1 /* |
1 /* |
2 * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
23 * questions. |
23 * questions. |
24 */ |
24 */ |
25 |
25 |
26 package sun.security.ssl; |
26 package sun.security.ssl; |
27 |
27 |
|
28 import java.io.*; |
28 import java.lang.ref.WeakReference; |
29 import java.lang.ref.WeakReference; |
29 import java.io.*; |
|
30 import java.util.*; |
|
31 |
|
32 import java.security.*; |
30 import java.security.*; |
33 import java.security.cert.*; |
31 import java.security.cert.*; |
34 import java.security.cert.Certificate; |
32 import java.util.*; |
35 |
|
36 import sun.security.action.*; |
33 import sun.security.action.*; |
37 import sun.security.validator.TrustStoreUtil; |
34 import sun.security.validator.TrustStoreUtil; |
38 |
35 |
39 /** |
36 /** |
40 * Collection of static utility methods to manage the default trusted KeyStores |
37 * Collection of static utility methods to manage the default trusted KeyStores |
41 * effectively. |
38 * effectively. |
42 */ |
39 */ |
43 final class TrustStoreManager { |
40 final class TrustStoreManager { |
44 private static final Debug debug = Debug.getInstance("ssl"); |
|
45 |
41 |
46 // A singleton service to manage the default trusted KeyStores effectively. |
42 // A singleton service to manage the default trusted KeyStores effectively. |
47 private static final TrustAnchorManager tam = new TrustAnchorManager(); |
43 private static final TrustAnchorManager tam = new TrustAnchorManager(); |
48 |
44 |
49 // Restrict instantiation of this class. |
45 // Restrict instantiation of this class. |
110 this.storeProvider = storeProvider; |
106 this.storeProvider = storeProvider; |
111 this.storePassword = storePassword; |
107 this.storePassword = storePassword; |
112 this.storeFile = storeFile; |
108 this.storeFile = storeFile; |
113 this.lastModified = lastModified; |
109 this.lastModified = lastModified; |
114 |
110 |
115 if (debug != null && Debug.isOn("trustmanager")) { |
111 if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) { |
116 System.out.println( |
112 SSLLogger.fine( |
117 "trustStore is: " + storeName + "\n" + |
113 "trustStore is: " + storeName + "\n" + |
118 "trustStore type is: " + storeType + "\n" + |
114 "trustStore type is: " + storeType + "\n" + |
119 "trustStore provider is: " + storeProvider + "\n" + |
115 "trustStore provider is: " + storeProvider + "\n" + |
120 "the last modified time is: " + (new Date(lastModified))); |
116 "the last modified time is: " + (new Date(lastModified))); |
121 } |
117 } |
123 |
119 |
124 /** |
120 /** |
125 * Create an instance of TrustStoreDescriptor for the default |
121 * Create an instance of TrustStoreDescriptor for the default |
126 * trusted KeyStore. |
122 * trusted KeyStore. |
127 */ |
123 */ |
|
124 @SuppressWarnings("Convert2Lambda") |
128 static TrustStoreDescriptor createInstance() { |
125 static TrustStoreDescriptor createInstance() { |
129 return AccessController.doPrivileged(new PrivilegedAction<>() { |
126 return AccessController.doPrivileged( |
|
127 new PrivilegedAction<TrustStoreDescriptor>() { |
130 |
128 |
131 @Override |
129 @Override |
132 public TrustStoreDescriptor run() { |
130 public TrustStoreDescriptor run() { |
133 // Get the system properties for trust store. |
131 // Get the system properties for trust store. |
134 String storePropName = System.getProperty( |
132 String storePropName = System.getProperty( |
265 if ((ks != null) && descriptor.equals(temporaryDesc)) { |
263 if ((ks != null) && descriptor.equals(temporaryDesc)) { |
266 return ks; |
264 return ks; |
267 } |
265 } |
268 |
266 |
269 // Reload a new key store. |
267 // Reload a new key store. |
270 if ((debug != null) && Debug.isOn("trustmanager")) { |
268 if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) { |
271 System.out.println("Reload the trust store"); |
269 SSLLogger.fine("Reload the trust store"); |
272 } |
270 } |
273 |
271 |
274 ks = loadKeyStore(descriptor); |
272 ks = loadKeyStore(descriptor); |
275 this.descriptor = descriptor; |
273 this.descriptor = descriptor; |
276 this.ksRef = new WeakReference<>(ks); |
274 this.ksRef = new WeakReference<>(ks); |
307 } |
305 } |
308 } |
306 } |
309 |
307 |
310 // Reload the trust store if needed. |
308 // Reload the trust store if needed. |
311 if (ks == null) { |
309 if (ks == null) { |
312 if ((debug != null) && Debug.isOn("trustmanager")) { |
310 if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) { |
313 System.out.println("Reload the trust store"); |
311 SSLLogger.fine("Reload the trust store"); |
314 } |
312 } |
315 ks = loadKeyStore(descriptor); |
313 ks = loadKeyStore(descriptor); |
316 } |
314 } |
317 |
315 |
318 // Reload trust certs from the key store. |
316 // Reload trust certs from the key store. |
319 if ((debug != null) && Debug.isOn("trustmanager")) { |
317 if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) { |
320 System.out.println("Reload trust certs"); |
318 SSLLogger.fine("Reload trust certs"); |
321 } |
319 } |
322 |
320 |
323 certs = loadTrustedCerts(ks); |
321 certs = loadTrustedCerts(ks); |
324 if ((debug != null) && Debug.isOn("trustmanager")) { |
322 if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) { |
325 System.out.println("Reloaded " + certs.size() + " trust certs"); |
323 SSLLogger.fine("Reloaded " + certs.size() + " trust certs"); |
326 } |
324 } |
327 |
325 |
328 // Note that as ks is a local variable, it is not |
326 // Note that as ks is a local variable, it is not |
329 // necessary to add it to the ksRef weak reference. |
327 // necessary to add it to the ksRef weak reference. |
330 this.csRef = new WeakReference<>(certs); |
328 this.csRef = new WeakReference<>(certs); |
331 |
329 |
332 return certs; |
330 return certs; |
333 } |
331 } |
334 |
332 |
335 /** |
333 /** |
336 * Load the KeyStore as described in the specified descriptor. |
334 * Load the the KeyStore as described in the specified descriptor. |
337 */ |
335 */ |
338 private static KeyStore loadKeyStore( |
336 private static KeyStore loadKeyStore( |
339 TrustStoreDescriptor descriptor) throws Exception { |
337 TrustStoreDescriptor descriptor) throws Exception { |
340 if (!"NONE".equals(descriptor.storeName) && |
338 if (!"NONE".equals(descriptor.storeName) && |
341 descriptor.storeFile == null) { |
339 descriptor.storeFile == null) { |
342 |
340 |
343 // No file available, no KeyStore available. |
341 // No file available, no KeyStore available. |
344 if (debug != null && Debug.isOn("trustmanager")) { |
342 if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) { |
345 System.out.println("No available key store"); |
343 SSLLogger.fine("No available key store"); |
346 } |
344 } |
347 |
345 |
348 return null; |
346 return null; |
349 } |
347 } |
350 |
348 |
365 try (FileInputStream fis = AccessController.doPrivileged( |
363 try (FileInputStream fis = AccessController.doPrivileged( |
366 new OpenFileInputStreamAction(descriptor.storeFile))) { |
364 new OpenFileInputStreamAction(descriptor.storeFile))) { |
367 ks.load(fis, password); |
365 ks.load(fis, password); |
368 } catch (FileNotFoundException fnfe) { |
366 } catch (FileNotFoundException fnfe) { |
369 // No file available, no KeyStore available. |
367 // No file available, no KeyStore available. |
370 if (debug != null && Debug.isOn("trustmanager")) { |
368 if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) { |
371 System.out.println( |
369 SSLLogger.fine( |
372 "Not available key store: " + descriptor.storeName); |
370 "Not available key store: " + descriptor.storeName); |
373 } |
371 } |
374 |
372 |
375 return null; |
373 return null; |
376 } |
374 } |