FileDocCategorySizeDatePackage
TrustAnchor.javaAPI DocAndroid 1.5 API10691Wed May 06 22:41:06 BST 2009java.security.cert

TrustAnchor

public class TrustAnchor extends Object
This class represents a trust anchor for validation of X.509 certification path.

It is a trusted certificate authority (CA) and includes the public key of the CA, the CA's name and the constraints for the validation of certification paths. The constructor also allows to specify a binary representation of a so called "Name Constraints" extension as a byte array.

since
Android 1.0

Fields Summary
private final X500Principal
caPrincipal
private final String
caName
private final PublicKey
caPublicKey
private final X509Certificate
trustedCert
private final byte[]
nameConstraints
Constructors Summary
public TrustAnchor(X509Certificate trustedCert, byte[] nameConstraints)
Creates a new {@code TrustAnchor} with the specified certificate and name constraints.

The name constraints will be used as additional constraints during the validation of certification paths.

param
trustedCert the trusted certificate
param
nameConstraints the ASN.1 DER encoded form of the name constraints or {@code null} if none.
throws
IllegalArgumentException if the decoding of the name constraints fail.
since
Android 1.0

        if (trustedCert == null) {
            throw new NullPointerException(Messages.getString("security.5C")); //$NON-NLS-1$
        }
        this.trustedCert = trustedCert;
        // copy nameConstraints if not null
        if (nameConstraints != null) {
            this.nameConstraints = new byte[nameConstraints.length];
            System.arraycopy(nameConstraints, 0,
                    this.nameConstraints, 0, this.nameConstraints.length);
            processNameConstraints();
        } else {
            this.nameConstraints = null;
        }
        this.caName = null;
        this.caPrincipal = null;
        this.caPublicKey = null;
    
public TrustAnchor(String caName, PublicKey caPublicKey, byte[] nameConstraints)
Creates a new {@code TrustAnchor} with the specified certificate authority name, its public key and the specified name constraints.

The name constraints will be used as additional constraints during the validation of certification paths.

param
caName the X.500 name of the certificate authority in RFC 2253 {@code String} format.
param
caPublicKey the public key of the certificate authority
param
nameConstraints the ASN.1 DER encoded form of the name constraints or {@code null} if none.
throws
IllegalArgumentException if the {@code caName} is empty or if decoding of the name constraints fail.
since
Android 1.0

        if (caName == null) {
            throw new NullPointerException(Messages.getString("security.5D")); //$NON-NLS-1$
        }
        this.caName = caName;
        if (caPublicKey == null) {
            throw new NullPointerException(Messages.getString("security.5E")); //$NON-NLS-1$
        }
        this.caPublicKey = caPublicKey;
        // copy nameConstraints if not null
        if (nameConstraints != null) {
            this.nameConstraints = new byte[nameConstraints.length];
            System.arraycopy(nameConstraints, 0,
                    this.nameConstraints, 0, this.nameConstraints.length);
            processNameConstraints();
        } else {
            this.nameConstraints = null;
        }

        this.trustedCert = null;

        // X500Principal checks caName validity
        if (caName.length() == 0) {
            throw new IllegalArgumentException(
                    Messages.getString("security.5F")); //$NON-NLS-1$
        }
        this.caPrincipal = new X500Principal(this.caName);
    
public TrustAnchor(X500Principal caPrincipal, PublicKey caPublicKey, byte[] nameConstraints)
Creates a new {@code TrustAnchor} with the specified certificate authority name as principal, its public key and the specified name constraints.

The name constraints will be used as additional constraints during the validation of certification paths.

param
caPrincipal the name of the certificate authority as X500 principal.
param
caPublicKey the public key of the certificate authority.
param
nameConstraints the ASN.1 DER encoded form of the name constraints or {@code null} if none.
throws
IllegalArgumentException if decoding of the name constraints fail.
since
Android 1.0

        if (caPrincipal == null) {
            throw new NullPointerException(Messages.getString("security.60")); //$NON-NLS-1$
        }
        this.caPrincipal = caPrincipal;
        if (caPublicKey == null) {
            throw new NullPointerException(Messages.getString("security.5E")); //$NON-NLS-1$
        }
        this.caPublicKey = caPublicKey;
        // copy nameConstraints if not null
        if (nameConstraints != null) {
            this.nameConstraints = new byte[nameConstraints.length];
            System.arraycopy(nameConstraints, 0,
                    this.nameConstraints, 0, this.nameConstraints.length);
            processNameConstraints();
        } else {
            this.nameConstraints = null;
        }

        this.trustedCert = null;
        this.caName = caPrincipal.getName();
    
Methods Summary
public final javax.security.auth.x500.X500PrincipalgetCA()
Returns the name of the certificate authority as {@code X500Principal}.

return
the name of the certificate authority or {@code null} if the trust anchor of this instance was not created with a {@code X500Principal}.
since
Android 1.0

        return caPrincipal;
    
public final java.lang.StringgetCAName()
Returns the name of the certificate authority as {@code String} in RFC 2253 format.

return
the name of the certificate authority as {@code String} in RFC 2253 format or {@code null} if the trust anchor of this instance was not created with a CA name.
since
Android 1.0

        return caName;
    
public final java.security.PublicKeygetCAPublicKey()
Returns the public key of the certificate authority.

return
the public key of the certificate authority or {@code null} if the trust anchor if this instance was not created with a public key.
since
Android 1.0

        return caPublicKey;
    
public final byte[]getNameConstraints()
Returns a copy of the name constraints in ASN.1 DER encoded form.

return
a copy of the name constraints in ASN.1 DER encoded form.
since
Android 1.0

        if (nameConstraints == null) {
            return null;
        }
        byte[] ret = new byte[nameConstraints.length];
            System.arraycopy(nameConstraints, 0,
                    ret, 0, nameConstraints.length);
        return ret;
    
public final java.security.cert.X509CertificategetTrustedCert()
Returns the certificate of this trusted certificate authority.

return
the certificate of this CA or {@code null}, if the trust anchor of this instance was not created with a certificate.
since
Android 1.0

        return trustedCert;
    
private voidprocessNameConstraints()

        try {
            // decode and check nameConstraints
            NameConstraints.ASN1.decode(nameConstraints);
        } catch (IOException e) {
            throw new IllegalArgumentException(e.getMessage());
        }
    
public java.lang.StringtoString()
Returns a string representation of this {@code TrustAnchor} instance.

return
a string representation of this {@code TrustAnchor} instance.
since
Android 1.0

        StringBuffer sb = new StringBuffer("TrustAnchor: [\n"); //$NON-NLS-1$
        if (trustedCert != null) {
            sb.append("Trusted CA certificate: "); //$NON-NLS-1$
            sb.append(trustedCert);
            sb.append("\n"); //$NON-NLS-1$
        }
        if (caPrincipal != null) {
            sb.append("Trusted CA Name: "); //$NON-NLS-1$
            sb.append(caPrincipal);
            sb.append("\n"); //$NON-NLS-1$
        }
        if (caPublicKey != null) {
            sb.append("Trusted CA Public Key: "); //$NON-NLS-1$
            sb.append(caPublicKey);
            sb.append("\n"); //$NON-NLS-1$
        }
        // FIXME if needed:
        if (nameConstraints != null) {
            sb.append("Name Constraints:\n"); //$NON-NLS-1$
            sb.append(Array.toString(nameConstraints, "    ")); //$NON-NLS-1$
        }
        sb.append("\n]"); //$NON-NLS-1$
        return sb.toString();