1 /*
   2  * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package javax.net.ssl;
  27 
  28 import java.security.Security;
  29 import java.security.*;
  30 
  31 import sun.security.jca.GetInstance;
  32 
  33 /**
  34  * This class acts as a factory for trust managers based on a
  35  * source of trust material. Each trust manager manages a specific
  36  * type of trust material for use by secure sockets. The trust
  37  * material is based on a KeyStore and/or provider-specific sources.
  38  *
  39  * <p> Every implementation of the Java platform is required to support the
  40  * following standard {@code TrustManagerFactory} algorithm:
  41  * <ul>
  42  * <li><tt>PKIX</tt></li>
  43  * </ul>
  44  * This algorithm is described in the <a href=
  45  * "{@docRoot}/../technotes/guides/security/StandardNames.html#TrustManagerFactory">
  46  * TrustManagerFactory section</a> of the
  47  * Java Cryptography Architecture Standard Algorithm Name Documentation.
  48  * Consult the release documentation for your implementation to see if any
  49  * other algorithms are supported.
  50  *
  51  * @since 1.4
  52  * @see TrustManager
  53  */
  54 public class TrustManagerFactory {
  55     // The provider
  56     private Provider provider;
  57 
  58     // The provider implementation (delegate)
  59     private TrustManagerFactorySpi factorySpi;
  60 
  61     // The name of the trust management algorithm.
  62     private String algorithm;
  63 
  64     /**
  65      * Obtains the default TrustManagerFactory algorithm name.
  66      *
  67      * <p>The default TrustManager can be changed at runtime by setting
  68      * the value of the {@code ssl.TrustManagerFactory.algorithm}
  69      * security property to the desired algorithm name.
  70      *
  71      * @see java.security.Security security properties
  72      * @return the default algorithm name as specified by the
  73      * {@code ssl.TrustManagerFactory.algorithm} security property, or an
  74      * implementation-specific default if no such property exists.
  75      */
  76     public static final String getDefaultAlgorithm() {
  77         String type;
  78         type = AccessController.doPrivileged(new PrivilegedAction<>() {
  79             @Override
  80             public String run() {
  81                 return Security.getProperty(
  82                     "ssl.TrustManagerFactory.algorithm");
  83             }
  84         });
  85         if (type == null) {
  86             type = "SunX509";
  87         }
  88         return type;
  89     }
  90 
  91     /**
  92      * Creates a TrustManagerFactory object.
  93      *
  94      * @param factorySpi the delegate
  95      * @param provider the provider
  96      * @param algorithm the algorithm
  97      */
  98     protected TrustManagerFactory(TrustManagerFactorySpi factorySpi,
  99             Provider provider, String algorithm) {
 100         this.factorySpi = factorySpi;
 101         this.provider = provider;
 102         this.algorithm = algorithm;
 103     }
 104 
 105     /**
 106      * Returns the algorithm name of this <code>TrustManagerFactory</code>
 107      * object.
 108      *
 109      * <p>This is the same name that was specified in one of the
 110      * <code>getInstance</code> calls that created this
 111      * <code>TrustManagerFactory</code> object.
 112      *
 113      * @return the algorithm name of this <code>TrustManagerFactory</code>
 114      *          object
 115      */
 116     public final String getAlgorithm() {
 117         return this.algorithm;
 118     }
 119 
 120     /**
 121      * Returns a <code>TrustManagerFactory</code> object that acts as a
 122      * factory for trust managers.
 123      *
 124      * <p> This method traverses the list of registered security Providers,
 125      * starting with the most preferred Provider.
 126      * A new TrustManagerFactory object encapsulating the
 127      * TrustManagerFactorySpi implementation from the first
 128      * Provider that supports the specified algorithm is returned.
 129      *
 130      * <p> Note that the list of registered providers may be retrieved via
 131      * the {@link Security#getProviders() Security.getProviders()} method.
 132      *
 133      * @implNote
 134      * The JDK Reference Implementation additionally uses the
 135      * {@code jdk.security.provider.preferred} property to determine
 136      * the preferred provider order for the specified algorithm. This
 137      * may be different than the order of providers returned by
 138      * {@link Security#getProviders() Security.getProviders()}.
 139      *
 140      * @param algorithm the standard name of the requested trust management
 141      *          algorithm.  See the <a href=
 142      *  "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html">
 143      *          Java Secure Socket Extension Reference Guide </a>
 144      *          for information about standard algorithm names.
 145      *
 146      * @return the new <code>TrustManagerFactory</code> object.
 147      *
 148      * @exception NoSuchAlgorithmException if no Provider supports a
 149      *          TrustManagerFactorySpi implementation for the
 150      *          specified algorithm.
 151      * @exception NullPointerException if algorithm is null.
 152      *
 153      * @see java.security.Provider
 154      */
 155     public static final TrustManagerFactory getInstance(String algorithm)
 156             throws NoSuchAlgorithmException {
 157         GetInstance.Instance instance = GetInstance.getInstance
 158                 ("TrustManagerFactory", TrustManagerFactorySpi.class,
 159                 algorithm);
 160         return new TrustManagerFactory((TrustManagerFactorySpi)instance.impl,
 161                 instance.provider, algorithm);
 162     }
 163 
 164     /**
 165      * Returns a <code>TrustManagerFactory</code> object that acts as a
 166      * factory for trust managers.
 167      *
 168      * <p> A new KeyManagerFactory object encapsulating the
 169      * KeyManagerFactorySpi implementation from the specified provider
 170      * is returned.  The specified provider must be registered
 171      * in the security provider list.
 172      *
 173      * <p> Note that the list of registered providers may be retrieved via
 174      * the {@link Security#getProviders() Security.getProviders()} method.
 175      *
 176      * @param algorithm the standard name of the requested trust management
 177      *          algorithm.  See the <a href=
 178      *  "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html">
 179      *          Java Secure Socket Extension Reference Guide </a>
 180      *          for information about standard algorithm names.
 181      *
 182      * @param provider the name of the provider.
 183      *
 184      * @return the new <code>TrustManagerFactory</code> object
 185      *
 186      * @throws NoSuchAlgorithmException if a TrustManagerFactorySpi
 187      *          implementation for the specified algorithm is not
 188      *          available from the specified provider.
 189      *
 190      * @throws NoSuchProviderException if the specified provider is not
 191      *          registered in the security provider list.
 192      *
 193      * @throws IllegalArgumentException if the provider name is null or empty.
 194      * @throws NullPointerException if algorithm is null.
 195      *
 196      * @see java.security.Provider
 197      */
 198     public static final TrustManagerFactory getInstance(String algorithm,
 199             String provider) throws NoSuchAlgorithmException,
 200             NoSuchProviderException {
 201         GetInstance.Instance instance = GetInstance.getInstance
 202                 ("TrustManagerFactory", TrustManagerFactorySpi.class,
 203                 algorithm, provider);
 204         return new TrustManagerFactory((TrustManagerFactorySpi)instance.impl,
 205                 instance.provider, algorithm);
 206     }
 207 
 208     /**
 209      * Returns a <code>TrustManagerFactory</code> object that acts as a
 210      * factory for trust managers.
 211      *
 212      * <p> A new TrustManagerFactory object encapsulating the
 213      * TrustManagerFactorySpi implementation from the specified Provider
 214      * object is returned.  Note that the specified Provider object
 215      * does not have to be registered in the provider list.
 216      *
 217      * @param algorithm the standard name of the requested trust management
 218      *          algorithm.  See the <a href=
 219      *  "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html">
 220      *          Java Secure Socket Extension Reference Guide </a>
 221      *          for information about standard algorithm names.
 222      *
 223      * @param provider an instance of the provider.
 224      *
 225      * @return the new <code>TrustManagerFactory</code> object.
 226      *
 227      * @throws NoSuchAlgorithmException if a TrustManagerFactorySpi
 228      *          implementation for the specified algorithm is not available
 229      *          from the specified Provider object.
 230      *
 231      * @throws IllegalArgumentException if the provider is null.
 232      * @throws NullPointerException if algorithm is null.
 233      *
 234      * @see java.security.Provider
 235      */
 236     public static final TrustManagerFactory getInstance(String algorithm,
 237             Provider provider) throws NoSuchAlgorithmException {
 238         GetInstance.Instance instance = GetInstance.getInstance
 239                 ("TrustManagerFactory", TrustManagerFactorySpi.class,
 240                 algorithm, provider);
 241         return new TrustManagerFactory((TrustManagerFactorySpi)instance.impl,
 242                 instance.provider, algorithm);
 243     }
 244 
 245     /**
 246      * Returns the provider of this <code>TrustManagerFactory</code> object.
 247      *
 248      * @return the provider of this <code>TrustManagerFactory</code> object
 249      */
 250     public final Provider getProvider() {
 251         return this.provider;
 252     }
 253 
 254 
 255     /**
 256      * Initializes this factory with a source of certificate
 257      * authorities and related trust material.
 258      * <P>
 259      * The provider typically uses a KeyStore as a basis for making
 260      * trust decisions.
 261      * <P>
 262      * For more flexible initialization, please see
 263      * {@link #init(ManagerFactoryParameters)}.
 264      *
 265      * @param ks the key store, or null
 266      * @throws KeyStoreException if this operation fails
 267      */
 268     public final void init(KeyStore ks) throws KeyStoreException {
 269         factorySpi.engineInit(ks);
 270     }
 271 
 272 
 273     /**
 274      * Initializes this factory with a source of provider-specific
 275      * trust material.
 276      * <P>
 277      * In some cases, initialization parameters other than a keystore
 278      * may be needed by a provider.  Users of that particular provider
 279      * are expected to pass an implementation of the appropriate
 280      * <CODE>ManagerFactoryParameters</CODE> as defined by the
 281      * provider.  The provider can then call the specified methods in
 282      * the <CODE>ManagerFactoryParameters</CODE> implementation to obtain the
 283      * needed information.
 284      *
 285      * @param spec an implementation of a provider-specific parameter
 286      *          specification
 287      * @throws InvalidAlgorithmParameterException if an error is
 288      *          encountered
 289      */
 290     public final void init(ManagerFactoryParameters spec) throws
 291             InvalidAlgorithmParameterException {
 292         factorySpi.engineInit(spec);
 293     }
 294 
 295 
 296     /**
 297      * Returns one trust manager for each type of trust material.
 298      *
 299      * @throws IllegalStateException if the factory is not initialized.
 300      *
 301      * @return the trust managers
 302      */
 303     public final TrustManager[] getTrustManagers() {
 304         return factorySpi.engineGetTrustManagers();
 305     }
 306 }