14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.util;
27
28 import sun.security.validator.Validator;
29
30 import java.security.AlgorithmParameters;
31 import java.security.Key;
32 import java.security.Timestamp;
33 import java.security.cert.X509Certificate;
34 import java.util.Date;
35
36 /**
37 * This class contains parameters for checking against constraints that extend
38 * past the publicly available parameters in java.security.AlgorithmConstraints.
39
40 * This is currently on passed between between PKIX, AlgorithmChecker,
41 * and DisabledAlgorithmConstraints.
42 */
43 public class ConstraintsParameters {
44 /*
45 * The below 3 values are used the same as the permit() methods
46 * published in java.security.AlgorithmConstraints.
47 */
48 // Algorithm string to be checked against constraints
49 private final String algorithm;
50 // AlgorithmParameters to the algorithm being checked
51 private final AlgorithmParameters algParams;
52 // Public Key being checked against constraints
53 private final Key publicKey;
54
55 /*
56 * New values that are checked against constraints that the current public
57 * API does not support.
58 */
59 // A certificate being passed to check against constraints.
60 private final X509Certificate cert;
61 // This is true if the trust anchor in the certificate chain matches a cert
62 // in AnchorCertificates
63 private final boolean trustedMatch;
64 // PKIXParameter date
65 private final Date pkixDate;
66 // Timestamp of the signed JAR file
67 private final Timestamp jarTimestamp;
68 private final String variant;
69
70 public ConstraintsParameters(X509Certificate c, boolean match,
71 Date pkixdate, Timestamp jarTime, String variant) {
72 cert = c;
73 trustedMatch = match;
74 pkixDate = pkixdate;
75 jarTimestamp = jarTime;
76 this.variant = (variant == null ? Validator.VAR_GENERIC : variant);
77 algorithm = null;
78 algParams = null;
79 publicKey = null;
80 }
81
82 public ConstraintsParameters(String algorithm, AlgorithmParameters params,
83 Key key, String variant) {
84 this.algorithm = algorithm;
85 algParams = params;
86 this.publicKey = key;
87 cert = null;
88 trustedMatch = false;
89 pkixDate = null;
90 jarTimestamp = null;
91 this.variant = (variant == null ? Validator.VAR_GENERIC : variant);
92 }
93
94
95 public ConstraintsParameters(X509Certificate c) {
96 this(c, false, null, null,
97 Validator.VAR_GENERIC);
98 }
99
100 public ConstraintsParameters(Timestamp jarTime) {
101 this(null, false, null, jarTime, Validator.VAR_GENERIC);
102 }
103
104 public String getAlgorithm() {
105 return algorithm;
106 }
107
108 public AlgorithmParameters getAlgParams() {
109 return algParams;
110 }
111
112 public Key getPublicKey() {
113 return publicKey;
114 }
115 // Returns if the trust anchor has a match if anchor checking is enabled.
116 public boolean isTrustedMatch() {
117 return trustedMatch;
118 }
119
120 public X509Certificate getCertificate() {
121 return cert;
122 }
123
124 public Date getPKIXParamDate() {
125 return pkixDate;
126 }
127
128 public Timestamp getJARTimestamp() {
129 return jarTimestamp;
130 }
131
132 public String getVariant() {
133 return variant;
134 }
135 }
|
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.util;
27
28 import sun.security.validator.Validator;
29
30 import java.security.AlgorithmParameters;
31 import java.security.Key;
32 import java.security.Timestamp;
33 import java.security.cert.X509Certificate;
34 import java.security.interfaces.ECKey;
35 import java.util.Date;
36
37 /**
38 * This class contains parameters for checking against constraints that extend
39 * past the publicly available parameters in java.security.AlgorithmConstraints.
40
41 * This is currently on passed between between PKIX, AlgorithmChecker,
42 * and DisabledAlgorithmConstraints.
43 */
44 public class ConstraintsParameters {
45 /*
46 * The below 3 values are used the same as the permit() methods
47 * published in java.security.AlgorithmConstraints.
48 */
49 // Algorithm string to be checked against constraints
50 private final String algorithm;
51 // AlgorithmParameters to the algorithm being checked
52 private final AlgorithmParameters algParams;
53 // Key being checked against constraints
54 private final Key key;
55
56 /*
57 * New values that are checked against constraints that the current public
58 * API does not support.
59 */
60 // A certificate being passed to check against constraints.
61 private final X509Certificate cert;
62 // This is true if the trust anchor in the certificate chain matches a cert
63 // in AnchorCertificates
64 private final boolean trustedMatch;
65 // PKIXParameter date
66 private final Date pkixDate;
67 // Timestamp of the signed JAR file
68 private final Timestamp jarTimestamp;
69 private final String variant;
70 // Named Curve
71 private final String[] curveStr;
72 private static final String[] EMPTYLIST = new String[0];
73
74 public ConstraintsParameters(X509Certificate c, boolean match,
75 Date pkixdate, Timestamp jarTime, String variant) {
76 cert = c;
77 trustedMatch = match;
78 pkixDate = pkixdate;
79 jarTimestamp = jarTime;
80 this.variant = (variant == null ? Validator.VAR_GENERIC : variant);
81 algorithm = null;
82 algParams = null;
83 key = null;
84 if (c != null) {
85 curveStr = getNamedCurveFromKey(c.getPublicKey());
86 } else {
87 curveStr = EMPTYLIST;
88 }
89 }
90
91 public ConstraintsParameters(String algorithm, AlgorithmParameters params,
92 Key key, String variant) {
93 this.algorithm = algorithm;
94 algParams = params;
95 this.key = key;
96 curveStr = getNamedCurveFromKey(key);
97 cert = null;
98 trustedMatch = false;
99 pkixDate = null;
100 jarTimestamp = null;
101 this.variant = (variant == null ? Validator.VAR_GENERIC : variant);
102 }
103
104
105 public ConstraintsParameters(X509Certificate c) {
106 this(c, false, null, null,
107 Validator.VAR_GENERIC);
108 }
109
110 public ConstraintsParameters(Timestamp jarTime) {
111 this(null, false, null, jarTime, Validator.VAR_GENERIC);
112 }
113
114 public String getAlgorithm() {
115 return algorithm;
116 }
117
118 public AlgorithmParameters getAlgParams() {
119 return algParams;
120 }
121
122 public Key getKey() {
123 return key;
124 }
125
126 // Returns if the trust anchor has a match if anchor checking is enabled.
127 public boolean isTrustedMatch() {
128 return trustedMatch;
129 }
130
131 public X509Certificate getCertificate() {
132 return cert;
133 }
134
135 public Date getPKIXParamDate() {
136 return pkixDate;
137 }
138
139 public Timestamp getJARTimestamp() {
140 return jarTimestamp;
141 }
142
143 public String getVariant() {
144 return variant;
145 }
146
147 public String[] getNamedCurve() {
148 return curveStr;
149 }
150
151 public static String[] getNamedCurveFromKey(Key key) {
152 if (key instanceof ECKey) {
153 NamedCurve nc = CurveDB.lookup(((ECKey)key).getParams());
154 return (nc == null ? EMPTYLIST : CurveDB.getNamesByOID(nc.getObjectId()));
155 } else {
156 return EMPTYLIST;
157 }
158 }
159
160 public String toString() {
161 StringBuilder s = new StringBuilder();
162 s.append("Cert: ");
163 if (cert != null) {
164 s.append(cert.toString());
165 s.append("\nSigAlgo: ");
166 s.append(cert.getSigAlgName());
167 } else {
168 s.append("None");
169 }
170 s.append("\nAlgParams: ");
171 if (getAlgParams() != null) {
172 getAlgParams().toString();
173 } else {
174 s.append("None");
175 }
176 s.append("\nNamedCurves: ");
177 for (String c : getNamedCurve()) {
178 s.append(c + " ");
179 }
180 s.append("\nVariant: " + getVariant());
181 return s.toString();
182 }
183
184 }
|