7176627: CertPath/jep124/PreferCRL_SoftFail test fails (Could not determine revocation status)
Reviewed-by: xuelei
/*
* Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.provider.certpath;
import java.net.URI;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import java.security.AccessController;
import java.security.NoSuchAlgorithmException;
import java.security.InvalidAlgorithmParameterException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.X509CertSelector;
import java.security.cert.X509CRLSelector;
import javax.security.auth.x500.X500Principal;
import java.io.IOException;
import sun.security.util.Cache;
/**
* Helper used by URICertStore and others when delegating to another CertStore
* to fetch certs and CRLs.
*/
public abstract class CertStoreHelper {
private static final int NUM_TYPES = 2;
private final static Map<String,String> classMap = new HashMap<>(NUM_TYPES);
static {
classMap.put(
"LDAP",
"sun.security.provider.certpath.ldap.LDAPCertStoreHelper");
classMap.put(
"SSLServer",
"sun.security.provider.certpath.ssl.SSLServerCertStoreHelper");
};
private static Cache<String, CertStoreHelper> cache
= Cache.newSoftMemoryCache(NUM_TYPES);
public static CertStoreHelper getInstance(final String type)
throws NoSuchAlgorithmException
{
CertStoreHelper helper = cache.get(type);
if (helper != null) {
return helper;
}
final String cl = classMap.get(type);
if (cl == null) {
throw new NoSuchAlgorithmException(type + " not available");
}
try {
helper = AccessController.doPrivileged(
new PrivilegedExceptionAction<CertStoreHelper>() {
public CertStoreHelper run() throws ClassNotFoundException {
try {
Class<?> c = Class.forName(cl, true, null);
CertStoreHelper csh
= (CertStoreHelper)c.newInstance();
cache.put(type, csh);
return csh;
} catch (InstantiationException |
IllegalAccessException e) {
throw new AssertionError(e);
}
}
});
return helper;
} catch (PrivilegedActionException e) {
throw new NoSuchAlgorithmException(type + " not available",
e.getException());
}
}
static boolean isCausedByNetworkIssue(String type, CertStoreException cse) {
switch (type) {
case "LDAP":
case "SSLServer":
try {
CertStoreHelper csh = CertStoreHelper.getInstance(type);
return csh.isCausedByNetworkIssue(cse);
} catch (NoSuchAlgorithmException nsae) {
return false;
}
case "URI":
Throwable t = cse.getCause();
return (t != null && t instanceof IOException);
default:
// we don't know about any other remote CertStore types
return false;
}
}
/**
* Returns a CertStore using the given URI as parameters.
*/
public abstract CertStore getCertStore(URI uri)
throws NoSuchAlgorithmException, InvalidAlgorithmParameterException;
/**
* Wraps an existing X509CertSelector when needing to avoid DN matching
* issues.
*/
public abstract X509CertSelector wrap(X509CertSelector selector,
X500Principal certSubject,
String dn)
throws IOException;
/**
* Wraps an existing X509CRLSelector when needing to avoid DN matching
* issues.
*/
public abstract X509CRLSelector wrap(X509CRLSelector selector,
Collection<X500Principal> certIssuers,
String dn)
throws IOException;
/**
* Returns true if the cause of the CertStoreException is a network
* related issue.
*/
public abstract boolean isCausedByNetworkIssue(CertStoreException e);
}