< prev index next >
src/java.base/share/classes/sun/security/util/HostnameChecker.java
Print this page
*** 33,45 ****
import java.util.*;
import javax.security.auth.x500.X500Principal;
import javax.net.ssl.SNIHostName;
import sun.net.util.IPAddressUtil;
- import sun.security.ssl.ClientKeyExchangeService;
- import sun.security.ssl.Debug;
import sun.security.x509.X500Name;
/**
* Class to check hostnames against the names specified in a certificate as
* required for TLS and LDAP.
*
--- 33,44 ----
import java.util.*;
import javax.security.auth.x500.X500Principal;
import javax.net.ssl.SNIHostName;
import sun.net.util.IPAddressUtil;
import sun.security.x509.X500Name;
+ import sun.security.ssl.SSLLogger;
/**
* Class to check hostnames against the names specified in a certificate as
* required for TLS and LDAP.
*
*** 58,69 ****
// constants for subject alt names of type DNS and IP
private static final int ALTNAME_DNS = 2;
private static final int ALTNAME_IP = 7;
- private static final Debug debug = Debug.getInstance("ssl");
-
// the algorithm to follow to perform the check. Currently unused.
private final byte checkType;
private HostnameChecker(byte checkType) {
this.checkType = checkType;
--- 57,66 ----
*** 116,131 ****
--- 113,131 ----
/**
* Return the Server name from Kerberos principal.
*/
public static String getServerName(Principal principal) {
+ /*
ClientKeyExchangeService p =
ClientKeyExchangeService.find("KRB5");
if (p == null) {
throw new AssertionError("Kerberos should have been available");
}
return p.getServiceHostName(principal);
+ */
+ return null;
}
/**
* Test whether the given hostname looks like a literal IPv4 or IPv6
* address. The hostname does not need to be a fully qualified name.
*** 314,325 ****
*/
private static boolean hasIllegalWildcard(String domain, String template,
boolean chainsToPublicCA) {
// not ok if it is a single wildcard character or "*."
if (template.equals("*") || template.equals("*.")) {
! if (debug != null) {
! debug.println("Certificate domain name has illegal single " +
"wildcard character: " + template);
}
return true;
}
--- 314,326 ----
*/
private static boolean hasIllegalWildcard(String domain, String template,
boolean chainsToPublicCA) {
// not ok if it is a single wildcard character or "*."
if (template.equals("*") || template.equals("*.")) {
! if (SSLLogger.isOn) {
! SSLLogger.fine(
! "Certificate domain name has illegal single " +
"wildcard character: " + template);
}
return true;
}
*** 333,344 ****
String afterWildcard = template.substring(lastWildcardIndex);
int firstDotIndex = afterWildcard.indexOf(".");
// not ok if there is no dot after wildcard (ex: "*com")
if (firstDotIndex == -1) {
! if (debug != null) {
! debug.println("Certificate domain name has illegal wildcard, " +
"no dot after wildcard character: " + template);
}
return true;
}
--- 334,346 ----
String afterWildcard = template.substring(lastWildcardIndex);
int firstDotIndex = afterWildcard.indexOf(".");
// not ok if there is no dot after wildcard (ex: "*com")
if (firstDotIndex == -1) {
! if (SSLLogger.isOn) {
! SSLLogger.fine(
! "Certificate domain name has illegal wildcard, " +
"no dot after wildcard character: " + template);
}
return true;
}
*** 352,363 ****
.filter(d -> d.type() == RegisteredDomain.Type.ICANN);
if (rd.isPresent()) {
String wDomain = afterWildcard.substring(firstDotIndex + 1);
if (rd.get().publicSuffix().equalsIgnoreCase(wDomain)) {
! if (debug != null) {
! debug.println("Certificate domain name has illegal " +
"wildcard for public suffix: " + template);
}
return true;
}
}
--- 354,366 ----
.filter(d -> d.type() == RegisteredDomain.Type.ICANN);
if (rd.isPresent()) {
String wDomain = afterWildcard.substring(firstDotIndex + 1);
if (rd.get().publicSuffix().equalsIgnoreCase(wDomain)) {
! if (SSLLogger.isOn) {
! SSLLogger.fine(
! "Certificate domain name has illegal " +
"wildcard for public suffix: " + template);
}
return true;
}
}
< prev index next >