equal
deleted
inserted
replaced
146 if (chain == null || chain.length == 0) { |
146 if (chain == null || chain.length == 0) { |
147 throw new IllegalArgumentException( |
147 throw new IllegalArgumentException( |
148 "null or zero-length certificate chain"); |
148 "null or zero-length certificate chain"); |
149 } |
149 } |
150 |
150 |
151 if (authType == null || authType.length() == 0) { |
151 if (authType == null || authType.isEmpty()) { |
152 throw new IllegalArgumentException( |
152 throw new IllegalArgumentException( |
153 "null or zero-length authentication type"); |
153 "null or zero-length authentication type"); |
154 } |
154 } |
155 |
155 |
156 Validator v = null; |
156 Validator v = null; |
227 trustedChain[trustedChain.length-1]); |
227 trustedChain[trustedChain.length-1]); |
228 |
228 |
229 // check endpoint identity |
229 // check endpoint identity |
230 String identityAlg = sslSocket.getSSLParameters(). |
230 String identityAlg = sslSocket.getSSLParameters(). |
231 getEndpointIdentificationAlgorithm(); |
231 getEndpointIdentificationAlgorithm(); |
232 if (identityAlg != null && identityAlg.length() != 0) { |
232 if (identityAlg != null && !identityAlg.isEmpty()) { |
233 checkIdentity(session, trustedChain[0], identityAlg, isClient, |
233 checkIdentity(session, trustedChain[0], identityAlg, isClient, |
234 getRequestedServerNames(socket), chainsToPublicCA); |
234 getRequestedServerNames(socket), chainsToPublicCA); |
235 } |
235 } |
236 } else { |
236 } else { |
237 trustedChain = validate(v, chain, Collections.emptyList(), |
237 trustedChain = validate(v, chain, Collections.emptyList(), |
285 trustedChain[trustedChain.length-1]); |
285 trustedChain[trustedChain.length-1]); |
286 |
286 |
287 // check endpoint identity |
287 // check endpoint identity |
288 String identityAlg = engine.getSSLParameters(). |
288 String identityAlg = engine.getSSLParameters(). |
289 getEndpointIdentificationAlgorithm(); |
289 getEndpointIdentificationAlgorithm(); |
290 if (identityAlg != null && identityAlg.length() != 0) { |
290 if (identityAlg != null && !identityAlg.isEmpty()) { |
291 checkIdentity(session, trustedChain[0], identityAlg, isClient, |
291 checkIdentity(session, trustedChain[0], identityAlg, isClient, |
292 getRequestedServerNames(engine), chainsToPublicCA); |
292 getRequestedServerNames(engine), chainsToPublicCA); |
293 } |
293 } |
294 } else { |
294 } else { |
295 trustedChain = validate(v, chain, Collections.emptyList(), |
295 trustedChain = validate(v, chain, Collections.emptyList(), |
446 } |
446 } |
447 |
447 |
448 private static void checkIdentity(String hostname, X509Certificate cert, |
448 private static void checkIdentity(String hostname, X509Certificate cert, |
449 String algorithm, boolean chainsToPublicCA) |
449 String algorithm, boolean chainsToPublicCA) |
450 throws CertificateException { |
450 throws CertificateException { |
451 if (algorithm != null && algorithm.length() != 0) { |
451 if (algorithm != null && !algorithm.isEmpty()) { |
452 // if IPv6 strip off the "[]" |
452 // if IPv6 strip off the "[]" |
453 if ((hostname != null) && hostname.startsWith("[") && |
453 if ((hostname != null) && hostname.startsWith("[") && |
454 hostname.endsWith("]")) { |
454 hostname.endsWith("]")) { |
455 hostname = hostname.substring(1, hostname.length() - 1); |
455 hostname = hostname.substring(1, hostname.length() - 1); |
456 } |
456 } |