1 /* 2 * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.provider.certpath; 27 28 import java.net.URI; 29 import java.util.Collection; 30 import java.util.HashMap; 31 import java.util.Map; 32 import java.security.AccessController; 33 import java.security.NoSuchAlgorithmException; 34 import java.security.InvalidAlgorithmParameterException; 35 import java.security.PrivilegedActionException; 36 import java.security.PrivilegedExceptionAction; 37 import java.security.cert.CertStore; 38 import java.security.cert.CertStoreException; 39 import java.security.cert.X509CertSelector; 40 import java.security.cert.X509CRLSelector; 41 import javax.security.auth.x500.X500Principal; 42 import java.io.IOException; 43 44 import sun.security.util.Cache; 45 46 /** 47 * Helper used by URICertStore and others when delegating to another CertStore 48 * to fetch certs and CRLs. 49 */ 50 51 public abstract class CertStoreHelper { 52 53 private static final int NUM_TYPES = 2; 54 private final static Map<String,String> classMap = new HashMap<>(NUM_TYPES); 55 static { 56 classMap.put( 57 "LDAP", 58 "sun.security.provider.certpath.ldap.LDAPCertStoreHelper"); 59 classMap.put( 60 "SSLServer", 61 "sun.security.provider.certpath.ssl.SSLServerCertStoreHelper"); 62 }; 63 private static Cache<String, CertStoreHelper> cache 64 = Cache.newSoftMemoryCache(NUM_TYPES); 65 getInstance(final String type)66 public static CertStoreHelper getInstance(final String type) 67 throws NoSuchAlgorithmException 68 { 69 CertStoreHelper helper = cache.get(type); 70 if (helper != null) { 71 return helper; 72 } 73 final String cl = classMap.get(type); 74 if (cl == null) { 75 throw new NoSuchAlgorithmException(type + " not available"); 76 } 77 try { 78 helper = AccessController.doPrivileged( 79 new PrivilegedExceptionAction<CertStoreHelper>() { 80 public CertStoreHelper run() throws ClassNotFoundException { 81 try { 82 Class<?> c = Class.forName(cl, true, null); 83 CertStoreHelper csh 84 = (CertStoreHelper)c.newInstance(); 85 cache.put(type, csh); 86 return csh; 87 } catch (InstantiationException | 88 IllegalAccessException e) { 89 throw new AssertionError(e); 90 } 91 } 92 }); 93 return helper; 94 } catch (PrivilegedActionException e) { 95 throw new NoSuchAlgorithmException(type + " not available", 96 e.getException()); 97 } 98 } 99 isCausedByNetworkIssue(String type, CertStoreException cse)100 static boolean isCausedByNetworkIssue(String type, CertStoreException cse) { 101 switch (type) { 102 case "LDAP": 103 case "SSLServer": 104 try { 105 CertStoreHelper csh = CertStoreHelper.getInstance(type); 106 return csh.isCausedByNetworkIssue(cse); 107 } catch (NoSuchAlgorithmException nsae) { 108 return false; 109 } 110 case "URI": 111 Throwable t = cse.getCause(); 112 return (t != null && t instanceof IOException); 113 default: 114 // we don't know about any other remote CertStore types 115 return false; 116 } 117 } 118 119 /** 120 * Returns a CertStore using the given URI as parameters. 121 */ getCertStore(URI uri)122 public abstract CertStore getCertStore(URI uri) 123 throws NoSuchAlgorithmException, InvalidAlgorithmParameterException; 124 125 /** 126 * Wraps an existing X509CertSelector when needing to avoid DN matching 127 * issues. 128 */ wrap(X509CertSelector selector, X500Principal certSubject, String dn)129 public abstract X509CertSelector wrap(X509CertSelector selector, 130 X500Principal certSubject, 131 String dn) 132 throws IOException; 133 134 /** 135 * Wraps an existing X509CRLSelector when needing to avoid DN matching 136 * issues. 137 */ wrap(X509CRLSelector selector, Collection<X500Principal> certIssuers, String dn)138 public abstract X509CRLSelector wrap(X509CRLSelector selector, 139 Collection<X500Principal> certIssuers, 140 String dn) 141 throws IOException; 142 143 /** 144 * Returns true if the cause of the CertStoreException is a network 145 * related issue. 146 */ isCausedByNetworkIssue(CertStoreException e)147 public abstract boolean isCausedByNetworkIssue(CertStoreException e); 148 } 149