Mercurial Mercurial > jdk-sandbox / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
src/java.base/share/classes/sun/security/util/HostnameChecker.java
changeset 50768 68fa3d4026ea
parent 47216 71c04702a3d5
child 50788 6274aee1f692 
--- a/src/java.base/share/classes/sun/security/util/HostnameChecker.java	Mon Jun 25 21:22:16 2018 +0300
+++ b/src/java.base/share/classes/sun/security/util/HostnameChecker.java	Mon Jun 25 13:41:39 2018 -0700
@@ -35,9 +35,8 @@
 import javax.net.ssl.SNIHostName;
 
 import sun.net.util.IPAddressUtil;
-import sun.security.ssl.ClientKeyExchangeService;
-import sun.security.ssl.Debug;
 import sun.security.x509.X500Name;
+import sun.security.ssl.SSLLogger;
 
 /**
  * Class to check hostnames against the names specified in a certificate as
@@ -60,8 +59,6 @@
     private static final int ALTNAME_DNS = 2;
     private static final int ALTNAME_IP  = 7;
 
-    private static final Debug debug = Debug.getInstance("ssl");
-
     // the algorithm to follow to perform the check. Currently unused.
     private final byte checkType;
 
@@ -107,26 +104,6 @@
     }
 
     /**
-     * Perform the check for Kerberos.
-     */
-    public static boolean match(String expectedName, Principal principal) {
-        String hostName = getServerName(principal);
-        return (expectedName.equalsIgnoreCase(hostName));
-    }
-
-    /**
-     * Return the Server name from Kerberos principal.
-     */
-    public static String getServerName(Principal principal) {
-        ClientKeyExchangeService p =
-                ClientKeyExchangeService.find("KRB5");
-        if (p == null) {
-            throw new AssertionError("Kerberos should have been available");
-        }
-        return p.getServiceHostName(principal);
-    }
-
-    /**
      * Test whether the given hostname looks like a literal IPv4 or IPv6
      * address. The hostname does not need to be a fully qualified name.
      *
@@ -316,9 +293,10 @@
                                               boolean chainsToPublicCA) {
         // not ok if it is a single wildcard character or "*."
         if (template.equals("*") || template.equals("*.")) {
-            if (debug != null) {
-                debug.println("Certificate domain name has illegal single " +
-                              "wildcard character: " + template);
+            if (SSLLogger.isOn) {
+                SSLLogger.fine(
+                    "Certificate domain name has illegal single " +
+                      "wildcard character: " + template);
             }
             return true;
         }
@@ -335,9 +313,10 @@
 
         // not ok if there is no dot after wildcard (ex: "*com")
         if (firstDotIndex == -1) {
-            if (debug != null) {
-                debug.println("Certificate domain name has illegal wildcard, " +
-                              "no dot after wildcard character: " + template);
+            if (SSLLogger.isOn) {
+                SSLLogger.fine(
+                    "Certificate domain name has illegal wildcard, " +
+                    "no dot after wildcard character: " + template);
             }
             return true;
         }
@@ -354,9 +333,10 @@
         if (rd.isPresent()) {
             String wDomain = afterWildcard.substring(firstDotIndex + 1);
             if (rd.get().publicSuffix().equalsIgnoreCase(wDomain)) {
-                if (debug != null) {
-                    debug.println("Certificate domain name has illegal " +
-                                  "wildcard for public suffix: " + template);
+                if (SSLLogger.isOn) {
+                    SSLLogger.fine(
+                        "Certificate domain name has illegal " +
+                        "wildcard for public suffix: " + template);
                 }
                 return true;
             }
jdk-sandbox