1 /*
2 * Copyright (c) 1999, 2016, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package javax.net.ssl;
27
28 import java.security.Security;
29 import java.security.*;
30
31 import sun.security.jca.GetInstance;
32
33 /**
34 * This class acts as a factory for trust managers based on a
35 * source of trust material. Each trust manager manages a specific
36 * type of trust material for use by secure sockets. The trust
37 * material is based on a KeyStore and/or provider-specific sources.
38 *
39 * <p> Every implementation of the Java platform is required to support the
40 * following standard {@code TrustManagerFactory} algorithm:
41 * <ul>
42 * <li><tt>PKIX</tt></li>
43 * </ul>
44 * This algorithm is described in the <a href=
45 * "{@docRoot}/../technotes/guides/security/StandardNames.html#TrustManagerFactory">
46 * TrustManagerFactory section</a> of the
47 * Java Cryptography Architecture Standard Algorithm Name Documentation.
48 * Consult the release documentation for your implementation to see if any
49 * other algorithms are supported.
50 *
51 * @since 1.4
52 * @see TrustManager
53 */
54 public class TrustManagerFactory {
55 // The provider
56 private Provider provider;
57
58 // The provider implementation (delegate)
59 private TrustManagerFactorySpi factorySpi;
60
61 // The name of the trust management algorithm.
62 private String algorithm;
63
64 /**
65 * Obtains the default TrustManagerFactory algorithm name.
66 *
67 * <p>The default TrustManager can be changed at runtime by setting
68 * the value of the {@code ssl.TrustManagerFactory.algorithm}
69 * security property to the desired algorithm name.
70 *
71 * @see java.security.Security security properties
72 * @return the default algorithm name as specified by the
73 * {@code ssl.TrustManagerFactory.algorithm} security property, or an
74 * implementation-specific default if no such property exists.
75 */
76 public static final String getDefaultAlgorithm() {
77 String type;
78 type = AccessController.doPrivileged(new PrivilegedAction<>() {
79 @Override
80 public String run() {
81 return Security.getProperty(
82 "ssl.TrustManagerFactory.algorithm");
83 }
84 });
85 if (type == null) {
86 type = "SunX509";
87 }
88 return type;
89 }
90
91 /**
92 * Creates a TrustManagerFactory object.
93 *
94 * @param factorySpi the delegate
95 * @param provider the provider
96 * @param algorithm the algorithm
97 */
98 protected TrustManagerFactory(TrustManagerFactorySpi factorySpi,
99 Provider provider, String algorithm) {
100 this.factorySpi = factorySpi;
101 this.provider = provider;
102 this.algorithm = algorithm;
103 }
104
105 /**
106 * Returns the algorithm name of this <code>TrustManagerFactory</code>
107 * object.
108 *
109 * <p>This is the same name that was specified in one of the
110 * <code>getInstance</code> calls that created this
111 * <code>TrustManagerFactory</code> object.
112 *
113 * @return the algorithm name of this <code>TrustManagerFactory</code>
114 * object
115 */
116 public final String getAlgorithm() {
117 return this.algorithm;
118 }
119
120 /**
121 * Returns a <code>TrustManagerFactory</code> object that acts as a
122 * factory for trust managers.
123 *
124 * <p> This method traverses the list of registered security Providers,
125 * starting with the most preferred Provider.
126 * A new TrustManagerFactory object encapsulating the
127 * TrustManagerFactorySpi implementation from the first
128 * Provider that supports the specified algorithm is returned.
129 *
130 * <p> Note that the list of registered providers may be retrieved via
131 * the {@link Security#getProviders() Security.getProviders()} method.
132 *
133 * @implNote
134 * The JDK Reference Implementation additionally uses the
135 * {@code jdk.security.provider.preferred}
136 * {@link Security#getProperty(String) Security} property to determine
137 * the preferred provider order for the specified algorithm. This
138 * may be different than the order of providers returned by
139 * {@link Security#getProviders() Security.getProviders()}.
140 *
141 * @param algorithm the standard name of the requested trust management
142 * algorithm. See the <a href=
143 * "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html">
144 * Java Secure Socket Extension Reference Guide </a>
145 * for information about standard algorithm names.
146 *
147 * @return the new <code>TrustManagerFactory</code> object.
148 *
149 * @exception NoSuchAlgorithmException if no Provider supports a
150 * TrustManagerFactorySpi implementation for the
151 * specified algorithm.
152 * @exception NullPointerException if algorithm is null.
153 *
154 * @see java.security.Provider
155 */
156 public static final TrustManagerFactory getInstance(String algorithm)
157 throws NoSuchAlgorithmException {
158 GetInstance.Instance instance = GetInstance.getInstance
159 ("TrustManagerFactory", TrustManagerFactorySpi.class,
160 algorithm);
161 return new TrustManagerFactory((TrustManagerFactorySpi)instance.impl,
162 instance.provider, algorithm);
163 }
164
165 /**
166 * Returns a <code>TrustManagerFactory</code> object that acts as a
167 * factory for trust managers.
168 *
169 * <p> A new KeyManagerFactory object encapsulating the
170 * KeyManagerFactorySpi implementation from the specified provider
171 * is returned. The specified provider must be registered
172 * in the security provider list.
173 *
174 * <p> Note that the list of registered providers may be retrieved via
175 * the {@link Security#getProviders() Security.getProviders()} method.
176 *
177 * @param algorithm the standard name of the requested trust management
178 * algorithm. See the <a href=
179 * "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html">
180 * Java Secure Socket Extension Reference Guide </a>
181 * for information about standard algorithm names.
182 *
183 * @param provider the name of the provider.
184 *
185 * @return the new <code>TrustManagerFactory</code> object
186 *
187 * @throws NoSuchAlgorithmException if a TrustManagerFactorySpi
188 * implementation for the specified algorithm is not
189 * available from the specified provider.
190 *
191 * @throws NoSuchProviderException if the specified provider is not
192 * registered in the security provider list.
193 *
194 * @throws IllegalArgumentException if the provider name is null or empty.
195 * @throws NullPointerException if algorithm is null.
196 *
197 * @see java.security.Provider
198 */
199 public static final TrustManagerFactory getInstance(String algorithm,
200 String provider) throws NoSuchAlgorithmException,
201 NoSuchProviderException {
202 GetInstance.Instance instance = GetInstance.getInstance
203 ("TrustManagerFactory", TrustManagerFactorySpi.class,
204 algorithm, provider);
205 return new TrustManagerFactory((TrustManagerFactorySpi)instance.impl,
206 instance.provider, algorithm);
207 }
208
209 /**
210 * Returns a <code>TrustManagerFactory</code> object that acts as a
211 * factory for trust managers.
212 *
213 * <p> A new TrustManagerFactory object encapsulating the
214 * TrustManagerFactorySpi implementation from the specified Provider
215 * object is returned. Note that the specified Provider object
216 * does not have to be registered in the provider list.
217 *
218 * @param algorithm the standard name of the requested trust management
219 * algorithm. See the <a href=
220 * "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html">
221 * Java Secure Socket Extension Reference Guide </a>
222 * for information about standard algorithm names.
223 *
224 * @param provider an instance of the provider.
225 *
226 * @return the new <code>TrustManagerFactory</code> object.
227 *
228 * @throws NoSuchAlgorithmException if a TrustManagerFactorySpi
229 * implementation for the specified algorithm is not available
230 * from the specified Provider object.
231 *
232 * @throws IllegalArgumentException if the provider is null.
233 * @throws NullPointerException if algorithm is null.
234 *
235 * @see java.security.Provider
236 */
237 public static final TrustManagerFactory getInstance(String algorithm,
238 Provider provider) throws NoSuchAlgorithmException {
239 GetInstance.Instance instance = GetInstance.getInstance
240 ("TrustManagerFactory", TrustManagerFactorySpi.class,
241 algorithm, provider);
242 return new TrustManagerFactory((TrustManagerFactorySpi)instance.impl,
243 instance.provider, algorithm);
244 }
245
246 /**
247 * Returns the provider of this <code>TrustManagerFactory</code> object.
248 *
249 * @return the provider of this <code>TrustManagerFactory</code> object
250 */
251 public final Provider getProvider() {
252 return this.provider;
253 }
254
255
256 /**
257 * Initializes this factory with a source of certificate
258 * authorities and related trust material.
259 * <P>
260 * The provider typically uses a KeyStore as a basis for making
261 * trust decisions.
262 * <P>
263 * For more flexible initialization, please see
264 * {@link #init(ManagerFactoryParameters)}.
265 *
266 * @param ks the key store, or null
267 * @throws KeyStoreException if this operation fails
268 */
269 public final void init(KeyStore ks) throws KeyStoreException {
270 factorySpi.engineInit(ks);
271 }
272
273
274 /**
275 * Initializes this factory with a source of provider-specific
276 * trust material.
277 * <P>
278 * In some cases, initialization parameters other than a keystore
279 * may be needed by a provider. Users of that particular provider
280 * are expected to pass an implementation of the appropriate
281 * <CODE>ManagerFactoryParameters</CODE> as defined by the
282 * provider. The provider can then call the specified methods in
283 * the <CODE>ManagerFactoryParameters</CODE> implementation to obtain the
284 * needed information.
285 *
286 * @param spec an implementation of a provider-specific parameter
287 * specification
288 * @throws InvalidAlgorithmParameterException if an error is
289 * encountered
290 */
291 public final void init(ManagerFactoryParameters spec) throws
292 InvalidAlgorithmParameterException {
293 factorySpi.engineInit(spec);
294 }
295
296
297 /**
298 * Returns one trust manager for each type of trust material.
299 *
300 * @throws IllegalStateException if the factory is not initialized.
301 *
302 * @return the trust managers
303 */
304 public final TrustManager[] getTrustManagers() {
305 return factorySpi.engineGetTrustManagers();
306 }
307 }