List of usage examples for org.apache.http.conn.ssl BrowserCompatHostnameVerifier verify
public final void verify(final String host, final SSLSocket ssl) throws IOException
From source file:org.apache.directory.studio.connection.core.io.StudioTrustManager.java
/** * {@inheritDoc}/* ww w.j av a2 s . c o m*/ */ public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { // check permanent trusted certificates, return on success try { X509TrustManager permanentTrustManager = getPermanentTrustManager(); if (permanentTrustManager != null) { permanentTrustManager.checkServerTrusted(chain, authType); return; } } catch (CertificateException ce) { } // check temporary trusted certificates, return on success try { X509TrustManager sessionTrustManager = getSessionTrustManager(); if (sessionTrustManager != null) { sessionTrustManager.checkServerTrusted(chain, authType); return; } } catch (CertificateException ce) { } // below here no manually trusted certificate (either permanent or temporary) matched List<ICertificateHandler.FailCause> failCauses = new ArrayList<ICertificateHandler.FailCause>(); // perform trust check of JVM trust manager try { jvmTrustManager.checkServerTrusted(chain, authType); } catch (CertificateException ce) { if (ce instanceof CertificateExpiredException) { failCauses.add(FailCause.CertificateExpired); } else if (ce instanceof CertificateNotYetValidException) { failCauses.add(FailCause.CertificateNotYetValid); } else { X500Principal issuerX500Principal = chain[0].getIssuerX500Principal(); X500Principal subjectX500Principal = chain[0].getSubjectX500Principal(); if (issuerX500Principal.equals(subjectX500Principal)) { failCauses.add(FailCause.SelfSignedCertificate); } else { failCauses.add(FailCause.NoValidCertificationPath); } try { chain[0].checkValidity(); } catch (CertificateException ve) { if (ve instanceof CertificateExpiredException) { failCauses.add(FailCause.CertificateExpired); } else if (ve instanceof CertificateNotYetValidException) { failCauses.add(FailCause.CertificateNotYetValid); } } } } // perform host name verification try { BrowserCompatHostnameVerifier hostnameVerifier = new BrowserCompatHostnameVerifier(); hostnameVerifier.verify(host, chain[0]); } catch (SSLException ce) { failCauses.add(FailCause.HostnameVerificationFailed); } if (!failCauses.isEmpty()) { // either trust check or host name verification // ask for confirmation ICertificateHandler ch = ConnectionCorePlugin.getDefault().getCertificateHandler(); ICertificateHandler.TrustLevel trustLevel = ch.verifyTrustLevel(host, chain, failCauses); switch (trustLevel) { case Permanent: ConnectionCorePlugin.getDefault().getPermanentTrustStoreManager().addCertificate(chain[0]); break; case Session: ConnectionCorePlugin.getDefault().getSessionTrustStoreManager().addCertificate(chain[0]); break; case Not: throw new CertificateException(Messages.error__untrusted_certificate); } } }