1 /* 2 * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 /* 27 * NOTE: this file was copied from javax.net.ssl.SSLSecurity, 28 * but was heavily modified to allow com.sun.* users to 29 * access providers written using the javax.sun.* APIs. 30 */ 31 32 package com.sun.net.ssl; 33 34 import java.util.*; 35 import java.io.*; 36 import java.security.*; 37 import java.security.Provider.Service; 38 import java.net.Socket; 39 40 import sun.security.jca.*; 41 42 /** 43 * This class instantiates implementations of JSSE engine classes from 44 * providers registered with the java.security.Security object. 45 * 46 * @author Jan Luehe 47 * @author Jeff Nisewanger 48 * @author Brad Wetmore 49 */ 50 51 final class SSLSecurity { 52 53 /* 54 * Don't let anyone instantiate this. 55 */ SSLSecurity()56 private SSLSecurity() { 57 } 58 59 60 // ProviderList.getService() is not accessible now, implement our own loop getService(String type, String alg)61 private static Service getService(String type, String alg) { 62 ProviderList list = Providers.getProviderList(); 63 for (Provider p : list.providers()) { 64 Service s = p.getService(type, alg); 65 if (s != null) { 66 return s; 67 } 68 } 69 return null; 70 } 71 72 /** 73 * The body of the driver for the getImpl method. 74 */ getImpl1(String algName, String engineType, Service service)75 private static Object[] getImpl1(String algName, String engineType, 76 Service service) throws NoSuchAlgorithmException 77 { 78 Provider provider = service.getProvider(); 79 String className = service.getClassName(); 80 Class<?> implClass; 81 try { 82 ClassLoader cl = provider.getClass().getClassLoader(); 83 if (cl == null) { 84 // system class 85 implClass = Class.forName(className); 86 } else { 87 implClass = cl.loadClass(className); 88 } 89 } catch (ClassNotFoundException e) { 90 throw new NoSuchAlgorithmException("Class " + className + 91 " configured for " + 92 engineType + 93 " not found: " + 94 e.getMessage()); 95 } catch (SecurityException e) { 96 throw new NoSuchAlgorithmException("Class " + className + 97 " configured for " + 98 engineType + 99 " cannot be accessed: " + 100 e.getMessage()); 101 } 102 103 /* 104 * JSSE 1.0, 1.0.1, and 1.0.2 used the com.sun.net.ssl API as the 105 * API was being developed. As JSSE was folded into the main 106 * release, it was decided to promote the com.sun.net.ssl API to 107 * be javax.net.ssl. It is desired to keep binary compatibility 108 * with vendors of JSSE implementation written using the 109 * com.sun.net.sll API, so we do this magic to handle everything. 110 * 111 * API used Implementation used Supported? 112 * ======== =================== ========== 113 * com.sun javax Yes 114 * com.sun com.sun Yes 115 * javax javax Yes 116 * javax com.sun Not Currently 117 * 118 * Make sure the implementation class is a subclass of the 119 * corresponding engine class. 120 * 121 * In wrapping these classes, there's no way to know how to 122 * wrap all possible classes that extend the TrustManager/KeyManager. 123 * We only wrap the x509 variants. 124 */ 125 126 try { // catch instantiation errors 127 128 /* 129 * (The following Class.forName()s should alway work, because 130 * this class and all the SPI classes in javax.crypto are 131 * loaded by the same class loader.) That is, unless they 132 * give us a SPI class that doesn't exist, say SSLFoo, 133 * or someone has removed classes from the java.base module. 134 */ 135 136 Class<?> typeClassJavax; 137 Class<?> typeClassCom; 138 Object obj = null; 139 140 /* 141 * Odds are more likely that we have a javax variant, try this 142 * first. 143 */ 144 if (((typeClassJavax = Class.forName("javax.net.ssl." + 145 engineType + "Spi")) != null) && 146 (checkSuperclass(implClass, typeClassJavax))) { 147 148 if (engineType.equals("SSLContext")) { 149 obj = new SSLContextSpiWrapper(algName, provider); 150 } else if (engineType.equals("TrustManagerFactory")) { 151 obj = new TrustManagerFactorySpiWrapper(algName, provider); 152 } else if (engineType.equals("KeyManagerFactory")) { 153 obj = new KeyManagerFactorySpiWrapper(algName, provider); 154 } else { 155 /* 156 * We should throw an error if we get 157 * something totally unexpected. Don't ever 158 * expect to see this one... 159 */ 160 throw new IllegalStateException( 161 "Class " + implClass.getName() + 162 " unknown engineType wrapper:" + engineType); 163 } 164 165 } else if (((typeClassCom = Class.forName("com.sun.net.ssl." + 166 engineType + "Spi")) != null) && 167 (checkSuperclass(implClass, typeClassCom))) { 168 obj = service.newInstance(null); 169 } 170 171 if (obj != null) { 172 return new Object[] { obj, provider }; 173 } else { 174 throw new NoSuchAlgorithmException( 175 "Couldn't locate correct object or wrapper: " + 176 engineType + " " + algName); 177 } 178 179 } catch (ClassNotFoundException e) { 180 IllegalStateException exc = new IllegalStateException( 181 "Engine Class Not Found for " + engineType); 182 exc.initCause(e); 183 throw exc; 184 } 185 } 186 187 /** 188 * Returns an array of objects: the first object in the array is 189 * an instance of an implementation of the requested algorithm 190 * and type, and the second object in the array identifies the provider 191 * of that implementation. 192 * The <code>provName</code> argument can be null, in which case all 193 * configured providers will be searched in order of preference. 194 */ getImpl(String algName, String engineType, String provName)195 static Object[] getImpl(String algName, String engineType, String provName) 196 throws NoSuchAlgorithmException, NoSuchProviderException 197 { 198 Service service; 199 if (provName != null) { 200 ProviderList list = Providers.getProviderList(); 201 Provider prov = list.getProvider(provName); 202 if (prov == null) { 203 throw new NoSuchProviderException("No such provider: " + 204 provName); 205 } 206 service = prov.getService(engineType, algName); 207 } else { 208 service = getService(engineType, algName); 209 } 210 if (service == null) { 211 throw new NoSuchAlgorithmException("Algorithm " + algName 212 + " not available"); 213 } 214 return getImpl1(algName, engineType, service); 215 } 216 217 218 /** 219 * Returns an array of objects: the first object in the array is 220 * an instance of an implementation of the requested algorithm 221 * and type, and the second object in the array identifies the provider 222 * of that implementation. 223 * The <code>prov</code> argument can be null, in which case all 224 * configured providers will be searched in order of preference. 225 */ getImpl(String algName, String engineType, Provider prov)226 static Object[] getImpl(String algName, String engineType, Provider prov) 227 throws NoSuchAlgorithmException 228 { 229 Service service = prov.getService(engineType, algName); 230 if (service == null) { 231 throw new NoSuchAlgorithmException("No such algorithm: " + 232 algName); 233 } 234 return getImpl1(algName, engineType, service); 235 } 236 237 /* 238 * Checks whether one class is the superclass of another 239 */ checkSuperclass(Class<?> subclass, Class<?> superclass)240 private static boolean checkSuperclass(Class<?> subclass, Class<?> superclass) { 241 if ((subclass == null) || (superclass == null)) 242 return false; 243 244 while (!subclass.equals(superclass)) { 245 subclass = subclass.getSuperclass(); 246 if (subclass == null) { 247 return false; 248 } 249 } 250 return true; 251 } 252 253 /* 254 * Return at most the first "resize" elements of an array. 255 * 256 * Didn't want to use java.util.Arrays, as PJava may not have it. 257 */ truncateArray(Object[] oldArray, Object[] newArray)258 static Object[] truncateArray(Object[] oldArray, Object[] newArray) { 259 260 for (int i = 0; i < newArray.length; i++) { 261 newArray[i] = oldArray[i]; 262 } 263 264 return newArray; 265 } 266 267 } 268 269 270 /* 271 * ================================================================= 272 * The remainder of this file is for the wrapper and wrapper-support 273 * classes. When SSLSecurity finds something which extends the 274 * javax.net.ssl.*Spi, we need to go grab a real instance of the 275 * thing that the Spi supports, and wrap into a com.sun.net.ssl.*Spi 276 * object. This also mean that anything going down into the SPI 277 * needs to be wrapped, as well as anything coming back up. 278 */ 279 @SuppressWarnings("deprecation") 280 final class SSLContextSpiWrapper extends SSLContextSpi { 281 282 private javax.net.ssl.SSLContext theSSLContext; 283 SSLContextSpiWrapper(String algName, Provider prov)284 SSLContextSpiWrapper(String algName, Provider prov) throws 285 NoSuchAlgorithmException { 286 theSSLContext = javax.net.ssl.SSLContext.getInstance(algName, prov); 287 } 288 289 @SuppressWarnings("deprecation") engineInit(KeyManager[] kma, TrustManager[] tma, SecureRandom sr)290 protected void engineInit(KeyManager[] kma, TrustManager[] tma, 291 SecureRandom sr) throws KeyManagementException { 292 293 // Keep track of the actual number of array elements copied 294 int dst; 295 int src; 296 javax.net.ssl.KeyManager[] kmaw; 297 javax.net.ssl.TrustManager[] tmaw; 298 299 // Convert com.sun.net.ssl.kma to a javax.net.ssl.kma 300 // wrapper if need be. 301 if (kma != null) { 302 kmaw = new javax.net.ssl.KeyManager[kma.length]; 303 for (src = 0, dst = 0; src < kma.length; ) { 304 /* 305 * These key managers may implement both javax 306 * and com.sun interfaces, so if they do 307 * javax, there's no need to wrap them. 308 */ 309 if (!(kma[src] instanceof javax.net.ssl.KeyManager)) { 310 /* 311 * Do we know how to convert them? If not, oh well... 312 * We'll have to drop them on the floor in this 313 * case, cause we don't know how to handle them. 314 * This will be pretty rare, but put here for 315 * completeness. 316 */ 317 if (kma[src] instanceof X509KeyManager) { 318 kmaw[dst] = (javax.net.ssl.KeyManager) 319 new X509KeyManagerJavaxWrapper( 320 (X509KeyManager)kma[src]); 321 dst++; 322 } 323 } else { 324 // We can convert directly, since they implement. 325 kmaw[dst] = (javax.net.ssl.KeyManager)kma[src]; 326 dst++; 327 } 328 src++; 329 } 330 331 /* 332 * If dst != src, there were more items in the original array 333 * than in the new array. Compress the new elements to avoid 334 * any problems down the road. 335 */ 336 if (dst != src) { 337 kmaw = (javax.net.ssl.KeyManager []) 338 SSLSecurity.truncateArray(kmaw, 339 new javax.net.ssl.KeyManager [dst]); 340 } 341 } else { 342 kmaw = null; 343 } 344 345 // Now do the same thing with the TrustManagers. 346 if (tma != null) { 347 tmaw = new javax.net.ssl.TrustManager[tma.length]; 348 349 for (src = 0, dst = 0; src < tma.length; ) { 350 /* 351 * These key managers may implement both...see above... 352 */ 353 if (!(tma[src] instanceof javax.net.ssl.TrustManager)) { 354 // Do we know how to convert them? 355 if (tma[src] instanceof X509TrustManager) { 356 tmaw[dst] = (javax.net.ssl.TrustManager) 357 new X509TrustManagerJavaxWrapper( 358 (X509TrustManager)tma[src]); 359 dst++; 360 } 361 } else { 362 tmaw[dst] = (javax.net.ssl.TrustManager)tma[src]; 363 dst++; 364 } 365 src++; 366 } 367 368 if (dst != src) { 369 tmaw = (javax.net.ssl.TrustManager []) 370 SSLSecurity.truncateArray(tmaw, 371 new javax.net.ssl.TrustManager [dst]); 372 } 373 } else { 374 tmaw = null; 375 } 376 377 theSSLContext.init(kmaw, tmaw, sr); 378 } 379 380 protected javax.net.ssl.SSLSocketFactory engineGetSocketFactory()381 engineGetSocketFactory() { 382 return theSSLContext.getSocketFactory(); 383 } 384 385 protected javax.net.ssl.SSLServerSocketFactory engineGetServerSocketFactory()386 engineGetServerSocketFactory() { 387 return theSSLContext.getServerSocketFactory(); 388 } 389 390 } 391 392 @SuppressWarnings("deprecation") 393 final class TrustManagerFactorySpiWrapper extends TrustManagerFactorySpi { 394 395 private javax.net.ssl.TrustManagerFactory theTrustManagerFactory; 396 TrustManagerFactorySpiWrapper(String algName, Provider prov)397 TrustManagerFactorySpiWrapper(String algName, Provider prov) throws 398 NoSuchAlgorithmException { 399 theTrustManagerFactory = 400 javax.net.ssl.TrustManagerFactory.getInstance(algName, prov); 401 } 402 engineInit(KeyStore ks)403 protected void engineInit(KeyStore ks) throws KeyStoreException { 404 theTrustManagerFactory.init(ks); 405 } 406 engineGetTrustManagers()407 protected TrustManager[] engineGetTrustManagers() { 408 409 int dst; 410 int src; 411 412 javax.net.ssl.TrustManager[] tma = 413 theTrustManagerFactory.getTrustManagers(); 414 415 TrustManager[] tmaw = new TrustManager[tma.length]; 416 417 for (src = 0, dst = 0; src < tma.length; ) { 418 if (!(tma[src] instanceof com.sun.net.ssl.TrustManager)) { 419 // We only know how to wrap X509TrustManagers, as 420 // TrustManagers don't have any methods to wrap. 421 if (tma[src] instanceof javax.net.ssl.X509TrustManager) { 422 tmaw[dst] = (TrustManager) 423 new X509TrustManagerComSunWrapper( 424 (javax.net.ssl.X509TrustManager)tma[src]); 425 dst++; 426 } 427 } else { 428 tmaw[dst] = (TrustManager)tma[src]; 429 dst++; 430 } 431 src++; 432 } 433 434 if (dst != src) { 435 tmaw = (TrustManager []) 436 SSLSecurity.truncateArray(tmaw, new TrustManager [dst]); 437 } 438 439 return tmaw; 440 } 441 442 } 443 444 @SuppressWarnings("deprecation") 445 final class KeyManagerFactorySpiWrapper extends KeyManagerFactorySpi { 446 447 private javax.net.ssl.KeyManagerFactory theKeyManagerFactory; 448 KeyManagerFactorySpiWrapper(String algName, Provider prov)449 KeyManagerFactorySpiWrapper(String algName, Provider prov) throws 450 NoSuchAlgorithmException { 451 theKeyManagerFactory = 452 javax.net.ssl.KeyManagerFactory.getInstance(algName, prov); 453 } 454 engineInit(KeyStore ks, char[] password)455 protected void engineInit(KeyStore ks, char[] password) 456 throws KeyStoreException, NoSuchAlgorithmException, 457 UnrecoverableKeyException { 458 theKeyManagerFactory.init(ks, password); 459 } 460 engineGetKeyManagers()461 protected KeyManager[] engineGetKeyManagers() { 462 463 int dst; 464 int src; 465 466 javax.net.ssl.KeyManager[] kma = 467 theKeyManagerFactory.getKeyManagers(); 468 469 KeyManager[] kmaw = new KeyManager[kma.length]; 470 471 for (src = 0, dst = 0; src < kma.length; ) { 472 if (!(kma[src] instanceof com.sun.net.ssl.KeyManager)) { 473 // We only know how to wrap X509KeyManagers, as 474 // KeyManagers don't have any methods to wrap. 475 if (kma[src] instanceof javax.net.ssl.X509KeyManager) { 476 kmaw[dst] = (KeyManager) 477 new X509KeyManagerComSunWrapper( 478 (javax.net.ssl.X509KeyManager)kma[src]); 479 dst++; 480 } 481 } else { 482 kmaw[dst] = (KeyManager)kma[src]; 483 dst++; 484 } 485 src++; 486 } 487 488 if (dst != src) { 489 kmaw = (KeyManager []) 490 SSLSecurity.truncateArray(kmaw, new KeyManager [dst]); 491 } 492 493 return kmaw; 494 } 495 496 } 497 498 // ================================= 499 500 @SuppressWarnings("deprecation") 501 final class X509KeyManagerJavaxWrapper implements 502 javax.net.ssl.X509KeyManager { 503 504 private X509KeyManager theX509KeyManager; 505 X509KeyManagerJavaxWrapper(X509KeyManager obj)506 X509KeyManagerJavaxWrapper(X509KeyManager obj) { 507 theX509KeyManager = obj; 508 } 509 getClientAliases(String keyType, Principal[] issuers)510 public String[] getClientAliases(String keyType, Principal[] issuers) { 511 return theX509KeyManager.getClientAliases(keyType, issuers); 512 } 513 chooseClientAlias(String[] keyTypes, Principal[] issuers, Socket socket)514 public String chooseClientAlias(String[] keyTypes, Principal[] issuers, 515 Socket socket) { 516 String retval; 517 518 if (keyTypes == null) { 519 return null; 520 } 521 522 /* 523 * Scan the list, look for something we can pass back. 524 */ 525 for (int i = 0; i < keyTypes.length; i++) { 526 if ((retval = theX509KeyManager.chooseClientAlias(keyTypes[i], 527 issuers)) != null) 528 return retval; 529 } 530 return null; 531 532 } 533 534 /* 535 * JSSE 1.0.x was only socket based, but it's possible someone might 536 * want to install a really old provider. We should at least 537 * try to be nice. 538 */ chooseEngineClientAlias( String[] keyTypes, Principal[] issuers, javax.net.ssl.SSLEngine engine)539 public String chooseEngineClientAlias( 540 String[] keyTypes, Principal[] issuers, 541 javax.net.ssl.SSLEngine engine) { 542 String retval; 543 544 if (keyTypes == null) { 545 return null; 546 } 547 548 /* 549 * Scan the list, look for something we can pass back. 550 */ 551 for (int i = 0; i < keyTypes.length; i++) { 552 if ((retval = theX509KeyManager.chooseClientAlias(keyTypes[i], 553 issuers)) != null) 554 return retval; 555 } 556 557 return null; 558 } 559 getServerAliases(String keyType, Principal[] issuers)560 public String[] getServerAliases(String keyType, Principal[] issuers) { 561 return theX509KeyManager.getServerAliases(keyType, issuers); 562 } 563 chooseServerAlias(String keyType, Principal[] issuers, Socket socket)564 public String chooseServerAlias(String keyType, Principal[] issuers, 565 Socket socket) { 566 567 if (keyType == null) { 568 return null; 569 } 570 return theX509KeyManager.chooseServerAlias(keyType, issuers); 571 } 572 573 /* 574 * JSSE 1.0.x was only socket based, but it's possible someone might 575 * want to install a really old provider. We should at least 576 * try to be nice. 577 */ chooseEngineServerAlias( String keyType, Principal[] issuers, javax.net.ssl.SSLEngine engine)578 public String chooseEngineServerAlias( 579 String keyType, Principal[] issuers, 580 javax.net.ssl.SSLEngine engine) { 581 582 if (keyType == null) { 583 return null; 584 } 585 return theX509KeyManager.chooseServerAlias(keyType, issuers); 586 } 587 588 public java.security.cert.X509Certificate[] getCertificateChain(String alias)589 getCertificateChain(String alias) { 590 return theX509KeyManager.getCertificateChain(alias); 591 } 592 getPrivateKey(String alias)593 public PrivateKey getPrivateKey(String alias) { 594 return theX509KeyManager.getPrivateKey(alias); 595 } 596 } 597 598 @SuppressWarnings("deprecation") 599 final class X509TrustManagerJavaxWrapper implements 600 javax.net.ssl.X509TrustManager { 601 602 private X509TrustManager theX509TrustManager; 603 X509TrustManagerJavaxWrapper(X509TrustManager obj)604 X509TrustManagerJavaxWrapper(X509TrustManager obj) { 605 theX509TrustManager = obj; 606 } 607 checkClientTrusted( java.security.cert.X509Certificate[] chain, String authType)608 public void checkClientTrusted( 609 java.security.cert.X509Certificate[] chain, String authType) 610 throws java.security.cert.CertificateException { 611 if (!theX509TrustManager.isClientTrusted(chain)) { 612 throw new java.security.cert.CertificateException( 613 "Untrusted Client Certificate Chain"); 614 } 615 } 616 checkServerTrusted( java.security.cert.X509Certificate[] chain, String authType)617 public void checkServerTrusted( 618 java.security.cert.X509Certificate[] chain, String authType) 619 throws java.security.cert.CertificateException { 620 if (!theX509TrustManager.isServerTrusted(chain)) { 621 throw new java.security.cert.CertificateException( 622 "Untrusted Server Certificate Chain"); 623 } 624 } 625 getAcceptedIssuers()626 public java.security.cert.X509Certificate[] getAcceptedIssuers() { 627 return theX509TrustManager.getAcceptedIssuers(); 628 } 629 } 630 631 @SuppressWarnings("deprecation") 632 final class X509KeyManagerComSunWrapper implements X509KeyManager { 633 634 private javax.net.ssl.X509KeyManager theX509KeyManager; 635 X509KeyManagerComSunWrapper(javax.net.ssl.X509KeyManager obj)636 X509KeyManagerComSunWrapper(javax.net.ssl.X509KeyManager obj) { 637 theX509KeyManager = obj; 638 } 639 getClientAliases(String keyType, Principal[] issuers)640 public String[] getClientAliases(String keyType, Principal[] issuers) { 641 return theX509KeyManager.getClientAliases(keyType, issuers); 642 } 643 chooseClientAlias(String keyType, Principal[] issuers)644 public String chooseClientAlias(String keyType, Principal[] issuers) { 645 String [] keyTypes = new String [] { keyType }; 646 return theX509KeyManager.chooseClientAlias(keyTypes, issuers, null); 647 } 648 getServerAliases(String keyType, Principal[] issuers)649 public String[] getServerAliases(String keyType, Principal[] issuers) { 650 return theX509KeyManager.getServerAliases(keyType, issuers); 651 } 652 chooseServerAlias(String keyType, Principal[] issuers)653 public String chooseServerAlias(String keyType, Principal[] issuers) { 654 return theX509KeyManager.chooseServerAlias(keyType, issuers, null); 655 } 656 657 public java.security.cert.X509Certificate[] getCertificateChain(String alias)658 getCertificateChain(String alias) { 659 return theX509KeyManager.getCertificateChain(alias); 660 } 661 getPrivateKey(String alias)662 public PrivateKey getPrivateKey(String alias) { 663 return theX509KeyManager.getPrivateKey(alias); 664 } 665 } 666 667 @SuppressWarnings("deprecation") 668 final class X509TrustManagerComSunWrapper implements X509TrustManager { 669 670 private javax.net.ssl.X509TrustManager theX509TrustManager; 671 X509TrustManagerComSunWrapper(javax.net.ssl.X509TrustManager obj)672 X509TrustManagerComSunWrapper(javax.net.ssl.X509TrustManager obj) { 673 theX509TrustManager = obj; 674 } 675 isClientTrusted( java.security.cert.X509Certificate[] chain)676 public boolean isClientTrusted( 677 java.security.cert.X509Certificate[] chain) { 678 try { 679 theX509TrustManager.checkClientTrusted(chain, "UNKNOWN"); 680 return true; 681 } catch (java.security.cert.CertificateException e) { 682 return false; 683 } 684 } 685 isServerTrusted( java.security.cert.X509Certificate[] chain)686 public boolean isServerTrusted( 687 java.security.cert.X509Certificate[] chain) { 688 try { 689 theX509TrustManager.checkServerTrusted(chain, "UNKNOWN"); 690 return true; 691 } catch (java.security.cert.CertificateException e) { 692 return false; 693 } 694 } 695 getAcceptedIssuers()696 public java.security.cert.X509Certificate[] getAcceptedIssuers() { 697 return theX509TrustManager.getAcceptedIssuers(); 698 } 699 } 700