1 /*
2 * ====================================================================
3 * Licensed to the Apache Software Foundation (ASF) under one
4 * or more contributor license agreements. See the NOTICE file
5 * distributed with this work for additional information
6 * regarding copyright ownership. The ASF licenses this file
7 * to you under the Apache License, Version 2.0 (the
8 * "License"); you may not use this file except in compliance
9 * with the License. You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing,
14 * software distributed under the License is distributed on an
15 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16 * KIND, either express or implied. See the License for the
17 * specific language governing permissions and limitations
18 * under the License.
19 * ====================================================================
20 *
21 * This software consists of voluntary contributions made by many
22 * individuals on behalf of the Apache Software Foundation. For more
23 * information on the Apache Software Foundation, please see
24 * <http://www.apache.org/>.
25 *
26 */
27
28 package org.apache.http.conn.ssl;
29
30 import javax.net.ssl.SSLException;
31
32 import org.apache.http.annotation.Contract;
33 import org.apache.http.annotation.ThreadingBehavior;
34
35 /**
36 * The Strict HostnameVerifier works the same way as Sun Java 1.4, Sun
37 * Java 5, Sun Java 6. It's also pretty close to IE6. This implementation
38 * appears to be compliant with RFC 2818 for dealing with wildcards.
39 * <p>
40 * The hostname must match either the first CN, or any of the subject-alts.
41 * A wildcard can occur in the CN, and in any of the subject-alts. The
42 * one divergence from IE6 is how we only check the first CN. IE6 allows
43 * a match against any of the CNs present. We decided to follow in
44 * Sun Java 1.4's footsteps and only check the first CN. (If you need
45 * to check all the CN's, feel free to write your own implementation!).
46 * </p>
47 * <p>
48 * A wildcard such as "*.foo.com" matches only subdomains in the same
49 * level, for example "a.foo.com". It does not match deeper subdomains
50 * such as "a.b.foo.com".
51 * </p>
52 *
53 * @since 4.0
54 *
55 * @deprecated (4.4) Use {@link org.apache.http.conn.ssl.DefaultHostnameVerifier}
56 */
57 @Contract(threading = ThreadingBehavior.IMMUTABLE)
58 @Deprecated
59 public class StrictHostnameVerifier extends AbstractVerifier {
60
61 public static final StrictHostnameVerifier INSTANCE = new StrictHostnameVerifier();
62
63 @Override
64 public final void verify(
65 final String host,
66 final String[] cns,
67 final String[] subjectAlts) throws SSLException {
68 verify(host, cns, subjectAlts, true);
69 }
70
71 @Override
72 public final String toString() {
73 return "STRICT";
74 }
75
76 }
77