jdk/src/java.base/share/classes/sun/security/provider/certpath/CertStoreHelper.java
changeset 31072 c6a387636aa5
parent 31071 b455d36ef73c
parent 30806 6e9d62b1dbc3
child 31073 0aef48d34118
equal deleted inserted replaced
31071:b455d36ef73c 31072:c6a387636aa5
     1 /*
       
     2  * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
       
     3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
       
     4  *
       
     5  * This code is free software; you can redistribute it and/or modify it
       
     6  * under the terms of the GNU General Public License version 2 only, as
       
     7  * published by the Free Software Foundation.  Oracle designates this
       
     8  * particular file as subject to the "Classpath" exception as provided
       
     9  * by Oracle in the LICENSE file that accompanied this code.
       
    10  *
       
    11  * This code is distributed in the hope that it will be useful, but WITHOUT
       
    12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
       
    13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
       
    14  * version 2 for more details (a copy is included in the LICENSE file that
       
    15  * accompanied this code).
       
    16  *
       
    17  * You should have received a copy of the GNU General Public License version
       
    18  * 2 along with this work; if not, write to the Free Software Foundation,
       
    19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
       
    20  *
       
    21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
       
    22  * or visit www.oracle.com if you need additional information or have any
       
    23  * questions.
       
    24  */
       
    25 
       
    26 package sun.security.provider.certpath;
       
    27 
       
    28 import java.net.URI;
       
    29 import java.util.Collection;
       
    30 import java.util.HashMap;
       
    31 import java.util.Map;
       
    32 import java.security.AccessController;
       
    33 import java.security.NoSuchAlgorithmException;
       
    34 import java.security.InvalidAlgorithmParameterException;
       
    35 import java.security.PrivilegedActionException;
       
    36 import java.security.PrivilegedExceptionAction;
       
    37 import java.security.cert.CertStore;
       
    38 import java.security.cert.CertStoreException;
       
    39 import java.security.cert.X509CertSelector;
       
    40 import java.security.cert.X509CRLSelector;
       
    41 import javax.security.auth.x500.X500Principal;
       
    42 import java.io.IOException;
       
    43 
       
    44 import sun.security.util.Cache;
       
    45 
       
    46 /**
       
    47  * Helper used by URICertStore and others when delegating to another CertStore
       
    48  * to fetch certs and CRLs.
       
    49  */
       
    50 
       
    51 public abstract class CertStoreHelper {
       
    52 
       
    53     private static final int NUM_TYPES = 2;
       
    54     private final static Map<String,String> classMap = new HashMap<>(NUM_TYPES);
       
    55     static {
       
    56         classMap.put(
       
    57             "LDAP",
       
    58             "sun.security.provider.certpath.ldap.LDAPCertStoreHelper");
       
    59         classMap.put(
       
    60             "SSLServer",
       
    61             "sun.security.provider.certpath.ssl.SSLServerCertStoreHelper");
       
    62     };
       
    63     private static Cache<String, CertStoreHelper> cache
       
    64         = Cache.newSoftMemoryCache(NUM_TYPES);
       
    65 
       
    66     public static CertStoreHelper getInstance(final String type)
       
    67         throws NoSuchAlgorithmException
       
    68     {
       
    69         CertStoreHelper helper = cache.get(type);
       
    70         if (helper != null) {
       
    71             return helper;
       
    72         }
       
    73         final String cl = classMap.get(type);
       
    74         if (cl == null) {
       
    75             throw new NoSuchAlgorithmException(type + " not available");
       
    76         }
       
    77         try {
       
    78             helper = AccessController.doPrivileged(
       
    79                 new PrivilegedExceptionAction<CertStoreHelper>() {
       
    80                     public CertStoreHelper run() throws ClassNotFoundException {
       
    81                         try {
       
    82                             Class<?> c = Class.forName(cl, true, null);
       
    83                             CertStoreHelper csh
       
    84                                 = (CertStoreHelper)c.newInstance();
       
    85                             cache.put(type, csh);
       
    86                             return csh;
       
    87                         } catch (InstantiationException |
       
    88                                  IllegalAccessException e) {
       
    89                             throw new AssertionError(e);
       
    90                         }
       
    91                     }
       
    92             });
       
    93             return helper;
       
    94         } catch (PrivilegedActionException e) {
       
    95             throw new NoSuchAlgorithmException(type + " not available",
       
    96                                                e.getException());
       
    97         }
       
    98     }
       
    99 
       
   100     static boolean isCausedByNetworkIssue(String type, CertStoreException cse) {
       
   101         switch (type) {
       
   102             case "LDAP":
       
   103             case "SSLServer":
       
   104                 try {
       
   105                     CertStoreHelper csh = CertStoreHelper.getInstance(type);
       
   106                     return csh.isCausedByNetworkIssue(cse);
       
   107                 } catch (NoSuchAlgorithmException nsae) {
       
   108                     return false;
       
   109                 }
       
   110             case "URI":
       
   111                 Throwable t = cse.getCause();
       
   112                 return (t != null && t instanceof IOException);
       
   113             default:
       
   114                 // we don't know about any other remote CertStore types
       
   115                 return false;
       
   116         }
       
   117     }
       
   118 
       
   119     /**
       
   120      * Returns a CertStore using the given URI as parameters.
       
   121      */
       
   122     public abstract CertStore getCertStore(URI uri)
       
   123         throws NoSuchAlgorithmException, InvalidAlgorithmParameterException;
       
   124 
       
   125     /**
       
   126      * Wraps an existing X509CertSelector when needing to avoid DN matching
       
   127      * issues.
       
   128      */
       
   129     public abstract X509CertSelector wrap(X509CertSelector selector,
       
   130                           X500Principal certSubject,
       
   131                           String dn)
       
   132         throws IOException;
       
   133 
       
   134     /**
       
   135      * Wraps an existing X509CRLSelector when needing to avoid DN matching
       
   136      * issues.
       
   137      */
       
   138     public abstract X509CRLSelector wrap(X509CRLSelector selector,
       
   139                          Collection<X500Principal> certIssuers,
       
   140                          String dn)
       
   141         throws IOException;
       
   142 
       
   143     /**
       
   144      * Returns true if the cause of the CertStoreException is a network
       
   145      * related issue.
       
   146      */
       
   147     public abstract boolean isCausedByNetworkIssue(CertStoreException e);
       
   148 }