1 /* 2 * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package java.security; 27 28 import java.util.Set; 29 30 /** 31 * This interface specifies constraints for cryptographic algorithms, 32 * keys (key sizes), and other algorithm parameters. 33 * <p> 34 * {@code AlgorithmConstraints} objects are immutable. An implementation 35 * of this interface should not provide methods that can change the state 36 * of an instance once it has been created. 37 * <p> 38 * Note that {@code AlgorithmConstraints} can be used to represent the 39 * restrictions described by the security properties 40 * {@code jdk.certpath.disabledAlgorithms} and 41 * {@code jdk.tls.disabledAlgorithms}, or could be used by a 42 * concrete {@code PKIXCertPathChecker} to check whether a specified 43 * certificate in the certification path contains the required algorithm 44 * constraints. 45 * 46 * @see javax.net.ssl.SSLParameters#getAlgorithmConstraints 47 * @see javax.net.ssl.SSLParameters#setAlgorithmConstraints(AlgorithmConstraints) 48 * 49 * @since 1.7 50 */ 51 52 public interface AlgorithmConstraints { 53 54 /** 55 * Determines whether an algorithm is granted permission for the 56 * specified cryptographic primitives. 57 * 58 * @param primitives a set of cryptographic primitives 59 * @param algorithm the algorithm name 60 * @param parameters the algorithm parameters, or null if no additional 61 * parameters 62 * 63 * @return true if the algorithm is permitted and can be used for all 64 * of the specified cryptographic primitives 65 * 66 * @throws IllegalArgumentException if primitives or algorithm is null 67 * or empty 68 */ permits(Set<CryptoPrimitive> primitives, String algorithm, AlgorithmParameters parameters)69 public boolean permits(Set<CryptoPrimitive> primitives, 70 String algorithm, AlgorithmParameters parameters); 71 72 /** 73 * Determines whether a key is granted permission for the specified 74 * cryptographic primitives. 75 * <p> 76 * This method is usually used to check key size and key usage. 77 * 78 * @param primitives a set of cryptographic primitives 79 * @param key the key 80 * 81 * @return true if the key can be used for all of the specified 82 * cryptographic primitives 83 * 84 * @throws IllegalArgumentException if primitives is null or empty, 85 * or the key is null 86 */ permits(Set<CryptoPrimitive> primitives, Key key)87 public boolean permits(Set<CryptoPrimitive> primitives, Key key); 88 89 /** 90 * Determines whether an algorithm and the corresponding key are granted 91 * permission for the specified cryptographic primitives. 92 * 93 * @param primitives a set of cryptographic primitives 94 * @param algorithm the algorithm name 95 * @param key the key 96 * @param parameters the algorithm parameters, or null if no additional 97 * parameters 98 * 99 * @return true if the key and the algorithm can be used for all of the 100 * specified cryptographic primitives 101 * 102 * @throws IllegalArgumentException if primitives or algorithm is null 103 * or empty, or the key is null 104 */ permits(Set<CryptoPrimitive> primitives, String algorithm, Key key, AlgorithmParameters parameters)105 public boolean permits(Set<CryptoPrimitive> primitives, 106 String algorithm, Key key, AlgorithmParameters parameters); 107 108 } 109