Package java.security.cert

Class TrustAnchor

java.lang.Object
java.security.cert.TrustAnchor
public class TrustAnchor
extends Object
This class represents a trust anchor for validation of X.509 certification path.

It is a trusted certificate authority (CA) and includes the public key of the CA, the CA's name and the constraints for the validation of certification paths. The constructor also allows to specify a binary representation of a so called "Name Constraints" extension as a byte array.

  • Constructor Summary

    Constructors
    Constructor Description
    TrustAnchor​(String caName, PublicKey caPublicKey, byte[] nameConstraints)
    Creates a new TrustAnchor with the specified certificate authority name, its public key and the specified name constraints.
    TrustAnchor​(X509Certificate trustedCert, byte[] nameConstraints)
    Creates a new TrustAnchor with the specified certificate and name constraints.
    TrustAnchor​(X500Principal caPrincipal, PublicKey caPublicKey, byte[] nameConstraints)
    Creates a new TrustAnchor with the specified certificate authority name as principal, its public key and the specified name constraints.

  • Method Summary

    Modifier and Type Method Description
    X500Principal getCA()
    Returns the name of the certificate authority as X500Principal.
    String getCAName()
    Returns the name of the certificate authority as String in RFC 2253 format.
    PublicKey getCAPublicKey()
    Returns the public key of the certificate authority.
    byte[] getNameConstraints()
    Returns a copy of the name constraints in ASN.1 DER encoded form.
    X509Certificate getTrustedCert()
    Returns the certificate of this trusted certificate authority.
    String toString()
    Returns a string representation of this TrustAnchor instance.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

  • Constructor Details

    • TrustAnchor

      public TrustAnchor​(X509Certificate trustedCert, byte[] nameConstraints)
      Creates a new TrustAnchor with the specified certificate and name constraints.

      The name constraints will be used as additional constraints during the validation of certification paths.

      Parameters:
      trustedCert - the trusted certificate
      nameConstraints - the ASN.1 DER encoded form of the name constraints or null if none.
      Throws:
      IllegalArgumentException - if the decoding of the name constraints fail.

    • TrustAnchor

      public TrustAnchor​(String caName, PublicKey caPublicKey, byte[] nameConstraints)
      Creates a new TrustAnchor with the specified certificate authority name, its public key and the specified name constraints.

      The name constraints will be used as additional constraints during the validation of certification paths.

      Parameters:
      caName - the X.500 name of the certificate authority in RFC 2253 String format.
      caPublicKey - the public key of the certificate authority
      nameConstraints - the ASN.1 DER encoded form of the name constraints or null if none.
      Throws:
      IllegalArgumentException - if the caName is empty or if decoding of the name constraints fail.

    • TrustAnchor

      public TrustAnchor​(X500Principal caPrincipal, PublicKey caPublicKey, byte[] nameConstraints)
      Creates a new TrustAnchor with the specified certificate authority name as principal, its public key and the specified name constraints.

      The name constraints will be used as additional constraints during the validation of certification paths.

      Parameters:
      caPrincipal - the name of the certificate authority as X500 principal.
      caPublicKey - the public key of the certificate authority.
      nameConstraints - the ASN.1 DER encoded form of the name constraints or null if none.
      Throws:
      IllegalArgumentException - if decoding of the name constraints fail.

  • Method Details

    • getNameConstraints

      public final byte[] getNameConstraints()
      Returns a copy of the name constraints in ASN.1 DER encoded form.
      Returns:
      a copy of the name constraints in ASN.1 DER encoded form.

    • getTrustedCert

      public final X509Certificate getTrustedCert()
      Returns the certificate of this trusted certificate authority.
      Returns:
      the certificate of this CA or null, if the trust anchor of this instance was not created with a certificate.

    • getCA

      public final X500Principal getCA()
      Returns the name of the certificate authority as X500Principal.
      Returns:
      the name of the certificate authority or null if the trust anchor of this instance was not created with a X500Principal.

    • getCAName

      public final String getCAName()
      Returns the name of the certificate authority as String in RFC 2253 format.
      Returns:
      the name of the certificate authority as String in RFC 2253 format or null if the trust anchor of this instance was not created with a CA name.

    • getCAPublicKey

      public final PublicKey getCAPublicKey()
      Returns the public key of the certificate authority.
      Returns:
      the public key of the certificate authority or null if the trust anchor if this instance was not created with a public key.

    • toString

      public String toString()
      Returns a string representation of this TrustAnchor instance.
      Overrides:
      toString in class Object
      Returns:
      a string representation of this TrustAnchor instance.