8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.ssl;
27
28 import java.net.Socket;
29 import java.security.*;
30 import java.security.cert.*;
31 import java.util.*;
32 import java.util.concurrent.locks.ReentrantLock;
33 import javax.net.ssl.*;
34 import sun.security.util.AnchorCertificates;
35 import sun.security.util.HostnameChecker;
36 import sun.security.validator.*;
37
38 /**
39 * This class implements the SunJSSE X.509 trust manager using the internal
40 * validator API in J2SE core. The logic in this class is minimal.<p>
41 * <p>
42 * This class supports both the Simple validation algorithm from previous
43 * JSSE versions and PKIX validation. Currently, it is not possible for the
44 * application to specify PKIX parameters other than trust anchors. This will
45 * be fixed in a future release using new APIs. When that happens, it may also
46 * make sense to separate the Simple and PKIX trust managers into separate
47 * classes.
48 *
49 * @author Andreas Sterbenz
50 */
51 final class X509TrustManagerImpl extends X509ExtendedTrustManager
52 implements X509TrustManager {
53
54 private final String validatorType;
55
56 /**
57 * The Set of trusted X509Certificates.
58 */
59 private final Collection<X509Certificate> trustedCerts;
60
61 private final PKIXBuilderParameters pkixParams;
62
63 // note that we need separate validator for client and server due to
64 // the different extension checks. They are initialized lazily on demand.
65 private volatile Validator clientValidator, serverValidator;
66
67 private final ReentrantLock validatorLock = new ReentrantLock();
68
69 X509TrustManagerImpl(String validatorType,
70 Collection<X509Certificate> trustedCerts) {
71
72 this.validatorType = validatorType;
73 this.pkixParams = null;
|
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.ssl;
27
28 import java.lang.invoke.MethodHandles;
29 import java.net.Socket;
30 import java.security.*;
31 import java.security.cert.*;
32 import java.util.*;
33 import java.util.concurrent.locks.ReentrantLock;
34 import javax.net.ssl.*;
35 import sun.security.util.AnchorCertificates;
36 import sun.security.util.HostnameChecker;
37 import sun.security.validator.*;
38
39 /**
40 * This class implements the SunJSSE X.509 trust manager using the internal
41 * validator API in J2SE core. The logic in this class is minimal.<p>
42 * <p>
43 * This class supports both the Simple validation algorithm from previous
44 * JSSE versions and PKIX validation. Currently, it is not possible for the
45 * application to specify PKIX parameters other than trust anchors. This will
46 * be fixed in a future release using new APIs. When that happens, it may also
47 * make sense to separate the Simple and PKIX trust managers into separate
48 * classes.
49 *
50 * @author Andreas Sterbenz
51 */
52 final class X509TrustManagerImpl extends X509ExtendedTrustManager
53 implements X509TrustManager {
54
55 static {
56 try {
57 MethodHandles.lookup().ensureInitialized(AnchorCertificates.class);
58 } catch (IllegalAccessException e) {
59 throw new ExceptionInInitializerError(e);
60 }
61 }
62
63 private final String validatorType;
64
65 /**
66 * The Set of trusted X509Certificates.
67 */
68 private final Collection<X509Certificate> trustedCerts;
69
70 private final PKIXBuilderParameters pkixParams;
71
72 // note that we need separate validator for client and server due to
73 // the different extension checks. They are initialized lazily on demand.
74 private volatile Validator clientValidator, serverValidator;
75
76 private final ReentrantLock validatorLock = new ReentrantLock();
77
78 X509TrustManagerImpl(String validatorType,
79 Collection<X509Certificate> trustedCerts) {
80
81 this.validatorType = validatorType;
82 this.pkixParams = null;
|