From 23cc81940e8978d21192e27298d0e0c014a3af9b Mon Sep 17 00:00:00 2001
From: georgweiss <georg.weiss@ess.eu>
Date: Tue, 17 Mar 2026 12:01:19 +0100
Subject: [PATCH] Removing dummy trust managers

---
 .../managers/DummyX509TrustManager.java       | 104 ------------------
 .../security/managers/MyX509TrustManager.java |  97 ----------------
 2 files changed, 201 deletions(-)
 delete mode 100644 core/security/src/main/java/org/phoebus/security/managers/DummyX509TrustManager.java
 delete mode 100644 core/security/src/main/java/org/phoebus/security/managers/MyX509TrustManager.java

diff --git a/core/security/src/main/java/org/phoebus/security/managers/DummyX509TrustManager.java b/core/security/src/main/java/org/phoebus/security/managers/DummyX509TrustManager.java
deleted file mode 100644
index 25caf6c2a0..0000000000
--- a/core/security/src/main/java/org/phoebus/security/managers/DummyX509TrustManager.java
+++ /dev/null
@@ -1,104 +0,0 @@
-package org.phoebus.security.managers;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.security.KeyStore;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-
-/**
- * Taken from http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html
- */
-
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
-import javax.net.ssl.X509TrustManager;
-
-/** Trust manager that allows access */
-public class DummyX509TrustManager implements X509TrustManager {
-
-    /*
-     * The default PKIX X509TrustManager9. We'll delegate decisions to it, and
-     * fall back to the logic in this class if the default X509TrustManager
-     * doesn't trust it.
-     */
-    X509TrustManager pkixTrustManager;
-
-    /** Constructor */
-    public DummyX509TrustManager() {
-
-    }
-
-    /**@param trustStore Trust store
-     * @param password Password
-     * @throws Exception on error
-     */
-    public DummyX509TrustManager(String trustStore, char[] password) throws Exception {
-        this(new File(trustStore), password);
-    }
-
-    /**@param trustStore Trust store
-     * @param password Password
-     * @throws Exception on error
-     */
-    public DummyX509TrustManager(File trustStore, char[] password) throws Exception {
-        // create a "default" JSSE X509TrustManager.
-        KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
-
-        ks.load(new FileInputStream(trustStore), password);
-
-        TrustManagerFactory tmf = TrustManagerFactory
-                .getInstance(TrustManagerFactory.getDefaultAlgorithm());
-        tmf.init(ks);
-
-        TrustManager tms[] = tmf.getTrustManagers();
-
-        /*
-         * Iterate over the returned trustmanagers, look for an instance of
-         * X509TrustManager. If found, use that as our "default" trust manager.
-         */
-        for (int i = 0; i < tms.length; i++) {
-            if (tms[i] instanceof X509TrustManager) {
-                pkixTrustManager = (X509TrustManager) tms[i];
-                return;
-            }
-        }
-
-        /*
-         * Find some other way to initialize, or else we have to fail the
-         * constructor.
-         */
-        throw new Exception("Couldn't initialize");
-    }
-
-    /**
-     * Delegate to the default trust manager.
-     */
-    @Override
-    public void checkClientTrusted(X509Certificate[] chain, String authType)
-            throws CertificateException {
-        // TODO implement checks for certificate and provide options to
-        // automatically acccept all, reject all or promt user
-
-    }
-
-    /**
-     * Delegate to the default trust manager.
-     */
-    @Override
-    public void checkServerTrusted(X509Certificate[] chain, String authType)
-            throws CertificateException {
-        // TODO implement checks for certificate and provide options to
-        // automatically acccept all, reject all or promt user
-    }
-
-    /**
-     * Merely pass this through.
-     */
-    @Override
-    public X509Certificate[] getAcceptedIssuers() {
-        if (pkixTrustManager == null)
-            return new X509Certificate[0];
-        return pkixTrustManager.getAcceptedIssuers();
-    }
-}
diff --git a/core/security/src/main/java/org/phoebus/security/managers/MyX509TrustManager.java b/core/security/src/main/java/org/phoebus/security/managers/MyX509TrustManager.java
deleted file mode 100644
index 9d65842eae..0000000000
--- a/core/security/src/main/java/org/phoebus/security/managers/MyX509TrustManager.java
+++ /dev/null
@@ -1,97 +0,0 @@
-package org.phoebus.security.managers;
-/**
- * Taken from http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html
- *
- */
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.security.KeyStore;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
-import javax.net.ssl.X509TrustManager;
-
-/** Trust manager that allows access */
-public class MyX509TrustManager implements X509TrustManager {
-
-     /*
-      * The default PKIX X509TrustManager9.  We'll delegate
-      * decisions to it, and fall back to the logic in this class if the
-      * default X509TrustManager doesn't trust it.
-      */
-     X509TrustManager pkixTrustManager;
-
-     MyX509TrustManager(String trustStore, char[] password) throws Exception {
-         this(new File(trustStore), password);
-     }
-
-     MyX509TrustManager(File trustStore, char[] password) throws Exception {
-         // create a "default" JSSE X509TrustManager.
-         KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
-
-         ks.load(new FileInputStream(trustStore), password);
-
-         TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
-         tmf.init(ks);
-
-         TrustManager tms [] = tmf.getTrustManagers();
-
-         /*
-          * Iterate over the returned trustmanagers, look
-          * for an instance of X509TrustManager.  If found,
-          * use that as our "default" trust manager.
-          */
-         for (int i = 0; i < tms.length; i++) {
-             if (tms[i] instanceof X509TrustManager) {
-                 pkixTrustManager = (X509TrustManager) tms[i];
-                 return;
-             }
-         }
-
-         /*
-          * Find some other way to initialize, or else we have to fail the
-          * constructor.
-          */
-         throw new Exception("Couldn't initialize");
-     }
-
-     /**
-      * Delegate to the default trust manager.
-      */
-     @Override
-    public void checkClientTrusted(X509Certificate[] chain, String authType)
-                 throws CertificateException {
-         try {
-             pkixTrustManager.checkClientTrusted(chain, authType);
-         } catch (CertificateException excep) {
-             // do any special handling here, or rethrow exception.
-         }
-     }
-
-     /**
-      * Delegate to the default trust manager.
-      */
-     @Override
-    public void checkServerTrusted(X509Certificate[] chain, String authType)
-                 throws CertificateException {
-         try {
-             pkixTrustManager.checkServerTrusted(chain, authType);
-         } catch (CertificateException excep) {
-             /*
-              * Possibly pop up a dialog box asking whether to trust the
-              * cert chain.
-              */
-         }
-     }
-
-     /**
-      * Merely pass this through.
-      */
-     @Override
-    public X509Certificate[] getAcceptedIssuers() {
-         return pkixTrustManager.getAcceptedIssuers();
-     }
-}