DaneVerifier (MiniDNS 0.3.2 API)

java.lang.Object
- org.minidns.dane.DaneVerifier

```
public class DaneVerifier
extends Object
```
A helper class to validate the usage of TLSA records.

Constructor Summary

Constructors
Constructor and Description

DaneVerifier()

DaneVerifier(AbstractDnsClient client)

Constructors
Constructor and Description
`DaneVerifier()`
`DaneVerifier(AbstractDnsClient client)`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`HttpsURLConnection`	`verifiedConnect(HttpsURLConnection conn)` Invokes `URLConnection.connect()` in a DANE verified fashion.
`HttpsURLConnection`	`verifiedConnect(HttpsURLConnection conn, X509TrustManager trustManager)` Invokes `URLConnection.connect()` in a DANE verified fashion.
`boolean`	`verify(SSLSession session)` Verifies the certificate chain in an active `SSLSession`.
`boolean`	`verify(SSLSocket socket)` Verifies the certificate chain in an active `SSLSocket`.
`boolean`	`verifyCertificateChain(X509Certificate[] chain, String hostName, int port)` Verifies a certificate chain to be valid when used with the given connection details using DANE.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - DaneVerifier
```
public DaneVerifier()
```
  - DaneVerifier
```
public DaneVerifier(AbstractDnsClient client)
```
- Method Detail
  - verify
```
public boolean verify(SSLSocket socket)
               throws CertificateException
```
    Verifies the certificate chain in an active SSLSocket. The socket must be connected.
    
    Parameters:
    
    socket - A connected SSLSocket whose certificate chain shall be verified using DANE.
    
    Returns:
    
    Whether the DANE verification is the only requirement according to the TLSA record. If this method returns false, additional PKIX validation is required.
    
    Throws:
    
    CertificateException - if the certificate chain provided differs from the one enforced using DANE.
  - verify
```
public boolean verify(SSLSession session)
               throws CertificateException
```
    Verifies the certificate chain in an active SSLSession.
    
    Parameters:
    
    session - An active SSLSession whose certificate chain shall be verified using DANE.
    
    Returns:
    
    Whether the DANE verification is the only requirement according to the TLSA record. If this method returns false, additional PKIX validation is required.
    
    Throws:
    
    CertificateException - if the certificate chain provided differs from the one enforced using DANE.
  - verifyCertificateChain
```
public boolean verifyCertificateChain(X509Certificate[] chain,
                                      String hostName,
                                      int port)
                               throws CertificateException
```
    Verifies a certificate chain to be valid when used with the given connection details using DANE.
    
    Parameters:
    
    chain - A certificate chain that should be verified using DANE.
    
    hostName - The DNS name of the host this certificate chain belongs to.
    
    port - The port number that was used to reach the server providing the certificate chain in question.
    
    Returns:
    
    Whether the DANE verification is the only requirement according to the TLSA record. If this method returns false, additional PKIX validation is required.
    
    Throws:
    
    CertificateException - if the certificate chain provided differs from the one enforced using DANE.
  - verifiedConnect
```
public HttpsURLConnection verifiedConnect(HttpsURLConnection conn)
                                   throws IOException,
                                          CertificateException
```
    Invokes URLConnection.connect() in a DANE verified fashion. This method must be called before URLConnection.connect() is invoked. If a SSLSocketFactory was set on this HttpsURLConnection, it will be ignored. You can use verifiedConnect(HttpsURLConnection, X509TrustManager) to inject a custom TrustManager.
    
    Parameters:
    
    conn - connection to be connected.
    
    Returns:
    
    The HttpsURLConnection after being connected.
    
    Throws:
    
    IOException - when the connection could not be established.
    
    CertificateException - if there was an exception while verifying the certificate.
  - verifiedConnect
```
public HttpsURLConnection verifiedConnect(HttpsURLConnection conn,
                                          X509TrustManager trustManager)
                                   throws IOException,
                                          CertificateException
```
    Invokes URLConnection.connect() in a DANE verified fashion. This method must be called before URLConnection.connect() is invoked. If a SSLSocketFactory was set on this HttpsURLConnection, it will be ignored.
    
    Parameters:
    
    conn - connection to be connected.
    
    trustManager - A non-default TrustManager to be used.
    
    Returns:
    
    The HttpsURLConnection after being connected.
    
    Throws:
    
    IOException - when the connection could not be established.
    
    CertificateException - if there was an exception while verifying the certificate.

Class DaneVerifier

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

DaneVerifier

DaneVerifier

Method Detail

verify

verify

verifyCertificateChain

verifiedConnect

verifiedConnect