TrustAnchorpublic class TrustAnchor extends Object This class represents a trust anchor for validation of X.509 certification
path.
It is a trusted certificate authority (CA) and includes the public key
of the CA, the CA's name and the constraints for the validation of
certification paths. The constructor also allows to specify a binary
representation of a so called "Name Constraints" extension as a byte array.
|
Fields Summary |
---|
private final X500Principal | caPrincipal | private final String | caName | private final PublicKey | caPublicKey | private final X509Certificate | trustedCert | private final byte[] | nameConstraints |
Constructors Summary |
---|
public TrustAnchor(X509Certificate trustedCert, byte[] nameConstraints)Creates a new {@code TrustAnchor} with the specified certificate and name
constraints.
The name constraints will be used as additional constraints during the
validation of certification paths.
if (trustedCert == null) {
throw new NullPointerException(Messages.getString("security.5C")); //$NON-NLS-1$
}
this.trustedCert = trustedCert;
// copy nameConstraints if not null
if (nameConstraints != null) {
this.nameConstraints = new byte[nameConstraints.length];
System.arraycopy(nameConstraints, 0,
this.nameConstraints, 0, this.nameConstraints.length);
processNameConstraints();
} else {
this.nameConstraints = null;
}
this.caName = null;
this.caPrincipal = null;
this.caPublicKey = null;
| public TrustAnchor(String caName, PublicKey caPublicKey, byte[] nameConstraints)Creates a new {@code TrustAnchor} with the specified certificate
authority name, its public key and the specified name constraints.
The name constraints will be used as additional constraints during the
validation of certification paths.
if (caName == null) {
throw new NullPointerException(Messages.getString("security.5D")); //$NON-NLS-1$
}
this.caName = caName;
if (caPublicKey == null) {
throw new NullPointerException(Messages.getString("security.5E")); //$NON-NLS-1$
}
this.caPublicKey = caPublicKey;
// copy nameConstraints if not null
if (nameConstraints != null) {
this.nameConstraints = new byte[nameConstraints.length];
System.arraycopy(nameConstraints, 0,
this.nameConstraints, 0, this.nameConstraints.length);
processNameConstraints();
} else {
this.nameConstraints = null;
}
this.trustedCert = null;
// X500Principal checks caName validity
if (caName.length() == 0) {
throw new IllegalArgumentException(
Messages.getString("security.5F")); //$NON-NLS-1$
}
this.caPrincipal = new X500Principal(this.caName);
| public TrustAnchor(X500Principal caPrincipal, PublicKey caPublicKey, byte[] nameConstraints)Creates a new {@code TrustAnchor} with the specified certificate
authority name as principal, its public key and the specified name
constraints.
The name constraints will be used as additional constraints during the
validation of certification paths.
if (caPrincipal == null) {
throw new NullPointerException(Messages.getString("security.60")); //$NON-NLS-1$
}
this.caPrincipal = caPrincipal;
if (caPublicKey == null) {
throw new NullPointerException(Messages.getString("security.5E")); //$NON-NLS-1$
}
this.caPublicKey = caPublicKey;
// copy nameConstraints if not null
if (nameConstraints != null) {
this.nameConstraints = new byte[nameConstraints.length];
System.arraycopy(nameConstraints, 0,
this.nameConstraints, 0, this.nameConstraints.length);
processNameConstraints();
} else {
this.nameConstraints = null;
}
this.trustedCert = null;
this.caName = caPrincipal.getName();
|
Methods Summary |
---|
public final javax.security.auth.x500.X500Principal | getCA()Returns the name of the certificate authority as {@code X500Principal}.
return caPrincipal;
| public final java.lang.String | getCAName()Returns the name of the certificate authority as {@code String} in RFC
2253 format.
return caName;
| public final java.security.PublicKey | getCAPublicKey()Returns the public key of the certificate authority.
return caPublicKey;
| public final byte[] | getNameConstraints()Returns a copy of the name constraints in ASN.1 DER encoded form.
if (nameConstraints == null) {
return null;
}
byte[] ret = new byte[nameConstraints.length];
System.arraycopy(nameConstraints, 0,
ret, 0, nameConstraints.length);
return ret;
| public final java.security.cert.X509Certificate | getTrustedCert()Returns the certificate of this trusted certificate authority.
return trustedCert;
| private void | processNameConstraints()
try {
// decode and check nameConstraints
NameConstraints.ASN1.decode(nameConstraints);
} catch (IOException e) {
throw new IllegalArgumentException(e.getMessage());
}
| public java.lang.String | toString()Returns a string representation of this {@code TrustAnchor} instance.
StringBuffer sb = new StringBuffer("TrustAnchor: [\n"); //$NON-NLS-1$
if (trustedCert != null) {
sb.append("Trusted CA certificate: "); //$NON-NLS-1$
sb.append(trustedCert);
sb.append("\n"); //$NON-NLS-1$
}
if (caPrincipal != null) {
sb.append("Trusted CA Name: "); //$NON-NLS-1$
sb.append(caPrincipal);
sb.append("\n"); //$NON-NLS-1$
}
if (caPublicKey != null) {
sb.append("Trusted CA Public Key: "); //$NON-NLS-1$
sb.append(caPublicKey);
sb.append("\n"); //$NON-NLS-1$
}
// FIXME if needed:
if (nameConstraints != null) {
sb.append("Name Constraints:\n"); //$NON-NLS-1$
sb.append(Array.toString(nameConstraints, " ")); //$NON-NLS-1$
}
sb.append("\n]"); //$NON-NLS-1$
return sb.toString();
|
|