< prev index next >

src/java.base/share/classes/sun/security/util/AnchorCertificates.java

Print this page




  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.util;
  27 
  28 import java.io.File;
  29 import java.io.FileInputStream;
  30 import java.security.AccessController;
  31 import java.security.KeyStore;
  32 import java.security.PrivilegedAction;
  33 import java.security.cert.X509Certificate;

  34 import java.util.Enumeration;
  35 import java.util.HashSet;

  36 
  37 import sun.security.x509.X509CertImpl;
  38 
  39 /**
  40  * The purpose of this class is to determine the trust anchor certificates is in
  41  * the cacerts file.  This is used for PKIX CertPath checking.
  42  */
  43 public class AnchorCertificates {
  44 
  45     private static final Debug debug = Debug.getInstance("certpath");
  46     private static final String HASH = "SHA-256";
  47     private static HashSet<String> certs;
  48 
  49     static  {
  50         AccessController.doPrivileged(new PrivilegedAction<Void>() {
  51             @Override
  52             public Void run() {
  53                 File f = new File(System.getProperty("java.home"),
  54                         "lib/security/cacerts");
  55                 KeyStore cacerts;
  56                 try {
  57                     cacerts = KeyStore.getInstance("JKS");
  58                     try (FileInputStream fis = new FileInputStream(f)) {
  59                         cacerts.load(fis, "changeit".toCharArray());
  60                         certs = new HashSet<>();
  61                         Enumeration<String> list = cacerts.aliases();
  62                         String alias;
  63                         while (list.hasMoreElements()) {
  64                             alias = list.nextElement();
  65                             // Check if this cert is labeled a trust anchor.
  66                             if (alias.contains(" [jdk")) {
  67                                 X509Certificate cert = (X509Certificate) cacerts




  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.util;
  27 
  28 import java.io.File;
  29 import java.io.FileInputStream;
  30 import java.security.AccessController;
  31 import java.security.KeyStore;
  32 import java.security.PrivilegedAction;
  33 import java.security.cert.X509Certificate;
  34 import java.util.Collections;
  35 import java.util.Enumeration;
  36 import java.util.HashSet;
  37 import java.util.Set;
  38 
  39 import sun.security.x509.X509CertImpl;
  40 
  41 /**
  42  * The purpose of this class is to determine the trust anchor certificates is in
  43  * the cacerts file.  This is used for PKIX CertPath checking.
  44  */
  45 public class AnchorCertificates {
  46 
  47     private static final Debug debug = Debug.getInstance("certpath");
  48     private static final String HASH = "SHA-256";
  49     private static Set<String> certs = Collections.emptySet();
  50 
  51     static  {
  52         AccessController.doPrivileged(new PrivilegedAction<Void>() {
  53             @Override
  54             public Void run() {
  55                 File f = new File(System.getProperty("java.home"),
  56                         "lib/security/cacerts");
  57                 KeyStore cacerts;
  58                 try {
  59                     cacerts = KeyStore.getInstance("JKS");
  60                     try (FileInputStream fis = new FileInputStream(f)) {
  61                         cacerts.load(fis, "changeit".toCharArray());
  62                         certs = new HashSet<>();
  63                         Enumeration<String> list = cacerts.aliases();
  64                         String alias;
  65                         while (list.hasMoreElements()) {
  66                             alias = list.nextElement();
  67                             // Check if this cert is labeled a trust anchor.
  68                             if (alias.contains(" [jdk")) {
  69                                 X509Certificate cert = (X509Certificate) cacerts


< prev index next >