jdk/src/share/classes/sun/security/provider/certpath/CertStoreHelper.java
author mullan
Fri, 14 Sep 2012 10:13:04 -0400
changeset 13800 2fd4a82efe9c
parent 12860 9ffbd4e43413
permissions -rw-r--r--
7176627: CertPath/jep124/PreferCRL_SoftFail test fails (Could not determine revocation status) Reviewed-by: xuelei

/*
 * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

package sun.security.provider.certpath;

import java.net.URI;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import java.security.AccessController;
import java.security.NoSuchAlgorithmException;
import java.security.InvalidAlgorithmParameterException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.X509CertSelector;
import java.security.cert.X509CRLSelector;
import javax.security.auth.x500.X500Principal;
import java.io.IOException;

import sun.security.util.Cache;

/**
 * Helper used by URICertStore and others when delegating to another CertStore
 * to fetch certs and CRLs.
 */

public abstract class CertStoreHelper {

    private static final int NUM_TYPES = 2;
    private final static Map<String,String> classMap = new HashMap<>(NUM_TYPES);
    static {
        classMap.put(
            "LDAP",
            "sun.security.provider.certpath.ldap.LDAPCertStoreHelper");
        classMap.put(
            "SSLServer",
            "sun.security.provider.certpath.ssl.SSLServerCertStoreHelper");
    };
    private static Cache<String, CertStoreHelper> cache
        = Cache.newSoftMemoryCache(NUM_TYPES);

    public static CertStoreHelper getInstance(final String type)
        throws NoSuchAlgorithmException
    {
        CertStoreHelper helper = cache.get(type);
        if (helper != null) {
            return helper;
        }
        final String cl = classMap.get(type);
        if (cl == null) {
            throw new NoSuchAlgorithmException(type + " not available");
        }
        try {
            helper = AccessController.doPrivileged(
                new PrivilegedExceptionAction<CertStoreHelper>() {
                    public CertStoreHelper run() throws ClassNotFoundException {
                        try {
                            Class<?> c = Class.forName(cl, true, null);
                            CertStoreHelper csh
                                = (CertStoreHelper)c.newInstance();
                            cache.put(type, csh);
                            return csh;
                        } catch (InstantiationException |
                                 IllegalAccessException e) {
                            throw new AssertionError(e);
                        }
                    }
            });
            return helper;
        } catch (PrivilegedActionException e) {
            throw new NoSuchAlgorithmException(type + " not available",
                                               e.getException());
        }
    }

    static boolean isCausedByNetworkIssue(String type, CertStoreException cse) {
        switch (type) {
            case "LDAP":
            case "SSLServer":
                try {
                    CertStoreHelper csh = CertStoreHelper.getInstance(type);
                    return csh.isCausedByNetworkIssue(cse);
                } catch (NoSuchAlgorithmException nsae) {
                    return false;
                }
            case "URI":
                Throwable t = cse.getCause();
                return (t != null && t instanceof IOException);
            default:
                // we don't know about any other remote CertStore types
                return false;
        }
    }

    /**
     * Returns a CertStore using the given URI as parameters.
     */
    public abstract CertStore getCertStore(URI uri)
        throws NoSuchAlgorithmException, InvalidAlgorithmParameterException;

    /**
     * Wraps an existing X509CertSelector when needing to avoid DN matching
     * issues.
     */
    public abstract X509CertSelector wrap(X509CertSelector selector,
                          X500Principal certSubject,
                          String dn)
        throws IOException;

    /**
     * Wraps an existing X509CRLSelector when needing to avoid DN matching
     * issues.
     */
    public abstract X509CRLSelector wrap(X509CRLSelector selector,
                         Collection<X500Principal> certIssuers,
                         String dn)
        throws IOException;

    /**
     * Returns true if the cause of the CertStoreException is a network
     * related issue.
     */
    public abstract boolean isCausedByNetworkIssue(CertStoreException e);
}