< prev index next >
src/java.base/share/classes/sun/security/ssl/TrustStoreManager.java
Print this page
*** 1,7 ****
/*
! * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
--- 1,7 ----
/*
! * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
*** 23,49 ****
* questions.
*/
package sun.security.ssl;
- import java.lang.ref.WeakReference;
import java.io.*;
! import java.util.*;
!
import java.security.*;
import java.security.cert.*;
! import java.security.cert.Certificate;
!
import sun.security.action.*;
import sun.security.validator.TrustStoreUtil;
/**
* Collection of static utility methods to manage the default trusted KeyStores
* effectively.
*/
final class TrustStoreManager {
- private static final Debug debug = Debug.getInstance("ssl");
// A singleton service to manage the default trusted KeyStores effectively.
private static final TrustAnchorManager tam = new TrustAnchorManager();
// Restrict instantiation of this class.
--- 23,45 ----
* questions.
*/
package sun.security.ssl;
import java.io.*;
! import java.lang.ref.WeakReference;
import java.security.*;
import java.security.cert.*;
! import java.util.*;
import sun.security.action.*;
import sun.security.validator.TrustStoreUtil;
/**
* Collection of static utility methods to manage the default trusted KeyStores
* effectively.
*/
final class TrustStoreManager {
// A singleton service to manage the default trusted KeyStores effectively.
private static final TrustAnchorManager tam = new TrustAnchorManager();
// Restrict instantiation of this class.
*** 110,121 ****
this.storeProvider = storeProvider;
this.storePassword = storePassword;
this.storeFile = storeFile;
this.lastModified = lastModified;
! if (debug != null && Debug.isOn("trustmanager")) {
! System.out.println(
"trustStore is: " + storeName + "\n" +
"trustStore type is: " + storeType + "\n" +
"trustStore provider is: " + storeProvider + "\n" +
"the last modified time is: " + (new Date(lastModified)));
}
--- 106,117 ----
this.storeProvider = storeProvider;
this.storePassword = storePassword;
this.storeFile = storeFile;
this.lastModified = lastModified;
! if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) {
! SSLLogger.fine(
"trustStore is: " + storeName + "\n" +
"trustStore type is: " + storeType + "\n" +
"trustStore provider is: " + storeProvider + "\n" +
"the last modified time is: " + (new Date(lastModified)));
}
*** 123,134 ****
/**
* Create an instance of TrustStoreDescriptor for the default
* trusted KeyStore.
*/
static TrustStoreDescriptor createInstance() {
! return AccessController.doPrivileged(new PrivilegedAction<>() {
@Override
public TrustStoreDescriptor run() {
// Get the system properties for trust store.
String storePropName = System.getProperty(
--- 119,132 ----
/**
* Create an instance of TrustStoreDescriptor for the default
* trusted KeyStore.
*/
+ @SuppressWarnings("Convert2Lambda")
static TrustStoreDescriptor createInstance() {
! return AccessController.doPrivileged(
! new PrivilegedAction<TrustStoreDescriptor>() {
@Override
public TrustStoreDescriptor run() {
// Get the system properties for trust store.
String storePropName = System.getProperty(
*** 156,168 ****
break;
}
// Not break, the file is inaccessible.
! if (debug != null &&
! Debug.isOn("trustmanager")) {
! System.out.println(
"Inaccessible trust store: " +
storePropName);
}
}
} else {
--- 154,166 ----
break;
}
// Not break, the file is inaccessible.
! if (SSLLogger.isOn &&
! SSLLogger.isOn("trustmanager")) {
! SSLLogger.fine(
"Inaccessible trust store: " +
storePropName);
}
}
} else {
*** 265,276 ****
if ((ks != null) && descriptor.equals(temporaryDesc)) {
return ks;
}
// Reload a new key store.
! if ((debug != null) && Debug.isOn("trustmanager")) {
! System.out.println("Reload the trust store");
}
ks = loadKeyStore(descriptor);
this.descriptor = descriptor;
this.ksRef = new WeakReference<>(ks);
--- 263,274 ----
if ((ks != null) && descriptor.equals(temporaryDesc)) {
return ks;
}
// Reload a new key store.
! if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) {
! SSLLogger.fine("Reload the trust store");
}
ks = loadKeyStore(descriptor);
this.descriptor = descriptor;
this.ksRef = new WeakReference<>(ks);
*** 307,350 ****
}
}
// Reload the trust store if needed.
if (ks == null) {
! if ((debug != null) && Debug.isOn("trustmanager")) {
! System.out.println("Reload the trust store");
}
ks = loadKeyStore(descriptor);
}
// Reload trust certs from the key store.
! if ((debug != null) && Debug.isOn("trustmanager")) {
! System.out.println("Reload trust certs");
}
certs = loadTrustedCerts(ks);
! if ((debug != null) && Debug.isOn("trustmanager")) {
! System.out.println("Reloaded " + certs.size() + " trust certs");
}
// Note that as ks is a local variable, it is not
// necessary to add it to the ksRef weak reference.
this.csRef = new WeakReference<>(certs);
return certs;
}
/**
! * Load the KeyStore as described in the specified descriptor.
*/
private static KeyStore loadKeyStore(
TrustStoreDescriptor descriptor) throws Exception {
if (!"NONE".equals(descriptor.storeName) &&
descriptor.storeFile == null) {
// No file available, no KeyStore available.
! if (debug != null && Debug.isOn("trustmanager")) {
! System.out.println("No available key store");
}
return null;
}
--- 305,348 ----
}
}
// Reload the trust store if needed.
if (ks == null) {
! if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) {
! SSLLogger.fine("Reload the trust store");
}
ks = loadKeyStore(descriptor);
}
// Reload trust certs from the key store.
! if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) {
! SSLLogger.fine("Reload trust certs");
}
certs = loadTrustedCerts(ks);
! if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) {
! SSLLogger.fine("Reloaded " + certs.size() + " trust certs");
}
// Note that as ks is a local variable, it is not
// necessary to add it to the ksRef weak reference.
this.csRef = new WeakReference<>(certs);
return certs;
}
/**
! * Load the the KeyStore as described in the specified descriptor.
*/
private static KeyStore loadKeyStore(
TrustStoreDescriptor descriptor) throws Exception {
if (!"NONE".equals(descriptor.storeName) &&
descriptor.storeFile == null) {
// No file available, no KeyStore available.
! if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) {
! SSLLogger.fine("No available key store");
}
return null;
}
*** 365,376 ****
try (FileInputStream fis = AccessController.doPrivileged(
new OpenFileInputStreamAction(descriptor.storeFile))) {
ks.load(fis, password);
} catch (FileNotFoundException fnfe) {
// No file available, no KeyStore available.
! if (debug != null && Debug.isOn("trustmanager")) {
! System.out.println(
"Not available key store: " + descriptor.storeName);
}
return null;
}
--- 363,374 ----
try (FileInputStream fis = AccessController.doPrivileged(
new OpenFileInputStreamAction(descriptor.storeFile))) {
ks.load(fis, password);
} catch (FileNotFoundException fnfe) {
// No file available, no KeyStore available.
! if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) {
! SSLLogger.fine(
"Not available key store: " + descriptor.storeName);
}
return null;
}
< prev index next >