Public Key Pinning

PubKeyManager.java

public final class PubKeyManager implements X509TrustManager {

private String publicKey;

public PubKeyManager(String publicKey) {
 this.publicKey = publicKey;
 }

public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
 if (chain == null) {
 throw new IllegalArgumentException(
 “checkServerTrusted: X509Certificate array is null”);
 }
 if (!(chain.length > 0)) {
 throw new IllegalArgumentException(
 “checkServerTrusted: X509Certificate is empty”);
 }

// Perform customary SSL/TLS checks
 TrustManagerFactory tmf;
 try {
 tmf = TrustManagerFactory.getInstance(“X509”);
 tmf.init((KeyStore) null);

for (TrustManager trustManager : tmf.getTrustManagers()) {
 ((X509TrustManager) trustManager).checkServerTrusted(
 chain, authType);
 }

} catch (Exception e) {
 throw new CertificateException(e.toString());
 }

// Hack ahead: BigInteger and toString(). We know a DER encoded Public
 // Key starts with 0x30 (ASN.1 SEQUENCE and CONSTRUCTED), so there is
 // no leading 0x00 to drop.
 RSAPublicKey pubkey = (RSAPublicKey) chain[0].getPublicKey();
 String encoded = new BigInteger(1 /* positive */, pubkey.getEncoded())
 .toString(16);

// Pin it!
 final boolean expected = publicKey.equalsIgnoreCase(encoded);
 // fail if expected public key is different from our public key
 if (!expected) {
 throw new CertificateException(
 “Not trusted”);
 }
 }
}

@faruktoptas thanks you for your answer. I understood it : )