Remove insecure TLS trust-all mode

Author: krotname

src/main/java/dev/krotname/networkchat/network/ChatSockets.java

@@ -1,6 +1,5 @@
 package dev.krotname.networkchat.network;
 
-import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.ServerSocket;
@@ -15,7 +14,6 @@
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
-import javax.net.ssl.X509TrustManager;
 
 /** Socket factory helpers for plain TCP and optional JSSE TLS mode. */
 public final class ChatSockets {
@@ -68,9 +66,6 @@ private static SSLContext clientSslContext(TlsClientConfig config)
 
   private static TrustManager[] trustManagers(TlsClientConfig config)
       throws IOException, GeneralSecurityException {
-    if (config.trustAllCertificates()) {
-      return new TrustManager[] {new InsecureTrustAllManager()};
-    }
     if (config.trustStoreFile() == null) {
       return null;
     }
@@ -89,20 +84,4 @@ private static KeyStore loadKeyStore(Path file, String password)
     }
     return keyStore;
   }
-
-  @SuppressFBWarnings(
-      value = "WEAK_TRUST_MANAGER",
-      justification = "Explicit opt-in development mode; production docs require a truststore.")
-  private static final class InsecureTrustAllManager implements X509TrustManager {
-    @Override
-    public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) {}
-
-    @Override
-    public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) {}
-
-    @Override
-    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
-      return new java.security.cert.X509Certificate[0];
-    }
-  }
 }

src/main/java/dev/krotname/networkchat/network/TlsClientConfig.java

@@ -5,15 +5,14 @@
 import java.util.Map;
 
 /** Client-side TLS settings resolved from environment variables or tests. */
-public record TlsClientConfig(
-    boolean enabled, Path trustStoreFile, String trustStorePassword, boolean trustAllCertificates) {
+public record TlsClientConfig(boolean enabled, Path trustStoreFile, String trustStorePassword) {
   public static final String ENV_TLS_ENABLED = "NETWORK_CHAT_TLS";
   public static final String ENV_TRUSTSTORE = "NETWORK_CHAT_TRUSTSTORE";
   public static final String ENV_TRUSTSTORE_PASSWORD = "NETWORK_CHAT_TRUSTSTORE_PASSWORD";
   public static final String ENV_TRUST_ALL = "NETWORK_CHAT_TLS_TRUST_ALL";
 
   public static TlsClientConfig disabled() {
-    return new TlsClientConfig(false, null, "", false);
+    return new TlsClientConfig(false, null, "");
   }
 
   public static TlsClientConfig fromEnvironment() {
@@ -22,11 +21,14 @@ public static TlsClientConfig fromEnvironment() {
 
   public static TlsClientConfig fromEnvironment(Map<String, String> environment) {
     boolean enabled = booleanEnvironment(environment, ENV_TLS_ENABLED);
-    boolean trustAll = booleanEnvironment(environment, ENV_TRUST_ALL);
+    if (booleanEnvironment(environment, ENV_TRUST_ALL)) {
+      throw new IllegalArgumentException(
+          ENV_TRUST_ALL + " is not supported; configure " + ENV_TRUSTSTORE + " instead.");
+    }
     String trustStore = environment.get(ENV_TRUSTSTORE);
     Path trustStoreFile = trustStore == null || trustStore.isBlank() ? null : Path.of(trustStore);
     return new TlsClientConfig(
-        enabled, trustStoreFile, environment.getOrDefault(ENV_TRUSTSTORE_PASSWORD, ""), trustAll);
+        enabled, trustStoreFile, environment.getOrDefault(ENV_TRUSTSTORE_PASSWORD, ""));
   }
 
   private static boolean booleanEnvironment(Map<String, String> environment, String name) {

src/test/java/dev/krotname/networkchat/network/NetworkSecuritySupportTest.java

@@ -2,6 +2,7 @@
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import java.io.ByteArrayOutputStream;
@@ -29,14 +30,28 @@ void tlsClientConfigReadsEnvironmentMap() {
                 TlsClientConfig.ENV_TRUSTSTORE,
                 "chat.p12",
                 TlsClientConfig.ENV_TRUSTSTORE_PASSWORD,
-                "changeit",
-                TlsClientConfig.ENV_TRUST_ALL,
-                "1"));
+                "changeit"));
 
     assertTrue(config.enabled());
     assertEquals(Path.of("chat.p12"), config.trustStoreFile());
     assertEquals("changeit", config.trustStorePassword());
-    assertTrue(config.trustAllCertificates());
+  }
+
+  @Test
+  void tlsClientConfigRejectsTrustAllMode() {
+    IllegalArgumentException error =
+        assertThrows(
+            IllegalArgumentException.class,
+            () ->
+                TlsClientConfig.fromEnvironment(
+                    Map.of(
+                        TlsClientConfig.ENV_TLS_ENABLED,
+                        "true",
+                        TlsClientConfig.ENV_TRUST_ALL,
+                        "1")));
+
+    assertTrue(error.getMessage().contains(TlsClientConfig.ENV_TRUST_ALL));
+    assertTrue(error.getMessage().contains(TlsClientConfig.ENV_TRUSTSTORE));
   }
 
   @Test