private void checkCertificateChain()

in core/src/main/java/com/google/cloud/sql/core/InstanceCheckingTrustManger.java [110:139]

• 21 lines of code
• 6 McCabe index (conditional complexity)

  private void checkCertificateChain(X509Certificate[] chain) throws CertificateException {
    if (chain.length == 0) {
      throw new CertificateException("No server certificates in chain");
    }
    if (chain[0].getSubjectX500Principal() == null) {
      throw new CertificateException("Subject is missing");
    }

    final String dns;
    if (!Strings.isNullOrEmpty(instanceMetadata.getInstanceName().getDomainName())) {
      // If the connector is configured using a DNS name, validate the DNS name from the connector
      // config.
      dns = instanceMetadata.getInstanceName().getDomainName();
    } else if (!Strings.isNullOrEmpty(instanceMetadata.getDnsName())) {
      // If the connector is configured with an instance name, validate the DNS name from
      // the instance metadata.
      dns = instanceMetadata.getDnsName();
    } else {
      dns = null;
    }

    // If the instance metadata does not contain a domain name, and the connector was not
    // configured with a domain name, use legacy CN validation.
    if (dns == null) {
      checkCn(chain);
    } else {
      // If there is a DNS name, check the Subject Alternative Names.
      checkSan(dns, chain);
    }
  }