/* * Copyright (c) 1999, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package sun.security.ssl; import java.io.*; import java.security.*; import java.security.cert.*; import java.util.*; import javax.net.ssl.*; import sun.security.validator.TrustStoreUtil; import sun.security.validator.Validator; abstract class TrustManagerFactoryImpl extends TrustManagerFactorySpi { private X509TrustManager trustManager = null; private boolean isInitialized = false; TrustManagerFactoryImpl() { // empty } @Override protected void engineInit(KeyStore ks) throws KeyStoreException { if (ks == null) { try { trustManager = getInstance(TrustStoreManager.getTrustedCerts()); } catch (SecurityException se) { // eat security exceptions but report other throwables if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) { SSLLogger.fine( "SunX509: skip default keystore", se); } } catch (Error err) { if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) { SSLLogger.fine( "SunX509: skip default keystore", err); } throw err; } catch (RuntimeException re) { if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) { SSLLogger.fine( "SunX509: skip default keystor", re); } throw re; } catch (Exception e) { if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) { SSLLogger.fine( "SunX509: skip default keystore", e); } throw new KeyStoreException( "problem accessing trust store", e); } } else { trustManager = getInstance(TrustStoreUtil.getTrustedCerts(ks)); } isInitialized = true; } abstract X509TrustManager getInstance( Collection trustedCerts); abstract X509TrustManager getInstance(ManagerFactoryParameters spec) throws InvalidAlgorithmParameterException; @Override protected void engineInit(ManagerFactoryParameters spec) throws InvalidAlgorithmParameterException { trustManager = getInstance(spec); isInitialized = true; } /** * Returns one trust manager for each type of trust material. */ @Override protected TrustManager[] engineGetTrustManagers() { if (!isInitialized) { throw new IllegalStateException( "TrustManagerFactoryImpl is not initialized"); } return new TrustManager[] { trustManager }; } /* * Try to get an InputStream based on the file we pass in. */ private static FileInputStream getFileInputStream(final File file) throws Exception { return AccessController.doPrivileged( new PrivilegedExceptionAction() { @Override public FileInputStream run() throws Exception { try { if (file.exists()) { return new FileInputStream(file); } else { return null; } } catch (FileNotFoundException e) { // couldn't find it, oh well. return null; } } }); } public static final class SimpleFactory extends TrustManagerFactoryImpl { @Override X509TrustManager getInstance( Collection trustedCerts) { return new X509TrustManagerImpl( Validator.TYPE_SIMPLE, trustedCerts); } @Override X509TrustManager getInstance(ManagerFactoryParameters spec) throws InvalidAlgorithmParameterException { throw new InvalidAlgorithmParameterException ("SunX509 TrustManagerFactory does not use " + "ManagerFactoryParameters"); } } public static final class PKIXFactory extends TrustManagerFactoryImpl { @Override X509TrustManager getInstance( Collection trustedCerts) { return new X509TrustManagerImpl(Validator.TYPE_PKIX, trustedCerts); } @Override X509TrustManager getInstance(ManagerFactoryParameters spec) throws InvalidAlgorithmParameterException { if (spec instanceof CertPathTrustManagerParameters == false) { throw new InvalidAlgorithmParameterException ("Parameters must be CertPathTrustManagerParameters"); } CertPathParameters params = ((CertPathTrustManagerParameters)spec).getParameters(); if (params instanceof PKIXBuilderParameters == false) { throw new InvalidAlgorithmParameterException ("Encapsulated parameters must be PKIXBuilderParameters"); } PKIXBuilderParameters pkixParams = (PKIXBuilderParameters)params; return new X509TrustManagerImpl(Validator.TYPE_PKIX, pkixParams); } } }