weblogic.security.utils

Class SSLWLSHostnameVerifier.DefaultHostnameVerifier

java.lang.Object

weblogic.security.utils.SSLWLSHostnameVerifier.DefaultHostnameVerifier

All Implemented Interfaces:

HostnameVerifier

Direct Known Subclasses:

SSLWLSWildcardHostnameVerifier

Enclosing class:

SSLWLSHostnameVerifier

public static class SSLWLSHostnameVerifier.DefaultHostnameVerifier
extends Object
implements HostnameVerifier

The SSLWLSHostnameVerifier.DefaultHostnameVerifier is called for SSL hostname verification and will apply hostname verification checks during an SSL handshake. This is the default hostname verifier called by WebLogic. This class is used internally by Weblogic Server, and is documented for informational purposes only.

Method Summary

Modifier and Type	Method and Description
boolean	verify(String urlhostname, SSLSession session) Verify peer hostname against peer certificate of the SSL session.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

verify

public boolean verify(String urlhostname,
                      SSLSession session)

Verify peer hostname against peer certificate of the SSL session.

This method verifies the CommonName attribute of the peer certificate's SubjectDN or the DNSNames of the peer certificate's SubjectAlternativeNames extension against the urlhostname. The certificate attribute must (case insensitively) match the urlhostname.

The SubjectDN CommonName attribute is verified first, and if successful, the SubjectAlternativeNames attributes are not verified. If the peer certificate doesn't have a SubjectDN, or the SubjectDN doesn't have a CommonName attribute, then the SubjectAlternativeName attributes of type DNSNames are compared to the urlhostname. The first successful comparison to a DNSName causes this method to return true without comparing any other DNSNames.

To verify successfully the url hostname must be case-insensitively equal to the certificate attribute being compared.

Alternatively, this method will return true if one of the following is true:

• the SSL session's peer certificate is a WebLogic Demo certificate
• the SSL session's peer certificate's SubjectDN CommonName attribute is equal to the local machine's hostname AND the local machine's hostname or ip address matches the urlhostname parameter.
• the urlhostname parameter can be verified to be a loopback address or the local hostname.
• the SSL session's peer certificate is an Oracle Key Store Service (KSS) Demo certificate for the current Weblogic Server domain and Weblogic Server is enabled to use KSS Demo certificates.

Specified by:

verify in interface HostnameVerifier

Parameters:

urlhostname - Hostname of the system which is servicing the request.

session - SSL session of the current SSL handshake

Returns:

Returns true if hostname verifies successfully, false if it does not.