Commenting here, because I can not comment down there, because the code did not change.
When I coded this, there was no good place for CertificateException (Line 37/61), maybe there is now a better place or common library?

For the moment, this is something that is only used here, and it doesn't seem to fit in any of the currently existing libraries. Nonetheless, this is definitely something to keep in mind if, in the future, CertificateException needs to be reused, or more classes from java.security.cert are modeled. Thanks!

Can this be changed to DataFlow? I've used taint tracking due to limitations of data flow at the time.
See this comment from @aschackmull:
#4879 (comment)

DataFlow could be used, but then we would need to allow Array implicit reads in the sinks (and potentially in the additional flow steps). Something like:

override predicate allowImplicitRead(DataFlow::Node node, DataFlow::Content c) {
  (this.isSink(node) or this.isAdditionalFlowStep(node, _)) and
  node.getType() instanceof Array and
  c instanceof DataFlow::ArrayContent
}

(which is actually part of the default implicit reads in TaintTracking).

We could even restrict node to be an array of TrustManagers, since that's what the sink is expecting.

Of course, the trade-off would be that, if for some reason the insecure TrustManager temporary goes through more complex data structures, e.g. a Map, we'd lose flows that a TaintTracking::Configuration would catch, but that doesn't sound like something that happens often.

@aschackmull what do you think is more appropriate in this case?

I did this in 967308f.