Skip to content

Added docs for template edit request #503

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
mchatlas-hellosign wants to merge 1 commit into from
Closed

Added docs for template edit request #503

mchatlas-hellosign wants to merge 1 commit into from

Conversation

@mchatlas-hellosign
Copy link
Member

@mchatlas-hellosign mchatlas-hellosign commented Jul 17, 2025

No description provided.

github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 17, 2025
View reviewed changes
sdks/java-v1/src/main/java/com/dropbox/sign/ApiClient.java
}
};
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, trustAllCerts, new SecureRandom());

Check failure

Code scanning / CodeQL

`TrustManager` that accepts all certificates High

This uses
TrustManager
Loading
, which is defined in
ApiClient$
Loading
and trusts any certificate.

Copilot Autofix

AI 6 months ago

The best fix involves removing the ability to disable certificate validation entirely by replacing the insecure TrustManager with a secure and specific implementation. If the intention is to allow the use of a specific self-signed certificate in development, we should load that certificate into a KeyStore and configure a TrustManagerFactory to validate only that certificate. This approach avoids the blanket trusting of all certificates.

To fix this issue:

  1. Replace the disableCertificateValidation method to use a KeyStore containing only the trusted certificates.
  2. Remove the X509TrustManager implementation that blindly trusts all certificates.
  3. Ensure the SSLContext is initialized with TrustManagers from a properly configured TrustManagerFactory.
Suggested changeset 1
sdks/java-v1/src/main/java/com/dropbox/sign/ApiClient.java

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/sdks/java-v1/src/main/java/com/dropbox/sign/ApiClient.java b/sdks/java-v1/src/main/java/com/dropbox/sign/ApiClient.java
--- a/sdks/java-v1/src/main/java/com/dropbox/sign/ApiClient.java
+++ b/sdks/java-v1/src/main/java/com/dropbox/sign/ApiClient.java
@@ -1214,23 +1214,23 @@
    * @throws java.security.KeyManagementException if any.
    * @throws java.security.NoSuchAlgorithmException if any.
    */
-  protected void disableCertificateValidation(ClientBuilder clientBuilder) throws KeyManagementException, NoSuchAlgorithmException {
-    TrustManager[] trustAllCerts = new X509TrustManager[] {
-      new X509TrustManager() {
-        @Override
-        public X509Certificate[] getAcceptedIssuers() {
-          return null;
-        }
-        @Override
-        public void checkClientTrusted(X509Certificate[] certs, String authType) {
-        }
-        @Override
-        public void checkServerTrusted(X509Certificate[] certs, String authType) {
-        }
-      }
-    };
+  protected void disableCertificateValidation(ClientBuilder clientBuilder, File certificateFile) throws Exception {
+    // Load the trusted certificate from the specified file
+    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+    keyStore.load(null, null);
+    try (InputStream certStream = Files.newInputStream(certificateFile.toPath())) {
+      X509Certificate certificate = (X509Certificate) CertificateFactory.getInstance("X509")
+          .generateCertificate(certStream);
+      keyStore.setCertificateEntry("trustedCert", certificate);
+    }
+
+    // Create a TrustManagerFactory with the trusted key store
+    TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+    tmf.init(keyStore);
+
+    // Initialize SSLContext with the TrustManagers
     SSLContext sslContext = SSLContext.getInstance("TLS");
-    sslContext.init(null, trustAllCerts, new SecureRandom());
+    sslContext.init(null, tmf.getTrustManagers(), new SecureRandom());
     clientBuilder.sslContext(sslContext);
   }
 
EOF
@@ -1214,23 +1214,23 @@
* @throws java.security.KeyManagementException if any.
* @throws java.security.NoSuchAlgorithmException if any.
*/
protected void disableCertificateValidation(ClientBuilder clientBuilder) throws KeyManagementException, NoSuchAlgorithmException {
TrustManager[] trustAllCerts = new X509TrustManager[] {
new X509TrustManager() {
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
@Override
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
}
};
protected void disableCertificateValidation(ClientBuilder clientBuilder, File certificateFile) throws Exception {
// Load the trusted certificate from the specified file
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
try (InputStream certStream = Files.newInputStream(certificateFile.toPath())) {
X509Certificate certificate = (X509Certificate) CertificateFactory.getInstance("X509")
.generateCertificate(certStream);
keyStore.setCertificateEntry("trustedCert", certificate);
}

// Create a TrustManagerFactory with the trusted key store
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);

// Initialize SSLContext with the TrustManagers
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, trustAllCerts, new SecureRandom());
sslContext.init(null, tmf.getTrustManagers(), new SecureRandom());
clientBuilder.sslContext(sslContext);
}

Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mchatlas-hellosign