606 String cipher = session.getCipherSuite(); |
606 String cipher = session.getCipherSuite(); |
607 try { |
607 try { |
608 HostnameChecker checker = HostnameChecker.getInstance( |
608 HostnameChecker checker = HostnameChecker.getInstance( |
609 HostnameChecker.TYPE_TLS); |
609 HostnameChecker.TYPE_TLS); |
610 |
610 |
611 // Use ciphersuite to determine whether Kerberos is present. |
611 // get the subject's certificate |
612 if (cipher.startsWith("TLS_KRB5")) { |
612 peerCerts = session.getPeerCertificates(); |
613 if (!HostnameChecker.match(host, getPeerPrincipal())) { |
613 |
614 throw new SSLPeerUnverifiedException("Hostname checker" + |
614 X509Certificate peerCert; |
615 " failed for Kerberos"); |
615 if (peerCerts[0] instanceof |
616 } |
616 java.security.cert.X509Certificate) { |
617 } else { // X.509 |
617 peerCert = (java.security.cert.X509Certificate)peerCerts[0]; |
618 |
618 } else { |
619 // get the subject's certificate |
619 throw new SSLPeerUnverifiedException(""); |
620 peerCerts = session.getPeerCertificates(); |
620 } |
621 |
621 checker.match(host, peerCert); |
622 X509Certificate peerCert; |
|
623 if (peerCerts[0] instanceof |
|
624 java.security.cert.X509Certificate) { |
|
625 peerCert = (java.security.cert.X509Certificate)peerCerts[0]; |
|
626 } else { |
|
627 throw new SSLPeerUnverifiedException(""); |
|
628 } |
|
629 checker.match(host, peerCert); |
|
630 } |
|
631 |
622 |
632 // if it doesn't throw an exception, we passed. Return. |
623 // if it doesn't throw an exception, we passed. Return. |
633 return; |
624 return; |
634 |
625 |
635 } catch (SSLPeerUnverifiedException e) { |
626 } catch (SSLPeerUnverifiedException e) { |