1 /*
2 * Copyright (c) 1999, 2016, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package javax.net.ssl;
27
28 import java.security.Security;
29 import java.security.*;
30 import java.util.Objects;
31
32 import sun.security.jca.GetInstance;
33
34 /**
35 * This class acts as a factory for trust managers based on a
36 * source of trust material. Each trust manager manages a specific
37 * type of trust material for use by secure sockets. The trust
38 * material is based on a KeyStore and/or provider-specific sources.
39 *
40 * <p> Every implementation of the Java platform is required to support the
41 * following standard {@code TrustManagerFactory} algorithm:
42 * <ul>
43 * <li><tt>PKIX</tt></li>
44 * </ul>
45 * This algorithm is described in the <a href=
46 * "{@docRoot}/../technotes/guides/security/StandardNames.html#TrustManagerFactory">
47 * TrustManagerFactory section</a> of the
48 * Java Cryptography Architecture Standard Algorithm Name Documentation.
49 * Consult the release documentation for your implementation to see if any
50 * other algorithms are supported.
51 *
52 * @since 1.4
53 * @see TrustManager
54 */
55 public class TrustManagerFactory {
56 // The provider
57 private Provider provider;
58
59 // The provider implementation (delegate)
60 private TrustManagerFactorySpi factorySpi;
61
62 // The name of the trust management algorithm.
63 private String algorithm;
64
65 /**
66 * Obtains the default TrustManagerFactory algorithm name.
67 *
68 * <p>The default TrustManager can be changed at runtime by setting
69 * the value of the {@code ssl.TrustManagerFactory.algorithm}
70 * security property to the desired algorithm name.
71 *
72 * @see java.security.Security security properties
73 * @return the default algorithm name as specified by the
74 * {@code ssl.TrustManagerFactory.algorithm} security property, or an
75 * implementation-specific default if no such property exists.
76 */
77 public static final String getDefaultAlgorithm() {
78 String type;
79 type = AccessController.doPrivileged(new PrivilegedAction<>() {
80 @Override
81 public String run() {
82 return Security.getProperty(
83 "ssl.TrustManagerFactory.algorithm");
84 }
85 });
86 if (type == null) {
87 type = "SunX509";
88 }
89 return type;
90 }
91
92 /**
93 * Creates a TrustManagerFactory object.
94 *
95 * @param factorySpi the delegate
96 * @param provider the provider
97 * @param algorithm the algorithm
98 */
99 protected TrustManagerFactory(TrustManagerFactorySpi factorySpi,
100 Provider provider, String algorithm) {
101 this.factorySpi = factorySpi;
102 this.provider = provider;
103 this.algorithm = algorithm;
104 }
105
106 /**
107 * Returns the algorithm name of this <code>TrustManagerFactory</code>
108 * object.
109 *
110 * <p>This is the same name that was specified in one of the
111 * <code>getInstance</code> calls that created this
112 * <code>TrustManagerFactory</code> object.
113 *
114 * @return the algorithm name of this <code>TrustManagerFactory</code>
115 * object
116 */
117 public final String getAlgorithm() {
118 return this.algorithm;
119 }
120
121 /**
122 * Returns a <code>TrustManagerFactory</code> object that acts as a
123 * factory for trust managers.
124 *
125 * <p> This method traverses the list of registered security Providers,
126 * starting with the most preferred Provider.
127 * A new TrustManagerFactory object encapsulating the
128 * TrustManagerFactorySpi implementation from the first
129 * Provider that supports the specified algorithm is returned.
130 *
131 * <p> Note that the list of registered providers may be retrieved via
132 * the {@link Security#getProviders() Security.getProviders()} method.
133 *
134 * @implNote
135 * The JDK Reference Implementation additionally uses the
136 * {@code jdk.security.provider.preferred}
137 * {@link Security#getProperty(String) Security} property to determine
138 * the preferred provider order for the specified algorithm. This
139 * may be different than the order of providers returned by
140 * {@link Security#getProviders() Security.getProviders()}.
141 *
142 * @param algorithm the standard name of the requested trust management
143 * algorithm. See the <a href=
144 * "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html">
145 * Java Secure Socket Extension Reference Guide </a>
146 * for information about standard algorithm names.
147 *
148 * @return the new {@code TrustManagerFactory} object
149 *
150 * @throws NoSuchAlgorithmException if no {@code Provider} supports a
151 * {@code TrustManagerFactorySpi} implementation for the
152 * specified algorithm
153 *
154 * @throws NullPointerException if {@code algorithm} is {@code null}
155 *
156 * @see java.security.Provider
157 */
158 public static final TrustManagerFactory getInstance(String algorithm)
159 throws NoSuchAlgorithmException {
160 Objects.requireNonNull(algorithm, "null algorithm name");
161 GetInstance.Instance instance = GetInstance.getInstance
162 ("TrustManagerFactory", TrustManagerFactorySpi.class,
163 algorithm);
164 return new TrustManagerFactory((TrustManagerFactorySpi)instance.impl,
165 instance.provider, algorithm);
166 }
167
168 /**
169 * Returns a <code>TrustManagerFactory</code> object that acts as a
170 * factory for trust managers.
171 *
172 * <p> A new KeyManagerFactory object encapsulating the
173 * KeyManagerFactorySpi implementation from the specified provider
174 * is returned. The specified provider must be registered
175 * in the security provider list.
176 *
177 * <p> Note that the list of registered providers may be retrieved via
178 * the {@link Security#getProviders() Security.getProviders()} method.
179 *
180 * @param algorithm the standard name of the requested trust management
181 * algorithm. See the <a href=
182 * "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html">
183 * Java Secure Socket Extension Reference Guide </a>
184 * for information about standard algorithm names.
185 *
186 * @param provider the name of the provider.
187 *
188 * @return the new {@code TrustManagerFactory} object
189 *
190 * @throws IllegalArgumentException if the provider name is
191 * {@code null} or empty
192 *
193 * @throws NoSuchAlgorithmException if a {@code TrustManagerFactorySpi}
194 * implementation for the specified algorithm is not
195 * available from the specified provider
196 *
197 * @throws NoSuchProviderException if the specified provider is not
198 * registered in the security provider list
199 *
200 * @throws NullPointerException if {@code algorithm} is {@code null}
201 *
202 * @see java.security.Provider
203 */
204 public static final TrustManagerFactory getInstance(String algorithm,
205 String provider) throws NoSuchAlgorithmException,
206 NoSuchProviderException {
207 Objects.requireNonNull(algorithm, "null algorithm name");
208 GetInstance.Instance instance = GetInstance.getInstance
209 ("TrustManagerFactory", TrustManagerFactorySpi.class,
210 algorithm, provider);
211 return new TrustManagerFactory((TrustManagerFactorySpi)instance.impl,
212 instance.provider, algorithm);
213 }
214
215 /**
216 * Returns a <code>TrustManagerFactory</code> object that acts as a
217 * factory for trust managers.
218 *
219 * <p> A new TrustManagerFactory object encapsulating the
220 * TrustManagerFactorySpi implementation from the specified Provider
221 * object is returned. Note that the specified Provider object
222 * does not have to be registered in the provider list.
223 *
224 * @param algorithm the standard name of the requested trust management
225 * algorithm. See the <a href=
226 * "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html">
227 * Java Secure Socket Extension Reference Guide </a>
228 * for information about standard algorithm names.
229 *
230 * @param provider an instance of the provider.
231 *
232 * @return the new {@code TrustManagerFactory} object
233 *
234 * @throws IllegalArgumentException if the provider is {@code null}
235 *
236 * @throws NoSuchAlgorithmException if a {@code TrustManagerFactorySpi}
237 * implementation for the specified algorithm is not available
238 * from the specified {@code Provider} object
239 *
240 * @throws NullPointerException if {@code algorithm} is {@code null}
241 *
242 * @see java.security.Provider
243 */
244 public static final TrustManagerFactory getInstance(String algorithm,
245 Provider provider) throws NoSuchAlgorithmException {
246 Objects.requireNonNull(algorithm, "null algorithm name");
247 GetInstance.Instance instance = GetInstance.getInstance
248 ("TrustManagerFactory", TrustManagerFactorySpi.class,
249 algorithm, provider);
250 return new TrustManagerFactory((TrustManagerFactorySpi)instance.impl,
251 instance.provider, algorithm);
252 }
253
254 /**
255 * Returns the provider of this <code>TrustManagerFactory</code> object.
256 *
257 * @return the provider of this <code>TrustManagerFactory</code> object
258 */
259 public final Provider getProvider() {
260 return this.provider;
261 }
262
263
264 /**
265 * Initializes this factory with a source of certificate
266 * authorities and related trust material.
267 * <P>
268 * The provider typically uses a KeyStore as a basis for making
269 * trust decisions.
270 * <P>
271 * For more flexible initialization, please see
272 * {@link #init(ManagerFactoryParameters)}.
273 *
274 * @param ks the key store, or null
275 * @throws KeyStoreException if this operation fails
276 */
277 public final void init(KeyStore ks) throws KeyStoreException {
278 factorySpi.engineInit(ks);
279 }
280
281
282 /**
283 * Initializes this factory with a source of provider-specific
284 * trust material.
285 * <P>
286 * In some cases, initialization parameters other than a keystore
287 * may be needed by a provider. Users of that particular provider
288 * are expected to pass an implementation of the appropriate
289 * <CODE>ManagerFactoryParameters</CODE> as defined by the
290 * provider. The provider can then call the specified methods in
291 * the <CODE>ManagerFactoryParameters</CODE> implementation to obtain the
292 * needed information.
293 *
294 * @param spec an implementation of a provider-specific parameter
295 * specification
296 * @throws InvalidAlgorithmParameterException if an error is
297 * encountered
298 */
299 public final void init(ManagerFactoryParameters spec) throws
300 InvalidAlgorithmParameterException {
301 factorySpi.engineInit(spec);
302 }
303
304
305 /**
306 * Returns one trust manager for each type of trust material.
307 *
308 * @throws IllegalStateException if the factory is not initialized.
309 *
310 * @return the trust managers
311 */
312 public final TrustManager[] getTrustManagers() {
313 return factorySpi.engineGetTrustManagers();
314 }
315 }