/*
 * Copyright (c) 1999, 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

package sun.security.ssl;

import java.io.*;
import java.security.*;
import java.security.cert.*;
import java.util.*;
import javax.net.ssl.*;
import sun.security.validator.TrustStoreUtil;
import sun.security.validator.Validator;

abstract class TrustManagerFactoryImpl extends TrustManagerFactorySpi {

    private X509TrustManager trustManager = null;
    private boolean isInitialized = false;

    TrustManagerFactoryImpl() {
        // empty
    }

    @Override
    protected void engineInit(KeyStore ks) throws KeyStoreException {
        if (ks == null) {
            try {
                trustManager = getInstance(TrustStoreManager.getTrustedCerts());
            } catch (SecurityException se) {
                // eat security exceptions but report other throwables
                if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) {
                    SSLLogger.fine(
                            "SunX509: skip default keystore", se);
                }
            } catch (Error err) {
                if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) {
                    SSLLogger.fine(
                        "SunX509: skip default keystore", err);
                }
                throw err;
            } catch (RuntimeException re) {
                if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) {
                    SSLLogger.fine(
                        "SunX509: skip default keystor", re);
                }
                throw re;
            } catch (Exception e) {
                if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) {
                    SSLLogger.fine(
                        "SunX509: skip default keystore", e);
                }
                throw new KeyStoreException(
                    "problem accessing trust store", e);
            }
        } else {
            trustManager = getInstance(TrustStoreUtil.getTrustedCerts(ks));
        }

        isInitialized = true;
    }

    abstract X509TrustManager getInstance(
            Collection<X509Certificate> trustedCerts);

    abstract X509TrustManager getInstance(ManagerFactoryParameters spec)
            throws InvalidAlgorithmParameterException;

    @Override
    protected void engineInit(ManagerFactoryParameters spec) throws
            InvalidAlgorithmParameterException {
        trustManager = getInstance(spec);
        isInitialized = true;
    }

    
Returns one trust manager for each type of trust material.
/** * Returns one trust manager for each type of trust material. */
@Override protected TrustManager[] engineGetTrustManagers() { if (!isInitialized) { throw new IllegalStateException( "TrustManagerFactoryImpl is not initialized"); } return new TrustManager[] { trustManager }; } /* * Try to get an InputStream based on the file we pass in. */ private static FileInputStream getFileInputStream(final File file) throws Exception { return AccessController.doPrivileged( new PrivilegedExceptionAction<FileInputStream>() { @Override public FileInputStream run() throws Exception { try { if (file.exists()) { return new FileInputStream(file); } else { return null; } } catch (FileNotFoundException e) { // couldn't find it, oh well. return null; } } }); } public static final class SimpleFactory extends TrustManagerFactoryImpl { @Override X509TrustManager getInstance( Collection<X509Certificate> trustedCerts) { return new X509TrustManagerImpl( Validator.TYPE_SIMPLE, trustedCerts); } @Override X509TrustManager getInstance(ManagerFactoryParameters spec) throws InvalidAlgorithmParameterException { throw new InvalidAlgorithmParameterException ("SunX509 TrustManagerFactory does not use " + "ManagerFactoryParameters"); } } public static final class PKIXFactory extends TrustManagerFactoryImpl { @Override X509TrustManager getInstance( Collection<X509Certificate> trustedCerts) { return new X509TrustManagerImpl(Validator.TYPE_PKIX, trustedCerts); } @Override X509TrustManager getInstance(ManagerFactoryParameters spec) throws InvalidAlgorithmParameterException { if (spec instanceof CertPathTrustManagerParameters == false) { throw new InvalidAlgorithmParameterException ("Parameters must be CertPathTrustManagerParameters"); } CertPathParameters params = ((CertPathTrustManagerParameters)spec).getParameters(); if (params instanceof PKIXBuilderParameters == false) { throw new InvalidAlgorithmParameterException ("Encapsulated parameters must be PKIXBuilderParameters"); } PKIXBuilderParameters pkixParams = (PKIXBuilderParameters)params; return new X509TrustManagerImpl(Validator.TYPE_PKIX, pkixParams); } } }