1 /*

     2  * Copyright (c) 2016, 2017 Oracle and/or its affiliates. All rights reserved.

     3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

     4  *

     5  * This code is free software; you can redistribute it and/or modify it

     6  * under the terms of the GNU General Public License version 2 only, as

     7  * published by the Free Software Foundation.  Oracle designates this

     8  * particular file as subject to the "Classpath" exception as provided

     9  * by Oracle in the LICENSE file that accompanied this code.

    10  *

    11  * This code is distributed in the hope that it will be useful, but WITHOUT

    12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

    13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

    14  * version 2 for more details (a copy is included in the LICENSE file that

    15  * accompanied this code).

    16  *

    17  * You should have received a copy of the GNU General Public License version

    18  * 2 along with this work; if not, write to the Free Software Foundation,

    19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

    20  *

    21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

    22  * or visit www.oracle.com if you need additional information or have any

    23  * questions.

    24  */

    25 

    26 package sun.security.util;

    27 

    28 import sun.security.validator.Validator;

    29 

    30 import java.security.AlgorithmParameters;

    31 import java.security.Key;

    32 import java.security.Timestamp;

    33 import java.security.cert.X509Certificate;

    34 import java.util.Date;

    35 

    36 /**

    37  * This class contains parameters for checking against constraints that extend

    38  * past the publicly available parameters in java.security.AlgorithmConstraints.

    39 

    40  * This is currently on passed between  between PKIX, AlgorithmChecker,

    41  * and DisabledAlgorithmConstraints.

    42  */

    43 public class ConstraintsParameters {

    44     /*

    45      * The below 3 values are used the same as the permit() methods

    46      * published in java.security.AlgorithmConstraints.

    47      */

    48     // Algorithm string to be checked against constraints

    49     private final String algorithm;

    50     // AlgorithmParameters to the algorithm being checked

    51     private final AlgorithmParameters algParams;

    52     // Public Key being checked against constraints

    53     private final Key publicKey;

    54 

    55     /*

    56      * New values that are checked against constraints that the current public

    57      * API does not support.

    58      */

    59     // A certificate being passed to check against constraints.

    60     private final X509Certificate cert;

    61     // This is true if the trust anchor in the certificate chain matches a cert

    62     // in AnchorCertificates

    63     private final boolean trustedMatch;

    64     // PKIXParameter date

    65     private final Date pkixDate;

    66     // Timestamp of the signed JAR file

    67     private final Timestamp jarTimestamp;

    68     private final String variant;

    69 

    70     public ConstraintsParameters(X509Certificate c, boolean match,

    71             Date pkixdate, Timestamp jarTime, String variant) {

    72         cert = c;

    73         trustedMatch = match;

    74         pkixDate = pkixdate;

    75         jarTimestamp = jarTime;

    76         this.variant = (variant == null ? Validator.VAR_GENERIC : variant);

    77         algorithm = null;

    78         algParams = null;

    79         publicKey = null;

    80     }

    81 

    82     public ConstraintsParameters(String algorithm, AlgorithmParameters params,

    83             Key key, String variant) {

    84         this.algorithm = algorithm;

    85         algParams = params;

    86         this.publicKey = key;

    87         cert = null;

    88         trustedMatch = false;

    89         pkixDate = null;

    90         jarTimestamp = null;

    91         this.variant = (variant == null ? Validator.VAR_GENERIC : variant);

    92     }

    93 

    94 

    95     public ConstraintsParameters(X509Certificate c) {

    96         this(c, false, null, null,

    97                 Validator.VAR_GENERIC);

    98     }

    99 

   100     public ConstraintsParameters(Timestamp jarTime) {

   101         this(null, false, null, jarTime, Validator.VAR_GENERIC);

   102     }

   103 

   104     public String getAlgorithm() {

   105         return algorithm;

   106     }

   107 

   108     public AlgorithmParameters getAlgParams() {

   109         return algParams;

   110     }

   111 

   112     public Key getPublicKey() {

   113         return publicKey;

   114     }

   115     // Returns if the trust anchor has a match if anchor checking is enabled.

   116     public boolean isTrustedMatch() {

   117         return trustedMatch;

   118     }

   119 

   120     public X509Certificate getCertificate() {

   121         return cert;

   122     }

   123 

   124     public Date getPKIXParamDate() {

   125         return pkixDate;

   126     }

   127 

   128     public Timestamp getJARTimestamp() {

   129         return jarTimestamp;

   130     }

   131 

   132     public String getVariant() {

   133         return variant;

   134     }

   135 }