1 /* 2 * Copyright (c) 1999, 2016, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package javax.net.ssl; 27 28 import java.security.Security; 29 import java.security.*; 30 31 import sun.security.jca.GetInstance; 32 33 /** 34 * This class acts as a factory for trust managers based on a 35 * source of trust material. Each trust manager manages a specific 36 * type of trust material for use by secure sockets. The trust 37 * material is based on a KeyStore and/or provider-specific sources. 38 * 39 * <p> Every implementation of the Java platform is required to support the 40 * following standard {@code TrustManagerFactory} algorithm: 41 * <ul> 42 * <li><tt>PKIX</tt></li> 43 * </ul> 44 * This algorithm is described in the <a href= 45 * "{@docRoot}/../technotes/guides/security/StandardNames.html#TrustManagerFactory"> 46 * TrustManagerFactory section</a> of the 47 * Java Cryptography Architecture Standard Algorithm Name Documentation. 48 * Consult the release documentation for your implementation to see if any 49 * other algorithms are supported. 50 * 51 * @since 1.4 52 * @see TrustManager 53 */ 54 public class TrustManagerFactory { 55 // The provider 56 private Provider provider; 57 58 // The provider implementation (delegate) 59 private TrustManagerFactorySpi factorySpi; 60 61 // The name of the trust management algorithm. 62 private String algorithm; 63 64 /** 65 * Obtains the default TrustManagerFactory algorithm name. 66 * 67 * <p>The default TrustManager can be changed at runtime by setting 68 * the value of the {@code ssl.TrustManagerFactory.algorithm} 69 * security property to the desired algorithm name. 70 * 71 * @see java.security.Security security properties 72 * @return the default algorithm name as specified by the 73 * {@code ssl.TrustManagerFactory.algorithm} security property, or an 74 * implementation-specific default if no such property exists. 75 */ 76 public static final String getDefaultAlgorithm() { 77 String type; 78 type = AccessController.doPrivileged(new PrivilegedAction<>() { 79 @Override 80 public String run() { 81 return Security.getProperty( 82 "ssl.TrustManagerFactory.algorithm"); 83 } 84 }); 85 if (type == null) { 86 type = "SunX509"; 87 } 88 return type; 89 } 90 91 /** 92 * Creates a TrustManagerFactory object. 93 * 94 * @param factorySpi the delegate 95 * @param provider the provider 96 * @param algorithm the algorithm 97 */ 98 protected TrustManagerFactory(TrustManagerFactorySpi factorySpi, 99 Provider provider, String algorithm) { 100 this.factorySpi = factorySpi; 101 this.provider = provider; 102 this.algorithm = algorithm; 103 } 104 105 /** 106 * Returns the algorithm name of this <code>TrustManagerFactory</code> 107 * object. 108 * 109 * <p>This is the same name that was specified in one of the 110 * <code>getInstance</code> calls that created this 111 * <code>TrustManagerFactory</code> object. 112 * 113 * @return the algorithm name of this <code>TrustManagerFactory</code> 114 * object 115 */ 116 public final String getAlgorithm() { 117 return this.algorithm; 118 } 119 120 /** 121 * Returns a <code>TrustManagerFactory</code> object that acts as a 122 * factory for trust managers. 123 * 124 * <p> This method traverses the list of registered security Providers, 125 * starting with the most preferred Provider. 126 * A new TrustManagerFactory object encapsulating the 127 * TrustManagerFactorySpi implementation from the first 128 * Provider that supports the specified algorithm is returned. 129 * 130 * <p> Note that the list of registered providers may be retrieved via 131 * the {@link Security#getProviders() Security.getProviders()} method. 132 * 133 * @implNote 134 * The JDK Reference Implementation additionally uses the 135 * {@code jdk.security.provider.preferred} 136 * {@link Security#getProperty(String) Security} property to determine 137 * the preferred provider order for the specified algorithm. This 138 * may be different than the order of providers returned by 139 * {@link Security#getProviders() Security.getProviders()}. 140 * 141 * @param algorithm the standard name of the requested trust management 142 * algorithm. See the <a href= 143 * "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html"> 144 * Java Secure Socket Extension Reference Guide </a> 145 * for information about standard algorithm names. 146 * 147 * @return the new <code>TrustManagerFactory</code> object. 148 * 149 * @exception NoSuchAlgorithmException if no Provider supports a 150 * TrustManagerFactorySpi implementation for the 151 * specified algorithm. 152 * @exception NullPointerException if algorithm is null. 153 * 154 * @see java.security.Provider 155 */ 156 public static final TrustManagerFactory getInstance(String algorithm) 157 throws NoSuchAlgorithmException { 158 GetInstance.Instance instance = GetInstance.getInstance 159 ("TrustManagerFactory", TrustManagerFactorySpi.class, 160 algorithm); 161 return new TrustManagerFactory((TrustManagerFactorySpi)instance.impl, 162 instance.provider, algorithm); 163 } 164 165 /** 166 * Returns a <code>TrustManagerFactory</code> object that acts as a 167 * factory for trust managers. 168 * 169 * <p> A new KeyManagerFactory object encapsulating the 170 * KeyManagerFactorySpi implementation from the specified provider 171 * is returned. The specified provider must be registered 172 * in the security provider list. 173 * 174 * <p> Note that the list of registered providers may be retrieved via 175 * the {@link Security#getProviders() Security.getProviders()} method. 176 * 177 * @param algorithm the standard name of the requested trust management 178 * algorithm. See the <a href= 179 * "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html"> 180 * Java Secure Socket Extension Reference Guide </a> 181 * for information about standard algorithm names. 182 * 183 * @param provider the name of the provider. 184 * 185 * @return the new <code>TrustManagerFactory</code> object 186 * 187 * @throws NoSuchAlgorithmException if a TrustManagerFactorySpi 188 * implementation for the specified algorithm is not 189 * available from the specified provider. 190 * 191 * @throws NoSuchProviderException if the specified provider is not 192 * registered in the security provider list. 193 * 194 * @throws IllegalArgumentException if the provider name is null or empty. 195 * @throws NullPointerException if algorithm is null. 196 * 197 * @see java.security.Provider 198 */ 199 public static final TrustManagerFactory getInstance(String algorithm, 200 String provider) throws NoSuchAlgorithmException, 201 NoSuchProviderException { 202 GetInstance.Instance instance = GetInstance.getInstance 203 ("TrustManagerFactory", TrustManagerFactorySpi.class, 204 algorithm, provider); 205 return new TrustManagerFactory((TrustManagerFactorySpi)instance.impl, 206 instance.provider, algorithm); 207 } 208 209 /** 210 * Returns a <code>TrustManagerFactory</code> object that acts as a 211 * factory for trust managers. 212 * 213 * <p> A new TrustManagerFactory object encapsulating the 214 * TrustManagerFactorySpi implementation from the specified Provider 215 * object is returned. Note that the specified Provider object 216 * does not have to be registered in the provider list. 217 * 218 * @param algorithm the standard name of the requested trust management 219 * algorithm. See the <a href= 220 * "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html"> 221 * Java Secure Socket Extension Reference Guide </a> 222 * for information about standard algorithm names. 223 * 224 * @param provider an instance of the provider. 225 * 226 * @return the new <code>TrustManagerFactory</code> object. 227 * 228 * @throws NoSuchAlgorithmException if a TrustManagerFactorySpi 229 * implementation for the specified algorithm is not available 230 * from the specified Provider object. 231 * 232 * @throws IllegalArgumentException if the provider is null. 233 * @throws NullPointerException if algorithm is null. 234 * 235 * @see java.security.Provider 236 */ 237 public static final TrustManagerFactory getInstance(String algorithm, 238 Provider provider) throws NoSuchAlgorithmException { 239 GetInstance.Instance instance = GetInstance.getInstance 240 ("TrustManagerFactory", TrustManagerFactorySpi.class, 241 algorithm, provider); 242 return new TrustManagerFactory((TrustManagerFactorySpi)instance.impl, 243 instance.provider, algorithm); 244 } 245 246 /** 247 * Returns the provider of this <code>TrustManagerFactory</code> object. 248 * 249 * @return the provider of this <code>TrustManagerFactory</code> object 250 */ 251 public final Provider getProvider() { 252 return this.provider; 253 } 254 255 256 /** 257 * Initializes this factory with a source of certificate 258 * authorities and related trust material. 259 * <P> 260 * The provider typically uses a KeyStore as a basis for making 261 * trust decisions. 262 * <P> 263 * For more flexible initialization, please see 264 * {@link #init(ManagerFactoryParameters)}. 265 * 266 * @param ks the key store, or null 267 * @throws KeyStoreException if this operation fails 268 */ 269 public final void init(KeyStore ks) throws KeyStoreException { 270 factorySpi.engineInit(ks); 271 } 272 273 274 /** 275 * Initializes this factory with a source of provider-specific 276 * trust material. 277 * <P> 278 * In some cases, initialization parameters other than a keystore 279 * may be needed by a provider. Users of that particular provider 280 * are expected to pass an implementation of the appropriate 281 * <CODE>ManagerFactoryParameters</CODE> as defined by the 282 * provider. The provider can then call the specified methods in 283 * the <CODE>ManagerFactoryParameters</CODE> implementation to obtain the 284 * needed information. 285 * 286 * @param spec an implementation of a provider-specific parameter 287 * specification 288 * @throws InvalidAlgorithmParameterException if an error is 289 * encountered 290 */ 291 public final void init(ManagerFactoryParameters spec) throws 292 InvalidAlgorithmParameterException { 293 factorySpi.engineInit(spec); 294 } 295 296 297 /** 298 * Returns one trust manager for each type of trust material. 299 * 300 * @throws IllegalStateException if the factory is not initialized. 301 * 302 * @return the trust managers 303 */ 304 public final TrustManager[] getTrustManagers() { 305 return factorySpi.engineGetTrustManagers(); 306 } 307 }