Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
- if (chain == null) {
- throw new IllegalArgumentException(
- "checkServerTrusted: X509Certificate array is null");
- }
- if (!(chain.length > 0)) {
- throw new IllegalArgumentException(
- "checkServerTrusted: X509Certificate is empty");
- }
- // Perform customary SSL/TLS checks
- TrustManagerFactory tmf;
- try {
- tmf = TrustManagerFactory.getInstance("X509");
- tmf.init((KeyStore) null);
- for (TrustManager trustManager : tmf.getTrustManagers()) {
- ((X509TrustManager) trustManager).checkServerTrusted(
- chain, authType);
- }
- } catch (Exception e) {
- throw new CertificateException(e.toString());
- }
- // Hack ahead: BigInteger and toString(). We know a DER encoded Public
- // Key starts with 0x30 (ASN.1 SEQUENCE and CONSTRUCTED), so there is
- // no leading 0x00 to drop.
- RSAPublicKey pubkey = (RSAPublicKey) chain[0].getPublicKey();
- // String encoded = new BigInteger(1 /* positive */, pubkey.getEncoded())
- // .toString(16);
- String encoded = null;
- try {
- encoded = new String(Base64.encode(pubkey.getEncoded(), Base64.DEFAULT),"UTF-8");
- } catch (UnsupportedEncodingException e) {
- e.printStackTrace();
- }
- // Pin it!
- final boolean expected = publicKey.equalsIgnoreCase(encoded);
- // fail if expected public key is different from our public key
- if (!expected) {
- throw new CertificateException(
- "Not trusted");
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement