1/* 2 * Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26package sun.security.util; 27 28import sun.security.validator.Validator; 29 30import java.security.AlgorithmParameters; 31import java.security.Key; 32import java.security.Timestamp; 33import java.security.cert.X509Certificate; 34import java.util.Date; 35 36/** 37 * This class contains parameters for checking against constraints that extend 38 * past the publicly available parameters in java.security.AlgorithmConstraints. 39 40 * This is currently on passed between between PKIX, AlgorithmChecker, 41 * and DisabledAlgorithmConstraints. 42 */ 43public class ConstraintsParameters { 44 /* 45 * The below 3 values are used the same as the permit() methods 46 * published in java.security.AlgorithmConstraints. 47 */ 48 // Algorithm string to be checked against constraints 49 private final String algorithm; 50 // AlgorithmParameters to the algorithm being checked 51 private final AlgorithmParameters algParams; 52 // Public Key being checked against constraints 53 private final Key publicKey; 54 55 /* 56 * New values that are checked against constraints that the current public 57 * API does not support. 58 */ 59 // A certificate being passed to check against constraints. 60 private final X509Certificate cert; 61 // This is true if the trust anchor in the certificate chain matches a cert 62 // in AnchorCertificates 63 private final boolean trustedMatch; 64 // PKIXParameter date 65 private final Date pkixDate; 66 // Timestamp of the signed JAR file 67 private final Timestamp jarTimestamp; 68 private final String variant; 69 70 public ConstraintsParameters(X509Certificate c, boolean match, 71 Date pkixdate, Timestamp jarTime, String variant) { 72 cert = c; 73 trustedMatch = match; 74 pkixDate = pkixdate; 75 jarTimestamp = jarTime; 76 this.variant = (variant == null ? Validator.VAR_GENERIC : variant); 77 algorithm = null; 78 algParams = null; 79 publicKey = null; 80 } 81 82 public ConstraintsParameters(String algorithm, AlgorithmParameters params, 83 Key key, String variant) { 84 this.algorithm = algorithm; 85 algParams = params; 86 this.publicKey = key; 87 cert = null; 88 trustedMatch = false; 89 pkixDate = null; 90 jarTimestamp = null; 91 this.variant = (variant == null ? Validator.VAR_GENERIC : variant); 92 } 93 94 95 public ConstraintsParameters(X509Certificate c) { 96 this(c, false, null, null, 97 Validator.VAR_GENERIC); 98 } 99 100 public ConstraintsParameters(Timestamp jarTime) { 101 this(null, false, null, jarTime, Validator.VAR_GENERIC); 102 } 103 104 public String getAlgorithm() { 105 return algorithm; 106 } 107 108 public AlgorithmParameters getAlgParams() { 109 return algParams; 110 } 111 112 public Key getPublicKey() { 113 return publicKey; 114 } 115 // Returns if the trust anchor has a match if anchor checking is enabled. 116 public boolean isTrustedMatch() { 117 return trustedMatch; 118 } 119 120 public X509Certificate getCertificate() { 121 return cert; 122 } 123 124 public Date getPKIXParamDate() { 125 return pkixDate; 126 } 127 128 public Timestamp getJARTimestamp() { 129 return jarTimestamp; 130 } 131 132 public String getVariant() { 133 return variant; 134 } 135} 136