From 7d4b1252447c9613611c1d02924724285e3a8c6c Mon Sep 17 00:00:00 2001
From: "sonarqube-agent[bot]"
 <210722872+sonarqube-agent[bot]@users.noreply.github.com>
Date: Thu, 11 Jun 2026 09:03:15 +0000
Subject: [PATCH] fix: Address 5 SonarQube issues

Fixed issues:
- AZ6wRBaXQw83x_y7ZeLG for java:S1186 rule
- AZ6wRBaXQw83x_y7ZeLI for java:S1186 rule
- AZ6wRBaXQw83x_y7ZeLF for java:S1186 rule
- AZ6wRBaXQw83x_y7ZeLH for java:S1186 rule
- AZ6wRBaXQw83x_y7ZeLJ for java:S1186 rule

Generated by SonarQube Agent (task: e319ab0e-9115-4524-b10d-f2f6d89cf1b3)
---
 src/main/java/land/oras/auth/HttpClient.java | 24 +++++++++++++++-----
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/src/main/java/land/oras/auth/HttpClient.java b/src/main/java/land/oras/auth/HttpClient.java
index 56d9ffb0..77fe0045 100644
--- a/src/main/java/land/oras/auth/HttpClient.java
+++ b/src/main/java/land/oras/auth/HttpClient.java
@@ -805,22 +805,34 @@ public X509Certificate[] getAcceptedIssuers() {
         }
 
         @Override
-        public void checkClientTrusted(X509Certificate[] chain, String authType) {}
+        public void checkClientTrusted(X509Certificate[] chain, String authType) {
+            // Intentionally empty: insecure trust manager that accepts all client certificates
+        }
 
         @Override
-        public void checkServerTrusted(X509Certificate[] chain, String authType) {}
+        public void checkServerTrusted(X509Certificate[] chain, String authType) {
+            // Intentionally empty: insecure trust manager that accepts all server certificates
+        }
 
         @Override
-        public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) {}
+        public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) {
+            // Intentionally empty: insecure trust manager that accepts all client certificates
+        }
 
         @Override
-        public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) {}
+        public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) {
+            // Intentionally empty: insecure trust manager that accepts all server certificates
+        }
 
         @Override
-        public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) {}
+        public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) {
+            // Intentionally empty: insecure trust manager that accepts all client certificates
+        }
 
         @Override
-        public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) {}
+        public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) {
+            // Intentionally empty: insecure trust manager that accepts all server certificates
+        }
     }
 
     /**