Mercurial Mercurial > jdk-sandbox / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/DelegateHttpsURLConnection.java
changeset 50768 68fa3d4026ea
parent 47216 71c04702a3d5
equal deleted inserted replaced
50767:356eaea05bf0 50768:68fa3d4026ea 
   111 
   111 
   112     /*
 
   112     /*
 
   113      * In com.sun.net.ssl.HostnameVerifier the method is defined
 
   113      * In com.sun.net.ssl.HostnameVerifier the method is defined
 
   114      * as verify(String urlHostname, String certHostname).
 
   114      * as verify(String urlHostname, String certHostname).
 
   115      * This means we need to extract the hostname from the X.509 certificate
 
   115      * This means we need to extract the hostname from the X.509 certificate
 
   116      * or from the Kerberos principal name, in this wrapper.
 
   116      * in this wrapper.
 
   117      */
 
   117      */
 
   118     public boolean verify(String hostname, javax.net.ssl.SSLSession session) {
 
   118     public boolean verify(String hostname, javax.net.ssl.SSLSession session) {
 
   119         try {
 
   119         try {
 
   120             String serverName;
 
   120             Certificate[] serverChain = session.getPeerCertificates();
 
   121             // Use ciphersuite to determine whether Kerberos is active.
 
   121             if ((serverChain == null) || (serverChain.length == 0)) {
 
   122             if (session.getCipherSuite().startsWith("TLS_KRB5")) {
 
   122                 return false;
 
   123                 serverName =
 
       
   124                     HostnameChecker.getServerName(getPeerPrincipal(session));
 
       
   125 
       
   126             } else { // X.509
 
       
   127                 Certificate[] serverChain = session.getPeerCertificates();
 
       
   128                 if ((serverChain == null) || (serverChain.length == 0)) {
 
       
   129                     return false;
 
       
   130                 }
 
       
   131                 if (serverChain[0] instanceof X509Certificate == false) {
 
       
   132                     return false;
 
       
   133                 }
 
       
   134                 X509Certificate serverCert = (X509Certificate)serverChain[0];
 
       
   135                 serverName = getServername(serverCert);
 
       
   136             }
 
   123             }
 
       
   124             if (serverChain[0] instanceof X509Certificate == false) {
 
       
   125                 return false;
 
       
   126             }
 
       
   127             X509Certificate serverCert = (X509Certificate)serverChain[0];
 
       
   128             String serverName = getServername(serverCert);
 
   137             if (serverName == null) {
 
   129             if (serverName == null) {
 
   138                 return false;
 
   130                 return false;
 
   139             }
 
   131             }
 
   140             return verifier.verify(hostname, serverName);
 
   132             return verifier.verify(hostname, serverName);
 
   141         } catch (javax.net.ssl.SSLPeerUnverifiedException e) {
 
   133         } catch (javax.net.ssl.SSLPeerUnverifiedException e) {
 
   142             return false;
 
   134             return false;
 
   143         }
 
   135         }
 
   144     }
 
       
   145 
       
   146     /*
 
       
   147      * Get the peer principal from the session
 
       
   148      */
 
       
   149     private Principal getPeerPrincipal(javax.net.ssl.SSLSession session)
 
       
   150         throws javax.net.ssl.SSLPeerUnverifiedException
 
       
   151     {
 
       
   152         Principal principal;
 
       
   153         try {
 
       
   154             principal = session.getPeerPrincipal();
 
       
   155         } catch (AbstractMethodError e) {
 
       
   156             // if the provider does not support it, return null, since
 
       
   157             // we need it only for Kerberos.
 
       
   158             principal = null;
 
       
   159         }
 
       
   160         return principal;
 
       
   161     }
 
   136     }
 
   162 
   137 
   163     /*
 
   138     /*
 
   164      * Extract the name of the SSL server from the certificate.
 
   139      * Extract the name of the SSL server from the certificate.
 
   165      *
 
   140      *
jdk-sandbox