/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* This class implements the SunJSSE X.509 trust manager using the internal
* validator API in J2SE core. The logic in this class is minimal.<p>
* <p>
* This class supports both the Simple validation algorithm from previous
* JSSE versions and PKIX validation. Currently, it is not possible for the
* application to specify PKIX parameters other than trust anchors. This will
* be fixed in a future release using new APIs. When that happens, it may also
* make sense to separate the Simple and PKIX trust managers into separate
* classes.
*
* @author Andreas Sterbenz
*/
implements X509TrustManager {
/**
* The Set of trusted X509Certificates.
*/
// note that we need separate validator for client and server due to
// the different extension checks. They are initialized lazily on demand.
throws KeyStoreException {
this.validatorType = validatorType;
this.pkixParams = null;
} else {
}
}
this.validatorType = validatorType;
this.pkixParams = params;
// create server validator eagerly so that we can conveniently
// get the trusted certificates
// clients need it anyway eventually, and servers will not mind
// the little extra footprint
serverValidator = v;
}
throws CertificateException {
}
throws CertificateException {
}
return certsArray;
}
}
}
}
}
throw new IllegalArgumentException(
"null or zero-length certificate chain");
}
throw new IllegalArgumentException(
"null or zero-length authentication type");
}
if (isClient) {
v = clientValidator;
if (v == null) {
synchronized (this) {
v = clientValidator;
if (v == null) {
clientValidator = v;
}
}
}
} else {
// assume double checked locking with a volatile flag works
// (guaranteed under the new Tiger memory model)
v = serverValidator;
if (v == null) {
synchronized (this) {
v = serverValidator;
if (v == null) {
serverValidator = v;
}
}
}
}
return v;
}
throw new CertificateException("No handshake session");
}
// check endpoint identity
}
// create the algorithm constraints
if (session instanceof ExtendedSSLSession) {
sslSocket, localSupportedSignAlgs, false);
} else {
new SSLAlgorithmConstraints(sslSocket, false);
}
} else {
}
}
if (isClient) {
} else {
}
}
}
throw new CertificateException("No handshake session");
}
// check endpoint identity
}
// create the algorithm constraints
if (session instanceof ExtendedSSLSession) {
engine, localSupportedSignAlgs, false);
} else {
new SSLAlgorithmConstraints(engine, false);
}
} else {
}
}
if (isClient) {
} else {
}
}
}
private void showTrustedCerts() {
+ cert.getSubjectX500Principal());
+ cert.getIssuerX500Principal());
+ "; Serial number: 0x"
+ cert.getNotAfter());
}
}
}
Validator v;
if (pkixParams == null) {
} else {
}
return v;
}
try {
} finally {
}
}
/*
* Identify the peer by its certificate and hostname.
*
* Lifted from sun.net.www.protocol.https.HttpsClient.
*/
// if IPv6 strip off the "[]"
}
} else {
throw new CertificateException(
"Unknown identification algorithm: " + algorithm);
}
}
}
}