193      * {@code String} format
 194      * @param pubKey the public key of the most-trusted CA
 195      * @param nameConstraints a byte array containing the ASN.1 DER encoding of
 196      * a NameConstraints extension to be used for checking name constraints.
 197      * Only the value of the extension is included, not the OID or criticality
 198      * flag. Specify {@code null} to omit the parameter.
 199      * @throws IllegalArgumentException if the specified
 200      * {@code caName} parameter is empty {@code (caName.length() == 0)}
 201      * or incorrectly formatted or the name constraints cannot be decoded
 202      * @throws NullPointerException if the specified {@code caName} or
 203      * {@code pubKey} parameter is {@code null}
 204      */
 205     public TrustAnchor(String caName, PublicKey pubKey, byte[] nameConstraints)
 206     {
 207         if (pubKey == null)
 208             throw new NullPointerException("the pubKey parameter must be " +
 209                 "non-null");
 210         if (caName == null)
 211             throw new NullPointerException("the caName parameter must be " +
 212                 "non-null");
 213         if (caName.length() == 0)
 214             throw new IllegalArgumentException("the caName " +
 215                 "parameter must be a non-empty String");
 216         // check if caName is formatted correctly
 217         this.caPrincipal = new X500Principal(caName);
 218         this.pubKey = pubKey;
 219         this.caName = caName;
 220         this.trustedCert = null;
 221         setNameConstraints(nameConstraints);
 222     }
 223 
 224     /**
 225      * Returns the most-trusted CA certificate.
 226      *
 227      * @return a trusted {@code X509Certificate} or {@code null}
 228      * if the trust anchor was not specified as a trusted certificate
 229      */
 230     public final X509Certificate getTrustedCert() {
 231         return this.trustedCert;
 232     }
 233 

 193      * {@code String} format
 194      * @param pubKey the public key of the most-trusted CA
 195      * @param nameConstraints a byte array containing the ASN.1 DER encoding of
 196      * a NameConstraints extension to be used for checking name constraints.
 197      * Only the value of the extension is included, not the OID or criticality
 198      * flag. Specify {@code null} to omit the parameter.
 199      * @throws IllegalArgumentException if the specified
 200      * {@code caName} parameter is empty {@code (caName.length() == 0)}
 201      * or incorrectly formatted or the name constraints cannot be decoded
 202      * @throws NullPointerException if the specified {@code caName} or
 203      * {@code pubKey} parameter is {@code null}
 204      */
 205     public TrustAnchor(String caName, PublicKey pubKey, byte[] nameConstraints)
 206     {
 207         if (pubKey == null)
 208             throw new NullPointerException("the pubKey parameter must be " +
 209                 "non-null");
 210         if (caName == null)
 211             throw new NullPointerException("the caName parameter must be " +
 212                 "non-null");
 213         if (caName.isEmpty())
 214             throw new IllegalArgumentException("the caName " +
 215                 "parameter must be a non-empty String");
 216         // check if caName is formatted correctly
 217         this.caPrincipal = new X500Principal(caName);
 218         this.pubKey = pubKey;
 219         this.caName = caName;
 220         this.trustedCert = null;
 221         setNameConstraints(nameConstraints);
 222     }
 223 
 224     /**
 225      * Returns the most-trusted CA certificate.
 226      *
 227      * @return a trusted {@code X509Certificate} or {@code null}
 228      * if the trust anchor was not specified as a trusted certificate
 229      */
 230     public final X509Certificate getTrustedCert() {
 231         return this.trustedCert;
 232     }
 233