public
final
class
MAMCertificatePinningManager
extends Object| java.lang.Object | |
| ↳ | com.microsoft.intune.mam.client.app.MAMCertificatePinningManager |
Class Overview
The MAMCertificatePinningManager has methods to enable certificate pinning for apps, according to the Intune cert pinning configuration received from the MAM Service.
Summary
| Public Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| static SSLContext |
getPinningSSLContext(String identity, URL url)
This method is deprecated.
Use
getPinningSSLContextForOID(String, URL).
| ||||||||||
| static SSLContext |
getPinningSSLContextForOID(String oid, URL url)
Get a SSLContext that can be used with a custom SSLSocketFactory implementation.
| ||||||||||
| static SSLSocketFactory |
getPinningSocketFactory(String identity, URL url)
This method is deprecated.
Use
getPinningSocketFactoryForOID(String, URL).
| ||||||||||
| static SSLSocketFactory |
getPinningSocketFactoryForOID(String oid, URL url)
Get a SSLSocketFactory used to configure HTTPS connection objects.
| ||||||||||
| static void |
validatePins(X509Certificate[] chain, String identity, URL url)
This method is deprecated.
Use
validatePinsForOID(X509Certificate[], String, URL).
| ||||||||||
| static void |
validatePinsForOID(X509Certificate[] chain, String oid, URL url)
Validate the given chain using the pinning configuration for the given identity and URL.
| ||||||||||
|
[Expand]
Inherited Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
From class
java.lang.Object
| |||||||||||
Public Methods
public static SSLContext getPinningSSLContext (String identity, URL url)
This method is deprecated.
Use getPinningSSLContextForOID(String, URL).
Get a SSLContext that can be used with a custom SSLSocketFactory implementation.
Parameters
| identity | UPN of the identity of the account using the connection. Pass null to use the current thread identity. |
|---|---|
| url | The URL to be connected, used to choose the correct pins. |
Returns
- a SSLContext instance configured for pinning.
Throws
| GeneralSecurityException | Thrown on failure to create the SSLContext. See Android docs for SSLContext.getInstance() and SSLContext.init() for more details. |
|---|
public static SSLContext getPinningSSLContextForOID (String oid, URL url)
Get a SSLContext that can be used with a custom SSLSocketFactory implementation.
Parameters
| oid | AAD OID of the identity of the account using the connection. Pass null to use the current thread identity. Pass an empty string for any account that doesn't have an OID (e.g. personal accounts). |
|---|---|
| url | The URL to be connected, used to choose the correct pins. |
Returns
- a SSLContext instance configured for pinning.
Throws
| GeneralSecurityException | Thrown on failure to create the SSLContext. See Android docs for SSLContext.getInstance() and SSLContext.init() for more details. |
|---|
public static SSLSocketFactory getPinningSocketFactory (String identity, URL url)
This method is deprecated.
Use getPinningSocketFactoryForOID(String, URL).
Get a SSLSocketFactory used to configure HTTPS connection objects.
Parameters
| identity | UPN of the identity of the account using the connection. Pass null to use the current thread identity. |
|---|---|
| url | The URL to be connected, used to choose the correct pins. |
Returns
- a SSLSocketFactory instance configured for pinning.
Throws
| GeneralSecurityException | Thrown on failure to create the underlying SSLContext. See Android docs for SSLContext.getInstance() and SSLContext.init() for more details. |
|---|
public static SSLSocketFactory getPinningSocketFactoryForOID (String oid, URL url)
Get a SSLSocketFactory used to configure HTTPS connection objects.
Parameters
| oid | AAD OID of the identity of the account using the connection. Pass null to use the current thread identity. Pass an empty string for any account that doesn't have an OID (e.g. personal accounts). |
|---|---|
| url | The URL to be connected, used to choose the correct pins. |
Returns
- a SSLSocketFactory instance configured for pinning.
Throws
| GeneralSecurityException | Thrown on failure to create the underlying SSLContext. See Android docs for SSLContext.getInstance() and SSLContext.init() for more details. |
|---|
public static void validatePins (X509Certificate[] chain, String identity, URL url)
This method is deprecated.
Use validatePinsForOID(X509Certificate[], String, URL).
Validate the given chain using the pinning configuration for the given identity and URL.
Parameters
| chain | The chain to validate. Note that the network stack validations should already have been performed. This method only does the additional pinning validation. |
|---|---|
| identity | UPN of the identity of the account using the connection. Pass null to use the current thread identity. |
| url | The URL to be connected, used to choose the correct pins. |
Throws
| CertificateException | thrown if chain is not valid. |
|---|
public static void validatePinsForOID (X509Certificate[] chain, String oid, URL url)
Validate the given chain using the pinning configuration for the given identity and URL.
Parameters
| chain | The chain to validate. Note that the network stack validations should already have been performed. This method only does the additional pinning validation. |
|---|---|
| oid | AAD OID of the identity of the account using the connection. Pass null to use the current thread identity. Pass an empty string for any account that doesn't have an OID (e.g. personal accounts). |
| url | The URL to be connected, used to choose the correct pins. |
Throws
| CertificateException | thrown if chain is not valid. |
|---|