2362N/A * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 2362N/A * published by the Free Software Foundation. Oracle designates this 0N/A * particular file as subject to the "Classpath" exception as provided 2362N/A * by Oracle in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2362N/A * or visit www.oracle.com if you need additional information or have any 0N/A * NOTE: this file was copied from javax.net.ssl.SSLSecurity, 0N/A * but was heavily modified to allow com.sun.* users to 0N/A * access providers written using the javax.sun.* APIs. 0N/A * This class instantiates implementations of JSSE engine classes from 0N/A * providers registered with the java.security.Security object. 0N/A * @author Jeff Nisewanger 0N/A * @author Brad Wetmore 0N/A * Don't let anyone instantiate this. 0N/A // ProviderList.getService() is not accessible now, implement our own loop 0N/A * The body of the driver for the getImpl method. 0N/A " configured for " +
0N/A " configured for " +
0N/A " cannot be accessed: " +
0N/A * JSSE 1.0, 1.0.1, and 1.0.2 used the com.sun.net.ssl API as the 0N/A * API was being developed. As JSSE was folded into the main 0N/A * release, it was decided to promote the com.sun.net.ssl API to 0N/A * be javax.net.ssl. It is desired to keep binary compatibility 0N/A * with vendors of JSSE implementation written using the 0N/A * com.sun.net.sll API, so we do this magic to handle everything. 0N/A * API used Implementation used Supported? 0N/A * ======== =================== ========== 0N/A * com.sun com.sun Yes 0N/A * javax com.sun Not Currently 0N/A * Make sure the implementation class is a subclass of the 0N/A * corresponding engine class. 0N/A * In wrapping these classes, there's no way to know how to 0N/A * We only wrap the x509 variants. 0N/A try {
// catch instantiation errors 0N/A * (The following Class.forName()s should alway work, because 0N/A * this class and all the SPI classes in javax.crypto are 0N/A * loaded by the same class loader.) That is, unless they 0N/A * give us a SPI class that doesn't exist, say SSLFoo, 0N/A * or someone has removed classes from the jsse.jar file. 0N/A * Odds are more likely that we have a javax variant, try this 0N/A * We should throw an error if we get 0N/A * something totally unexpected. Don't ever 0N/A * expect to see this one... 0N/A "Couldn't locate correct object or wrapper: " +
0N/A * Returns an array of objects: the first object in the array is 0N/A * an instance of an implementation of the requested algorithm 0N/A * and type, and the second object in the array identifies the provider 0N/A * of that implementation. 0N/A * The <code>provName</code> argument can be null, in which case all 0N/A * configured providers will be searched in order of preference. 0N/A +
" not available");
0N/A * Returns an array of objects: the first object in the array is 0N/A * an instance of an implementation of the requested algorithm 0N/A * and type, and the second object in the array identifies the provider 0N/A * of that implementation. 0N/A * The <code>prov</code> argument can be null, in which case all 0N/A * configured providers will be searched in order of preference. 0N/A * Checks whether one class is the superclass of another 0N/A * Return at most the first "resize" elements of an array. 0N/A * Didn't want to use java.util.Arrays, as PJava may not have it. 0N/A * ================================================================= 0N/A * The remainder of this file is for the wrapper and wrapper-support 0N/A * classes. When SSLSecurity finds something which extends the 0N/A * javax.net.ssl.*Spi, we need to go grab a real instance of the 0N/A * thing that the Spi supports, and wrap into a com.sun.net.ssl.*Spi 0N/A * object. This also mean that anything going down into the SPI 0N/A * needs to be wrapped, as well as anything coming back up. 0N/A // Keep track of the actual number of array elements copied 0N/A // Convert com.sun.net.ssl.kma to a javax.net.ssl.kma 0N/A // wrapper if need be. 0N/A * These key managers may implement both javax 0N/A * and com.sun interfaces, so if they do 0N/A * javax, there's no need to wrap them. 0N/A * Do we know how to convert them? If not, oh well... 0N/A * We'll have to drop them on the floor in this 0N/A * case, cause we don't know how to handle them. 0N/A * This will be pretty rare, but put here for 0N/A // We can convert directly, since they implement. 0N/A * If dst != src, there were more items in the original array 0N/A * than in the new array. Compress the new elements to avoid 0N/A * any problems down the road. 0N/A // Now do the same thing with the TrustManagers. 0N/A * These key managers may implement both...see above... 0N/A // Do we know how to convert them? 0N/A // We only know how to wrap X509TrustManagers, as 0N/A // TrustManagers don't have any methods to wrap. 0N/A // We only know how to wrap X509KeyManagers, as 0N/A // KeyManagers don't have any methods to wrap. 0N/A// ================================= 0N/A * Scan the list, look for something we can pass back. 0N/A * JSSE 1.0.x was only socket based, but it's possible someone might 0N/A * want to install a really old provider. We should at least 0N/A * Scan the list, look for something we can pass back. 0N/A * JSSE 1.0.x was only socket based, but it's possible someone might 0N/A * want to install a really old provider. We should at least 0N/A "Untrusted Client Certificate Chain");
0N/A "Untrusted Server Certificate Chain");