193 * {@code String} format
194 * @param pubKey the public key of the most-trusted CA
195 * @param nameConstraints a byte array containing the ASN.1 DER encoding of
196 * a NameConstraints extension to be used for checking name constraints.
197 * Only the value of the extension is included, not the OID or criticality
198 * flag. Specify {@code null} to omit the parameter.
199 * @throws IllegalArgumentException if the specified
200 * {@code caName} parameter is empty {@code (caName.length() == 0)}
201 * or incorrectly formatted or the name constraints cannot be decoded
202 * @throws NullPointerException if the specified {@code caName} or
203 * {@code pubKey} parameter is {@code null}
204 */
205 public TrustAnchor(String caName, PublicKey pubKey, byte[] nameConstraints)
206 {
207 if (pubKey == null)
208 throw new NullPointerException("the pubKey parameter must be " +
209 "non-null");
210 if (caName == null)
211 throw new NullPointerException("the caName parameter must be " +
212 "non-null");
213 if (caName.length() == 0)
214 throw new IllegalArgumentException("the caName " +
215 "parameter must be a non-empty String");
216 // check if caName is formatted correctly
217 this.caPrincipal = new X500Principal(caName);
218 this.pubKey = pubKey;
219 this.caName = caName;
220 this.trustedCert = null;
221 setNameConstraints(nameConstraints);
222 }
223
224 /**
225 * Returns the most-trusted CA certificate.
226 *
227 * @return a trusted {@code X509Certificate} or {@code null}
228 * if the trust anchor was not specified as a trusted certificate
229 */
230 public final X509Certificate getTrustedCert() {
231 return this.trustedCert;
232 }
233
|
193 * {@code String} format
194 * @param pubKey the public key of the most-trusted CA
195 * @param nameConstraints a byte array containing the ASN.1 DER encoding of
196 * a NameConstraints extension to be used for checking name constraints.
197 * Only the value of the extension is included, not the OID or criticality
198 * flag. Specify {@code null} to omit the parameter.
199 * @throws IllegalArgumentException if the specified
200 * {@code caName} parameter is empty {@code (caName.length() == 0)}
201 * or incorrectly formatted or the name constraints cannot be decoded
202 * @throws NullPointerException if the specified {@code caName} or
203 * {@code pubKey} parameter is {@code null}
204 */
205 public TrustAnchor(String caName, PublicKey pubKey, byte[] nameConstraints)
206 {
207 if (pubKey == null)
208 throw new NullPointerException("the pubKey parameter must be " +
209 "non-null");
210 if (caName == null)
211 throw new NullPointerException("the caName parameter must be " +
212 "non-null");
213 if (caName.isEmpty())
214 throw new IllegalArgumentException("the caName " +
215 "parameter must be a non-empty String");
216 // check if caName is formatted correctly
217 this.caPrincipal = new X500Principal(caName);
218 this.pubKey = pubKey;
219 this.caName = caName;
220 this.trustedCert = null;
221 setNameConstraints(nameConstraints);
222 }
223
224 /**
225 * Returns the most-trusted CA certificate.
226 *
227 * @return a trusted {@code X509Certificate} or {@code null}
228 * if the trust anchor was not specified as a trusted certificate
229 */
230 public final X509Certificate getTrustedCert() {
231 return this.trustedCert;
232 }
233
|