Package org.conscrypt

Class CertPinManager

java.lang.Object

org.conscrypt.CertPinManager

public class CertPinManager
extends Object

This class provides a simple interface for cert pinning.

Constructor Summary

Constructors

Constructor	Description
CertPinManager(String path, TrustedCertificateStore store)	Test only
CertPinManager(TrustedCertificateStore store)

Method Summary

Modifier and Type	Method	Description
boolean	chainIsNotPinned(String hostname, List<X509Certificate> chain)	This is the public interface for cert pinning.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

CertPinManager

public CertPinManager(TrustedCertificateStore store)
               throws org.conscrypt.PinManagerException

Throws:

org.conscrypt.PinManagerException

CertPinManager

public CertPinManager(String path,
TrustedCertificateStore store)
               throws org.conscrypt.PinManagerException

Test only

Throws:

org.conscrypt.PinManagerException

Method Details

chainIsNotPinned

public boolean chainIsNotPinned(String hostname,
List<X509Certificate> chain)
                         throws org.conscrypt.PinManagerException

This is the public interface for cert pinning. Given a hostname and a certificate chain this verifies that the chain includes certs from the pinned list provided. If the chain doesn't include those certs and is in enforcing mode, then this method returns true and the certificate check should fail.

Throws:

org.conscrypt.PinManagerException