1/*
2 * Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.  Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26package sun.security.util;
27
28import sun.security.validator.Validator;
29
30import java.security.AlgorithmParameters;
31import java.security.Key;
32import java.security.Timestamp;
33import java.security.cert.X509Certificate;
34import java.util.Date;
35
36/**
37 * This class contains parameters for checking against constraints that extend
38 * past the publicly available parameters in java.security.AlgorithmConstraints.
39
40 * This is currently on passed between  between PKIX, AlgorithmChecker,
41 * and DisabledAlgorithmConstraints.
42 */
43public class ConstraintsParameters {
44    /*
45     * The below 3 values are used the same as the permit() methods
46     * published in java.security.AlgorithmConstraints.
47     */
48    // Algorithm string to be checked against constraints
49    private final String algorithm;
50    // AlgorithmParameters to the algorithm being checked
51    private final AlgorithmParameters algParams;
52    // Public Key being checked against constraints
53    private final Key publicKey;
54
55    /*
56     * New values that are checked against constraints that the current public
57     * API does not support.
58     */
59    // A certificate being passed to check against constraints.
60    private final X509Certificate cert;
61    // This is true if the trust anchor in the certificate chain matches a cert
62    // in AnchorCertificates
63    private final boolean trustedMatch;
64    // PKIXParameter date
65    private final Date pkixDate;
66    // Timestamp of the signed JAR file
67    private final Timestamp jarTimestamp;
68    private final String variant;
69
70    public ConstraintsParameters(X509Certificate c, boolean match,
71            Date pkixdate, Timestamp jarTime, String variant) {
72        cert = c;
73        trustedMatch = match;
74        pkixDate = pkixdate;
75        jarTimestamp = jarTime;
76        this.variant = (variant == null ? Validator.VAR_GENERIC : variant);
77        algorithm = null;
78        algParams = null;
79        publicKey = null;
80    }
81
82    public ConstraintsParameters(String algorithm, AlgorithmParameters params,
83            Key key, String variant) {
84        this.algorithm = algorithm;
85        algParams = params;
86        this.publicKey = key;
87        cert = null;
88        trustedMatch = false;
89        pkixDate = null;
90        jarTimestamp = null;
91        this.variant = (variant == null ? Validator.VAR_GENERIC : variant);
92    }
93
94
95    public ConstraintsParameters(X509Certificate c) {
96        this(c, false, null, null,
97                Validator.VAR_GENERIC);
98    }
99
100    public ConstraintsParameters(Timestamp jarTime) {
101        this(null, false, null, jarTime, Validator.VAR_GENERIC);
102    }
103
104    public String getAlgorithm() {
105        return algorithm;
106    }
107
108    public AlgorithmParameters getAlgParams() {
109        return algParams;
110    }
111
112    public Key getPublicKey() {
113        return publicKey;
114    }
115    // Returns if the trust anchor has a match if anchor checking is enabled.
116    public boolean isTrustedMatch() {
117        return trustedMatch;
118    }
119
120    public X509Certificate getCertificate() {
121        return cert;
122    }
123
124    public Date getPKIXParamDate() {
125        return pkixDate;
126    }
127
128    public Timestamp getJARTimestamp() {
129        return jarTimestamp;
130    }
131
132    public String getVariant() {
133        return variant;
134    }
135}
136