in core/src/main/java/com/google/cloud/sql/core/InstanceCheckingTrustManger.java [197:229]
private void checkCn(X509Certificate[] chain) throws CertificateException {
String cn = null;
try {
String subject = chain[0].getSubjectX500Principal().getName();
LdapName subjectName = new LdapName(subject);
for (Rdn rdn : subjectName.getRdns()) {
if ("CN".equals(rdn.getType())) {
cn = (String) rdn.getValue();
}
}
} catch (InvalidNameException e) {
throw new CertificateException("Exception parsing the server certificate subject field", e);
}
if (cn == null) {
throw new CertificateException("Server certificate subject does not contain a value for CN");
}
// parse CN from subject. CN always comes last in the list.
String instName =
this.instanceMetadata.getInstanceName().getProjectId()
+ ":"
+ this.instanceMetadata.getInstanceName().getInstanceId();
if (!instName.equals(cn)) {
throw new CertificateException(
"Server certificate CN does not match instance name. Server certificate CN="
+ cn
+ " Expected instance name: "
+ instName);
}
}