private void checkCNWhite()

in foundations/foundation-ssl/src/main/java/org/apache/servicecomb/foundation/ssl/TrustManagerExt.java [213:258]

• 45 lines of code
• 10 McCabe index (conditional complexity)

  private void checkCNWhite(X509Certificate[] chain) throws CertificateException {
    if (option.isCheckCNWhite()) {
      FileInputStream fis = null;
      InputStreamReader reader = null;
      try {
        String white = option.getCheckCNWhiteFile();
        white = custom.getFullPath(white);
        fis = new FileInputStream(white);
        reader = new InputStreamReader(fis, StandardCharsets.UTF_8);
        char[] buffer = new char[WHITE_SIZE];
        int len = reader.read(buffer);
        String[] cns = new String(buffer, 0, len).split("\\s+");
        X509Certificate owner = CertificateUtil.findOwner(chain);
        Set<String> certCN = CertificateUtil.getCN(owner);
        for (String c : cns) {
          if (cnValid(certCN, c)) {
            return;
          }
        }
      } catch (FileNotFoundException e) {
        throw new CertificateException(
            "CN does not match white. no white file.");
      } catch (IOException e) {
        throw new CertificateException(
            "CN does not match white. can not read file.");
      } finally {
        try {
          if (reader != null) {
            reader.close();
          }
        } catch (IOException e) {
          ignore();
        }
        try {
          if (fis != null) {
            fis.close();
          }
        } catch (IOException e) {
          ignore();
        }
      }

      LOG.error("CN does not match white.");
      throw new CertificateException("CN does not match white.");
    }
  }