNSSubjectAlts(final X509Certificate cert) {
+ return extractSubjectAlts(cert, null);
+ }
+
}