rspec/rules/S4830/kotlin/rule.adoc

== Why is this an issue?

include::../description.adoc[]

=== Noncompliant code example

``++checkClientTrusted++`` and/or ``++checkServerTrusted++`` custom implementations from ``++X509TrustManager++`` interface accept any certificates:

[source,kotlin]
----
// Create a trust manager that does not validate certificate chains
val trustAllCerts = arrayOf<TrustManager>(object : X509TrustManager {
  @Throws(CertificateException::class)
  override fun checkClientTrusted(chain: Array<java.security.cert.X509Certificate>, authType: String) {
  } // Noncompliant (s4830)

  @Throws(CertificateException::class)
  override fun checkServerTrusted(chain: Array<java.security.cert.X509Certificate>, authType: String) {
  } // Noncompliant (s4830)

  override fun getAcceptedIssuers(): Array<java.security.cert.X509Certificate> {
   return arrayOf()
  } 
 })

// Install the all-trusting trust manager
val sslContext = SSLContext.getInstance("SSL")
sslContext.init(null, trustAllCerts, java.security.SecureRandom())
----

=== Compliant solution

By default, when a ``++TrustManager++`` is not set,  ``++sslContext++`` will search for a default secure installed security provider:

[source,kotlin]
----
val sslContext = SSLContext.getInstance("SSL")
sslContext.init(null, null, java.security.SecureRandom())
----

include::../see.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

'''
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Why is this an issue?`

Update rules after the fix in the export module 2021-04-26 17:29:13 +02:00			`include::../description.adoc[]`
Add missing rules because of approximative section names 2020-06-30 14:41:58 +02:00
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`=== Noncompliant code example`
Add missing rules because of approximative section names 2020-06-30 14:41:58 +02:00
Update rules after the fix in the export module 2021-04-26 17:29:13 +02:00			``++checkClientTrusted++`` and/or ``++checkServerTrusted++`` custom implementations from ``++X509TrustManager++`` interface accept any certificates:

RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,kotlin]`
Add missing rules because of approximative section names 2020-06-30 14:41:58 +02:00			`----`
Update rules after the fix in the export module 2021-04-26 17:29:13 +02:00			`// Create a trust manager that does not validate certificate chains`
Add missing rules because of approximative section names 2020-06-30 14:41:58 +02:00			`val trustAllCerts = arrayOf<TrustManager>(object : X509TrustManager {`
			`@Throws(CertificateException::class)`
Modify rule S4830: fix example code identation for Kotlin (#1108) 2022-07-18 15:49:45 +02:00			`override fun checkClientTrusted(chain: Array<java.security.cert.X509Certificate>, authType: String) {`
Update rules after the fix in the export module 2021-04-26 17:29:13 +02:00			`} // Noncompliant (s4830)`
Add missing rules because of approximative section names 2020-06-30 14:41:58 +02:00
			`@Throws(CertificateException::class)`
Modify rule S4830: fix example code identation for Kotlin (#1108) 2022-07-18 15:49:45 +02:00			`override fun checkServerTrusted(chain: Array<java.security.cert.X509Certificate>, authType: String) {`
			`} // Noncompliant (s4830)`
Add missing rules because of approximative section names 2020-06-30 14:41:58 +02:00
			`override fun getAcceptedIssuers(): Array<java.security.cert.X509Certificate> {`
			`return arrayOf()`
			`}`
			`})`

Update rules after the fix in the export module 2021-04-26 17:29:13 +02:00			`// Install the all-trusting trust manager`
Add missing rules because of approximative section names 2020-06-30 14:41:58 +02:00			`val sslContext = SSLContext.getInstance("SSL")`
			`sslContext.init(null, trustAllCerts, java.security.SecureRandom())`
			`----`

migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`=== Compliant solution`
Add missing rules because of approximative section names 2020-06-30 14:41:58 +02:00
Update rules after the fix in the export module 2021-04-26 17:29:13 +02:00			By default, when a ``++TrustManager++`` is not set, ``++sslContext++`` will search for a default secure installed security provider:

RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,kotlin]`
Add missing rules because of approximative section names 2020-06-30 14:41:58 +02:00			`----`
			`val sslContext = SSLContext.getInstance("SSL")`
			`sslContext.init(null, null, java.security.SecureRandom())`
			`----`

			`include::../see.adoc[]`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`ifdef::env-github,rspecator-view[]`
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 15:38:42 +02:00
			`'''`
			`== Implementation Specification`
			`(visible only on this page)`

			`include::../message.adoc[]`

RULEAPI-576: add a horizontal rule between rule description and comments 2021-06-08 15:52:13 +02:00			`'''`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`== Comments And Links`
			`(visible only on this page)`

			`include::../comments-and-links.adoc[]`
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`endif::env-github,rspecator-view[]`