Package org.apache.hadoop.hbase.io.crypto.tls

Class HBaseHostnameVerifier

java.lang.Object

org.apache.hadoop.hbase.io.crypto.tls.HBaseHostnameVerifier

All Implemented Interfaces:

HostnameVerifier

@Private
final class HBaseHostnameVerifier
extends Object
implements HostnameVerifier

When enabled in X509Util, handles verifying that the hostname of a peer matches the certificate it presents.

This file has been copied from the Apache ZooKeeper project.

See Also:

• Base revision

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
private static final class	HBaseHostnameVerifier.SubjectName	Note: copied from Apache httpclient with some minor modifications.

Field Summary

Fields

Modifier and Type	Field	Description
private static final org.slf4j.Logger	LOG

Constructor Summary

Constructors

Constructor	Description
HBaseHostnameVerifier()

Method Summary

Modifier and Type	Method	Description
private static String	extractCN(String subjectPrincipal)
private static List<HBaseHostnameVerifier.SubjectName>	getSubjectAltNames(X509Certificate cert)
private static void	matchCN(String host, String cn)
private static void	matchDNSName(String host, List<HBaseHostnameVerifier.SubjectName> subjectAlts)
private static boolean	matchIdentity(String host, String identity, boolean strict)
private static boolean	matchIdentityStrict(String host, String identity)
private static void	matchIPAddress(String host, InetAddress inetAddress, List<HBaseHostnameVerifier.SubjectName> subjectAlts)
private static Optional<InetAddress>	parseIpAddress(String host)
private static Optional<InetAddress>	parseIpAddressString(String host)
private static Optional<InetAddress>	parseIpAddressUriString(String host)
(package private) void	verify(String host, X509Certificate cert)
boolean	verify(String host, SSLSession session)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

LOG

private static final org.slf4j.Logger LOG

Constructor Details

HBaseHostnameVerifier

HBaseHostnameVerifier()

Method Details

verify

public boolean verify(String host,
 SSLSession session)

Specified by:

verify in interface HostnameVerifier

verify

void verify(String host,
 X509Certificate cert)
     throws SSLException

Throws:

SSLException

matchIPAddress

private static void matchIPAddress(String host,
 InetAddress inetAddress,
 List<HBaseHostnameVerifier.SubjectName> subjectAlts)
                            throws SSLException

Throws:

SSLException

matchDNSName

private static void matchDNSName(String host,
 List<HBaseHostnameVerifier.SubjectName> subjectAlts)
                          throws SSLException

Throws:

SSLException

matchCN

private static void matchCN(String host,
 String cn)
                     throws SSLException

Throws:

SSLException

matchIdentity

private static boolean matchIdentity(String host,
 String identity,
 boolean strict)

matchIdentityStrict

private static boolean matchIdentityStrict(String host,
 String identity)

extractCN

private static String extractCN(String subjectPrincipal)
                         throws SSLException

Throws:

SSLException

parseIpAddress

private static Optional<InetAddress> parseIpAddress(String host)

parseIpAddressUriString

private static Optional<InetAddress> parseIpAddressUriString(String host)

parseIpAddressString

private static Optional<InetAddress> parseIpAddressString(String host)

getSubjectAltNames

private static List<HBaseHostnameVerifier.SubjectName> getSubjectAltNames(X509Certificate cert)