Home | History | Annotate | Download | only in ssl 
      1 /*
      2  * Copyright (c) 1999, 2008, Oracle and/or its affiliates. All rights reserved.
      3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
      4  *
      5  * This code is free software; you can redistribute it and/or modify it
      6  * under the terms of the GNU General Public License version 2 only, as
      7  * published by the Free Software Foundation.  Oracle designates this
      8  * particular file as subject to the "Classpath" exception as provided
      9  * by Oracle in the LICENSE file that accompanied this code.
     10  *
     11  * This code is distributed in the hope that it will be useful, but WITHOUT
     12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
     13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
     14  * version 2 for more details (a copy is included in the LICENSE file that
     15  * accompanied this code).
     16  *
     17  * You should have received a copy of the GNU General Public License version
     18  * 2 along with this work; if not, write to the Free Software Foundation,
     19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
     20  *
     21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
     22  * or visit www.oracle.com if you need additional information or have any
     23  * questions.
     24  */
     25 
     26 package javax.net.ssl;
     27 
     28 import java.security.Security;
     29 import java.security.*;
     30 
     31 import sun.security.jca.GetInstance;
     32 
     33 /**
     34  * This class acts as a factory for trust managers based on a
     35  * source of trust material. Each trust manager manages a specific
     36  * type of trust material for use by secure sockets. The trust
     37  * material is based on a KeyStore and/or provider specific sources.
     38  *
     39  * @since 1.4
     40  * @see TrustManager
     41  */
     42 public class TrustManagerFactory {
     43     // The provider
     44     private Provider provider;
     45 
     46     // The provider implementation (delegate)
     47     private TrustManagerFactorySpi factorySpi;
     48 
     49     // The name of the trust management algorithm.
     50     private String algorithm;
     51 
     52     /**
     53      * Obtains the default TrustManagerFactory algorithm name.
     54      *
     55      * <p>The default TrustManager can be changed at runtime by setting
     56      * the value of the "ssl.TrustManagerFactory.algorithm" security
     57      * property (set in the Java security properties file or by calling
     58      * {@link java.security.Security#setProperty(String, String) })
     59      * to the desired algorithm name.
     60      *
     61      * @return the default algorithm name as specified in the
     62      * Java security properties, or an implementation-specific default
     63      * if no such property exists.
     64      */
     65     public final static String getDefaultAlgorithm() {
     66         String type;
     67         type = AccessController.doPrivileged(new PrivilegedAction<String>() {
     68             public String run() {
     69                 return Security.getProperty(
     70                     "ssl.TrustManagerFactory.algorithm");
     71             }
     72         });
     73         if (type == null) {
     74             type = "SunX509";
     75         }
     76         return type;
     77     }
     78 
     79     /**
     80      * Creates a TrustManagerFactory object.
     81      *
     82      * @param factorySpi the delegate
     83      * @param provider the provider
     84      * @param algorithm the algorithm
     85      */
     86     protected TrustManagerFactory(TrustManagerFactorySpi factorySpi,
     87             Provider provider, String algorithm) {
     88         this.factorySpi = factorySpi;
     89         this.provider = provider;
     90         this.algorithm = algorithm;
     91     }
     92 
     93     /**
     94      * Returns the algorithm name of this <code>TrustManagerFactory</code>
     95      * object.
     96      *
     97      * <p>This is the same name that was specified in one of the
     98      * <code>getInstance</code> calls that created this
     99      * <code>TrustManagerFactory</code> object.
    100      *
    101      * @return the algorithm name of this <code>TrustManagerFactory</code>
    102      *          object
    103      */
    104     public final String getAlgorithm() {
    105         return this.algorithm;
    106     }
    107 
    108     /**
    109      * Returns a <code>TrustManagerFactory</code> object that acts as a
    110      * factory for trust managers.
    111      *
    112      * <p> This method traverses the list of registered security Providers,
    113      * starting with the most preferred Provider.
    114      * A new TrustManagerFactory object encapsulating the
    115      * TrustManagerFactorySpi implementation from the first
    116      * Provider that supports the specified algorithm is returned.
    117      *
    118      * <p> Note that the list of registered providers may be retrieved via
    119      * the {@link Security#getProviders() Security.getProviders()} method.
    120      *
    121      * @param algorithm the standard name of the requested trust management
    122      *          algorithm.  See the <a href=
    123      *  "{@docRoot}openjdk-redirect.html?v=8&path=/technotes/guides/security/jsse/JSSERefGuide.html">
    124      *          Java Secure Socket Extension Reference Guide </a>
    125      *          for information about standard algorithm names.
    126      *
    127      * @return the new <code>TrustManagerFactory</code> object.
    128      *
    129      * @exception NoSuchAlgorithmException if no Provider supports a
    130      *          TrustManagerFactorySpi implementation for the
    131      *          specified algorithm.
    132      * @exception NullPointerException if algorithm is null.
    133      *
    134      * @see java.security.Provider
    135      */
    136     public static final TrustManagerFactory getInstance(String algorithm)
    137             throws NoSuchAlgorithmException {
    138         GetInstance.Instance instance = GetInstance.getInstance
    139                 ("TrustManagerFactory", TrustManagerFactorySpi.class,
    140                 algorithm);
    141         return new TrustManagerFactory((TrustManagerFactorySpi)instance.impl,
    142                 instance.provider, algorithm);
    143     }
    144 
    145     /**
    146      * Returns a <code>TrustManagerFactory</code> object that acts as a
    147      * factory for trust managers.
    148      *
    149      * <p> A new KeyManagerFactory object encapsulating the
    150      * KeyManagerFactorySpi implementation from the specified provider
    151      * is returned.  The specified provider must be registered
    152      * in the security provider list.
    153      *
    154      * <p> Note that the list of registered providers may be retrieved via
    155      * the {@link Security#getProviders() Security.getProviders()} method.
    156      *
    157      * @param algorithm the standard name of the requested trust management
    158      *          algorithm.  See the <a href=
    159      *  "{@docRoot}openjdk-redirect.html?v=8&path=/technotes/guides/security/jsse/JSSERefGuide.html">
    160      *          Java Secure Socket Extension Reference Guide </a>
    161      *          for information about standard algorithm names.
    162      *
    163      * @param provider the name of the provider.
    164      *
    165      * @return the new <code>TrustManagerFactory</code> object
    166      *
    167      * @throws NoSuchAlgorithmException if a TrustManagerFactorySpi
    168      *          implementation for the specified algorithm is not
    169      *          available from the specified provider.
    170      *
    171      * @throws NoSuchProviderException if the specified provider is not
    172      *          registered in the security provider list.
    173      *
    174      * @throws IllegalArgumentException if the provider name is null or empty.
    175      * @throws NullPointerException if algorithm is null.
    176      *
    177      * @see java.security.Provider
    178      */
    179     public static final TrustManagerFactory getInstance(String algorithm,
    180             String provider) throws NoSuchAlgorithmException,
    181             NoSuchProviderException {
    182         GetInstance.Instance instance = GetInstance.getInstance
    183                 ("TrustManagerFactory", TrustManagerFactorySpi.class,
    184                 algorithm, provider);
    185         return new TrustManagerFactory((TrustManagerFactorySpi)instance.impl,
    186                 instance.provider, algorithm);
    187     }
    188 
    189     /**
    190      * Returns a <code>TrustManagerFactory</code> object that acts as a
    191      * factory for trust managers.
    192      *
    193      * <p> A new TrustManagerFactory object encapsulating the
    194      * TrustManagerFactorySpi implementation from the specified Provider
    195      * object is returned.  Note that the specified Provider object
    196      * does not have to be registered in the provider list.
    197      *
    198      * @param algorithm the standard name of the requested trust management
    199      *          algorithm.  See the <a href=
    200      *  "{@docRoot}openjdk-redirect.html?v=8&path=/technotes/guides/security/jsse/JSSERefGuide.html">
    201      *          Java Secure Socket Extension Reference Guide </a>
    202      *          for information about standard algorithm names.
    203      *
    204      * @param provider an instance of the provider.
    205      *
    206      * @return the new <code>TrustManagerFactory</code> object.
    207      *
    208      * @throws NoSuchAlgorithmException if a TrustManagerFactorySpi
    209      *          implementation for the specified algorithm is not available
    210      *          from the specified Provider object.
    211      *
    212      * @throws IllegalArgumentException if the provider is null.
    213      * @throws NullPointerException if algorithm is null.
    214      *
    215      * @see java.security.Provider
    216      */
    217     public static final TrustManagerFactory getInstance(String algorithm,
    218             Provider provider) throws NoSuchAlgorithmException {
    219         GetInstance.Instance instance = GetInstance.getInstance
    220                 ("TrustManagerFactory", TrustManagerFactorySpi.class,
    221                 algorithm, provider);
    222         return new TrustManagerFactory((TrustManagerFactorySpi)instance.impl,
    223                 instance.provider, algorithm);
    224     }
    225 
    226     /**
    227      * Returns the provider of this <code>TrustManagerFactory</code> object.
    228      *
    229      * @return the provider of this <code>TrustManagerFactory</code> object
    230      */
    231     public final Provider getProvider() {
    232         return this.provider;
    233     }
    234 
    235 
    236     /**
    237      * Initializes this factory with a source of certificate
    238      * authorities and related trust material.
    239      * <P>
    240      * The provider typically uses a KeyStore as a basis for making
    241      * trust decisions.
    242      * <P>
    243      * For more flexible initialization, please see
    244      * {@link #init(ManagerFactoryParameters)}.
    245      *
    246      * @param ks the key store, or null
    247      * @throws KeyStoreException if this operation fails
    248      */
    249     public final void init(KeyStore ks) throws KeyStoreException {
    250         factorySpi.engineInit(ks);
    251     }
    252 
    253 
    254     /**
    255      * Initializes this factory with a source of provider-specific
    256      * trust material.
    257      * <P>
    258      * In some cases, initialization parameters other than a keystore
    259      * may be needed by a provider.  Users of that particular provider
    260      * are expected to pass an implementation of the appropriate
    261      * <CODE>ManagerFactoryParameters</CODE> as defined by the
    262      * provider.  The provider can then call the specified methods in
    263      * the <CODE>ManagerFactoryParameters</CODE> implementation to obtain the
    264      * needed information.
    265      *
    266      * @param spec an implementation of a provider-specific parameter
    267      *          specification
    268      * @throws InvalidAlgorithmParameterException if an error is
    269      *          encountered
    270      */
    271     public final void init(ManagerFactoryParameters spec) throws
    272             InvalidAlgorithmParameterException {
    273         factorySpi.engineInit(spec);
    274     }
    275 
    276 
    277     /**
    278      * Returns one trust manager for each type of trust material.
    279      *
    280      * @throws IllegalStateException if the factory is not initialized.
    281      *
    282      * @return the trust managers
    283      */
    284     public final TrustManager[] getTrustManagers() {
    285         return factorySpi.engineGetTrustManagers();
    286     }
    287 }
    288