1 /* 2 * Copyright (c) 1999, 2016, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package javax.net.ssl; 27 28 import java.security.Security; 29 import java.security.*; 30 import java.util.Objects; 31 32 import sun.security.jca.GetInstance; 33 34 /** 35 * This class acts as a factory for trust managers based on a 36 * source of trust material. Each trust manager manages a specific 37 * type of trust material for use by secure sockets. The trust 38 * material is based on a KeyStore and/or provider-specific sources. 39 * 40 * <p> Every implementation of the Java platform is required to support the 41 * following standard {@code TrustManagerFactory} algorithm: 42 * <ul> 43 * <li><tt>PKIX</tt></li> 44 * </ul> 45 * This algorithm is described in the <a href= 46 * "{@docRoot}/../technotes/guides/security/StandardNames.html#TrustManagerFactory"> 47 * TrustManagerFactory section</a> of the 48 * Java Cryptography Architecture Standard Algorithm Name Documentation. 49 * Consult the release documentation for your implementation to see if any 50 * other algorithms are supported. 51 * 52 * @since 1.4 53 * @see TrustManager 54 */ 55 public class TrustManagerFactory { 56 // The provider 57 private Provider provider; 58 59 // The provider implementation (delegate) 60 private TrustManagerFactorySpi factorySpi; 61 62 // The name of the trust management algorithm. 63 private String algorithm; 64 65 /** 66 * Obtains the default TrustManagerFactory algorithm name. 67 * 68 * <p>The default TrustManager can be changed at runtime by setting 69 * the value of the {@code ssl.TrustManagerFactory.algorithm} 70 * security property to the desired algorithm name. 71 * 72 * @see java.security.Security security properties 73 * @return the default algorithm name as specified by the 74 * {@code ssl.TrustManagerFactory.algorithm} security property, or an 75 * implementation-specific default if no such property exists. 76 */ 77 public static final String getDefaultAlgorithm() { 78 String type; 79 type = AccessController.doPrivileged(new PrivilegedAction<>() { 80 @Override 81 public String run() { 82 return Security.getProperty( 83 "ssl.TrustManagerFactory.algorithm"); 84 } 85 }); 86 if (type == null) { 87 type = "SunX509"; 88 } 89 return type; 90 } 91 92 /** 93 * Creates a TrustManagerFactory object. 94 * 95 * @param factorySpi the delegate 96 * @param provider the provider 97 * @param algorithm the algorithm 98 */ 99 protected TrustManagerFactory(TrustManagerFactorySpi factorySpi, 100 Provider provider, String algorithm) { 101 this.factorySpi = factorySpi; 102 this.provider = provider; 103 this.algorithm = algorithm; 104 } 105 106 /** 107 * Returns the algorithm name of this <code>TrustManagerFactory</code> 108 * object. 109 * 110 * <p>This is the same name that was specified in one of the 111 * <code>getInstance</code> calls that created this 112 * <code>TrustManagerFactory</code> object. 113 * 114 * @return the algorithm name of this <code>TrustManagerFactory</code> 115 * object 116 */ 117 public final String getAlgorithm() { 118 return this.algorithm; 119 } 120 121 /** 122 * Returns a <code>TrustManagerFactory</code> object that acts as a 123 * factory for trust managers. 124 * 125 * <p> This method traverses the list of registered security Providers, 126 * starting with the most preferred Provider. 127 * A new TrustManagerFactory object encapsulating the 128 * TrustManagerFactorySpi implementation from the first 129 * Provider that supports the specified algorithm is returned. 130 * 131 * <p> Note that the list of registered providers may be retrieved via 132 * the {@link Security#getProviders() Security.getProviders()} method. 133 * 134 * @implNote 135 * The JDK Reference Implementation additionally uses the 136 * {@code jdk.security.provider.preferred} 137 * {@link Security#getProperty(String) Security} property to determine 138 * the preferred provider order for the specified algorithm. This 139 * may be different than the order of providers returned by 140 * {@link Security#getProviders() Security.getProviders()}. 141 * 142 * @param algorithm the standard name of the requested trust management 143 * algorithm. See the <a href= 144 * "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html"> 145 * Java Secure Socket Extension Reference Guide </a> 146 * for information about standard algorithm names. 147 * 148 * @return the new {@code TrustManagerFactory} object 149 * 150 * @throws NoSuchAlgorithmException if no {@code Provider} supports a 151 * {@code TrustManagerFactorySpi} implementation for the 152 * specified algorithm 153 * 154 * @throws NullPointerException if {@code algorithm} is {@code null} 155 * 156 * @see java.security.Provider 157 */ 158 public static final TrustManagerFactory getInstance(String algorithm) 159 throws NoSuchAlgorithmException { 160 Objects.requireNonNull(algorithm, "null algorithm name"); 161 GetInstance.Instance instance = GetInstance.getInstance 162 ("TrustManagerFactory", TrustManagerFactorySpi.class, 163 algorithm); 164 return new TrustManagerFactory((TrustManagerFactorySpi)instance.impl, 165 instance.provider, algorithm); 166 } 167 168 /** 169 * Returns a <code>TrustManagerFactory</code> object that acts as a 170 * factory for trust managers. 171 * 172 * <p> A new KeyManagerFactory object encapsulating the 173 * KeyManagerFactorySpi implementation from the specified provider 174 * is returned. The specified provider must be registered 175 * in the security provider list. 176 * 177 * <p> Note that the list of registered providers may be retrieved via 178 * the {@link Security#getProviders() Security.getProviders()} method. 179 * 180 * @param algorithm the standard name of the requested trust management 181 * algorithm. See the <a href= 182 * "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html"> 183 * Java Secure Socket Extension Reference Guide </a> 184 * for information about standard algorithm names. 185 * 186 * @param provider the name of the provider. 187 * 188 * @return the new {@code TrustManagerFactory} object 189 * 190 * @throws IllegalArgumentException if the provider name is 191 * {@code null} or empty 192 * 193 * @throws NoSuchAlgorithmException if a {@code TrustManagerFactorySpi} 194 * implementation for the specified algorithm is not 195 * available from the specified provider 196 * 197 * @throws NoSuchProviderException if the specified provider is not 198 * registered in the security provider list 199 * 200 * @throws NullPointerException if {@code algorithm} is {@code null} 201 * 202 * @see java.security.Provider 203 */ 204 public static final TrustManagerFactory getInstance(String algorithm, 205 String provider) throws NoSuchAlgorithmException, 206 NoSuchProviderException { 207 Objects.requireNonNull(algorithm, "null algorithm name"); 208 GetInstance.Instance instance = GetInstance.getInstance 209 ("TrustManagerFactory", TrustManagerFactorySpi.class, 210 algorithm, provider); 211 return new TrustManagerFactory((TrustManagerFactorySpi)instance.impl, 212 instance.provider, algorithm); 213 } 214 215 /** 216 * Returns a <code>TrustManagerFactory</code> object that acts as a 217 * factory for trust managers. 218 * 219 * <p> A new TrustManagerFactory object encapsulating the 220 * TrustManagerFactorySpi implementation from the specified Provider 221 * object is returned. Note that the specified Provider object 222 * does not have to be registered in the provider list. 223 * 224 * @param algorithm the standard name of the requested trust management 225 * algorithm. See the <a href= 226 * "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html"> 227 * Java Secure Socket Extension Reference Guide </a> 228 * for information about standard algorithm names. 229 * 230 * @param provider an instance of the provider. 231 * 232 * @return the new {@code TrustManagerFactory} object 233 * 234 * @throws IllegalArgumentException if the provider is {@code null} 235 * 236 * @throws NoSuchAlgorithmException if a {@code TrustManagerFactorySpi} 237 * implementation for the specified algorithm is not available 238 * from the specified {@code Provider} object 239 * 240 * @throws NullPointerException if {@code algorithm} is {@code null} 241 * 242 * @see java.security.Provider 243 */ 244 public static final TrustManagerFactory getInstance(String algorithm, 245 Provider provider) throws NoSuchAlgorithmException { 246 Objects.requireNonNull(algorithm, "null algorithm name"); 247 GetInstance.Instance instance = GetInstance.getInstance 248 ("TrustManagerFactory", TrustManagerFactorySpi.class, 249 algorithm, provider); 250 return new TrustManagerFactory((TrustManagerFactorySpi)instance.impl, 251 instance.provider, algorithm); 252 } 253 254 /** 255 * Returns the provider of this <code>TrustManagerFactory</code> object. 256 * 257 * @return the provider of this <code>TrustManagerFactory</code> object 258 */ 259 public final Provider getProvider() { 260 return this.provider; 261 } 262 263 264 /** 265 * Initializes this factory with a source of certificate 266 * authorities and related trust material. 267 * <P> 268 * The provider typically uses a KeyStore as a basis for making 269 * trust decisions. 270 * <P> 271 * For more flexible initialization, please see 272 * {@link #init(ManagerFactoryParameters)}. 273 * 274 * @param ks the key store, or null 275 * @throws KeyStoreException if this operation fails 276 */ 277 public final void init(KeyStore ks) throws KeyStoreException { 278 factorySpi.engineInit(ks); 279 } 280 281 282 /** 283 * Initializes this factory with a source of provider-specific 284 * trust material. 285 * <P> 286 * In some cases, initialization parameters other than a keystore 287 * may be needed by a provider. Users of that particular provider 288 * are expected to pass an implementation of the appropriate 289 * <CODE>ManagerFactoryParameters</CODE> as defined by the 290 * provider. The provider can then call the specified methods in 291 * the <CODE>ManagerFactoryParameters</CODE> implementation to obtain the 292 * needed information. 293 * 294 * @param spec an implementation of a provider-specific parameter 295 * specification 296 * @throws InvalidAlgorithmParameterException if an error is 297 * encountered 298 */ 299 public final void init(ManagerFactoryParameters spec) throws 300 InvalidAlgorithmParameterException { 301 factorySpi.engineInit(spec); 302 } 303 304 305 /** 306 * Returns one trust manager for each type of trust material. 307 * 308 * @throws IllegalStateException if the factory is not initialized. 309 * 310 * @return the trust managers 311 */ 312 public final TrustManager[] getTrustManagers() { 313 return factorySpi.engineGetTrustManagers(); 314 } 315 }