TrustAnchor

A trustAnchor represents a certificate authority that is trusted to "anchor" a certificate chain. A TRustAnchor object includes the X.500 distinguished name of the CA and the public key of the CA. You may specify the name and key explictly or by passing an X509Certificate to the trustAnchor( ) constructor. If you do not pass a certificate, you can specify the CA name as a String or as an X500Principal object from the javax.security.auth.x500 package. All forms of the trustAnchor( ) constructor also allow you to specify a byte array containing a binary representation of a "Name Constraints" extension. The format and meaning of such name constraints is beyond the scope of this reference, and most applications can simply specify null for this constructor argument.

 public class  TrustAnchor  {  // Public Constructors  public  TrustAnchor  (X509Certificate  trustedCert  , byte[ ]  nameConstraints  );  5.0  public  TrustAnchor  (javax.security.auth.x500.X500Principal  caPrincipal  ,          java.security.PublicKey  pubKey  ,         byte[ ]  nameConstraints  );        public  TrustAnchor  (String  caName  , java.security.PublicKey  pubKey  ,          byte[ ]  nameConstraints  );  // Public Instance Methods   5.0  public final javax.security.auth.x500.X500Principal  getCA  ( );        public final String  getCAName  ( );        public final java.security.PublicKey  getCAPublicKey  ( );        public final byte[ ]  getNameConstraints  ( );        public final X509Certificate  getTrustedCert  ( );  // Public Methods Overriding Object  public String  toString  ( );   } 

Passed To

PKIXCertPathBuilderResult.PKIXCertPathBuilderResult( ) , PKIXCertPathValidatorResult.PKIXCertPathValidatorResult( )

Returned By

PKIXCertPathValidatorResult.getTrustAnchor( )