Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  /*
   * @(#) $Id: $
   * 
   * Copyright 2009/2010 by sIT Solutions, A-1110 Wien, Geiselbergstr.21-25. All rights reserved.
   */
  package at.spardat.xma.boot.comp;
  
 import java.util.List;
 import java.util.Set;
 
 
 
 public class Pinning509TrustManager implements X509TrustManager {
 
     private static Logger log_;
     private static Pinning509TrustManager instance;
     
     private final X509TrustManager defaultX509TrustManager;
 
 
          = Logger.getLogger("boot.appManager"); //$NON-NLS-1$
 
         TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
         tmf.init((KeyStorenull);
         TrustManager tms[] = tmf.getTrustManagers();
 
         /*
          * Iterate over the returned trustmanagers, look for an instance of X509TrustManager. If found, use that as our
          * "default" trust manager.
          */
         X509TrustManager x509tm = null;
         for (TrustManager tm : tms) {
             if (tm instanceof X509TrustManager) {
                 x509tm = (X509TrustManagertm;
                 break;
             }
         }
         if (x509tm == null) {
             throw new RuntimeException("No default 509 trust manager found");
         }
          = x509tm;
     }
     
     public static synchronized Pinning509TrustManager getInstance() {
         if ( == null) {
             try {
                  = new Pinning509TrustManager();
                 SSLContext context = SSLContext.getInstance("TLS");
                 context.init(nullnew TrustManager[] {  }, null);
                 HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
             } catch (Exception e) {
                 .log(."Error setting trust manager"e);
                 throw new RuntimeException("Error setting trust manager"e);
             }
         }
         return ;
     }
 
         return ;
     }
 
     public void checkClientTrusted(X509Certificate[] chainString authTypethrows CertificateException {
         .checkClientTrusted(chainauthType);
     }
 
     public void checkServerTrusted(X509Certificate[] chainString authTypethrows CertificateException {
         .checkServerTrusted(chainauthType);
         .add(chain[0]);
     }
 
     public X509Certificate[] getAcceptedIssuers() {
         return .getAcceptedIssuers();
     }
 
     public void checkCertificatePinning(XMAApp appthrows BootRuntimeException {
         Iterator<X509Certificateiterator = getServerCertificateSet().iterator();
         while (iterator.hasNext()) {
            X509Certificate cert = iterator.next();
            checkCertificate(certapp);
            iterator.remove();
        }
    }
    private void checkCertificate(X509Certificate certXMAApp appthrows BootRuntimeException {
        List<XMASSLRestrictionsslRestriction = app.getSSLRestriction();
        if (!sslRestriction.isEmpty()) {
            String server = app.getApplicationDescrURI().getServer();
            String issuerDn = cert.getIssuerDN().getName();
            String subjectDN = cert.getSubjectDN().getName();
            for (XMASSLRestriction restriction : sslRestriction) {
                boolean hostNameMatches = true;
                if (restriction.getHostname() != null) {
                    HostnameVerifierImpl verifier = new HostnameVerifierImpl(restriction.getHostname());
                    hostNameMatches = verifier.verify(server);
                }
                if (hostNameMatches && restriction.matchesIssuer(issuerDn) && restriction.matchesSubject(subjectDN)) {
                    return;
                }
            }
            .log(."SSL certificate pinning failed, certificate not accepted: \n{0}"cert);
            throw new BootRuntimeException(BRTCodes.getText(.),
                    "SLL Certificate Pinning Error"server).setCode(.);
        }
    }
New to GrepCode? Check out our FAQ X