src/share/classes/java/security/cert/TrustAnchor.java
Print this page
@@ -38,20 +38,20 @@
* <p>
* This class represents a "most-trusted CA", which is used as a trust anchor
* for validating X.509 certification paths. A most-trusted CA includes the
* public key of the CA, the CA's name, and any constraints upon the set of
* paths which may be validated using this key. These parameters can be
- * specified in the form of a trusted <code>X509Certificate</code> or as
+ * specified in the form of a trusted {@code X509Certificate} or as
* individual parameters.
* <p>
* <b>Concurrent Access</b>
* <p>
- * <p>All <code>TrustAnchor</code> objects must be immutable and
+ * <p>All {@code TrustAnchor} objects must be immutable and
* thread-safe. That is, multiple threads may concurrently invoke the
- * methods defined in this class on a single <code>TrustAnchor</code>
+ * methods defined in this class on a single {@code TrustAnchor}
* object (or more than one) with no ill effects. Requiring
- * <code>TrustAnchor</code> objects to be immutable and thread-safe
+ * {@code TrustAnchor} objects to be immutable and thread-safe
* allows them to be passed around to various pieces of code without
* worrying about coordinating access. This stipulation applies to all
* public fields and methods of this class and any added or overridden
* by subclasses.
*
@@ -69,22 +69,22 @@
private final X509Certificate trustedCert;
private byte[] ncBytes;
private NameConstraintsExtension nc;
/**
- * Creates an instance of <code>TrustAnchor</code> with the specified
- * <code>X509Certificate</code> and optional name constraints, which
+ * Creates an instance of {@code TrustAnchor} with the specified
+ * {@code X509Certificate} and optional name constraints, which
* are intended to be used as additional constraints when validating
* an X.509 certification path.
* <p>
* The name constraints are specified as a byte array. This byte array
* should contain the DER encoded form of the name constraints, as they
* would appear in the NameConstraints structure defined in
* <a href="http://www.ietf.org/rfc/rfc3280">RFC 3280</a>
* and X.509. The ASN.1 definition of this structure appears below.
*
- * <pre><code>
+ * <pre>{@code
* NameConstraints ::= SEQUENCE {
* permittedSubtrees [0] GeneralSubtrees OPTIONAL,
* excludedSubtrees [1] GeneralSubtrees OPTIONAL }
*
* GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
@@ -104,24 +104,24 @@
* directoryName [4] Name,
* ediPartyName [5] EDIPartyName,
* uniformResourceIdentifier [6] IA5String,
* iPAddress [7] OCTET STRING,
* registeredID [8] OBJECT IDENTIFIER}
- * </code></pre>
+ * }</pre>
* <p>
* Note that the name constraints byte array supplied is cloned to protect
* against subsequent modifications.
*
- * @param trustedCert a trusted <code>X509Certificate</code>
+ * @param trustedCert a trusted {@code X509Certificate}
* @param nameConstraints a byte array containing the ASN.1 DER encoding of
* a NameConstraints extension to be used for checking name constraints.
* Only the value of the extension is included, not the OID or criticality
- * flag. Specify <code>null</code> to omit the parameter.
+ * flag. Specify {@code null} to omit the parameter.
* @throws IllegalArgumentException if the name constraints cannot be
* decoded
* @throws NullPointerException if the specified
- * <code>X509Certificate</code> is <code>null</code>
+ * {@code X509Certificate} is {@code null}
*/
public TrustAnchor(X509Certificate trustedCert, byte[] nameConstraints)
{
if (trustedCert == null)
throw new NullPointerException("the trustedCert parameter must " +
@@ -132,11 +132,11 @@
this.caPrincipal = null;
setNameConstraints(nameConstraints);
}
/**
- * Creates an instance of <code>TrustAnchor</code> where the
+ * Creates an instance of {@code TrustAnchor} where the
* most-trusted CA is specified as an X500Principal and public key.
* Name constraints are an optional parameter, and are intended to be used
* as additional constraints when validating an X.509 certification path.
* <p>
* The name constraints are specified as a byte array. This byte array
@@ -153,13 +153,13 @@
* @param caPrincipal the name of the most-trusted CA as X500Principal
* @param pubKey the public key of the most-trusted CA
* @param nameConstraints a byte array containing the ASN.1 DER encoding of
* a NameConstraints extension to be used for checking name constraints.
* Only the value of the extension is included, not the OID or criticality
- * flag. Specify <code>null</code> to omit the parameter.
- * @throws NullPointerException if the specified <code>caPrincipal</code> or
- * <code>pubKey</code> parameter is <code>null</code>
+ * flag. Specify {@code null} to omit the parameter.
+ * @throws NullPointerException if the specified {@code caPrincipal} or
+ * {@code pubKey} parameter is {@code null}
* @since 1.5
*/
public TrustAnchor(X500Principal caPrincipal, PublicKey pubKey,
byte[] nameConstraints) {
if ((caPrincipal == null) || (pubKey == null)) {
@@ -171,11 +171,11 @@
this.pubKey = pubKey;
setNameConstraints(nameConstraints);
}
/**
- * Creates an instance of <code>TrustAnchor</code> where the
+ * Creates an instance of {@code TrustAnchor} where the
* most-trusted CA is specified as a distinguished name and public key.
* Name constraints are an optional parameter, and are intended to be used
* as additional constraints when validating an X.509 certification path.
* <p>
* The name constraints are specified as a byte array. This byte array
@@ -189,21 +189,21 @@
* Note that the name constraints byte array supplied here is cloned to
* protect against subsequent modifications.
*
* @param caName the X.500 distinguished name of the most-trusted CA in
* <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a>
- * <code>String</code> format
+ * {@code String} format
* @param pubKey the public key of the most-trusted CA
* @param nameConstraints a byte array containing the ASN.1 DER encoding of
* a NameConstraints extension to be used for checking name constraints.
* Only the value of the extension is included, not the OID or criticality
- * flag. Specify <code>null</code> to omit the parameter.
- * @throws IllegalArgumentException if the specified <code>
- * caName</code> parameter is empty <code>(caName.length() == 0)</code>
+ * flag. Specify {@code null} to omit the parameter.
+ * @throws IllegalArgumentException if the specified
+ * {@code caName} parameter is empty {@code (caName.length() == 0)}
* or incorrectly formatted or the name constraints cannot be decoded
- * @throws NullPointerException if the specified <code>caName</code> or
- * <code>pubKey</code> parameter is <code>null</code>
+ * @throws NullPointerException if the specified {@code caName} or
+ * {@code pubKey} parameter is {@code null}
*/
public TrustAnchor(String caName, PublicKey pubKey, byte[] nameConstraints)
{
if (pubKey == null)
throw new NullPointerException("the pubKey parameter must be " +
@@ -223,45 +223,45 @@
}
/**
* Returns the most-trusted CA certificate.
*
- * @return a trusted <code>X509Certificate</code> or <code>null</code>
+ * @return a trusted {@code X509Certificate} or {@code null}
* if the trust anchor was not specified as a trusted certificate
*/
public final X509Certificate getTrustedCert() {
return this.trustedCert;
}
/**
* Returns the name of the most-trusted CA as an X500Principal.
*
* @return the X.500 distinguished name of the most-trusted CA, or
- * <code>null</code> if the trust anchor was not specified as a trusted
+ * {@code null} if the trust anchor was not specified as a trusted
* public key and name or X500Principal pair
* @since 1.5
*/
public final X500Principal getCA() {
return this.caPrincipal;
}
/**
- * Returns the name of the most-trusted CA in RFC 2253 <code>String</code>
+ * Returns the name of the most-trusted CA in RFC 2253 {@code String}
* format.
*
* @return the X.500 distinguished name of the most-trusted CA, or
- * <code>null</code> if the trust anchor was not specified as a trusted
+ * {@code null} if the trust anchor was not specified as a trusted
* public key and name or X500Principal pair
*/
public final String getCAName() {
return this.caName;
}
/**
* Returns the public key of the most-trusted CA.
*
- * @return the public key of the most-trusted CA, or <code>null</code>
+ * @return the public key of the most-trusted CA, or {@code null}
* if the trust anchor was not specified as a trusted public key and name
* or X500Principal pair
*/
public final PublicKey getCAPublicKey() {
return this.pubKey;
@@ -304,20 +304,20 @@
* Note that the byte array returned is cloned to protect against
* subsequent modifications.
*
* @return a byte array containing the ASN.1 DER encoding of
* a NameConstraints extension used for checking name constraints,
- * or <code>null</code> if not set.
+ * or {@code null} if not set.
*/
public final byte [] getNameConstraints() {
return ncBytes == null ? null : ncBytes.clone();
}
/**
- * Returns a formatted string describing the <code>TrustAnchor</code>.
+ * Returns a formatted string describing the {@code TrustAnchor}.
*
- * @return a formatted string describing the <code>TrustAnchor</code>
+ * @return a formatted string describing the {@code TrustAnchor}
*/
public String toString() {
StringBuffer sb = new StringBuffer();
sb.append("[\n");
if (pubKey != null) {