summaryrefslogtreecommitdiffstats
path: root/src/org/apache/http
diff options
context:
space:
mode:
Diffstat (limited to 'src/org/apache/http')
-rw-r--r--src/org/apache/http/conn/ssl/AbstractVerifier.java36
1 files changed, 4 insertions, 32 deletions
diff --git a/src/org/apache/http/conn/ssl/AbstractVerifier.java b/src/org/apache/http/conn/ssl/AbstractVerifier.java
index 723d806..deda1d0 100644
--- a/src/org/apache/http/conn/ssl/AbstractVerifier.java
+++ b/src/org/apache/http/conn/ssl/AbstractVerifier.java
@@ -44,10 +44,10 @@ import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
-import java.util.StringTokenizer;
import java.util.logging.Logger;
import java.util.logging.Level;
+import javax.net.ssl.DistinguishedNameParser;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
@@ -202,38 +202,10 @@ public abstract class AbstractVerifier implements X509HostnameVerifier {
}
public static String[] getCNs(X509Certificate cert) {
- LinkedList<String> cnList = new LinkedList<String>();
- /*
- Sebastian Hauer's original StrictSSLProtocolSocketFactory used
- getName() and had the following comment:
+ DistinguishedNameParser dnParser =
+ new DistinguishedNameParser(cert.getSubjectX500Principal());
+ List<String> cnList = dnParser.getAllMostSpecificFirst("cn");
- Parses a X.500 distinguished name for the value of the
- "Common Name" field. This is done a bit sloppy right
- now and should probably be done a bit more according to
- <code>RFC 2253</code>.
-
- I've noticed that toString() seems to do a better job than
- getName() on these X500Principal objects, so I'm hoping that
- addresses Sebastian's concern.
-
- For example, getName() gives me this:
- 1.2.840.113549.1.9.1=#16166a756c6975736461766965734063756362632e636f6d
-
- whereas toString() gives me this:
- EMAILADDRESS=juliusdavies@cucbc.com
-
- Looks like toString() even works with non-ascii domain names!
- I tested it with "&#x82b1;&#x5b50;.co.jp" and it worked fine.
- */
- String subjectPrincipal = cert.getSubjectX500Principal().toString();
- StringTokenizer st = new StringTokenizer(subjectPrincipal, ",");
- while(st.hasMoreTokens()) {
- String tok = st.nextToken();
- int x = tok.indexOf("CN=");
- if(x >= 0) {
- cnList.add(tok.substring(x + 3));
- }
- }
if(!cnList.isEmpty()) {
String[] cns = new String[cnList.size()];
cnList.toArray(cns);