Class AbstractHostnameToCertificateChecker

  • All Implemented Interfaces:
    EventListener, HandshakeCompletedListener

    @Deprecated
    public abstract class AbstractHostnameToCertificateChecker
    extends Object
    implements HandshakeCompletedListener
    Deprecated.
    Use SocketFactoryCreator.connectWithHostnameChecking(SSLSocket, HostnameMismatchCallback) instead. This class is not perfect as the HandshakeCompletedListener is invoked (at least in reference JDK) in a separate thread, what can easily lead to a situation when the connection is opened and made available, before this implementation finishes checking.
    Abstract implementation of the JSSE HandshakeCompletedListener which can be registered on a SSLSocket to verify if a peer's host name matches a DN of its certificate. It is useful on client side when connecting to a server.

    By default the implementation checks the certificate's Subject Alternative Name and Common Name, following the server identity part of RFC 2818. Additionally the 'service/hostname' syntax is supported (the service prefix is simply ignored).

    If there is a name mismatch the nameMismatch() method is called. User of this class must extend it and provide the application specific reaction in this method.

    Note that this class should be used only on SSL connections which are authenticated with X.509 certificates.

    Author:
    Joni Hahkala, K. Benedyczak
    • Constructor Detail

      • AbstractHostnameToCertificateChecker

        public AbstractHostnameToCertificateChecker()
        Deprecated.
    • Method Detail

      • nameMismatch

        protected abstract void nameMismatch​(HandshakeCompletedEvent hce,
                                             X509Certificate peerCertificate,
                                             String hostName)
                                      throws SSLException
        Deprecated.
        This method is called whenever peer's host name is not matching the peer's certificate DN. Note that throwing exceptions from this method doesn't make any sense.
        Parameters:
        hce - the original event object
        peerCertificate - peer's certificate (for convenience)
        hostName - peer's host name (for convenience)
        Throws:
        SSLException - SSL exception
      • processingError

        protected void processingError​(HandshakeCompletedEvent hce,
                                       Exception e)
        Deprecated.
        This method is called whenever there is an error when processing the peer's certificate and hostname. Generally it should never happen, and the implementation should simply close the socket and report the error. The default implementation simply throws an IllegalStateException.
        Parameters:
        hce - the original event object
        e - error