001/* 002 * ==================================================================== 003 * Licensed to the Apache Software Foundation (ASF) under one 004 * or more contributor license agreements. See the NOTICE file 005 * distributed with this work for additional information 006 * regarding copyright ownership. The ASF licenses this file 007 * to you under the Apache License, Version 2.0 (the 008 * "License"); you may not use this file except in compliance 009 * with the License. You may obtain a copy of the License at 010 * 011 * http://www.apache.org/licenses/LICENSE-2.0 012 * 013 * Unless required by applicable law or agreed to in writing, 014 * software distributed under the License is distributed on an 015 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 016 * KIND, either express or implied. See the License for the 017 * specific language governing permissions and limitations 018 * under the License. 019 * ==================================================================== 020 * 021 * This software consists of voluntary contributions made by many 022 * individuals on behalf of the Apache Software Foundation. For more 023 * information on the Apache Software Foundation, please see 024 * <http://www.apache.org/>. 025 * 026 */ 027 028package org.apache.http.conn.ssl; 029 030import javax.net.ssl.SSLException; 031 032import org.apache.http.annotation.Contract; 033import org.apache.http.annotation.ThreadingBehavior; 034 035/** 036 * The Strict HostnameVerifier works the same way as Sun Java 1.4, Sun 037 * Java 5, Sun Java 6. It's also pretty close to IE6. This implementation 038 * appears to be compliant with RFC 2818 for dealing with wildcards. 039 * <p> 040 * The hostname must match either the first CN, or any of the subject-alts. 041 * A wildcard can occur in the CN, and in any of the subject-alts. The 042 * one divergence from IE6 is how we only check the first CN. IE6 allows 043 * a match against any of the CNs present. We decided to follow in 044 * Sun Java 1.4's footsteps and only check the first CN. (If you need 045 * to check all the CN's, feel free to write your own implementation!). 046 * </p> 047 * <p> 048 * A wildcard such as "*.foo.com" matches only subdomains in the same 049 * level, for example "a.foo.com". It does not match deeper subdomains 050 * such as "a.b.foo.com". 051 * </p> 052 * 053 * @since 4.0 054 * 055 * @deprecated (4.4) Use {@link org.apache.http.conn.ssl.DefaultHostnameVerifier} 056 */ 057@Contract(threading = ThreadingBehavior.IMMUTABLE) 058@Deprecated 059public class StrictHostnameVerifier extends AbstractVerifier { 060 061 public static final StrictHostnameVerifier INSTANCE = new StrictHostnameVerifier(); 062 063 @Override 064 public final void verify( 065 final String host, 066 final String[] cns, 067 final String[] subjectAlts) throws SSLException { 068 verify(host, cns, subjectAlts, true); 069 } 070 071 @Override 072 public final String toString() { 073 return "STRICT"; 074 } 075 076}