1 /*
2  * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4  *
5  * This code is free software; you can redistribute it and/or modify it
6  * under the terms of the GNU General Public License version 2 only, as
7  * published by the Free Software Foundation.  Oracle designates this
8  * particular file as subject to the "Classpath" exception as provided
9  * by Oracle in the LICENSE file that accompanied this code.
10  *
11  * This code is distributed in the hope that it will be useful, but WITHOUT
12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14  * version 2 for more details (a copy is included in the LICENSE file that
15  * accompanied this code).
16  *
17  * You should have received a copy of the GNU General Public License version
18  * 2 along with this work; if not, write to the Free Software Foundation,
19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20  *
21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22  * or visit www.oracle.com if you need additional information or have any
23  * questions.
24  */
25 
26 package java.security;
27 
28 import java.util.Set;
29 
30 /**
31  * This interface specifies constraints for cryptographic algorithms,
32  * keys (key sizes), and other algorithm parameters.
33  * <p>
34  * {@code AlgorithmConstraints} objects are immutable.  An implementation
35  * of this interface should not provide methods that can change the state
36  * of an instance once it has been created.
37  * <p>
38  * Note that {@code AlgorithmConstraints} can be used to represent the
39  * restrictions described by the security properties
40  * {@code jdk.certpath.disabledAlgorithms} and
41  * {@code jdk.tls.disabledAlgorithms}, or could be used by a
42  * concrete {@code PKIXCertPathChecker} to check whether a specified
43  * certificate in the certification path contains the required algorithm
44  * constraints.
45  *
46  * @see javax.net.ssl.SSLParameters#getAlgorithmConstraints
47  * @see javax.net.ssl.SSLParameters#setAlgorithmConstraints(AlgorithmConstraints)
48  *
49  * @since 1.7
50  */
51 
52 public interface AlgorithmConstraints {
53 
54     /**
55      * Determines whether an algorithm is granted permission for the
56      * specified cryptographic primitives.
57      *
58      * @param primitives a set of cryptographic primitives
59      * @param algorithm the algorithm name
60      * @param parameters the algorithm parameters, or null if no additional
61      *     parameters
62      *
63      * @return true if the algorithm is permitted and can be used for all
64      *     of the specified cryptographic primitives
65      *
66      * @throws IllegalArgumentException if primitives or algorithm is null
67      *     or empty
68      */
permits(Set<CryptoPrimitive> primitives, String algorithm, AlgorithmParameters parameters)69     public boolean permits(Set<CryptoPrimitive> primitives,
70             String algorithm, AlgorithmParameters parameters);
71 
72     /**
73      * Determines whether a key is granted permission for the specified
74      * cryptographic primitives.
75      * <p>
76      * This method is usually used to check key size and key usage.
77      *
78      * @param primitives a set of cryptographic primitives
79      * @param key the key
80      *
81      * @return true if the key can be used for all of the specified
82      *     cryptographic primitives
83      *
84      * @throws IllegalArgumentException if primitives is null or empty,
85      *     or the key is null
86      */
permits(Set<CryptoPrimitive> primitives, Key key)87     public boolean permits(Set<CryptoPrimitive> primitives, Key key);
88 
89     /**
90      * Determines whether an algorithm and the corresponding key are granted
91      * permission for the specified cryptographic primitives.
92      *
93      * @param primitives a set of cryptographic primitives
94      * @param algorithm the algorithm name
95      * @param key the key
96      * @param parameters the algorithm parameters, or null if no additional
97      *     parameters
98      *
99      * @return true if the key and the algorithm can be used for all of the
100      *     specified cryptographic primitives
101      *
102      * @throws IllegalArgumentException if primitives or algorithm is null
103      *     or empty, or the key is null
104      */
permits(Set<CryptoPrimitive> primitives, String algorithm, Key key, AlgorithmParameters parameters)105     public boolean permits(Set<CryptoPrimitive> primitives,
106                 String algorithm, Key key, AlgorithmParameters parameters);
107 
108 }
109