Source code

001/*
002 * ====================================================================
003 * Licensed to the Apache Software Foundation (ASF) under one
004 * or more contributor license agreements.  See the NOTICE file
005 * distributed with this work for additional information
006 * regarding copyright ownership.  The ASF licenses this file
007 * to you under the Apache License, Version 2.0 (the
008 * "License"); you may not use this file except in compliance
009 * with the License.  You may obtain a copy of the License at
010 *
011 *   http://www.apache.org/licenses/LICENSE-2.0
012 *
013 * Unless required by applicable law or agreed to in writing,
014 * software distributed under the License is distributed on an
015 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
016 * KIND, either express or implied.  See the License for the
017 * specific language governing permissions and limitations
018 * under the License.
019 * ====================================================================
020 *
021 * This software consists of voluntary contributions made by many
022 * individuals on behalf of the Apache Software Foundation.  For more
023 * information on the Apache Software Foundation, please see
024 * <http://www.apache.org/>.
025 *
026 */
027
028package org.apache.http.conn.ssl;
029
030import javax.net.ssl.SSLException;
031
032import org.apache.http.annotation.Contract;
033import org.apache.http.annotation.ThreadingBehavior;
034
035/**
036 * The Strict HostnameVerifier works the same way as Sun Java 1.4, Sun
037 * Java 5, Sun Java 6.  It's also pretty close to IE6.  This implementation
038 * appears to be compliant with RFC 2818 for dealing with wildcards.
039 * <p>
040 * The hostname must match either the first CN, or any of the subject-alts.
041 * A wildcard can occur in the CN, and in any of the subject-alts.  The
042 * one divergence from IE6 is how we only check the first CN.  IE6 allows
043 * a match against any of the CNs present.  We decided to follow in
044 * Sun Java 1.4's footsteps and only check the first CN.  (If you need
045 * to check all the CN's, feel free to write your own implementation!).
046 * </p>
047 * <p>
048 * A wildcard such as "*.foo.com" matches only subdomains in the same
049 * level, for example "a.foo.com".  It does not match deeper subdomains
050 * such as "a.b.foo.com".
051 * </p>
052 *
053 * @since 4.0
054 *
055 * @deprecated (4.4) Use {@link org.apache.http.conn.ssl.DefaultHostnameVerifier}
056 */
057@Contract(threading = ThreadingBehavior.IMMUTABLE)
058@Deprecated
059public class StrictHostnameVerifier extends AbstractVerifier {
060
061    public static final StrictHostnameVerifier INSTANCE = new StrictHostnameVerifier();
062
063    @Override
064    public final void verify(
065            final String host,
066            final String[] cns,
067            final String[] subjectAlts) throws SSLException {
068        verify(host, cns, subjectAlts, true);
069    }
070
071    @Override
072    public final String toString() {
073        return "STRICT";
074    }
075
076}