Package java.security.cert

Class TrustAnchor

  • public class TrustAnchor
extends Object
    This class represents a trust anchor for validation of X.509 certification path.

    It is a trusted certificate authority (CA) and includes the public key of the CA, the CA's name and the constraints for the validation of certification paths. The constructor also allows to specify a binary representation of a so called "Name Constraints" extension as a byte array.

    • Constructor Detail

      • TrustAnchor

        public TrustAnchor​(X509Certificate trustedCert,
                   byte[] nameConstraints)
        Creates a new TrustAnchor with the specified certificate and name constraints.

        The name constraints will be used as additional constraints during the validation of certification paths.

        Parameters:
        trustedCert - the trusted certificate
        nameConstraints - the ASN.1 DER encoded form of the name constraints or null if none.
        Throws:
        IllegalArgumentException - if the decoding of the name constraints fail.

      • TrustAnchor

        public TrustAnchor​(String caName,
                   PublicKey caPublicKey,
                   byte[] nameConstraints)
        Creates a new TrustAnchor with the specified certificate authority name, its public key and the specified name constraints.

        The name constraints will be used as additional constraints during the validation of certification paths.

        Parameters:
        caName - the X.500 name of the certificate authority in RFC 2253 String format.
        caPublicKey - the public key of the certificate authority
        nameConstraints - the ASN.1 DER encoded form of the name constraints or null if none.
        Throws:
        IllegalArgumentException - if the caName is empty or if decoding of the name constraints fail.

      • TrustAnchor

        public TrustAnchor​(X500Principal caPrincipal,
                   PublicKey caPublicKey,
                   byte[] nameConstraints)
        Creates a new TrustAnchor with the specified certificate authority name as principal, its public key and the specified name constraints.

        The name constraints will be used as additional constraints during the validation of certification paths.

        Parameters:
        caPrincipal - the name of the certificate authority as X500 principal.
        caPublicKey - the public key of the certificate authority.
        nameConstraints - the ASN.1 DER encoded form of the name constraints or null if none.
        Throws:
        IllegalArgumentException - if decoding of the name constraints fail.

    • Method Detail

      • getNameConstraints

        public final byte[] getNameConstraints()
        Returns a copy of the name constraints in ASN.1 DER encoded form.
        Returns:
        a copy of the name constraints in ASN.1 DER encoded form.

      • getTrustedCert

        public final X509Certificate getTrustedCert()
        Returns the certificate of this trusted certificate authority.
        Returns:
        the certificate of this CA or null, if the trust anchor of this instance was not created with a certificate.

      • getCA

        public final X500Principal getCA()
        Returns the name of the certificate authority as X500Principal.
        Returns:
        the name of the certificate authority or null if the trust anchor of this instance was not created with a X500Principal.

      • getCAName

        public final String getCAName()
        Returns the name of the certificate authority as String in RFC 2253 format.
        Returns:
        the name of the certificate authority as String in RFC 2253 format or null if the trust anchor of this instance was not created with a CA name.

      • getCAPublicKey

        public final PublicKey getCAPublicKey()
        Returns the public key of the certificate authority.
        Returns:
        the public key of the certificate authority or null if the trust anchor if this instance was not created with a public key.

      • toString

        public String toString()
        Returns a string representation of this TrustAnchor instance.
        Overrides:
        toString in class Object
        Returns:
        a string representation of this TrustAnchor instance.