< prev index next >

src/java.base/share/classes/sun/security/ssl/X509TrustManagerImpl.java

Print this page 
  8  * particular file as subject to the "Classpath" exception as provided
  9  * by Oracle in the LICENSE file that accompanied this code.
 10  *
 11  * This code is distributed in the hope that it will be useful, but WITHOUT
 12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 14  * version 2 for more details (a copy is included in the LICENSE file that
 15  * accompanied this code).
 16  *
 17  * You should have received a copy of the GNU General Public License version
 18  * 2 along with this work; if not, write to the Free Software Foundation,
 19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 20  *
 21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 22  * or visit www.oracle.com if you need additional information or have any
 23  * questions.
 24  */
 25 
 26 package sun.security.ssl;
 27 

 28 import java.net.Socket;
 29 import java.security.*;
 30 import java.security.cert.*;
 31 import java.util.*;
 32 import java.util.concurrent.locks.ReentrantLock;
 33 import javax.net.ssl.*;
 34 import sun.security.util.AnchorCertificates;
 35 import sun.security.util.HostnameChecker;
 36 import sun.security.validator.*;
 37 
 38 /**
 39  * This class implements the SunJSSE X.509 trust manager using the internal
 40  * validator API in J2SE core. The logic in this class is minimal.<p>
 41  * <p>
 42  * This class supports both the Simple validation algorithm from previous
 43  * JSSE versions and PKIX validation. Currently, it is not possible for the
 44  * application to specify PKIX parameters other than trust anchors. This will
 45  * be fixed in a future release using new APIs. When that happens, it may also
 46  * make sense to separate the Simple and PKIX trust managers into separate
 47  * classes.
 48  *
 49  * @author Andreas Sterbenz
 50  */
 51 final class X509TrustManagerImpl extends X509ExtendedTrustManager
 52         implements X509TrustManager {
 53 








 54     private final String validatorType;
 55 
 56     /**
 57      * The Set of trusted X509Certificates.
 58      */
 59     private final Collection<X509Certificate> trustedCerts;
 60 
 61     private final PKIXBuilderParameters pkixParams;
 62 
 63     // note that we need separate validator for client and server due to
 64     // the different extension checks. They are initialized lazily on demand.
 65     private volatile Validator clientValidator, serverValidator;
 66 
 67     private final ReentrantLock validatorLock = new ReentrantLock();
 68 
 69     X509TrustManagerImpl(String validatorType,
 70             Collection<X509Certificate> trustedCerts) {
 71 
 72         this.validatorType = validatorType;
 73         this.pkixParams = null;

  8  * particular file as subject to the "Classpath" exception as provided
  9  * by Oracle in the LICENSE file that accompanied this code.
 10  *
 11  * This code is distributed in the hope that it will be useful, but WITHOUT
 12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 14  * version 2 for more details (a copy is included in the LICENSE file that
 15  * accompanied this code).
 16  *
 17  * You should have received a copy of the GNU General Public License version
 18  * 2 along with this work; if not, write to the Free Software Foundation,
 19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 20  *
 21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 22  * or visit www.oracle.com if you need additional information or have any
 23  * questions.
 24  */
 25 
 26 package sun.security.ssl;
 27 
 28 import java.lang.invoke.MethodHandles;
 29 import java.net.Socket;
 30 import java.security.*;
 31 import java.security.cert.*;
 32 import java.util.*;
 33 import java.util.concurrent.locks.ReentrantLock;
 34 import javax.net.ssl.*;
 35 import sun.security.util.AnchorCertificates;
 36 import sun.security.util.HostnameChecker;
 37 import sun.security.validator.*;
 38 
 39 /**
 40  * This class implements the SunJSSE X.509 trust manager using the internal
 41  * validator API in J2SE core. The logic in this class is minimal.<p>
 42  * <p>
 43  * This class supports both the Simple validation algorithm from previous
 44  * JSSE versions and PKIX validation. Currently, it is not possible for the
 45  * application to specify PKIX parameters other than trust anchors. This will
 46  * be fixed in a future release using new APIs. When that happens, it may also
 47  * make sense to separate the Simple and PKIX trust managers into separate
 48  * classes.
 49  *
 50  * @author Andreas Sterbenz
 51  */
 52 final class X509TrustManagerImpl extends X509ExtendedTrustManager
 53         implements X509TrustManager {
 54 
 55     static {
 56         try {
 57             MethodHandles.lookup().ensureInitialized(AnchorCertificates.class);
 58         } catch (IllegalAccessException e) {
 59             throw new ExceptionInInitializerError(e);
 60         }
 61     }
 62 
 63     private final String validatorType;
 64 
 65     /**
 66      * The Set of trusted X509Certificates.
 67      */
 68     private final Collection<X509Certificate> trustedCerts;
 69 
 70     private final PKIXBuilderParameters pkixParams;
 71 
 72     // note that we need separate validator for client and server due to
 73     // the different extension checks. They are initialized lazily on demand.
 74     private volatile Validator clientValidator, serverValidator;
 75 
 76     private final ReentrantLock validatorLock = new ReentrantLock();
 77 
 78     X509TrustManagerImpl(String validatorType,
 79             Collection<X509Certificate> trustedCerts) {
 80 
 81         this.validatorType = validatorType;
 82         this.pkixParams = null;
< prev index next >