1 /*
2 * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.ssl;
27
28 import java.util.*;
29 import java.io.*;
30 import java.security.*;
31 import java.security.cert.*;
32 import javax.net.ssl.*;
33
34 import sun.security.validator.Validator;
35 import sun.security.validator.TrustStoreUtil;
36
37 abstract class TrustManagerFactoryImpl extends TrustManagerFactorySpi {
38
39 private static final Debug debug = Debug.getInstance("ssl");
40 private X509TrustManager trustManager = null;
41 private boolean isInitialized = false;
42
43 TrustManagerFactoryImpl() {
44 // empty
45 }
46
47 @Override
48 protected void engineInit(KeyStore ks) throws KeyStoreException {
49 if (ks == null) {
50 try {
51 trustManager = getInstance(TrustStoreManager.getTrustedCerts());
52 } catch (SecurityException se) {
53 // eat security exceptions but report other throwables
54 if (debug != null && Debug.isOn("trustmanager")) {
55 System.out.println(
56 "SunX509: skip default keystore: " + se);
57 }
58 } catch (Error err) {
59 if (debug != null && Debug.isOn("trustmanager")) {
60 System.out.println(
61 "SunX509: skip default keystore: " + err);
62 }
63 throw err;
64 } catch (RuntimeException re) {
65 if (debug != null && Debug.isOn("trustmanager")) {
66 System.out.println(
67 "SunX509: skip default keystore: " + re);
68 }
69 throw re;
70 } catch (Exception e) {
71 if (debug != null && Debug.isOn("trustmanager")) {
72 System.out.println(
73 "SunX509: skip default keystore: " + e);
74 }
75 throw new KeyStoreException(
76 "problem accessing trust store", e);
77 }
78 } else {
79 trustManager = getInstance(TrustStoreUtil.getTrustedCerts(ks));
80 }
81
82 isInitialized = true;
83 }
84
85 abstract X509TrustManager getInstance(
86 Collection<X509Certificate> trustedCerts);
87
88 abstract X509TrustManager getInstance(ManagerFactoryParameters spec)
89 throws InvalidAlgorithmParameterException;
90
91 @Override
92 protected void engineInit(ManagerFactoryParameters spec) throws
93 InvalidAlgorithmParameterException {
94 trustManager = getInstance(spec);
95 isInitialized = true;
96 }
97
98 /**
99 * Returns one trust manager for each type of trust material.
100 */
101 @Override
102 protected TrustManager[] engineGetTrustManagers() {
103 if (!isInitialized) {
104 throw new IllegalStateException(
105 "TrustManagerFactoryImpl is not initialized");
106 }
107 return new TrustManager[] { trustManager };
108 }
109
110 /*
111 * Try to get an InputStream based on the file we pass in.
112 */
113 private static FileInputStream getFileInputStream(final File file)
114 throws Exception {
115 return AccessController.doPrivileged(
116 new PrivilegedExceptionAction<FileInputStream>() {
117 @Override
118 public FileInputStream run() throws Exception {
119 try {
120 if (file.exists()) {
121 return new FileInputStream(file);
122 } else {
123 return null;
124 }
125 } catch (FileNotFoundException e) {
126 // couldn't find it, oh well.
127 return null;
128 }
129 }
130 });
131 }
132
133 public static final class SimpleFactory extends TrustManagerFactoryImpl {
134 @Override
135 X509TrustManager getInstance(
136 Collection<X509Certificate> trustedCerts) {
137 return new X509TrustManagerImpl(
138 Validator.TYPE_SIMPLE, trustedCerts);
139 }
140
141 @Override
142 X509TrustManager getInstance(ManagerFactoryParameters spec)
143 throws InvalidAlgorithmParameterException {
144 throw new InvalidAlgorithmParameterException
145 ("SunX509 TrustManagerFactory does not use "
146 + "ManagerFactoryParameters");
147 }
148 }
149
150 public static final class PKIXFactory extends TrustManagerFactoryImpl {
151 @Override
152 X509TrustManager getInstance(
153 Collection<X509Certificate> trustedCerts) {
154 return new X509TrustManagerImpl(Validator.TYPE_PKIX, trustedCerts);
155 }
156
157 @Override
158 X509TrustManager getInstance(ManagerFactoryParameters spec)
159 throws InvalidAlgorithmParameterException {
160 if (spec instanceof CertPathTrustManagerParameters == false) {
161 throw new InvalidAlgorithmParameterException
162 ("Parameters must be CertPathTrustManagerParameters");
163 }
164 CertPathParameters params =
165 ((CertPathTrustManagerParameters)spec).getParameters();
166 if (params instanceof PKIXBuilderParameters == false) {
167 throw new InvalidAlgorithmParameterException
168 ("Encapsulated parameters must be PKIXBuilderParameters");
169 }
170 PKIXBuilderParameters pkixParams = (PKIXBuilderParameters)params;
171 return new X509TrustManagerImpl(Validator.TYPE_PKIX, pkixParams);
172 }
173 }
174 }