Validation of X.509 certificates is essential to create secure SSL/TLS sessions not vulnerable to man-in-the-middle attacks.
The certificate chain validation includes these steps:
- The certificate is issued by its parent Certificate Authority or the root CA trusted by the system.
- Each CA is allowed to issue certificates.
- Each certificate in the chain is not expired.
This rule raises an issue when an implementation of X509TrustManager is not controlling the validity of the certificate (ie: no exception is
raised). Empty implementations of the X509TrustManager
interface are often created to disable certificate validation. The correct
solution is to provide an appropriate trust store.
Noncompliant Code Example
class TrustAllManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { // Noncompliant, nothing means trust any client
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { // Noncompliant, this method never throws exception, it means trust any server
LOG.log(Level.SEVERE, ERROR_MESSAGE);
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
}
See