Example usage for org.apache.http.conn.ssl BrowserCompatHostnameVerifier verify

List of usage examples for org.apache.http.conn.ssl BrowserCompatHostnameVerifier verify

  1. HOME
  2. Java
  3. org.apache.http
  4. org.apache.http.conn.ssl.*
  5. BrowserCompatHostnameVerifier
  6. verify

Introduction

In this page you can find the example usage for org.apache.http.conn.ssl BrowserCompatHostnameVerifier verify.

Prototype

public final void verify(final String host, final SSLSocket ssl) throws IOException

Source Link

Usage

From source file:org.apache.directory.studio.connection.core.io.StudioTrustManager.java

/**
 * {@inheritDoc}/*  ww  w.j av a2  s . c  o m*/
 */
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
    // check permanent trusted certificates, return on success
    try {
        X509TrustManager permanentTrustManager = getPermanentTrustManager();
        if (permanentTrustManager != null) {
            permanentTrustManager.checkServerTrusted(chain, authType);
            return;
        }
    } catch (CertificateException ce) {
    }

    // check temporary trusted certificates, return on success
    try {
        X509TrustManager sessionTrustManager = getSessionTrustManager();
        if (sessionTrustManager != null) {
            sessionTrustManager.checkServerTrusted(chain, authType);
            return;
        }
    } catch (CertificateException ce) {
    }

    // below here no manually trusted certificate (either permanent or temporary) matched
    List<ICertificateHandler.FailCause> failCauses = new ArrayList<ICertificateHandler.FailCause>();

    // perform trust check of JVM trust manager
    try {
        jvmTrustManager.checkServerTrusted(chain, authType);
    } catch (CertificateException ce) {
        if (ce instanceof CertificateExpiredException) {
            failCauses.add(FailCause.CertificateExpired);
        } else if (ce instanceof CertificateNotYetValidException) {
            failCauses.add(FailCause.CertificateNotYetValid);
        } else {
            X500Principal issuerX500Principal = chain[0].getIssuerX500Principal();
            X500Principal subjectX500Principal = chain[0].getSubjectX500Principal();
            if (issuerX500Principal.equals(subjectX500Principal)) {
                failCauses.add(FailCause.SelfSignedCertificate);
            } else {
                failCauses.add(FailCause.NoValidCertificationPath);
            }

            try {
                chain[0].checkValidity();
            } catch (CertificateException ve) {
                if (ve instanceof CertificateExpiredException) {
                    failCauses.add(FailCause.CertificateExpired);
                } else if (ve instanceof CertificateNotYetValidException) {
                    failCauses.add(FailCause.CertificateNotYetValid);
                }
            }
        }
    }

    // perform host name verification
    try {
        BrowserCompatHostnameVerifier hostnameVerifier = new BrowserCompatHostnameVerifier();
        hostnameVerifier.verify(host, chain[0]);
    } catch (SSLException ce) {
        failCauses.add(FailCause.HostnameVerificationFailed);
    }

    if (!failCauses.isEmpty()) {
        // either trust check or host name verification
        // ask for confirmation
        ICertificateHandler ch = ConnectionCorePlugin.getDefault().getCertificateHandler();
        ICertificateHandler.TrustLevel trustLevel = ch.verifyTrustLevel(host, chain, failCauses);
        switch (trustLevel) {
        case Permanent:
            ConnectionCorePlugin.getDefault().getPermanentTrustStoreManager().addCertificate(chain[0]);
            break;
        case Session:
            ConnectionCorePlugin.getDefault().getSessionTrustStoreManager().addCertificate(chain[0]);
            break;
        case Not:
            throw new CertificateException(Messages.error__untrusted_certificate);
        }
    }
}