private void checkCNHost()

in foundations/foundation-ssl/src/main/java/org/apache/servicecomb/foundation/ssl/TrustManagerExt.java [168:202]

• 34 lines of code
• 10 McCabe index (conditional complexity)

  private void checkCNHost(X509Certificate[] chain, String ip) throws CertificateException {
    if (option.isCheckCNHost()) {
      X509Certificate owner = CertificateUtil.findOwner(chain);
      Set<String> cns = CertificateUtil.getCN(owner);
      String ipTmp = ip == null ? custom.getHost() : ip;
      // 从本机来的请求， 只要CN与本机的任何一个IP地址匹配即可
      if ("127.0.0.1".equals(ipTmp)) {
        try {
          Enumeration<NetworkInterface> interfaces =
              NetworkInterface.getNetworkInterfaces();
          if (interfaces != null) {
            while (interfaces.hasMoreElements()) {
              NetworkInterface nif = interfaces.nextElement();
              Enumeration<InetAddress> ias = nif.getInetAddresses();
              while (ias.hasMoreElements()) {
                InetAddress ia = ias.nextElement();
                String local = ia.getHostAddress();
                if (cnValid(cns, local)) {
                  return;
                }
              }
            }
          }
        } catch (SocketException e) {
          throw new CertificateException("Get local address fail.");
        }
      } else if (cnValid(cns, ipTmp)) {
        return;
      }
      LOG.error("CN does not match IP: e=" + cns
          + ",t=" + ip);
      throw new CertificateException("CN does not match IP: e=" + cns
          + ",t=" + ip);
    }
  }