author | wetmore |
Fri, 11 May 2018 15:53:12 -0700 | |
branch | JDK-8145252-TLS13-branch |
changeset 56542 | 56aaa6cb3693 |
parent 47216 | 71c04702a3d5 |
permissions | -rw-r--r-- |
2 | 1 |
/* |
56542 | 2 |
* Copyright (c) 1999, 2018, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
2 | 24 |
*/ |
25 |
||
26 |
package sun.security.ssl; |
|
27 |
||
28 |
import java.io.*; |
|
29 |
import java.security.*; |
|
30 |
import java.security.cert.*; |
|
56542 | 31 |
import java.util.*; |
2 | 32 |
import javax.net.ssl.*; |
56542 | 33 |
import sun.security.validator.TrustStoreUtil; |
2 | 34 |
import sun.security.validator.Validator; |
35 |
||
36 |
abstract class TrustManagerFactoryImpl extends TrustManagerFactorySpi { |
|
37 |
||
38 |
private X509TrustManager trustManager = null; |
|
39 |
private boolean isInitialized = false; |
|
40 |
||
41 |
TrustManagerFactoryImpl() { |
|
42 |
// empty |
|
43 |
} |
|
44 |
||
14664
e71aa0962e70
8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl
xuelei
parents:
10125
diff
changeset
|
45 |
@Override |
2 | 46 |
protected void engineInit(KeyStore ks) throws KeyStoreException { |
47 |
if (ks == null) { |
|
48 |
try { |
|
43009
5af9f7aa93e5
8129988: JSSE should create a single instance of the cacerts KeyStore
xuelei
parents:
25859
diff
changeset
|
49 |
trustManager = getInstance(TrustStoreManager.getTrustedCerts()); |
2 | 50 |
} catch (SecurityException se) { |
51 |
// eat security exceptions but report other throwables |
|
56542 | 52 |
if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) { |
53 |
SSLLogger.fine( |
|
54 |
"SunX509: skip default keystore", se); |
|
2 | 55 |
} |
56 |
} catch (Error err) { |
|
56542 | 57 |
if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) { |
58 |
SSLLogger.fine( |
|
59 |
"SunX509: skip default keystore", err); |
|
2 | 60 |
} |
61 |
throw err; |
|
62 |
} catch (RuntimeException re) { |
|
56542 | 63 |
if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) { |
64 |
SSLLogger.fine( |
|
65 |
"SunX509: skip default keystor", re); |
|
2 | 66 |
} |
67 |
throw re; |
|
68 |
} catch (Exception e) { |
|
56542 | 69 |
if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) { |
70 |
SSLLogger.fine( |
|
71 |
"SunX509: skip default keystore", e); |
|
2 | 72 |
} |
73 |
throw new KeyStoreException( |
|
43009
5af9f7aa93e5
8129988: JSSE should create a single instance of the cacerts KeyStore
xuelei
parents:
25859
diff
changeset
|
74 |
"problem accessing trust store", e); |
2 | 75 |
} |
43009
5af9f7aa93e5
8129988: JSSE should create a single instance of the cacerts KeyStore
xuelei
parents:
25859
diff
changeset
|
76 |
} else { |
5af9f7aa93e5
8129988: JSSE should create a single instance of the cacerts KeyStore
xuelei
parents:
25859
diff
changeset
|
77 |
trustManager = getInstance(TrustStoreUtil.getTrustedCerts(ks)); |
2 | 78 |
} |
43009
5af9f7aa93e5
8129988: JSSE should create a single instance of the cacerts KeyStore
xuelei
parents:
25859
diff
changeset
|
79 |
|
2 | 80 |
isInitialized = true; |
81 |
} |
|
82 |
||
43009
5af9f7aa93e5
8129988: JSSE should create a single instance of the cacerts KeyStore
xuelei
parents:
25859
diff
changeset
|
83 |
abstract X509TrustManager getInstance( |
5af9f7aa93e5
8129988: JSSE should create a single instance of the cacerts KeyStore
xuelei
parents:
25859
diff
changeset
|
84 |
Collection<X509Certificate> trustedCerts); |
2 | 85 |
|
86 |
abstract X509TrustManager getInstance(ManagerFactoryParameters spec) |
|
87 |
throws InvalidAlgorithmParameterException; |
|
88 |
||
14664
e71aa0962e70
8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl
xuelei
parents:
10125
diff
changeset
|
89 |
@Override |
2 | 90 |
protected void engineInit(ManagerFactoryParameters spec) throws |
91 |
InvalidAlgorithmParameterException { |
|
92 |
trustManager = getInstance(spec); |
|
93 |
isInitialized = true; |
|
94 |
} |
|
95 |
||
96 |
/** |
|
97 |
* Returns one trust manager for each type of trust material. |
|
98 |
*/ |
|
14664
e71aa0962e70
8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl
xuelei
parents:
10125
diff
changeset
|
99 |
@Override |
2 | 100 |
protected TrustManager[] engineGetTrustManagers() { |
101 |
if (!isInitialized) { |
|
102 |
throw new IllegalStateException( |
|
103 |
"TrustManagerFactoryImpl is not initialized"); |
|
104 |
} |
|
105 |
return new TrustManager[] { trustManager }; |
|
106 |
} |
|
107 |
||
108 |
/* |
|
109 |
* Try to get an InputStream based on the file we pass in. |
|
110 |
*/ |
|
111 |
private static FileInputStream getFileInputStream(final File file) |
|
112 |
throws Exception { |
|
113 |
return AccessController.doPrivileged( |
|
114 |
new PrivilegedExceptionAction<FileInputStream>() { |
|
14664
e71aa0962e70
8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl
xuelei
parents:
10125
diff
changeset
|
115 |
@Override |
2 | 116 |
public FileInputStream run() throws Exception { |
117 |
try { |
|
118 |
if (file.exists()) { |
|
119 |
return new FileInputStream(file); |
|
120 |
} else { |
|
121 |
return null; |
|
122 |
} |
|
123 |
} catch (FileNotFoundException e) { |
|
124 |
// couldn't find it, oh well. |
|
125 |
return null; |
|
126 |
} |
|
127 |
} |
|
128 |
}); |
|
129 |
} |
|
130 |
||
43009
5af9f7aa93e5
8129988: JSSE should create a single instance of the cacerts KeyStore
xuelei
parents:
25859
diff
changeset
|
131 |
public static final class SimpleFactory extends TrustManagerFactoryImpl { |
5af9f7aa93e5
8129988: JSSE should create a single instance of the cacerts KeyStore
xuelei
parents:
25859
diff
changeset
|
132 |
@Override |
5af9f7aa93e5
8129988: JSSE should create a single instance of the cacerts KeyStore
xuelei
parents:
25859
diff
changeset
|
133 |
X509TrustManager getInstance( |
5af9f7aa93e5
8129988: JSSE should create a single instance of the cacerts KeyStore
xuelei
parents:
25859
diff
changeset
|
134 |
Collection<X509Certificate> trustedCerts) { |
5af9f7aa93e5
8129988: JSSE should create a single instance of the cacerts KeyStore
xuelei
parents:
25859
diff
changeset
|
135 |
return new X509TrustManagerImpl( |
5af9f7aa93e5
8129988: JSSE should create a single instance of the cacerts KeyStore
xuelei
parents:
25859
diff
changeset
|
136 |
Validator.TYPE_SIMPLE, trustedCerts); |
2 | 137 |
} |
138 |
||
14664
e71aa0962e70
8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl
xuelei
parents:
10125
diff
changeset
|
139 |
@Override |
2 | 140 |
X509TrustManager getInstance(ManagerFactoryParameters spec) |
141 |
throws InvalidAlgorithmParameterException { |
|
142 |
throw new InvalidAlgorithmParameterException |
|
143 |
("SunX509 TrustManagerFactory does not use " |
|
144 |
+ "ManagerFactoryParameters"); |
|
145 |
} |
|
43009
5af9f7aa93e5
8129988: JSSE should create a single instance of the cacerts KeyStore
xuelei
parents:
25859
diff
changeset
|
146 |
} |
2 | 147 |
|
148 |
public static final class PKIXFactory extends TrustManagerFactoryImpl { |
|
14664
e71aa0962e70
8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl
xuelei
parents:
10125
diff
changeset
|
149 |
@Override |
43009
5af9f7aa93e5
8129988: JSSE should create a single instance of the cacerts KeyStore
xuelei
parents:
25859
diff
changeset
|
150 |
X509TrustManager getInstance( |
5af9f7aa93e5
8129988: JSSE should create a single instance of the cacerts KeyStore
xuelei
parents:
25859
diff
changeset
|
151 |
Collection<X509Certificate> trustedCerts) { |
5af9f7aa93e5
8129988: JSSE should create a single instance of the cacerts KeyStore
xuelei
parents:
25859
diff
changeset
|
152 |
return new X509TrustManagerImpl(Validator.TYPE_PKIX, trustedCerts); |
2 | 153 |
} |
43009
5af9f7aa93e5
8129988: JSSE should create a single instance of the cacerts KeyStore
xuelei
parents:
25859
diff
changeset
|
154 |
|
14664
e71aa0962e70
8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl
xuelei
parents:
10125
diff
changeset
|
155 |
@Override |
2 | 156 |
X509TrustManager getInstance(ManagerFactoryParameters spec) |
157 |
throws InvalidAlgorithmParameterException { |
|
158 |
if (spec instanceof CertPathTrustManagerParameters == false) { |
|
159 |
throw new InvalidAlgorithmParameterException |
|
160 |
("Parameters must be CertPathTrustManagerParameters"); |
|
161 |
} |
|
162 |
CertPathParameters params = |
|
163 |
((CertPathTrustManagerParameters)spec).getParameters(); |
|
164 |
if (params instanceof PKIXBuilderParameters == false) { |
|
165 |
throw new InvalidAlgorithmParameterException |
|
166 |
("Encapsulated parameters must be PKIXBuilderParameters"); |
|
167 |
} |
|
168 |
PKIXBuilderParameters pkixParams = (PKIXBuilderParameters)params; |
|
169 |
return new X509TrustManagerImpl(Validator.TYPE_PKIX, pkixParams); |
|
170 |
} |
|
171 |
} |
|
172 |
} |