public class

TrustAnchor

extends Object
java.lang.Object
   ↳ java.security.cert.TrustAnchor

Class Overview

This class represents a trust anchor for validation of X.509 certification path.

It is a trusted certificate authority (CA) and includes the public key of the CA, the CA's name and the constraints for the validation of certification paths. The constructor also allows to specify a binary representation of a so called "Name Constraints" extension as a byte array.

Summary

Public Constructors
TrustAnchor(X509Certificate trustedCert, byte[] nameConstraints)
Creates a new TrustAnchor with the specified certificate and name constraints.
TrustAnchor(String caName, PublicKey caPublicKey, byte[] nameConstraints)
Creates a new TrustAnchor with the specified certificate authority name, its public key and the specified name constraints.
TrustAnchor(X500Principal caPrincipal, PublicKey caPublicKey, byte[] nameConstraints)
Creates a new TrustAnchor with the specified certificate authority name as principal, its public key and the specified name constraints.
Public Methods
final X500Principal getCA()
Returns the name of the certificate authority as X500Principal.
final String getCAName()
Returns the name of the certificate authority as String in RFC 2253 format.
final PublicKey getCAPublicKey()
Returns the public key of the certificate authority.
final byte[] getNameConstraints()
Returns a copy of the name constraints in ASN.1 DER encoded form.
final X509Certificate getTrustedCert()
Returns the certificate of this trusted certificate authority.
String toString()
Returns a string representation of this TrustAnchor instance.
[Expand]
Inherited Methods
From class java.lang.Object

Public Constructors

public TrustAnchor (X509Certificate trustedCert, byte[] nameConstraints)

Creates a new TrustAnchor with the specified certificate and name constraints.

The name constraints will be used as additional constraints during the validation of certification paths.

Parameters
trustedCert the trusted certificate
nameConstraints the ASN.1 DER encoded form of the name constraints or null if none.
Throws
IllegalArgumentException if the decoding of the name constraints fail.

public TrustAnchor (String caName, PublicKey caPublicKey, byte[] nameConstraints)

Creates a new TrustAnchor with the specified certificate authority name, its public key and the specified name constraints.

The name constraints will be used as additional constraints during the validation of certification paths.

Parameters
caName the X.500 name of the certificate authority in RFC 2253 String format.
caPublicKey the public key of the certificate authority
nameConstraints the ASN.1 DER encoded form of the name constraints or null if none.
Throws
IllegalArgumentException if the caName is empty or if decoding of the name constraints fail.

public TrustAnchor (X500Principal caPrincipal, PublicKey caPublicKey, byte[] nameConstraints)

Creates a new TrustAnchor with the specified certificate authority name as principal, its public key and the specified name constraints.

The name constraints will be used as additional constraints during the validation of certification paths.

Parameters
caPrincipal the name of the certificate authority as X500 principal.
caPublicKey the public key of the certificate authority.
nameConstraints the ASN.1 DER encoded form of the name constraints or null if none.
Throws
IllegalArgumentException if decoding of the name constraints fail.

Public Methods

public final X500Principal getCA ()

Returns the name of the certificate authority as X500Principal.

Returns
  • the name of the certificate authority or null if the trust anchor of this instance was not created with a X500Principal.

public final String getCAName ()

Returns the name of the certificate authority as String in RFC 2253 format.

Returns
  • the name of the certificate authority as String in RFC 2253 format or null if the trust anchor of this instance was not created with a CA name.

public final PublicKey getCAPublicKey ()

Returns the public key of the certificate authority.

Returns
  • the public key of the certificate authority or null if the trust anchor if this instance was not created with a public key.

public final byte[] getNameConstraints ()

Returns a copy of the name constraints in ASN.1 DER encoded form.

Returns
  • a copy of the name constraints in ASN.1 DER encoded form.

public final X509Certificate getTrustedCert ()

Returns the certificate of this trusted certificate authority.

Returns
  • the certificate of this CA or null, if the trust anchor of this instance was not created with a certificate.

public String toString ()

Returns a string representation of this TrustAnchor instance.

Returns
  • a string representation of this TrustAnchor instance.