java source code of ServerFingerprintTrustManager

cava-master
- .circleci
  - config.yml
- crypto
  - src
    - main
      - java
        net
        consensys
        cava
        crypto
        Hash.java
        SECP256K1.java
        package-info.java
        InvalidSEC256K1SecretKeyStoreException.java
        mikuli
        G1Point.java
        AtePairing.java
        Scalar.java
        G2Point.java
        SignatureAndPublicKey.java
        BLS12381.java
        package-info.java
        KeyPair.java
        SecretKey.java
        GTPoint.java
        PublicKey.java
        Signature.java
        Group.java
        sodium
        SHA256Hash.java
        SecretEncryptionStream.java
        DetachedEncryptionResult.java
        XChaCha20Poly1305.java
        AES256GCM.java
        HMACSHA512256.java
        HMACSHA256.java
        SodiumException.java
        KeyDerivation.java
        SecretBox.java
        DiffieHelman.java
        SecretDecryptionStream.java
        KeyExchange.java
        HMACSHA512.java
        LibSodium.java
        PasswordHash.java
        Auth.java
        package-info.java
        DefaultDetachedEncryptionResult.java
        Allocated.java
        GenericHash.java
        Sodium.java
        SodiumVersion.java
        Box.java
        Signature.java
        Concatenate.java
    - test
      - java
        net
        consensys
        cava
        crypto
        SECP256K1Test.java
        HashTest.java
        mikuli
        SignatureTest.java
        sodium
        HMACSHA512Test.java
        AES256GCMTest.java
        AllocatedTest.java
        BoxTest.java
        PasswordHashTest.java
        KeyDerivationTest.java
        SHA256HashTest.java
        SecretBoxTest.java
        HMACSHA512256Test.java
        GenericHashTest.java
        HMACSHA256Test.java
        XChaCha20Poly1305Test.java
        SignatureTest.java
        ConcatenateTest.java
        SodiumTest.java
        AuthTest.java
        DiffieHelmanTest.java
  - build.gradle
- eth-reference-tests
  - src
    - test
      - resources
        eth2.0-tests
        tests
      - java
        net
        consensys
        cava
        eth
        reference
        RLPReferenceTestSuite.java
        SSZTestSuite.java
        MerkleTrieTestSuite.java
        TransactionTestSuite.java
        BlockRLPTestSuite.java
  - build.gradle
- ssz
  - src
    - main
      - kotlin
        net
        consensys
        cava
        ssz
        experimental
        BytesSSZReader.kt
        BytesSSZWriter.kt
        SSZReader.kt
        SSZ.kt
        SSZWriter.kt
      - java
        net
        consensys
        cava
        ssz
        InvalidSSZTypeException.java
        EndOfSSZException.java
        ByteBufferSSZWriter.java
        SSZReader.java
        package-info.java
        SSZWriter.java
        BytesSSZWriter.java
        SSZException.java
        SSZ.java
        BytesSSZReader.java
    - test
      - kotlin
        net
        consensys
        cava
        ssz
        experimental
        SSZTest.kt
      - java
        net
        consensys
        cava
        ssz
        ByteBufferWriterTest.java
        BytesSSZWriterTest.java
        HashTreeRootTest.java
        BytesSSZReaderTest.java
  - build.gradle
- gradle.properties
- gradle
  - wrapper
    - gradle-wrapper.properties
    - gradle-wrapper.jar
  - check-licenses.gradle
  - eclipse-java-consensys-style.xml
  - spotless.license.java
  - greclipse-gradle-consensys-style.properties
- eth-repository
  - src
    - main
      - kotlin
        net
        consensys
        cava
        eth
        repository
        BlockchainRepository.kt
        BlockHeaderFields.kt
        BlockchainIndex.kt
        TransactionReceiptFields.kt
    - test
      - kotlin
        net
        consensys
        cava
        eth
        repository
        BlockchainRepositoryTest.kt
        BlockchainIndexTest.kt
  - build.gradle
- kv
  - src
    - main
      - kotlin
        net
        consensys
        cava
        kv
        MapKeyValueStore.kt
        KeyValueStore.kt
        InfinispanKeyValueStore.kt
        SQLKeyValueStore.kt
        RocksDBKeyValueStore.kt
        LevelDBKeyValueStore.kt
        MapDBKeyValueStore.kt
        RedisKeyValueStore.kt
      - java
        net
        consensys
        cava
        kv
        package-info.java
        RedisBytesCodec.java
    - test
      - kotlin
        net
        consensys
        cava
        kv
        KeyValueStoreSpec.kt
      - java
        net
        consensys
        cava
        kv
        KeyValueStoreTest.java
        RedisKeyValueStoreTest.java
  - build.gradle
- bytes
  - src
    - main
      - java
        net
        consensys
        cava
        bytes
        MutableByteBufWrappingBytes.java
        MutableBufferWrappingBytes.java
        AbstractBytes.java
        ArrayWrappingBytes.java
        ConcatenatedBytes.java
        BytesValues.java
        ByteBufferWrappingBytes.java
        ArrayWrappingBytes48.java
        Bytes.java
        MutableBytes48.java
        MutableArrayWrappingBytes.java
        Bytes32.java
        MutableByteBufferWrappingBytes.java
        MutableArrayWrappingBytes32.java
        BufferWrappingBytes.java
        DelegatingBytes32.java
        DelegatingMutableBytes48.java
        package-info.java
        DelegatingMutableBytes32.java
        ByteBufWrappingBytes.java
        MutableBytes32.java
        MutableBytes.java
        MutableArrayWrappingBytes48.java
        DelegatingBytes48.java
        Bytes48.java
        ArrayWrappingBytes32.java
    - test
      - java
        net
        consensys
        cava
        bytes
        BytesTest.java
        ConcatenatedBytesTest.java
        Bytes32Test.java
        ByteBufferBytesTest.java
        ByteBufBytesTest.java
        Bytes48Test.java
        BufferBytesTest.java
        CommonBytesTests.java
  - build.gradle
- eth
  - src
    - main
      - java
        net
        consensys
        cava
        eth
        Hash.java
        BlockBody.java
        BlockHeader.java
        Transaction.java
        Address.java
        Log.java
        Block.java
        TransactionReceipt.java
        package-info.java
        LogsBloomFilter.java
    - test
      - java
        net
        consensys
        cava
        eth
        TransactionTest.java
        BlockHeaderTest.java
        LogsBloomFilterTest.java
        BlockTest.java
        TransactionReceiptTest.java
        LogTest.java
        BlockBodyTest.java
  - build.gradle
- les
  - src
    - main
      - kotlin
        net
        consensys
        cava
        les
        GetReceiptsMessage.kt
        LESSubprotocol.kt
        ReceiptsMessage.kt
        BlockBodiesMessage.kt
        LESPeerState.kt
        LESSubProtocolHandler.kt
        BlockHeadersMessage.kt
        LightClient.kt
        GetBlockHeadersMessage.kt
        StatusMessage.kt
        GetBlockBodiesMessage.kt
    - test
      - kotlin
        net
        consensys
        cava
        les
        LESSubProtocolHandlerTest.kt
        MessagesTest.kt
        LESSubprotocolTest.kt
  - build.gradle
- merkle-trie
  - src
    - main
      - kotlin
        net
        consensys
        cava
        trie
        MerkleTrie.kt
        LeafNode.kt
        PutVisitor.kt
        NodeVisitor.kt
        NullNode.kt
        GetVisitor.kt
        MerkleStorageException.kt
        StoredNodeFactory.kt
        StoredNode.kt
        RemoveVisitor.kt
        BranchNode.kt
        MerkleStorage.kt
        ExtensionNode.kt
        Node.kt
        MerklePatriciaTrie.kt
        StoredMerklePatriciaTrie.kt
        NodeFactory.kt
        DefaultNodeFactory.kt
      - java
        net
        consensys
        cava
        trie
        CompactEncoding.java
        package-info.java
    - test
      - kotlin
        net
        consensys
        cava
        trie
        StoredMerklePatriciaTrieKotlinTest.kt
        MerklePatriciaTrieKotlinTest.kt
      - java
        net
        consensys
        cava
        trie
        CompactEncodingTest.java
        MerklePatriciaTriePerformanceTest.java
        MerklePatriciaTrieJavaTest.java
        StoredMerklePatriciaTrieJavaTest.java
  - build.gradle
- .gitmodules
- net
  - src
    - main
      - java
        net
        consensys
        cava
        net
        package-info.java
        tls
        SingleTrustManagerFactory.java
        VertxTrustOptions.java
        DelegatingTrustManagerFactory.java
        ClientFingerprintTrustManager.java
        TrustManagerFactories.java
        TLS.java
        FileBackedFingerprintRepository.java
        package-info.java
        TLSEnvironmentException.java
        TrustManagerFactoryWrapper.java
        ServerFingerprintTrustManager.java
        FingerprintRepository.java
    - test
      - java
        net
        consensys
        cava
        net
        tls
        ClientRecordTest.java
        ServerCaOrTofaTest.java
        InsecureTrustOptions.java
        ClientTofuTest.java
        FileBackedFingerprintRepositoryTest.java
        ServerRecordTest.java
        ClientCaOrWhitelistTest.java
        ClientWhitelistTest.java
        ServerTofaTest.java
        ServerWhitelistTest.java
        ClientCaOrRecordTest.java
        SecurityTestUtils.java
        TLSTest.java
        ServerCaOrWhitelistTest.java
        ClientCaOrTofuTest.java
        ServerCaOrRecordTest.java
  - build.gradle
- gradlew.bat
- LICENSE
- gradlew
- scuttlebutt
  - src
    - main
      - java
        net
        consensys
        cava
        scuttlebutt
        Identity.java
        SECP256K1PublicKeyIdentity.java
        Ed25519KeyPairIdentity.java
        Invite.java
        Ed25519PublicKeyIdentity.java
        package-info.java
        SECP256K1KeyPairIdentity.java
    - test
      - java
        net
        consensys
        cava
        scuttlebutt
        IdentityTest.java
        InviteTest.java
  - build.gradle
- units
  - src
    - main
      - java
        net
        consensys
        cava
        units
        ethereum
        package-info.java
        Gas.java
        Wei.java
        package-info.java
        bigints
        BaseUInt64Value.java
        UInt64Domain.java
        BaseUInt256Value.java
        UInt256Value.java
        BaseUInt384Value.java
        UInt256ValueDomain.java
        UInt64Value.java
        UInt64ValueDomain.java
        UInt384.java
        UInt256.java
        package-info.java
        UInt256Domain.java
        UInt64s.java
        UInt256s.java
        UInt384Domain.java
        UInt64.java
        UInt384Value.java
        UInt384ValueDomain.java
        UInt384s.java
    - test
      - java
        net
        consensys
        cava
        units
        ethereum
        WeiTest.java
        GasTest.java
        bigints
        BaseUInt64ValueTest.java
        BaseUInt384ValueTest.java
        BaseUInt256ValueTest.java
        UInt256Test.java
        UInt384Test.java
        UInt64Test.java
  - build.gradle
- net-coroutines
  - src
    - main
      - kotlin
        net
        consensys
        cava
        net
        coroutines
        CoroutineSelector.kt
        CoroutineChannelGroup.kt
        CoroutineByteChannel.kt
        CoroutineNetworkChannel.kt
        CoroutineSocketChannel.kt
        CoroutineServerSocketChannel.kt
        CoroutineDatagramChannel.kt
    - test
      - kotlin
        net
        consensys
        cava
        net
        coroutines
        CoroutineDatagramChannelTest.kt
        CoroutineSelectorTest.kt
        CoroutineChannelGroupTest.kt
        CoroutineSocketChannelTest.kt
      - java
        net
        consensys
        cava
        net
        coroutines
        SelectorTest.java
  - build.gradle
- devp2p
  - src
    - main
      - kotlin
        net
        consensys
        cava
        devp2p
        Packet.kt
        PeerRoutingTable.kt
        EnodeUri.kt
        PeerRepository.kt
        Peer.kt
        PacketType.kt
        Endpoint.kt
        Node.kt
        DiscoveryService.kt
        AtomicLongProperty.kt
    - test
      - kotlin
        net
        consensys
        cava
        devp2p
        PingPacketTest.kt
        PongPacketTest.kt
        FindNodePacketTest.kt
        NeighborsPacketTest.kt
        EndpointTest.kt
        DiscoveryServiceTest.kt
        EphemeralPeerRepositoryTest.kt
      - java
        net
        consensys
        cava
        devp2p
        DiscoveryServiceJavaTest.java
  - build.gradle
- CONTRIBUTING.md
- dependency-versions.gradle
- rlpx
  - src
    - main
      - java
        net
        consensys
        cava
        rlpx
        vertx
        VertxRLPxService.java
        package-info.java
        ResponderHandshakeMessage.java
        RLPxMessage.java
        wire
        PingMessage.java
        DisconnectReason.java
        HelloMessage.java
        WireConnection.java
        DefaultSubProtocolIdentifier.java
        package-info.java
        SubProtocolHandler.java
        SubProtocolIdentifier.java
        WireProtocolMessage.java
        SubProtocol.java
        DisconnectMessage.java
        Capability.java
        PongMessage.java
        DefaultWireConnection.java
        EthereumIESEncryptionEngine.java
        InvalidMACException.java
        RLPxConnection.java
        MemoryWireConnectionsRepository.java
        package-info.java
        InitiatorHandshakeMessage.java
        RLPxConnectionFactory.java
        RLPxService.java
        HandshakeMessage.java
        WireConnectionRepository.java
    - test
      - java
        net
        consensys
        cava
        rlpx
        vertx
        VertxAcceptanceTest.java
        VertxRLPxServiceTest.java
        wire
        HelloMessageTest.java
        DisconnectMessageTest.java
        DefaultWireConnectionTest.java
        RLPxConnectionMessageExchangeTest.java
        PingPongTest.java
        RLPxConnectionFactoryTest.java
  - build.gradle
- .editorconfig
- .gitattributes
- config
  - src
    - main
      - java
        net
        consensys
        cava
        config
        SchemaBuilder.java
        PropertyValidator.java
        Configuration.java
        InvalidConfigurationPropertyTypeException.java
        Schema.java
        TomlSerializer.java
        EmptyConfiguration.java
        ConfigurationErrors.java
        package-info.java
        PropertyValidators.java
        ConfigurationError.java
        ConfigurationValidator.java
        TomlBackedConfiguration.java
        DocumentPosition.java
        NoConfigurationPropertyException.java
    - test
      - java
        net
        consensys
        cava
        config
        TomlBackedConfigurationTest.java
        SchemaBuilderTest.java
        PropertyValidatorTest.java
  - build.gradle
- concurrent-coroutines
  - src
    - main
      - kotlin
        net
        consensys
        cava
        concurrent
        coroutines
        CoroutineLatch.kt
        AsyncResult.kt
        Retryable.kt
        AsyncCompletion.kt
    - test
      - kotlin
        net
        consensys
        cava
        concurrent
        coroutines
        CoroutineLatchTest.kt
        RetryableTest.kt
  - build.gradle
- build.gradle
- plumtree
  - src
    - main
      - java
        net
        consensys
        cava
        plumtree
        vertx
        VertxGossipServer.java
        SocketPeer.java
        PeerRepository.java
        EphemeralPeerRepository.java
        State.java
        Peer.java
        MessageHashing.java
        package-info.java
        MessageSender.java
        MessageValidator.java
    - test
      - java
        net
        consensys
        cava
        plumtree
        vertx
        VertxGossipServerTest.java
        StateTest.java
  - build.gradle
- toml
  - src
    - main
      - java
        net
        consensys
        cava
        toml
        TomlType.java
        TomlVersion.java
        TokenName.java
        Parser.java
        ZoneOffsetVisitor.java
        AccumulatingErrorListener.java
        TomlParseResult.java
        MutableTomlArray.java
        TomlPosition.java
        ErrorReporter.java
        LocalTimeVisitor.java
        MutableTomlTable.java
        TomlArray.java
        QuotedStringVisitor.java
        TomlTable.java
        package-info.java
        JsonSerializer.java
        InlineTableVisitor.java
        TomlInvalidTypeException.java
        ValueVisitor.java
        TomlParseError.java
        KeyVisitor.java
        ArrayVisitor.java
        LocalDateVisitor.java
        Toml.java
        LineVisitor.java
      - antlr
        net
        consensys
        cava
        toml
        internal
        TomlParser.g4
        TomlLexer.g4
    - test
      - resources
        net
        consensys
        cava
        toml
        hard_example_unicode.toml
        toml-v0.5.0-spec-example.toml
        example-v0.4.0.toml
        hard_example.toml
      - java
        net
        consensys
        cava
        toml
        TomlTest.java
        MutableTomlTableTest.java
        TokenNameTest.java
        MutableTomlArrayTest.java
  - build.gradle
  - README.md
- io
  - src
    - main
      - java
        net
        consensys
        cava
        io
        Resources.java
        Base64.java
        file
        Files.java
        package-info.java
        package-info.java
        NullOutputStream.java
        IOConsumer.java
        Streams.java
    - test
      - resources
        resourceresolver-test.jar
        net
        consensys
        cava
        io
        file
        resourceresolver
        subdir
        test3.yaml
        test2.txt
        test1.txt
        test.txt
      - java
        net
        consensys
        cava
        io
        ResourcesTest.java
        Base64Test.java
        file
        FilesTest.java
        StreamsTest.java
  - build.gradle
- README.md
- scuttlebutt-discovery
  - src
    - main
      - java
        net
        consensys
        cava
        scuttlebutt
        discovery
        ScuttlebuttLocalDiscoveryService.java
        LocalIdentity.java
        package-info.java
    - test
      - java
        net
        consensys
        cava
        scuttlebutt
        discovery
        LocalIdentityTest.java
        ScuttlebuttLocalDiscoveryServiceTest.java
  - build.gradle
- scuttlebutt-handshake
  - src
    - main
      - java
        net
        consensys
        cava
        scuttlebutt
        handshake
        vertx
        ServerHandlerFactory.java
        SecureScuttlebuttVertxClient.java
        ServerHandler.java
        SecureScuttlebuttVertxServer.java
        ClientHandler.java
        package-info.java
        ClientHandlerFactory.java
        SecureScuttlebuttStreamClient.java
        SecureScuttlebuttHandshakeClient.java
        SecureScuttlebuttHandshakeServer.java
        SecureScuttlebuttStream.java
        StreamException.java
        package-info.java
        HandshakeException.java
        SecureScuttlebuttStreamServer.java
    - test
      - java
        net
        consensys
        cava
        scuttlebutt
        handshake
        SecureScuttlebuttStreamTest.java
        vertx
        VertxIntegrationTest.java
        SecureScuttlebuttHandshakeClientTest.java
  - build.gradle
- rlp
  - src
    - main
      - java
        net
        consensys
        cava
        rlp
        DelegatingRLPWriter.java
        BytesRLPReader.java
        RLPWriter.java
        AccumulatingRLPWriter.java
        EndOfRLPException.java
        RLP.java
        package-info.java
        RLPException.java
        BytesRLPWriter.java
        ByteBufferRLPWriter.java
        InvalidRLPTypeException.java
        InvalidRLPEncodingException.java
        RLPReader.java
    - test
      - java
        net
        consensys
        cava
        rlp
        BytesRLPWriterTest.java
        ByteBufferWriterTest.java
        BytesRLPReaderTest.java
  - build.gradle
- PACKAGES.md
- concurrent
  - src
    - main
      - java
        net
        consensys
        cava
        concurrent
        CompletableAsyncResult.java
        CompletableAsyncCompletion.java
        AsyncResult.java
        AtomicSlotMap.java
        ExpiringMap.java
        package-info.java
        ExpiringSet.java
        DefaultCompletableAsyncCompletion.java
        DefaultCompletableAsyncResult.java
        AsyncCompletion.java
    - test
      - java
        net
        consensys
        cava
        concurrent
        ExpiringMapTest.java
        DefaultCompletableAsyncCompletionTest.java
        DefaultCompletableAsyncResultTest.java
        AtomicSlotMapTest.java
        ExpiringSetTest.java
  - build.gradle
- scuttlebutt-rpc
  - src
    - main
      - java
        net
        consensys
        cava
        scuttlebutt
        rpc
        RPCFunction.java
        RPCRequestBody.java
        RPCMessage.java
        RPCStreamRequest.java
        mux
        RPCHandler.java
        Multiplexer.java
        ScuttlebuttStreamHandler.java
        exceptions
        ConnectionClosedException.java
        RPCRequestFailedException.java
        RPCResponse.java
        RPCErrorBody.java
        RPCFlag.java
        RPCCodec.java
        RPCAsyncRequest.java
        RPCRequestType.java
    - test
      - java
        net
        consensys
        cava
        scuttlebutt
        rpc
        RPCEncodingTest.java
        mux
        PatchworkIntegrationTest.java
        PatchworkIntegrationTest.java
        RPCFlagTest.java
  - build.gradle
- junit
  - src
    - main
      - java
        net
        consensys
        cava
        junit
        VertxInstance.java
        RedisPort.java
        BouncyCastleExtension.java
        LuceneIndexWriterExtension.java
        VertxExtension.java
        RedisServerExtension.java
        TempDirectoryExtension.java
        TempDirectory.java
        package-info.java
        LuceneIndexWriter.java
        LuceneIndex.java
    - test
      - java
        net
        consensys
        cava
        junit
        RedisServerExtensionTest.java
        LuceneIndexWriterExtensionTest.java
        TempDirectoryExtensionTest.java
  - build.gradle
- .idea
  - codeStyles
    - codeStyleConfig.xml
    - Project.xml
- settings.gradle
- .gitignore
- kademlia
  - src
    - main
      - kotlin
        net
        consensys
        cava
        kademlia
        KademliaRoutingTable.kt
    - test
      - kotlin
        net
        consensys
        cava
        kademlia
        KademliaRoutingTableTest.kt
        LogarithmicDistanceTest.kt
        OrderedInsertTest.kt
  - build.gradle

/*
 * Copyright 2018 ConsenSys AG.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
 * the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
 * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations under the License.
 */
package net.consensys.cava.net.tls;

import static java.lang.String.format;
import static net.consensys.cava.net.tls.TLS.certificateFingerprint;

import net.consensys.cava.bytes.Bytes;

import java.net.InetSocketAddress;
import java.net.Socket;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedTrustManager;


final class ServerFingerprintTrustManager extends X509ExtendedTrustManager {

  private static final X509Certificate[] EMPTY_X509_CERTIFICATES = new X509Certificate[0];

  static ServerFingerprintTrustManager record(FingerprintRepository repository) {
    return new ServerFingerprintTrustManager(repository, true, true);
  }

  static ServerFingerprintTrustManager tofu(FingerprintRepository repository) {
    return new ServerFingerprintTrustManager(repository, true, false);
  }

  static ServerFingerprintTrustManager whitelist(FingerprintRepository repository) {
    return new ServerFingerprintTrustManager(repository, false, false);
  }

  private final FingerprintRepository repository;
  private final boolean acceptNewFingerprints;
  private final boolean updateFingerprints;

  private ServerFingerprintTrustManager(
      FingerprintRepository repository,
      boolean acceptNewFingerprints,
      boolean updateFingerprints) {
    this.repository = repository;
    this.acceptNewFingerprints = acceptNewFingerprints;
    this.updateFingerprints = updateFingerprints;
  }

  @Override
  public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException {
    throw new UnsupportedOperationException();
  }

  @Override
  public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException {
    InetSocketAddress socketAddress = (InetSocketAddress) socket.getRemoteSocketAddress();
    checkTrusted(chain, socketAddress.getHostName(), socketAddress.getPort());
  }

  @Override
  public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine)
      throws CertificateException {
    throw new UnsupportedOperationException();
  }

  @Override
  public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine)
      throws CertificateException {
    checkTrusted(chain, engine.getPeerHost(), engine.getPeerPort());
  }

  @Override
  public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
    throw new UnsupportedOperationException();
  }

  @Override
  public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
    throw new UnsupportedOperationException();
  }

  private void checkTrusted(X509Certificate[] chain, String host, int port) throws CertificateException {
    X509Certificate cert = chain[0];
    String identifier = hostIdentifier(host, port);
    Bytes fingerprint = Bytes.wrap(certificateFingerprint(cert));
    if (repository.contains(identifier, fingerprint)) {
      return;
    }

    if (repository.contains(identifier)) {
      if (!updateFingerprints) {
        throw new CertificateException(
            format(
                "Remote host identification has changed!!" + " Certificate for %s (%s) has fingerprint %s",
                identifier,
                cert.getSubjectDN(),
                fingerprint.toHexString().substring(2).toLowerCase()));
      }
    } else if (!acceptNewFingerprints) {
      throw new CertificateException(
          format(
              "Certificate for %s (%s) has unknown fingerprint %s",
              identifier,
              cert.getSubjectDN(),
              fingerprint.toHexString().substring(2).toLowerCase()));
    }

    repository.addFingerprint(identifier, fingerprint);
  }

  @Override
  public X509Certificate[] getAcceptedIssuers() {
    return EMPTY_X509_CERTIFICATES;
  }

  private String hostIdentifier(String host, int port) {
    return host.trim().toLowerCase() + ":" + port;
  }
}