1 /* 2 * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package javax.net.ssl; 27 28 import java.security.Security; 29 import java.security.*; 30 31 import sun.security.jca.GetInstance; 32 33 /** 34 * This class acts as a factory for trust managers based on a 35 * source of trust material. Each trust manager manages a specific 36 * type of trust material for use by secure sockets. The trust 37 * material is based on a KeyStore and/or provider-specific sources. 38 * 39 * <p> Every implementation of the Java platform is required to support the 40 * following standard {@code TrustManagerFactory} algorithm: 41 * <ul> 42 * <li><tt>PKIX</tt></li> 43 * </ul> 44 * This algorithm is described in the <a href= 45 * "{@docRoot}/../technotes/guides/security/StandardNames.html#TrustManagerFactory"> 46 * TrustManagerFactory section</a> of the 47 * Java Cryptography Architecture Standard Algorithm Name Documentation. 48 * Consult the release documentation for your implementation to see if any 49 * other algorithms are supported. 50 * 51 * @since 1.4 52 * @see TrustManager 53 */ 54 public class TrustManagerFactory { 55 // The provider 56 private Provider provider; 57 58 // The provider implementation (delegate) 59 private TrustManagerFactorySpi factorySpi; 60 61 // The name of the trust management algorithm. 62 private String algorithm; 63 64 /** 65 * Obtains the default TrustManagerFactory algorithm name. 66 * 67 * <p>The default TrustManager can be changed at runtime by setting 68 * the value of the {@code ssl.TrustManagerFactory.algorithm} 69 * security property to the desired algorithm name. 70 * 71 * @see java.security.Security security properties 72 * @return the default algorithm name as specified by the 73 * {@code ssl.TrustManagerFactory.algorithm} security property, or an 74 * implementation-specific default if no such property exists. 75 */ 76 public static final String getDefaultAlgorithm() { 77 String type; 78 type = AccessController.doPrivileged(new PrivilegedAction<>() { 79 @Override 80 public String run() { 81 return Security.getProperty( 82 "ssl.TrustManagerFactory.algorithm"); 83 } 84 }); 85 if (type == null) { 86 type = "SunX509"; 87 } 88 return type; 89 } 90 91 /** 92 * Creates a TrustManagerFactory object. 93 * 94 * @param factorySpi the delegate 95 * @param provider the provider 96 * @param algorithm the algorithm 97 */ 98 protected TrustManagerFactory(TrustManagerFactorySpi factorySpi, 99 Provider provider, String algorithm) { 100 this.factorySpi = factorySpi; 101 this.provider = provider; 102 this.algorithm = algorithm; 103 } 104 105 /** 106 * Returns the algorithm name of this <code>TrustManagerFactory</code> 107 * object. 108 * 109 * <p>This is the same name that was specified in one of the 110 * <code>getInstance</code> calls that created this 111 * <code>TrustManagerFactory</code> object. 112 * 113 * @return the algorithm name of this <code>TrustManagerFactory</code> 114 * object 115 */ 116 public final String getAlgorithm() { 117 return this.algorithm; 118 } 119 120 /** 121 * Returns a <code>TrustManagerFactory</code> object that acts as a 122 * factory for trust managers. 123 * 124 * <p> This method traverses the list of registered security Providers, 125 * starting with the most preferred Provider. 126 * A new TrustManagerFactory object encapsulating the 127 * TrustManagerFactorySpi implementation from the first 128 * Provider that supports the specified algorithm is returned. 129 * 130 * <p> Note that the list of registered providers may be retrieved via 131 * the {@link Security#getProviders() Security.getProviders()} method. 132 * 133 * @implNote 134 * The JDK Reference Implementation additionally uses the 135 * {@code jdk.security.provider.preferred} property to determine 136 * the preferred provider order for the specified algorithm. This 137 * may be different than the order of providers returned by 138 * {@link Security#getProviders() Security.getProviders()}. 139 * 140 * @param algorithm the standard name of the requested trust management 141 * algorithm. See the <a href= 142 * "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html"> 143 * Java Secure Socket Extension Reference Guide </a> 144 * for information about standard algorithm names. 145 * 146 * @return the new <code>TrustManagerFactory</code> object. 147 * 148 * @exception NoSuchAlgorithmException if no Provider supports a 149 * TrustManagerFactorySpi implementation for the 150 * specified algorithm. 151 * @exception NullPointerException if algorithm is null. 152 * 153 * @see java.security.Provider 154 */ 155 public static final TrustManagerFactory getInstance(String algorithm) 156 throws NoSuchAlgorithmException { 157 GetInstance.Instance instance = GetInstance.getInstance 158 ("TrustManagerFactory", TrustManagerFactorySpi.class, 159 algorithm); 160 return new TrustManagerFactory((TrustManagerFactorySpi)instance.impl, 161 instance.provider, algorithm); 162 } 163 164 /** 165 * Returns a <code>TrustManagerFactory</code> object that acts as a 166 * factory for trust managers. 167 * 168 * <p> A new KeyManagerFactory object encapsulating the 169 * KeyManagerFactorySpi implementation from the specified provider 170 * is returned. The specified provider must be registered 171 * in the security provider list. 172 * 173 * <p> Note that the list of registered providers may be retrieved via 174 * the {@link Security#getProviders() Security.getProviders()} method. 175 * 176 * @param algorithm the standard name of the requested trust management 177 * algorithm. See the <a href= 178 * "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html"> 179 * Java Secure Socket Extension Reference Guide </a> 180 * for information about standard algorithm names. 181 * 182 * @param provider the name of the provider. 183 * 184 * @return the new <code>TrustManagerFactory</code> object 185 * 186 * @throws NoSuchAlgorithmException if a TrustManagerFactorySpi 187 * implementation for the specified algorithm is not 188 * available from the specified provider. 189 * 190 * @throws NoSuchProviderException if the specified provider is not 191 * registered in the security provider list. 192 * 193 * @throws IllegalArgumentException if the provider name is null or empty. 194 * @throws NullPointerException if algorithm is null. 195 * 196 * @see java.security.Provider 197 */ 198 public static final TrustManagerFactory getInstance(String algorithm, 199 String provider) throws NoSuchAlgorithmException, 200 NoSuchProviderException { 201 GetInstance.Instance instance = GetInstance.getInstance 202 ("TrustManagerFactory", TrustManagerFactorySpi.class, 203 algorithm, provider); 204 return new TrustManagerFactory((TrustManagerFactorySpi)instance.impl, 205 instance.provider, algorithm); 206 } 207 208 /** 209 * Returns a <code>TrustManagerFactory</code> object that acts as a 210 * factory for trust managers. 211 * 212 * <p> A new TrustManagerFactory object encapsulating the 213 * TrustManagerFactorySpi implementation from the specified Provider 214 * object is returned. Note that the specified Provider object 215 * does not have to be registered in the provider list. 216 * 217 * @param algorithm the standard name of the requested trust management 218 * algorithm. See the <a href= 219 * "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html"> 220 * Java Secure Socket Extension Reference Guide </a> 221 * for information about standard algorithm names. 222 * 223 * @param provider an instance of the provider. 224 * 225 * @return the new <code>TrustManagerFactory</code> object. 226 * 227 * @throws NoSuchAlgorithmException if a TrustManagerFactorySpi 228 * implementation for the specified algorithm is not available 229 * from the specified Provider object. 230 * 231 * @throws IllegalArgumentException if the provider is null. 232 * @throws NullPointerException if algorithm is null. 233 * 234 * @see java.security.Provider 235 */ 236 public static final TrustManagerFactory getInstance(String algorithm, 237 Provider provider) throws NoSuchAlgorithmException { 238 GetInstance.Instance instance = GetInstance.getInstance 239 ("TrustManagerFactory", TrustManagerFactorySpi.class, 240 algorithm, provider); 241 return new TrustManagerFactory((TrustManagerFactorySpi)instance.impl, 242 instance.provider, algorithm); 243 } 244 245 /** 246 * Returns the provider of this <code>TrustManagerFactory</code> object. 247 * 248 * @return the provider of this <code>TrustManagerFactory</code> object 249 */ 250 public final Provider getProvider() { 251 return this.provider; 252 } 253 254 255 /** 256 * Initializes this factory with a source of certificate 257 * authorities and related trust material. 258 * <P> 259 * The provider typically uses a KeyStore as a basis for making 260 * trust decisions. 261 * <P> 262 * For more flexible initialization, please see 263 * {@link #init(ManagerFactoryParameters)}. 264 * 265 * @param ks the key store, or null 266 * @throws KeyStoreException if this operation fails 267 */ 268 public final void init(KeyStore ks) throws KeyStoreException { 269 factorySpi.engineInit(ks); 270 } 271 272 273 /** 274 * Initializes this factory with a source of provider-specific 275 * trust material. 276 * <P> 277 * In some cases, initialization parameters other than a keystore 278 * may be needed by a provider. Users of that particular provider 279 * are expected to pass an implementation of the appropriate 280 * <CODE>ManagerFactoryParameters</CODE> as defined by the 281 * provider. The provider can then call the specified methods in 282 * the <CODE>ManagerFactoryParameters</CODE> implementation to obtain the 283 * needed information. 284 * 285 * @param spec an implementation of a provider-specific parameter 286 * specification 287 * @throws InvalidAlgorithmParameterException if an error is 288 * encountered 289 */ 290 public final void init(ManagerFactoryParameters spec) throws 291 InvalidAlgorithmParameterException { 292 factorySpi.engineInit(spec); 293 } 294 295 296 /** 297 * Returns one trust manager for each type of trust material. 298 * 299 * @throws IllegalStateException if the factory is not initialized. 300 * 301 * @return the trust managers 302 */ 303 public final TrustManager[] getTrustManagers() { 304 return factorySpi.engineGetTrustManagers(); 305 } 306 }