18b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak/* 28b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. 38b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 48b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak * 58b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak * This code is free software; you can redistribute it and/or modify it 68b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak * under the terms of the GNU General Public License version 2 only, as 78b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak * published by the Free Software Foundation. Oracle designates this 88b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak * particular file as subject to the "Classpath" exception as provided 98b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak * by Oracle in the LICENSE file that accompanied this code. 108b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak * 118b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak * This code is distributed in the hope that it will be useful, but WITHOUT 128b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 138b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 148b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak * version 2 for more details (a copy is included in the LICENSE file that 158b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak * accompanied this code). 168b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak * 178b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak * You should have received a copy of the GNU General Public License version 188b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak * 2 along with this work; if not, write to the Free Software Foundation, 198b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 208b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak * 218b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 228b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak * or visit www.oracle.com if you need additional information or have any 238b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak * questions. 248b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak */ 258b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak 268b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniakpackage sun.security.util; 278b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak 288b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniakimport java.security.cert.X509Certificate; 298b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak 308b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak/** 318b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak * This class is a wrapper for keeping state and passing objects between PKIX, 328b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak * AlgorithmChecker, and DisabledAlgorithmConstraints. 338b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak */ 348b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniakpublic class CertConstraintParameters { 358b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak // A certificate being passed to check against constraints. 368b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak private final X509Certificate cert; 378b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak 388b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak // This is true if the trust anchor in the certificate chain matches a cert 398b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak // in AnchorCertificates 408b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak private final boolean trustedMatch; 418b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak 428b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak public CertConstraintParameters(X509Certificate c, boolean match) { 438b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak cert = c; 448b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak trustedMatch = match; 458b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak } 468b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak 478b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak public CertConstraintParameters(X509Certificate c) { 488b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak this(c, false); 498b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak } 508b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak 518b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak // Returns if the trust anchor has a match if anchor checking is enabled. 528b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak public boolean isTrustedMatch() { 538b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak return trustedMatch; 548b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak } 558b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak 568b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak public X509Certificate getCertificate() { 578b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak return cert; 588b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak } 598b5ba217ca0e811a8e8602666b10f3b3e0bcc62cPrzemyslaw Szczepaniak} 60