include::../description.adoc[]

== Noncompliant Code Example

``++checkClientTrusted++`` and/or ``++checkServerTrusted++`` custom implementations from ``++X509TrustManager++`` interface accept any certificates:

----
// Create a trust manager that does not validate certificate chains
val trustAllCerts = arrayOf<TrustManager>(object : X509TrustManager {
  @Throws(CertificateException::class)
   override fun checkClientTrusted(chain: Array<java.security.cert.X509Certificate>, authType: String) {
  } // Noncompliant (s4830)

  @Throws(CertificateException::class)
    override fun checkServerTrusted(chain: Array<java.security.cert.X509Certificate>, authType: String) {
   } // Noncompliant (s4830)

  override fun getAcceptedIssuers(): Array<java.security.cert.X509Certificate> {
   return arrayOf()
  } 
 })

// Install the all-trusting trust manager
val sslContext = SSLContext.getInstance("SSL")
sslContext.init(null, trustAllCerts, java.security.SecureRandom())
----

== Compliant Solution

By default, when a ``++TrustManager++`` is not set,  ``++sslContext++`` will search for a default secure installed security provider:

----
val sslContext = SSLContext.getInstance("SSL")
sslContext.init(null, null, java.security.SecureRandom())
----

include::../see.adoc[]