public final class

MAMCertificatePinningManager

extends Object
java.lang.Object
   ↳ com.microsoft.intune.mam.client.app.MAMCertificatePinningManager

Class Overview

The MAMCertificatePinningManager has methods to enable certificate pinning for apps, according to the Intune cert pinning configuration received from the MAM Service.

Summary

Public Methods
static SSLContext getPinningSSLContext(String identity, URL url)
Get a SSLContext that can be used with a custom SSLSocketFactory implementation.
static SSLSocketFactory getPinningSocketFactory(String identity, URL url)
Get a SSLSocketFactory used to configure HTTPS connection objects.
static void validatePins(X509Certificate[] chain, String identity, URL url)
Validate the given chain using the pinning configuration for the given identity and URL.
[Expand]
Inherited Methods
From class java.lang.Object

Public Methods

public static SSLContext getPinningSSLContext (String identity, URL url)

Get a SSLContext that can be used with a custom SSLSocketFactory implementation.

Parameters
identity The identity of the account using the connection. Pass null to use the current thread identity.
url The URL to be connected, used to choose the correct pins.
Returns
  • a SSLContext instance configured for pinning.
Throws
GeneralSecurityException Thrown on failure to create the SSLContext. See Android docs for SSLContext.getInstance() and SSLContext.init() for more details.

public static SSLSocketFactory getPinningSocketFactory (String identity, URL url)

Get a SSLSocketFactory used to configure HTTPS connection objects.

Parameters
identity The identity of the account using the connection. Pass null to use the current thread identity.
url The URL to be connected, used to choose the correct pins.
Returns
  • a SSLSocketFactory instance configured for pinning.
Throws
GeneralSecurityException Thrown on failure to create the underlying SSLContext. See Android docs for SSLContext.getInstance() and SSLContext.init() for more details.

public static void validatePins (X509Certificate[] chain, String identity, URL url)

Validate the given chain using the pinning configuration for the given identity and URL.

Parameters
chain The chain to validate. Note that the network stack validations should already have been performed. This method only does the additional pinning validation.
identity The identity of the account using the connection. Pass null to use the current thread identity.
url The URL to be connected, used to choose the correct pins.
Throws
CertificateException thrown if chain is not valid.