Fix code scanning alert no. 50: TrustManager that accepts all certi…

…ficates Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
NASA-PDS · Dec 20, 2024 · 988dc83 · 988dc83
1 parent b5550b0
commit 988dc83
Showing 1 changed file with 22 additions and 2 deletions.
diff --git a/src/main/java/gov/nasa/pds/registry/common/connection/SSLUtils.java b/src/main/java/gov/nasa/pds/registry/common/connection/SSLUtils.java
@@ -2,6 +2,13 @@
 
 
 import java.security.SecureRandom;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.security.KeyStore;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import javax.net.ssl.TrustManagerFactory;
 
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManager;
@@ -21,8 +28,21 @@ class SSLUtils
      */
     public static SSLContext createTrustAllContext() throws Exception
     {
-        TrustManager[] trustManagers = new TrustManager[1];
-        trustManagers[0] = new TrustAllManager();
+        // Load the self-signed certificate
+        File certificateFile = new File("path/to/self-signed-certificate");
+        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+        keyStore.load(null, null);
+        X509Certificate generatedCertificate;
+        try (InputStream cert = new FileInputStream(certificateFile)) {
+            generatedCertificate = (X509Certificate) CertificateFactory.getInstance("X509")
+                    .generateCertificate(cert);
+        }
+        keyStore.setCertificateEntry(certificateFile.getName(), generatedCertificate);
+
+        // Initialize TrustManagerFactory with the KeyStore
+        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+        tmf.init(keyStore);
+        TrustManager[] trustManagers = tmf.getTrustManagers();
 
         SSLContext sc = SSLContext.getInstance("SSL");
         sc.init(null, trustManagers, new SecureRandom());