public class TrustAnchor extends Object
It is a trusted certificate authority (CA) and includes the public key of the CA, the CA's name and the constraints for the validation of certification paths. The constructor also allows to specify a binary representation of a so called "Name Constraints" extension as a byte array.
Constructor and Description |
---|
TrustAnchor(String caName,
PublicKey caPublicKey,
byte[] nameConstraints)
Creates a new
TrustAnchor with the specified certificate
authority name, its public key and the specified name constraints. |
TrustAnchor(X500Principal caPrincipal,
PublicKey caPublicKey,
byte[] nameConstraints)
Creates a new
TrustAnchor with the specified certificate
authority name as principal, its public key and the specified name
constraints. |
TrustAnchor(X509Certificate trustedCert,
byte[] nameConstraints)
Creates a new
TrustAnchor with the specified certificate and name
constraints. |
Modifier and Type | Method and Description |
---|---|
X500Principal |
getCA()
Returns the name of the certificate authority as
X500Principal . |
String |
getCAName()
Returns the name of the certificate authority as
String in RFC
2253 format. |
PublicKey |
getCAPublicKey()
Returns the public key of the certificate authority.
|
byte[] |
getNameConstraints()
Returns a copy of the name constraints in ASN.1 DER encoded form.
|
X509Certificate |
getTrustedCert()
Returns the certificate of this trusted certificate authority.
|
String |
toString()
Returns a string representation of this
TrustAnchor instance. |
public TrustAnchor(X509Certificate trustedCert, byte[] nameConstraints)
TrustAnchor
with the specified certificate and name
constraints.
The name constraints will be used as additional constraints during the validation of certification paths.
trustedCert
- the trusted certificatenameConstraints
- the ASN.1 DER encoded form of the name constraints or null
if none.IllegalArgumentException
- if the decoding of the name constraints fail.public TrustAnchor(String caName, PublicKey caPublicKey, byte[] nameConstraints)
TrustAnchor
with the specified certificate
authority name, its public key and the specified name constraints.
The name constraints will be used as additional constraints during the validation of certification paths.
caName
- the X.500 name of the certificate authority in RFC 2253
String
format.caPublicKey
- the public key of the certificate authoritynameConstraints
- the ASN.1 DER encoded form of the name constraints or null
if none.IllegalArgumentException
- if the caName
is empty or if decoding of the name
constraints fail.public TrustAnchor(X500Principal caPrincipal, PublicKey caPublicKey, byte[] nameConstraints)
TrustAnchor
with the specified certificate
authority name as principal, its public key and the specified name
constraints.
The name constraints will be used as additional constraints during the validation of certification paths.
caPrincipal
- the name of the certificate authority as X500 principal.caPublicKey
- the public key of the certificate authority.nameConstraints
- the ASN.1 DER encoded form of the name constraints or null
if none.IllegalArgumentException
- if decoding of the name constraints fail.public final byte[] getNameConstraints()
public final X509Certificate getTrustedCert()
null
, if the trust anchor
of this instance was not created with a certificate.public final X500Principal getCA()
X500Principal
.null
if the
trust anchor of this instance was not created with a X500Principal
.public final String getCAName()
String
in RFC
2253 format.String
in RFC
2253 format or null
if the trust anchor of this instance
was not created with a CA name.public final PublicKey getCAPublicKey()
null
if
the trust anchor if this instance was not created with a public
key.