--- a/src/java.base/share/classes/sun/security/util/HostnameChecker.java Mon Jun 25 21:22:16 2018 +0300
+++ b/src/java.base/share/classes/sun/security/util/HostnameChecker.java Mon Jun 25 13:41:39 2018 -0700
@@ -35,9 +35,8 @@
import javax.net.ssl.SNIHostName;
import sun.net.util.IPAddressUtil;
-import sun.security.ssl.ClientKeyExchangeService;
-import sun.security.ssl.Debug;
import sun.security.x509.X500Name;
+import sun.security.ssl.SSLLogger;
/**
* Class to check hostnames against the names specified in a certificate as
@@ -60,8 +59,6 @@
private static final int ALTNAME_DNS = 2;
private static final int ALTNAME_IP = 7;
- private static final Debug debug = Debug.getInstance("ssl");
-
// the algorithm to follow to perform the check. Currently unused.
private final byte checkType;
@@ -107,26 +104,6 @@
}
/**
- * Perform the check for Kerberos.
- */
- public static boolean match(String expectedName, Principal principal) {
- String hostName = getServerName(principal);
- return (expectedName.equalsIgnoreCase(hostName));
- }
-
- /**
- * Return the Server name from Kerberos principal.
- */
- public static String getServerName(Principal principal) {
- ClientKeyExchangeService p =
- ClientKeyExchangeService.find("KRB5");
- if (p == null) {
- throw new AssertionError("Kerberos should have been available");
- }
- return p.getServiceHostName(principal);
- }
-
- /**
* Test whether the given hostname looks like a literal IPv4 or IPv6
* address. The hostname does not need to be a fully qualified name.
*
@@ -316,9 +293,10 @@
boolean chainsToPublicCA) {
// not ok if it is a single wildcard character or "*."
if (template.equals("*") || template.equals("*.")) {
- if (debug != null) {
- debug.println("Certificate domain name has illegal single " +
- "wildcard character: " + template);
+ if (SSLLogger.isOn) {
+ SSLLogger.fine(
+ "Certificate domain name has illegal single " +
+ "wildcard character: " + template);
}
return true;
}
@@ -335,9 +313,10 @@
// not ok if there is no dot after wildcard (ex: "*com")
if (firstDotIndex == -1) {
- if (debug != null) {
- debug.println("Certificate domain name has illegal wildcard, " +
- "no dot after wildcard character: " + template);
+ if (SSLLogger.isOn) {
+ SSLLogger.fine(
+ "Certificate domain name has illegal wildcard, " +
+ "no dot after wildcard character: " + template);
}
return true;
}
@@ -354,9 +333,10 @@
if (rd.isPresent()) {
String wDomain = afterWildcard.substring(firstDotIndex + 1);
if (rd.get().publicSuffix().equalsIgnoreCase(wDomain)) {
- if (debug != null) {
- debug.println("Certificate domain name has illegal " +
- "wildcard for public suffix: " + template);
+ if (SSLLogger.isOn) {
+ SSLLogger.fine(
+ "Certificate domain name has illegal " +
+ "wildcard for public suffix: " + template);
}
return true;
}