1 /* 2 * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package javax.net.ssl; 27 28 import java.security.Security; 29 import java.security.*; 30 31 import sun.security.jca.GetInstance; 32 33 /** 34 * This class acts as a factory for trust managers based on a 35 * source of trust material. Each trust manager manages a specific 36 * type of trust material for use by secure sockets. The trust 37 * material is based on a KeyStore and/or provider specific sources. 38 * 39 * @since 1.4 40 * @see TrustManager 41 */ 42 public class TrustManagerFactory { 43 // The provider 44 private Provider provider; 45 46 // The provider implementation (delegate) 47 private TrustManagerFactorySpi factorySpi; 48 49 // The name of the trust management algorithm. 50 private String algorithm; 51 52 /** 53 * Obtains the default TrustManagerFactory algorithm name. 54 * 55 * <p>The default TrustManager can be changed at runtime by setting 56 * the value of the {@code ssl.TrustManagerFactory.algorithm} 57 * security property to the desired algorithm name. 58 * 59 * @see java.security.Security security properties 60 * @return the default algorithm name as specified by the 61 * {@code ssl.TrustManagerFactory.algorithm} security property, or an 62 * implementation-specific default if no such property exists. 63 */ getDefaultAlgorithm()64 public final static String getDefaultAlgorithm() { 65 String type; 66 type = AccessController.doPrivileged(new PrivilegedAction<String>() { 67 @Override 68 public String run() { 69 return Security.getProperty( 70 "ssl.TrustManagerFactory.algorithm"); 71 } 72 }); 73 if (type == null) { 74 type = "SunX509"; 75 } 76 return type; 77 } 78 79 /** 80 * Creates a TrustManagerFactory object. 81 * 82 * @param factorySpi the delegate 83 * @param provider the provider 84 * @param algorithm the algorithm 85 */ TrustManagerFactory(TrustManagerFactorySpi factorySpi, Provider provider, String algorithm)86 protected TrustManagerFactory(TrustManagerFactorySpi factorySpi, 87 Provider provider, String algorithm) { 88 this.factorySpi = factorySpi; 89 this.provider = provider; 90 this.algorithm = algorithm; 91 } 92 93 /** 94 * Returns the algorithm name of this <code>TrustManagerFactory</code> 95 * object. 96 * 97 * <p>This is the same name that was specified in one of the 98 * <code>getInstance</code> calls that created this 99 * <code>TrustManagerFactory</code> object. 100 * 101 * @return the algorithm name of this <code>TrustManagerFactory</code> 102 * object 103 */ getAlgorithm()104 public final String getAlgorithm() { 105 return this.algorithm; 106 } 107 108 /** 109 * Returns a <code>TrustManagerFactory</code> object that acts as a 110 * factory for trust managers. 111 * 112 * <p> This method traverses the list of registered security Providers, 113 * starting with the most preferred Provider. 114 * A new TrustManagerFactory object encapsulating the 115 * TrustManagerFactorySpi implementation from the first 116 * Provider that supports the specified algorithm is returned. 117 * 118 * <p> Note that the list of registered providers may be retrieved via 119 * the {@link Security#getProviders() Security.getProviders()} method. 120 * 121 * @param algorithm the standard name of the requested trust management 122 * algorithm. See the <a href= 123 * "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html"> 124 * Java Secure Socket Extension Reference Guide </a> 125 * for information about standard algorithm names. 126 * 127 * @return the new <code>TrustManagerFactory</code> object. 128 * 129 * @exception NoSuchAlgorithmException if no Provider supports a 130 * TrustManagerFactorySpi implementation for the 131 * specified algorithm. 132 * @exception NullPointerException if algorithm is null. 133 * 134 * @see java.security.Provider 135 */ getInstance(String algorithm)136 public static final TrustManagerFactory getInstance(String algorithm) 137 throws NoSuchAlgorithmException { 138 GetInstance.Instance instance = GetInstance.getInstance 139 ("TrustManagerFactory", TrustManagerFactorySpi.class, 140 algorithm); 141 return new TrustManagerFactory((TrustManagerFactorySpi)instance.impl, 142 instance.provider, algorithm); 143 } 144 145 /** 146 * Returns a <code>TrustManagerFactory</code> object that acts as a 147 * factory for trust managers. 148 * 149 * <p> A new KeyManagerFactory object encapsulating the 150 * KeyManagerFactorySpi implementation from the specified provider 151 * is returned. The specified provider must be registered 152 * in the security provider list. 153 * 154 * <p> Note that the list of registered providers may be retrieved via 155 * the {@link Security#getProviders() Security.getProviders()} method. 156 * 157 * @param algorithm the standard name of the requested trust management 158 * algorithm. See the <a href= 159 * "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html"> 160 * Java Secure Socket Extension Reference Guide </a> 161 * for information about standard algorithm names. 162 * 163 * @param provider the name of the provider. 164 * 165 * @return the new <code>TrustManagerFactory</code> object 166 * 167 * @throws NoSuchAlgorithmException if a TrustManagerFactorySpi 168 * implementation for the specified algorithm is not 169 * available from the specified provider. 170 * 171 * @throws NoSuchProviderException if the specified provider is not 172 * registered in the security provider list. 173 * 174 * @throws IllegalArgumentException if the provider name is null or empty. 175 * @throws NullPointerException if algorithm is null. 176 * 177 * @see java.security.Provider 178 */ getInstance(String algorithm, String provider)179 public static final TrustManagerFactory getInstance(String algorithm, 180 String provider) throws NoSuchAlgorithmException, 181 NoSuchProviderException { 182 GetInstance.Instance instance = GetInstance.getInstance 183 ("TrustManagerFactory", TrustManagerFactorySpi.class, 184 algorithm, provider); 185 return new TrustManagerFactory((TrustManagerFactorySpi)instance.impl, 186 instance.provider, algorithm); 187 } 188 189 /** 190 * Returns a <code>TrustManagerFactory</code> object that acts as a 191 * factory for trust managers. 192 * 193 * <p> A new TrustManagerFactory object encapsulating the 194 * TrustManagerFactorySpi implementation from the specified Provider 195 * object is returned. Note that the specified Provider object 196 * does not have to be registered in the provider list. 197 * 198 * @param algorithm the standard name of the requested trust management 199 * algorithm. See the <a href= 200 * "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html"> 201 * Java Secure Socket Extension Reference Guide </a> 202 * for information about standard algorithm names. 203 * 204 * @param provider an instance of the provider. 205 * 206 * @return the new <code>TrustManagerFactory</code> object. 207 * 208 * @throws NoSuchAlgorithmException if a TrustManagerFactorySpi 209 * implementation for the specified algorithm is not available 210 * from the specified Provider object. 211 * 212 * @throws IllegalArgumentException if the provider is null. 213 * @throws NullPointerException if algorithm is null. 214 * 215 * @see java.security.Provider 216 */ getInstance(String algorithm, Provider provider)217 public static final TrustManagerFactory getInstance(String algorithm, 218 Provider provider) throws NoSuchAlgorithmException { 219 GetInstance.Instance instance = GetInstance.getInstance 220 ("TrustManagerFactory", TrustManagerFactorySpi.class, 221 algorithm, provider); 222 return new TrustManagerFactory((TrustManagerFactorySpi)instance.impl, 223 instance.provider, algorithm); 224 } 225 226 /** 227 * Returns the provider of this <code>TrustManagerFactory</code> object. 228 * 229 * @return the provider of this <code>TrustManagerFactory</code> object 230 */ getProvider()231 public final Provider getProvider() { 232 return this.provider; 233 } 234 235 236 /** 237 * Initializes this factory with a source of certificate 238 * authorities and related trust material. 239 * <P> 240 * The provider typically uses a KeyStore as a basis for making 241 * trust decisions. 242 * <P> 243 * For more flexible initialization, please see 244 * {@link #init(ManagerFactoryParameters)}. 245 * 246 * @param ks the key store, or null 247 * @throws KeyStoreException if this operation fails 248 */ init(KeyStore ks)249 public final void init(KeyStore ks) throws KeyStoreException { 250 factorySpi.engineInit(ks); 251 } 252 253 254 /** 255 * Initializes this factory with a source of provider-specific 256 * trust material. 257 * <P> 258 * In some cases, initialization parameters other than a keystore 259 * may be needed by a provider. Users of that particular provider 260 * are expected to pass an implementation of the appropriate 261 * <CODE>ManagerFactoryParameters</CODE> as defined by the 262 * provider. The provider can then call the specified methods in 263 * the <CODE>ManagerFactoryParameters</CODE> implementation to obtain the 264 * needed information. 265 * 266 * @param spec an implementation of a provider-specific parameter 267 * specification 268 * @throws InvalidAlgorithmParameterException if an error is 269 * encountered 270 */ init(ManagerFactoryParameters spec)271 public final void init(ManagerFactoryParameters spec) throws 272 InvalidAlgorithmParameterException { 273 factorySpi.engineInit(spec); 274 } 275 276 277 /** 278 * Returns one trust manager for each type of trust material. 279 * 280 * @throws IllegalStateException if the factory is not initialized. 281 * 282 * @return the trust managers 283 */ getTrustManagers()284 public final TrustManager[] getTrustManagers() { 285 return factorySpi.engineGetTrustManagers(); 286 } 287 } 288