This week I started working on vanilla purpose of certificates which is authentication of the public key issuers. From Smack point of view I have to create SSLContext which is going to be processed further in Smack. This context require me to provide Trust Managers which task is to provide context with accepted issuers and validate certificates. Writing Trust Managers well is difficult job and it is easy to make mistakes that would result in accepting certificates which shouldn't be accepted.
What makes it especially hard is that I create trust manager that will sometimes accept certificates that shouldn't be accepted . It will be left for Spark user if he want to accept expired certificate or even revoked and by that consciously lost some of the security guarantees from validation mechanisms.
Is that wrong? Yes.
Should it be done? Definitely no.
Still even web browsers allow user to add certificate to exception list . My task is to allow Spark's users to do the same and even provide greater flexibility at setting which parts of validation bypass. I created 2 Trust Managers. First serve as default Trust Manager which is provided in SSLContext initialization. Second one is Exceptions Trust Manager which is called internally in default Trust Manager. It contain as accepted issuers only list of exempted certificates but doesn't do any checks on validity of it. If it fails (which will only happen when presented by server chain of certificates doesn't contain one of the exempted certificates) then authentication logic goes back to default trust manager which make use of all trusted issuers certificates and do every required check, unless user disable particular "validity test" in certificates interface.