1 /*
2 * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package javax.net.ssl;
27
28 import java.security.Security;
29 import java.security.*;
30
31 import sun.security.jca.GetInstance;
32
33 /**
34 * This class acts as a factory for trust managers based on a
35 * source of trust material. Each trust manager manages a specific
36 * type of trust material for use by secure sockets. The trust
37 * material is based on a KeyStore and/or provider specific sources.
38 *
39 * @since 1.4
40 * @see TrustManager
41 */
42 public class TrustManagerFactory {
43 // The provider
44 private Provider provider;
45
46 // The provider implementation (delegate)
47 private TrustManagerFactorySpi factorySpi;
48
49 // The name of the trust management algorithm.
50 private String algorithm;
51
52 /**
53 * Obtains the default TrustManagerFactory algorithm name.
54 *
55 * <p>The default TrustManager can be changed at runtime by setting
56 * the value of the {@code ssl.TrustManagerFactory.algorithm}
57 * security property to the desired algorithm name.
58 *
59 * @see java.security.Security security properties
60 * @return the default algorithm name as specified by the
61 * {@code ssl.TrustManagerFactory.algorithm} security property, or an
62 * implementation-specific default if no such property exists.
63 */
64 public final static String getDefaultAlgorithm() {
65 String type;
66 type = AccessController.doPrivileged(new PrivilegedAction<String>() {
67 @Override
68 public String run() {
69 return Security.getProperty(
70 "ssl.TrustManagerFactory.algorithm");
71 }
72 });
73 if (type == null) {
74 type = "SunX509";
75 }
76 return type;
77 }
78
79 /**
80 * Creates a TrustManagerFactory object.
81 *
82 * @param factorySpi the delegate
83 * @param provider the provider
84 * @param algorithm the algorithm
85 */
86 protected TrustManagerFactory(TrustManagerFactorySpi factorySpi,
87 Provider provider, String algorithm) {
88 this.factorySpi = factorySpi;
89 this.provider = provider;
90 this.algorithm = algorithm;
91 }
92
93 /**
94 * Returns the algorithm name of this <code>TrustManagerFactory</code>
95 * object.
96 *
97 * <p>This is the same name that was specified in one of the
98 * <code>getInstance</code> calls that created this
99 * <code>TrustManagerFactory</code> object.
100 *
101 * @return the algorithm name of this <code>TrustManagerFactory</code>
102 * object
103 */
104 public final String getAlgorithm() {
105 return this.algorithm;
106 }
107
108 /**
109 * Returns a <code>TrustManagerFactory</code> object that acts as a
110 * factory for trust managers.
111 *
112 * <p> This method traverses the list of registered security Providers,
113 * starting with the most preferred Provider.
114 * A new TrustManagerFactory object encapsulating the
115 * TrustManagerFactorySpi implementation from the first
116 * Provider that supports the specified algorithm is returned.
117 *
118 * <p> Note that the list of registered providers may be retrieved via
119 * the {@link Security#getProviders() Security.getProviders()} method.
120 *
121 * @param algorithm the standard name of the requested trust management
122 * algorithm. See the <a href=
123 * "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html">
124 * Java Secure Socket Extension Reference Guide </a>
125 * for information about standard algorithm names.
126 *
127 * @return the new <code>TrustManagerFactory</code> object.
128 *
129 * @exception NoSuchAlgorithmException if no Provider supports a
130 * TrustManagerFactorySpi implementation for the
131 * specified algorithm.
132 * @exception NullPointerException if algorithm is null.
133 *
134 * @see java.security.Provider
135 */
136 public static final TrustManagerFactory getInstance(String algorithm)
137 throws NoSuchAlgorithmException {
138 GetInstance.Instance instance = GetInstance.getInstance
139 ("TrustManagerFactory", TrustManagerFactorySpi.class,
140 algorithm);
141 return new TrustManagerFactory((TrustManagerFactorySpi)instance.impl,
142 instance.provider, algorithm);
143 }
144
145 /**
146 * Returns a <code>TrustManagerFactory</code> object that acts as a
147 * factory for trust managers.
148 *
149 * <p> A new KeyManagerFactory object encapsulating the
150 * KeyManagerFactorySpi implementation from the specified provider
151 * is returned. The specified provider must be registered
152 * in the security provider list.
153 *
154 * <p> Note that the list of registered providers may be retrieved via
155 * the {@link Security#getProviders() Security.getProviders()} method.
156 *
157 * @param algorithm the standard name of the requested trust management
158 * algorithm. See the <a href=
159 * "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html">
160 * Java Secure Socket Extension Reference Guide </a>
161 * for information about standard algorithm names.
162 *
163 * @param provider the name of the provider.
164 *
165 * @return the new <code>TrustManagerFactory</code> object
166 *
167 * @throws NoSuchAlgorithmException if a TrustManagerFactorySpi
168 * implementation for the specified algorithm is not
169 * available from the specified provider.
170 *
171 * @throws NoSuchProviderException if the specified provider is not
172 * registered in the security provider list.
173 *
174 * @throws IllegalArgumentException if the provider name is null or empty.
175 * @throws NullPointerException if algorithm is null.
176 *
177 * @see java.security.Provider
178 */
179 public static final TrustManagerFactory getInstance(String algorithm,
180 String provider) throws NoSuchAlgorithmException,
181 NoSuchProviderException {
182 GetInstance.Instance instance = GetInstance.getInstance
183 ("TrustManagerFactory", TrustManagerFactorySpi.class,
184 algorithm, provider);
185 return new TrustManagerFactory((TrustManagerFactorySpi)instance.impl,
186 instance.provider, algorithm);
187 }
188
189 /**
190 * Returns a <code>TrustManagerFactory</code> object that acts as a
191 * factory for trust managers.
192 *
193 * <p> A new TrustManagerFactory object encapsulating the
194 * TrustManagerFactorySpi implementation from the specified Provider
195 * object is returned. Note that the specified Provider object
196 * does not have to be registered in the provider list.
197 *
198 * @param algorithm the standard name of the requested trust management
199 * algorithm. See the <a href=
200 * "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html">
201 * Java Secure Socket Extension Reference Guide </a>
202 * for information about standard algorithm names.
203 *
204 * @param provider an instance of the provider.
205 *
206 * @return the new <code>TrustManagerFactory</code> object.
207 *
208 * @throws NoSuchAlgorithmException if a TrustManagerFactorySpi
209 * implementation for the specified algorithm is not available
210 * from the specified Provider object.
211 *
212 * @throws IllegalArgumentException if the provider is null.
213 * @throws NullPointerException if algorithm is null.
214 *
215 * @see java.security.Provider
216 */
217 public static final TrustManagerFactory getInstance(String algorithm,
218 Provider provider) throws NoSuchAlgorithmException {
219 GetInstance.Instance instance = GetInstance.getInstance
220 ("TrustManagerFactory", TrustManagerFactorySpi.class,
221 algorithm, provider);
222 return new TrustManagerFactory((TrustManagerFactorySpi)instance.impl,
223 instance.provider, algorithm);
224 }
225
226 /**
227 * Returns the provider of this <code>TrustManagerFactory</code> object.
228 *
229 * @return the provider of this <code>TrustManagerFactory</code> object
230 */
231 public final Provider getProvider() {
232 return this.provider;
233 }
234
235
236 /**
237 * Initializes this factory with a source of certificate
238 * authorities and related trust material.
239 * <P>
240 * The provider typically uses a KeyStore as a basis for making
241 * trust decisions.
242 * <P>
243 * For more flexible initialization, please see
244 * {@link #init(ManagerFactoryParameters)}.
245 *
246 * @param ks the key store, or null
247 * @throws KeyStoreException if this operation fails
248 */
249 public final void init(KeyStore ks) throws KeyStoreException {
250 factorySpi.engineInit(ks);
251 }
252
253
254 /**
255 * Initializes this factory with a source of provider-specific
256 * trust material.
257 * <P>
258 * In some cases, initialization parameters other than a keystore
259 * may be needed by a provider. Users of that particular provider
260 * are expected to pass an implementation of the appropriate
261 * <CODE>ManagerFactoryParameters</CODE> as defined by the
262 * provider. The provider can then call the specified methods in
263 * the <CODE>ManagerFactoryParameters</CODE> implementation to obtain the
264 * needed information.
265 *
266 * @param spec an implementation of a provider-specific parameter
267 * specification
268 * @throws InvalidAlgorithmParameterException if an error is
269 * encountered
270 */
271 public final void init(ManagerFactoryParameters spec) throws
272 InvalidAlgorithmParameterException {
273 factorySpi.engineInit(spec);
274 }
275
276
277 /**
278 * Returns one trust manager for each type of trust material.
279 *
280 * @throws IllegalStateException if the factory is not initialized.
281 *
282 * @return the trust managers
283 */
284 public final TrustManager[] getTrustManagers() {
285 return factorySpi.engineGetTrustManagers();
286 }
287 }