1 /* 2 * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.ssl; 27 28 import java.util.*; 29 import java.io.*; 30 import java.security.*; 31 import java.security.cert.*; 32 import javax.net.ssl.*; 33 34 import sun.security.validator.Validator; 35 import sun.security.validator.TrustStoreUtil; 36 37 abstract class TrustManagerFactoryImpl extends TrustManagerFactorySpi { 38 39 private static final Debug debug = Debug.getInstance("ssl"); 40 private X509TrustManager trustManager = null; 41 private boolean isInitialized = false; 42 43 TrustManagerFactoryImpl() { 44 // empty 45 } 46 47 @Override 48 protected void engineInit(KeyStore ks) throws KeyStoreException { 49 if (ks == null) { 50 try { 51 trustManager = getInstance(TrustStoreManager.getTrustedCerts()); 52 } catch (SecurityException se) { 53 // eat security exceptions but report other throwables 54 if (debug != null && Debug.isOn("trustmanager")) { 55 System.out.println( 56 "SunX509: skip default keystore: " + se); 57 } 58 } catch (Error err) { 59 if (debug != null && Debug.isOn("trustmanager")) { 60 System.out.println( 61 "SunX509: skip default keystore: " + err); 62 } 63 throw err; 64 } catch (RuntimeException re) { 65 if (debug != null && Debug.isOn("trustmanager")) { 66 System.out.println( 67 "SunX509: skip default keystore: " + re); 68 } 69 throw re; 70 } catch (Exception e) { 71 if (debug != null && Debug.isOn("trustmanager")) { 72 System.out.println( 73 "SunX509: skip default keystore: " + e); 74 } 75 throw new KeyStoreException( 76 "problem accessing trust store", e); 77 } 78 } else { 79 trustManager = getInstance(TrustStoreUtil.getTrustedCerts(ks)); 80 } 81 82 isInitialized = true; 83 } 84 85 abstract X509TrustManager getInstance( 86 Collection<X509Certificate> trustedCerts); 87 88 abstract X509TrustManager getInstance(ManagerFactoryParameters spec) 89 throws InvalidAlgorithmParameterException; 90 91 @Override 92 protected void engineInit(ManagerFactoryParameters spec) throws 93 InvalidAlgorithmParameterException { 94 trustManager = getInstance(spec); 95 isInitialized = true; 96 } 97 98 /** 99 * Returns one trust manager for each type of trust material. 100 */ 101 @Override 102 protected TrustManager[] engineGetTrustManagers() { 103 if (!isInitialized) { 104 throw new IllegalStateException( 105 "TrustManagerFactoryImpl is not initialized"); 106 } 107 return new TrustManager[] { trustManager }; 108 } 109 110 /* 111 * Try to get an InputStream based on the file we pass in. 112 */ 113 private static FileInputStream getFileInputStream(final File file) 114 throws Exception { 115 return AccessController.doPrivileged( 116 new PrivilegedExceptionAction<FileInputStream>() { 117 @Override 118 public FileInputStream run() throws Exception { 119 try { 120 if (file.exists()) { 121 return new FileInputStream(file); 122 } else { 123 return null; 124 } 125 } catch (FileNotFoundException e) { 126 // couldn't find it, oh well. 127 return null; 128 } 129 } 130 }); 131 } 132 133 public static final class SimpleFactory extends TrustManagerFactoryImpl { 134 @Override 135 X509TrustManager getInstance( 136 Collection<X509Certificate> trustedCerts) { 137 return new X509TrustManagerImpl( 138 Validator.TYPE_SIMPLE, trustedCerts); 139 } 140 141 @Override 142 X509TrustManager getInstance(ManagerFactoryParameters spec) 143 throws InvalidAlgorithmParameterException { 144 throw new InvalidAlgorithmParameterException 145 ("SunX509 TrustManagerFactory does not use " 146 + "ManagerFactoryParameters"); 147 } 148 } 149 150 public static final class PKIXFactory extends TrustManagerFactoryImpl { 151 @Override 152 X509TrustManager getInstance( 153 Collection<X509Certificate> trustedCerts) { 154 return new X509TrustManagerImpl(Validator.TYPE_PKIX, trustedCerts); 155 } 156 157 @Override 158 X509TrustManager getInstance(ManagerFactoryParameters spec) 159 throws InvalidAlgorithmParameterException { 160 if (spec instanceof CertPathTrustManagerParameters == false) { 161 throw new InvalidAlgorithmParameterException 162 ("Parameters must be CertPathTrustManagerParameters"); 163 } 164 CertPathParameters params = 165 ((CertPathTrustManagerParameters)spec).getParameters(); 166 if (params instanceof PKIXBuilderParameters == false) { 167 throw new InvalidAlgorithmParameterException 168 ("Encapsulated parameters must be PKIXBuilderParameters"); 169 } 170 PKIXBuilderParameters pkixParams = (PKIXBuilderParameters)params; 171 return new X509TrustManagerImpl(Validator.TYPE_PKIX, pkixParams); 172 } 173 } 174 }