private List getSans()

in core/src/main/java/com/google/cloud/sql/core/InstanceCheckingTrustManger.java [165:195]

• 20 lines of code
• 7 McCabe index (conditional complexity)

  private List<String> getSans(X509Certificate cert) throws CertificateException {
    ArrayList<String> names = new ArrayList<>();

    Collection<List<?>> sanAsn1Field = cert.getSubjectAlternativeNames();
    if (sanAsn1Field == null) {
      return names;
    }

    for (List item : sanAsn1Field) {
      Integer type = (Integer) item.get(0);
      // RFC 5280 section 4.2.1.6.  "Subject Alternative Name"
      // describes the structure of subjectAlternativeName record.
      //   type == 0 means this contains an "otherName"
      //   type == 2 means this contains a "dNSName"
      if (type == 0 || type == 2) {
        Object value = item.get(1);
        if (value instanceof byte[]) {
          // This would only happen if the customer provided a non-standard JSSE encryption
          // provider. The standard JSSE providers all return a list of Strings for the SAN.
          // To handle this case, the project would need to add the BouncyCastle crypto library
          // as a dependency, and follow the example to decode an ASN1 SAN data structure:
          // https://stackoverflow.com/questions/30993879/retrieve-subject-alternative-names-of-x-509-certificate-in-java
          throw new UnsupportedOperationException(
              "Server certificate SAN field cannot be decoded.");
        } else if (value instanceof String) {
          names.add((String) value);
        }
      }
    }
    return names;
  }