001    /* TrustAnchor.java -- an ultimately-trusted certificate.
002       Copyright (C) 2003, 2004  Free Software Foundation, Inc.
003    
004    This file is part of GNU Classpath.
005    
006    GNU Classpath is free software; you can redistribute it and/or modify
007    it under the terms of the GNU General Public License as published by
008    the Free Software Foundation; either version 2, or (at your option)
009    any later version.
010    
011    GNU Classpath is distributed in the hope that it will be useful, but
012    WITHOUT ANY WARRANTY; without even the implied warranty of
013    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
014    General Public License for more details.
015    
016    You should have received a copy of the GNU General Public License
017    along with GNU Classpath; see the file COPYING.  If not, write to the
018    Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
019    02110-1301 USA.
020    
021    Linking this library statically or dynamically with other modules is
022    making a combined work based on this library.  Thus, the terms and
023    conditions of the GNU General Public License cover the whole
024    combination.
025    
026    As a special exception, the copyright holders of this library give you
027    permission to link this library with independent modules to produce an
028    executable, regardless of the license terms of these independent
029    modules, and to copy and distribute the resulting executable under
030    terms of your choice, provided that you also meet, for each linked
031    independent module, the terms and conditions of the license of that
032    module.  An independent module is a module which is not derived from
033    or based on this library.  If you modify this library, you may extend
034    this exception to your version of the library, but you are not
035    obligated to do so.  If you do not wish to do so, delete this
036    exception statement from your version. */
037    
038    
039    package java.security.cert;
040    
041    import gnu.java.security.x509.X500DistinguishedName;
042    
043    import java.security.PublicKey;
044    
045    /**
046     * An ultimately-trusted certificate to serve as the root of a
047     * certificate chain.
048     *
049     * @author Casey Marshall (rsdio@metastatic.org)
050     */
051    public class TrustAnchor
052    {
053    
054      // Fields.
055      // ------------------------------------------------------------------------
056    
057      /** The certificate authority's distinguished name. */
058      private final X500DistinguishedName caName;
059    
060      /** The certficate authority's public key. */
061      private final PublicKey caKey;
062    
063      /** The certficate authority's certificate. */
064      private final X509Certificate trustedCert;
065    
066      /** The encoded name constraints bytes. */
067      private final byte[] nameConstraints;
068    
069      // Constnuctors.
070      // ------------------------------------------------------------------------
071    
072      /**
073       * Create a new trust anchor from a certificate and (optional) name
074       * constraints.
075       *
076       * <p>If the <i>nameConstraints</i> argument in non-null, it will be
077       * copied to prevent modification.
078       *
079       * @param trustedCert The trusted certificate.
080       * @param nameConstraints The encoded nameConstraints.
081       */
082      public TrustAnchor(X509Certificate trustedCert, byte[] nameConstraints)
083      {
084        if (trustedCert == null)
085          throw new NullPointerException();
086        this.trustedCert = trustedCert;
087        caName = null;
088        caKey = null;
089        if (nameConstraints != null)
090          this.nameConstraints = (byte[]) nameConstraints.clone();
091        else
092          this.nameConstraints = null;
093      }
094    
095      /**
096       * Create a new trust anchor from a certificate authority's
097       * distinguished name, public key, and (optional) name constraints.
098       *
099       * <p>If the <i>nameConstraints</i> argument in non-null, it will be
100       * copied to prevent modification.
101       *
102       * @params caName The CA's distinguished name.
103       * @params caKey The CA's public key.
104       * @params nameConstraints The encoded nameConstraints.
105       */
106      public TrustAnchor(String caName, PublicKey caKey, byte[] nameConstraints)
107      {
108        if (caName == null || caKey == null)
109          throw new NullPointerException();
110        if (caName.length() == 0)
111          throw new IllegalArgumentException();
112        trustedCert = null;
113        this.caName = new X500DistinguishedName(caName);
114        this.caKey = caKey;
115        if (nameConstraints != null)
116          this.nameConstraints = (byte[]) nameConstraints.clone();
117        else
118          this.nameConstraints = null;
119      }
120    
121      // Instance methods.
122      // ------------------------------------------------------------------------
123    
124      /**
125       * Return the trusted certificate, or null if none was specified.
126       *
127       * @return The trusted certificate.
128       */
129      public final X509Certificate getTrustedCert()
130      {
131        return trustedCert;
132      }
133    
134      /**
135       * Return the certificate authority's distinguished name, or null if
136       * none was specified.
137       *
138       * @return The CA's distinguished name.
139       */
140      public final String getCAName()
141      {
142        if (caName != null)
143          return caName.toString();
144        return null;
145      }
146    
147      /**
148       * Return the certificate authority's public key, or null if none was
149       * specified.
150       *
151       * @return The CA's public key.
152       */
153      public final PublicKey getCAPublicKey()
154      {
155        return caKey;
156      }
157    
158      /**
159       * Return the encoded name constraints, or null if none was specified.
160       *
161       * <p>The name constraints byte array is copied when this method is
162       * called to prevent modification.
163       *
164       * @return The encoded name constraints.
165       */
166      public final byte[] getNameConstraints()
167      {
168        if (nameConstraints == null)
169          return null;
170        return (byte[]) nameConstraints.clone();
171      }
172    
173      /**
174       * Return a printable representation of this trust anchor.
175       *
176       * @return The printable representation.
177       */
178      public String toString()
179      {
180        if (trustedCert == null)
181          return "[ Trusted CA Public Key=" + caKey + ", Trusted CA Issuer Name="
182            + caName.toString() + " ]";
183        return "[ Trusted CA Certificate=" + trustedCert + " ]";
184      }
185    }