/**
* Checks the site certificate against the DNS domain name of the site being
* visited
*
* @param certificate
* The certificate to check
* @param thisDomain
* The DNS domain name of the site being visited
* @return True iff if there is a domain match as specified by RFC2818
*/
private static boolean matchDns(X509Certificate certificate, String thisDomain) {
boolean hasDns = false;
try {
Collection<List<?>> subjectAltNames = certificate.getSubjectAlternativeNames();
if (subjectAltNames != null) {
for (List<?> altNameEntry : subjectAltNames) {
if ((altNameEntry != null) && (2 <= altNameEntry.size())) {
Integer altNameType = (Integer)(altNameEntry.get(0));
if (altNameType != null && altNameType.intValue() == ALT_DNS_NAME) {
hasDns = true;
String altName = (String)(altNameEntry.get(1));
if (altName != null && matchDns(thisDomain, altName)) {
return true;
}
}
}
}
}
} catch (CertificateParsingException e) {
// one way we can get here is if an alternative name starts with
// '*' character, which is contrary to one interpretation of the
// spec (a valid DNS name must start with a letter); there is no
// good way around this, and in order to be compatible we proceed
// to check the common name (ie, ignore alternative names)
if (K9.DEBUG) {
String errorMessage = e.getMessage();
if (errorMessage == null) {
errorMessage = "failed to parse certificate";
}
Log.v(K9.LOG_TAG, "DomainNameChecker.matchDns(): "
+ errorMessage);
}
}
if (!hasDns) {
SslCertificate sslCertificate = new SslCertificate(certificate);
return matchDns(thisDomain, sslCertificate.getIssuedTo().getCName());
}
return false;
}
DomainNameChecker.java 文件源码
java
阅读 27
收藏 0
点赞 0
评论 0
项目:k-9
作者:
评论列表
文章目录
