defensive-coding-guide/en-US/snippets/Features-TLS-Client-OpenJDK-MyTrustManager.adoc

public class MyTrustManager implements X509TrustManager {
    private final byte[] certHash;

    public MyTrustManager(byte[] certHash) throws Exception {
        this.certHash = certHash;
    }

    @Override
    public void checkClientTrusted(X509Certificate[] chain, String authType)
            throws CertificateException {
        throw new UnsupportedOperationException();
    }

    @Override
    public void checkServerTrusted(X509Certificate[] chain,
            String authType) throws CertificateException {
        byte[] digest = getCertificateDigest(chain[0]);
        String digestHex = formatHex(digest);

        if (Arrays.equals(digest, certHash)) {
            System.err.println("info: accepting certificate: " + digestHex);
        } else {
            throw new CertificateException("certificate rejected: "  +
                    digestHex);
        }
    }

    @Override
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}