001/* 002 * ==================================================================== 003 * Licensed to the Apache Software Foundation (ASF) under one 004 * or more contributor license agreements. See the NOTICE file 005 * distributed with this work for additional information 006 * regarding copyright ownership. The ASF licenses this file 007 * to you under the Apache License, Version 2.0 (the 008 * "License"); you may not use this file except in compliance 009 * with the License. You may obtain a copy of the License at 010 * 011 * http://www.apache.org/licenses/LICENSE-2.0 012 * 013 * Unless required by applicable law or agreed to in writing, 014 * software distributed under the License is distributed on an 015 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 016 * KIND, either express or implied. See the License for the 017 * specific language governing permissions and limitations 018 * under the License. 019 * ==================================================================== 020 * 021 * This software consists of voluntary contributions made by many 022 * individuals on behalf of the Apache Software Foundation. For more 023 * information on the Apache Software Foundation, please see 024 * <http://www.apache.org/>. 025 * 026 */ 027 028package org.apache.http.conn.ssl; 029 030import java.io.IOException; 031import java.security.cert.X509Certificate; 032 033import javax.net.ssl.HostnameVerifier; 034import javax.net.ssl.SSLException; 035import javax.net.ssl.SSLSocket; 036 037/** 038 * Interface for checking if a hostname matches the names stored inside the 039 * server's X.509 certificate. This interface extends 040 * {@link javax.net.ssl.HostnameVerifier}, but it is recommended to use 041 * methods added by X509HostnameVerifier. 042 * 043 * @since 4.0 044 * 045 * @deprecated (4.4) Use {@link javax.net.ssl.HostnameVerifier}. 046 */ 047@Deprecated 048public interface X509HostnameVerifier extends HostnameVerifier { 049 050 /** 051 * Verifies that the host name is an acceptable match with the server's 052 * authentication scheme based on the given {@link SSLSocket}. 053 * 054 * @param host the host. 055 * @param ssl the SSL socket. 056 * @throws IOException if an I/O error occurs or the verification process 057 * fails. 058 */ 059 void verify(String host, SSLSocket ssl) throws IOException; 060 061 /** 062 * Verifies that the host name is an acceptable match with the server's 063 * authentication scheme based on the given {@link X509Certificate}. 064 * 065 * @param host the host. 066 * @param cert the certificate. 067 * @throws SSLException if the verification process fails. 068 */ 069 void verify(String host, X509Certificate cert) throws SSLException; 070 071 /** 072 * Checks to see if the supplied hostname matches any of the supplied CNs 073 * or "DNS" Subject-Alts. Most implementations only look at the first CN, 074 * and ignore any additional CNs. Most implementations do look at all of 075 * the "DNS" Subject-Alts. The CNs or Subject-Alts may contain wildcards 076 * according to RFC 2818. 077 * 078 * @param cns CN fields, in order, as extracted from the X.509 079 * certificate. 080 * @param subjectAlts Subject-Alt fields of type 2 ("DNS"), as extracted 081 * from the X.509 certificate. 082 * @param host The hostname to verify. 083 * @throws SSLException if the verification process fails. 084 */ 085 void verify(String host, String[] cns, String[] subjectAlts) 086 throws SSLException; 087 088}