Java 类org.apache.http.conn.ssl.BrowserCompatHostnameVerifier 实例源码

public AbstractRestTemplateClient ignoreAuthenticateServer() {
    //backward compatible with android httpclient 4.3.x
    if(restTemplate.getRequestFactory() instanceof HttpComponentsClientHttpRequestFactory) {
        try {
            SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustSelfSignedStrategy()).build();
            X509HostnameVerifier verifier = ignoreSslWarning ? new AllowAllHostnameVerifier() : new BrowserCompatHostnameVerifier();
            SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext, verifier);
            HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build();
            ((HttpComponentsClientHttpRequestFactory)restTemplate.getRequestFactory()).setHttpClient(httpClient);
        } catch (Exception e) {
            e.printStackTrace();
        }
    } else {
        Debug.error("the request factory " + restTemplate.getRequestFactory().getClass().getName() + " does not support ignoreAuthenticateServer");
    }
    return this;
}

public static AdvancedSslSocketFactory getAdvancedSslSocketFactory(Context context) 
        throws GeneralSecurityException, IOException {
    if (mAdvancedSslSocketFactory  == null) {
        KeyStore trustStore = getKnownServersStore(context);
        AdvancedX509TrustManager trustMgr = new AdvancedX509TrustManager(trustStore);
        TrustManager[] tms = new TrustManager[] { trustMgr };

        SSLContext sslContext;
        try {
            sslContext = SSLContext.getInstance("TLSv1.2");
        } catch (NoSuchAlgorithmException e) {
            Log_OC.w(TAG, "TLSv1.2 is not supported in this device; falling through TLSv1.0");
            sslContext = SSLContext.getInstance("TLSv1");
            // should be available in any device; see reference of supported protocols in 
            // http://developer.android.com/reference/javax/net/ssl/SSLSocket.html
        }
        sslContext.init(null, tms, null);

        mHostnameVerifier = new BrowserCompatHostnameVerifier();
        mAdvancedSslSocketFactory = new AdvancedSslSocketFactory(sslContext, trustMgr, mHostnameVerifier);
    }
    return mAdvancedSslSocketFactory;
}

@Test
@SuppressWarnings("deprecation")
public void testSSLSystemProperties() {
  try {
    SSLTestConfig.setSSLSystemProperties();
    assertNotNull("HTTPS scheme could not be created using the javax.net.ssl.* system properties.", 
        HttpClientUtil.createClient(null).getConnectionManager().getSchemeRegistry().get("https"));

    System.clearProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME);
    assertEquals(BrowserCompatHostnameVerifier.class, getHostnameVerifier(HttpClientUtil.createClient(null)).getClass());

    System.setProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME, "true");
    assertEquals(BrowserCompatHostnameVerifier.class, getHostnameVerifier(HttpClientUtil.createClient(null)).getClass());

    System.setProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME, "");
    assertEquals(BrowserCompatHostnameVerifier.class, getHostnameVerifier(HttpClientUtil.createClient(null)).getClass());

    System.setProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME, "false");
    assertEquals(AllowAllHostnameVerifier.class, getHostnameVerifier(HttpClientUtil.createClient(null)).getClass());
  } finally {
    SSLTestConfig.clearSSLSystemProperties();
    System.clearProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME);
  }
}

/**
 * During handshaking, if the URL's hostname and the server's identification hostname mismatch,
 * the verification mechanism can call back to this verifier to make a decision.
 *
 * @return {@link javax.net.ssl.HostnameVerifier} implementation instance according to connector's config.
 */
private HostnameVerifier getHostnameVerifier() {
    if (getConnectorConfig().isHostVerificationEnabled()) {
        return new BrowserCompatHostnameVerifier();
    }
    return new AllowAllHostnameVerifier();
}

public String testHostname(String hostname, SSLCertChain certChain) {
    String result = null;
    String testingCN = null;
    try {
        List<X509Certificate> certList = certChain.getCertificateList();
        String[] cnList = new String[certList.size()];
        Iterator<X509Certificate> i = certList.iterator();

        for (int count = 0; i.hasNext(); ++count) {
            String dn = ((X509Certificate) i.next()).getSubjectDN().getName();
            int cnIndex = dn.indexOf("CN=") + 3;
            if (cnIndex < 0) {
                LOG.log(Level.FINE, "Hostname not found in certificate " + dn);
                continue;
            }
            int cnEndIndex = dn.indexOf(',', cnIndex);
            String cn = (cnEndIndex < 0 ? dn.substring(cnIndex + 3)
                    : dn.substring(cnIndex + 3, cnEndIndex));

            // Also remove the *.
            if (cn.startsWith("*.")) {
                cn = cn.substring(2);
            }

            cnList[count] = cn;

            // I think it is unlikely there are ever multiple certs coming in here.
            testingCN = cn;
        }
        BrowserCompatHostnameVerifier verifier = new BrowserCompatHostnameVerifier();
        verifier.verify(hostname, cnList, null);
    } catch (SSLException e) {
        if (testingCN != null) {
            result = "Host name " + hostname
                    + " is not equal to the certificate issuer's \nhost name "
                    + testingCN;
        }
        LOG.log(Level.FINE, e.getMessage(), e);
    }
    return result;
}