1 /* 2 * Copyright (c) 1999, 2018, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.ssl; 27 28 import java.io.*; 29 import java.security.*; 30 import java.security.cert.*; 31 import java.util.*; 32 import javax.net.ssl.*; 33 import sun.security.validator.TrustStoreUtil; 34 import sun.security.validator.Validator; 35 36 abstract class TrustManagerFactoryImpl extends TrustManagerFactorySpi { 37 38 private X509TrustManager trustManager = null; 39 private boolean isInitialized = false; 40 TrustManagerFactoryImpl()41 TrustManagerFactoryImpl() { 42 // empty 43 } 44 45 @Override engineInit(KeyStore ks)46 protected void engineInit(KeyStore ks) throws KeyStoreException { 47 if (ks == null) { 48 try { 49 trustManager = getInstance(TrustStoreManager.getTrustedCerts()); 50 } catch (SecurityException se) { 51 // eat security exceptions but report other throwables 52 if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) { 53 SSLLogger.fine( 54 "SunX509: skip default keystore", se); 55 } 56 } catch (Error err) { 57 if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) { 58 SSLLogger.fine( 59 "SunX509: skip default keystore", err); 60 } 61 throw err; 62 } catch (RuntimeException re) { 63 if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) { 64 SSLLogger.fine( 65 "SunX509: skip default keystor", re); 66 } 67 throw re; 68 } catch (Exception e) { 69 if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) { 70 SSLLogger.fine( 71 "SunX509: skip default keystore", e); 72 } 73 throw new KeyStoreException( 74 "problem accessing trust store", e); 75 } 76 } else { 77 trustManager = getInstance(TrustStoreUtil.getTrustedCerts(ks)); 78 } 79 80 isInitialized = true; 81 } 82 getInstance( Collection<X509Certificate> trustedCerts)83 abstract X509TrustManager getInstance( 84 Collection<X509Certificate> trustedCerts); 85 getInstance(ManagerFactoryParameters spec)86 abstract X509TrustManager getInstance(ManagerFactoryParameters spec) 87 throws InvalidAlgorithmParameterException; 88 89 @Override engineInit(ManagerFactoryParameters spec)90 protected void engineInit(ManagerFactoryParameters spec) throws 91 InvalidAlgorithmParameterException { 92 trustManager = getInstance(spec); 93 isInitialized = true; 94 } 95 96 /** 97 * Returns one trust manager for each type of trust material. 98 */ 99 @Override engineGetTrustManagers()100 protected TrustManager[] engineGetTrustManagers() { 101 if (!isInitialized) { 102 throw new IllegalStateException( 103 "TrustManagerFactoryImpl is not initialized"); 104 } 105 return new TrustManager[] { trustManager }; 106 } 107 108 /* 109 * Try to get an InputStream based on the file we pass in. 110 */ getFileInputStream(final File file)111 private static FileInputStream getFileInputStream(final File file) 112 throws Exception { 113 return AccessController.doPrivileged( 114 new PrivilegedExceptionAction<FileInputStream>() { 115 @Override 116 public FileInputStream run() throws Exception { 117 try { 118 if (file.exists()) { 119 return new FileInputStream(file); 120 } else { 121 return null; 122 } 123 } catch (FileNotFoundException e) { 124 // couldn't find it, oh well. 125 return null; 126 } 127 } 128 }); 129 } 130 131 public static final class SimpleFactory extends TrustManagerFactoryImpl { 132 @Override 133 X509TrustManager getInstance( 134 Collection<X509Certificate> trustedCerts) { 135 return new X509TrustManagerImpl( 136 Validator.TYPE_SIMPLE, trustedCerts); 137 } 138 139 @Override 140 X509TrustManager getInstance(ManagerFactoryParameters spec) 141 throws InvalidAlgorithmParameterException { 142 throw new InvalidAlgorithmParameterException 143 ("SunX509 TrustManagerFactory does not use " 144 + "ManagerFactoryParameters"); 145 } 146 } 147 148 public static final class PKIXFactory extends TrustManagerFactoryImpl { 149 @Override 150 X509TrustManager getInstance( 151 Collection<X509Certificate> trustedCerts) { 152 return new X509TrustManagerImpl(Validator.TYPE_PKIX, trustedCerts); 153 } 154 155 @Override 156 X509TrustManager getInstance(ManagerFactoryParameters spec) 157 throws InvalidAlgorithmParameterException { 158 if (spec instanceof CertPathTrustManagerParameters == false) { 159 throw new InvalidAlgorithmParameterException 160 ("Parameters must be CertPathTrustManagerParameters"); 161 } 162 CertPathParameters params = 163 ((CertPathTrustManagerParameters)spec).getParameters(); 164 if (params instanceof PKIXBuilderParameters == false) { 165 throw new InvalidAlgorithmParameterException 166 ("Encapsulated parameters must be PKIXBuilderParameters"); 167 } 168 PKIXBuilderParameters pkixParams = (PKIXBuilderParameters)params; 169 return new X509TrustManagerImpl(Validator.TYPE_PKIX, pkixParams); 170 } 171 } 172 } 173