1 /*
2 * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package javax.net.ssl;
27
28 import java.security.Security;
29 import java.security.*;
30
31 import sun.security.jca.GetInstance;
32
33 /**
34 * This class acts as a factory for trust managers based on a
35 * source of trust material. Each trust manager manages a specific
36 * type of trust material for use by secure sockets. The trust
37 * material is based on a KeyStore and/or provider-specific sources.
38 *
39 * <p> Every implementation of the Java platform is required to support the
40 * following standard {@code TrustManagerFactory} algorithm:
41 * <ul>
42 * <li><tt>PKIX</tt></li>
43 * </ul>
44 * This algorithm is described in the <a href=
45 * "{@docRoot}/../technotes/guides/security/StandardNames.html#TrustManagerFactory">
46 * TrustManagerFactory section</a> of the
47 * Java Cryptography Architecture Standard Algorithm Name Documentation.
48 * Consult the release documentation for your implementation to see if any
49 * other algorithms are supported.
50 *
51 * @since 1.4
52 * @see TrustManager
53 */
54 public class TrustManagerFactory {
55 // The provider
56 private Provider provider;
57
58 // The provider implementation (delegate)
59 private TrustManagerFactorySpi factorySpi;
60
61 // The name of the trust management algorithm.
62 private String algorithm;
63
64 /**
65 * Obtains the default TrustManagerFactory algorithm name.
66 *
67 * <p>The default TrustManager can be changed at runtime by setting
68 * the value of the {@code ssl.TrustManagerFactory.algorithm}
69 * security property to the desired algorithm name.
70 *
71 * @see java.security.Security security properties
72 * @return the default algorithm name as specified by the
73 * {@code ssl.TrustManagerFactory.algorithm} security property, or an
74 * implementation-specific default if no such property exists.
75 */
76 public static final String getDefaultAlgorithm() {
77 String type;
78 type = AccessController.doPrivileged(new PrivilegedAction<>() {
79 @Override
80 public String run() {
81 return Security.getProperty(
82 "ssl.TrustManagerFactory.algorithm");
83 }
84 });
85 if (type == null) {
86 type = "SunX509";
87 }
88 return type;
89 }
90
91 /**
92 * Creates a TrustManagerFactory object.
93 *
94 * @param factorySpi the delegate
95 * @param provider the provider
96 * @param algorithm the algorithm
97 */
98 protected TrustManagerFactory(TrustManagerFactorySpi factorySpi,
99 Provider provider, String algorithm) {
100 this.factorySpi = factorySpi;
101 this.provider = provider;
102 this.algorithm = algorithm;
103 }
104
105 /**
106 * Returns the algorithm name of this <code>TrustManagerFactory</code>
107 * object.
108 *
109 * <p>This is the same name that was specified in one of the
110 * <code>getInstance</code> calls that created this
111 * <code>TrustManagerFactory</code> object.
112 *
113 * @return the algorithm name of this <code>TrustManagerFactory</code>
114 * object
115 */
116 public final String getAlgorithm() {
117 return this.algorithm;
118 }
119
120 /**
121 * Returns a <code>TrustManagerFactory</code> object that acts as a
122 * factory for trust managers.
123 *
124 * <p> This method traverses the list of registered security Providers,
125 * starting with the most preferred Provider.
126 * A new TrustManagerFactory object encapsulating the
127 * TrustManagerFactorySpi implementation from the first
128 * Provider that supports the specified algorithm is returned.
129 *
130 * <p> Note that the list of registered providers may be retrieved via
131 * the {@link Security#getProviders() Security.getProviders()} method.
132 *
133 * @implNote
134 * The JDK Reference Implementation additionally uses the
135 * {@code jdk.security.provider.preferred} property to determine
136 * the preferred provider order for the specified algorithm. This
137 * may be different than the order of providers returned by
138 * {@link Security#getProviders() Security.getProviders()}.
139 *
140 * @param algorithm the standard name of the requested trust management
141 * algorithm. See the <a href=
142 * "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html">
143 * Java Secure Socket Extension Reference Guide </a>
144 * for information about standard algorithm names.
145 *
146 * @return the new <code>TrustManagerFactory</code> object.
147 *
148 * @exception NoSuchAlgorithmException if no Provider supports a
149 * TrustManagerFactorySpi implementation for the
150 * specified algorithm.
151 * @exception NullPointerException if algorithm is null.
152 *
153 * @see java.security.Provider
154 */
155 public static final TrustManagerFactory getInstance(String algorithm)
156 throws NoSuchAlgorithmException {
157 GetInstance.Instance instance = GetInstance.getInstance
158 ("TrustManagerFactory", TrustManagerFactorySpi.class,
159 algorithm);
160 return new TrustManagerFactory((TrustManagerFactorySpi)instance.impl,
161 instance.provider, algorithm);
162 }
163
164 /**
165 * Returns a <code>TrustManagerFactory</code> object that acts as a
166 * factory for trust managers.
167 *
168 * <p> A new KeyManagerFactory object encapsulating the
169 * KeyManagerFactorySpi implementation from the specified provider
170 * is returned. The specified provider must be registered
171 * in the security provider list.
172 *
173 * <p> Note that the list of registered providers may be retrieved via
174 * the {@link Security#getProviders() Security.getProviders()} method.
175 *
176 * @param algorithm the standard name of the requested trust management
177 * algorithm. See the <a href=
178 * "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html">
179 * Java Secure Socket Extension Reference Guide </a>
180 * for information about standard algorithm names.
181 *
182 * @param provider the name of the provider.
183 *
184 * @return the new <code>TrustManagerFactory</code> object
185 *
186 * @throws NoSuchAlgorithmException if a TrustManagerFactorySpi
187 * implementation for the specified algorithm is not
188 * available from the specified provider.
189 *
190 * @throws NoSuchProviderException if the specified provider is not
191 * registered in the security provider list.
192 *
193 * @throws IllegalArgumentException if the provider name is null or empty.
194 * @throws NullPointerException if algorithm is null.
195 *
196 * @see java.security.Provider
197 */
198 public static final TrustManagerFactory getInstance(String algorithm,
199 String provider) throws NoSuchAlgorithmException,
200 NoSuchProviderException {
201 GetInstance.Instance instance = GetInstance.getInstance
202 ("TrustManagerFactory", TrustManagerFactorySpi.class,
203 algorithm, provider);
204 return new TrustManagerFactory((TrustManagerFactorySpi)instance.impl,
205 instance.provider, algorithm);
206 }
207
208 /**
209 * Returns a <code>TrustManagerFactory</code> object that acts as a
210 * factory for trust managers.
211 *
212 * <p> A new TrustManagerFactory object encapsulating the
213 * TrustManagerFactorySpi implementation from the specified Provider
214 * object is returned. Note that the specified Provider object
215 * does not have to be registered in the provider list.
216 *
217 * @param algorithm the standard name of the requested trust management
218 * algorithm. See the <a href=
219 * "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html">
220 * Java Secure Socket Extension Reference Guide </a>
221 * for information about standard algorithm names.
222 *
223 * @param provider an instance of the provider.
224 *
225 * @return the new <code>TrustManagerFactory</code> object.
226 *
227 * @throws NoSuchAlgorithmException if a TrustManagerFactorySpi
228 * implementation for the specified algorithm is not available
229 * from the specified Provider object.
230 *
231 * @throws IllegalArgumentException if the provider is null.
232 * @throws NullPointerException if algorithm is null.
233 *
234 * @see java.security.Provider
235 */
236 public static final TrustManagerFactory getInstance(String algorithm,
237 Provider provider) throws NoSuchAlgorithmException {
238 GetInstance.Instance instance = GetInstance.getInstance
239 ("TrustManagerFactory", TrustManagerFactorySpi.class,
240 algorithm, provider);
241 return new TrustManagerFactory((TrustManagerFactorySpi)instance.impl,
242 instance.provider, algorithm);
243 }
244
245 /**
246 * Returns the provider of this <code>TrustManagerFactory</code> object.
247 *
248 * @return the provider of this <code>TrustManagerFactory</code> object
249 */
250 public final Provider getProvider() {
251 return this.provider;
252 }
253
254
255 /**
256 * Initializes this factory with a source of certificate
257 * authorities and related trust material.
258 * <P>
259 * The provider typically uses a KeyStore as a basis for making
260 * trust decisions.
261 * <P>
262 * For more flexible initialization, please see
263 * {@link #init(ManagerFactoryParameters)}.
264 *
265 * @param ks the key store, or null
266 * @throws KeyStoreException if this operation fails
267 */
268 public final void init(KeyStore ks) throws KeyStoreException {
269 factorySpi.engineInit(ks);
270 }
271
272
273 /**
274 * Initializes this factory with a source of provider-specific
275 * trust material.
276 * <P>
277 * In some cases, initialization parameters other than a keystore
278 * may be needed by a provider. Users of that particular provider
279 * are expected to pass an implementation of the appropriate
280 * <CODE>ManagerFactoryParameters</CODE> as defined by the
281 * provider. The provider can then call the specified methods in
282 * the <CODE>ManagerFactoryParameters</CODE> implementation to obtain the
283 * needed information.
284 *
285 * @param spec an implementation of a provider-specific parameter
286 * specification
287 * @throws InvalidAlgorithmParameterException if an error is
288 * encountered
289 */
290 public final void init(ManagerFactoryParameters spec) throws
291 InvalidAlgorithmParameterException {
292 factorySpi.engineInit(spec);
293 }
294
295
296 /**
297 * Returns one trust manager for each type of trust material.
298 *
299 * @throws IllegalStateException if the factory is not initialized.
300 *
301 * @return the trust managers
302 */
303 public final TrustManager[] getTrustManagers() {
304 return factorySpi.engineGetTrustManagers();
305 }
306 }