Oracle Fusion Middleware
Oracle WebLogic Server API Reference
11g Release 1 (10.3.6)

Part Number E13941-06

weblogic.security.utils
Class SSLWLSWildcardHostnameVerifier

java.lang.Object
  extended by weblogic.security.utils.SSLWLSHostnameVerifier.DefaultHostnameVerifier
      extended by weblogic.security.utils.SSLWLSWildcardHostnameVerifier
All Implemented Interfaces:
HostnameVerifier

public class SSLWLSWildcardHostnameVerifier
extends SSLWLSHostnameVerifier.DefaultHostnameVerifier

The SSLWLSHostnameVerifier is called for hostname verification and will apply hostname verification checks configured for Weblogic.

This hostname verifier is instantiated by the WebLogic hostname verifier wrapper that checks for proxies, expectedName, etc. It obtains this hostname verifier class name from the SSLMBean or the hostname verifier property.


Method Summary
 boolean verify(String urlhostname, SSLSession session)
          Verify peer hostname against peer certificate of the SSL session, allowing wildcarded certificates.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Method Detail

verify

public boolean verify(String urlhostname,
                      SSLSession session)
Verify peer hostname against peer certificate of the SSL session, allowing wildcarded certificates. Hostname verification has two phases:

Verification with Wildcarding

If the peer certificate of the SSL session's peer certificate SubjectDN CommonName attribute supports wildcarding, the CommonName attribute must meet the following:

In addition, the non-wildcarded portion of the CommonName attribute must equal domain portion of the urlhostname parameter, in a case-sensitive String comparison. The domain portion of the urlhostname parameter string is the urlhostname substring left after the 'hostname' substring is removed. The 'hostname' portion of the urlhostname is the substring up to and excluding the first '.' of the urlhostname parameter string. For example:

DNSNames obtained from the peer certificate's SubjectAlternativeNames extension may not be wildcarded.

Verification without Wildcarding

If wildcarded hostname verification fails, this method performs non-wildcarded verification as described for weblogic.security.utils.SSLWLSHostnameVerifier

Specified by:
verify in interface HostnameVerifier
Overrides:
verify in class SSLWLSHostnameVerifier.DefaultHostnameVerifier
Parameters:
urlhostname - Hostname of the system which is servicing the request.
session - SSL session of the current SSL handshake
Returns:
Returns true if hostname verification succeeds, false if not.
See Also:
SSLWLSHostnameVerifier

Copyright 1996, 2011, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

Oracle Fusion Middleware
Oracle WebLogic Server API Reference
11g Release 1 (10.3.6)

Part Number E13941-06