/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package java.security.cert;
import java.security.PublicKey;
This class represents the successful result of the PKIX certification
path validation algorithm.
Instances of PKIXCertPathValidatorResult
are returned by the validate
method of CertPathValidator
objects implementing the PKIX algorithm.
All PKIXCertPathValidatorResult
objects contain the valid policy tree and subject public key resulting from the validation algorithm, as well as a TrustAnchor
describing the certification authority (CA) that served as a trust anchor for the certification path.
Concurrent Access
Unless otherwise specified, the methods defined in this class are not
thread-safe. Multiple threads that need to access a single
object concurrently should synchronize amongst themselves and
provide the necessary locking. Multiple threads each manipulating
separate objects need not synchronize.
Author: Yassir Elley, Sean Mullan See Also: Since: 1.4
/**
* This class represents the successful result of the PKIX certification
* path validation algorithm.
*
* <p>Instances of {@code PKIXCertPathValidatorResult} are returned by the
* {@link CertPathValidator#validate validate} method of
* {@code CertPathValidator} objects implementing the PKIX algorithm.
*
* <p> All {@code PKIXCertPathValidatorResult} objects contain the
* valid policy tree and subject public key resulting from the
* validation algorithm, as well as a {@code TrustAnchor} describing
* the certification authority (CA) that served as a trust anchor for the
* certification path.
* <p>
* <b>Concurrent Access</b>
* <p>
* Unless otherwise specified, the methods defined in this class are not
* thread-safe. Multiple threads that need to access a single
* object concurrently should synchronize amongst themselves and
* provide the necessary locking. Multiple threads each manipulating
* separate objects need not synchronize.
*
* @see CertPathValidatorResult
*
* @since 1.4
* @author Yassir Elley
* @author Sean Mullan
*/
public class PKIXCertPathValidatorResult implements CertPathValidatorResult {
private TrustAnchor trustAnchor;
private PolicyNode policyTree;
private PublicKey subjectPublicKey;
Creates an instance of PKIXCertPathValidatorResult
containing the specified parameters. Params: - trustAnchor – a
TrustAnchor
describing the CA that served as a trust anchor for the certification path - policyTree – the immutable valid policy tree, or
null
if there are no valid policies - subjectPublicKey – the public key of the subject
Throws: - NullPointerException – if the
subjectPublicKey
or trustAnchor
parameters are null
/**
* Creates an instance of {@code PKIXCertPathValidatorResult}
* containing the specified parameters.
*
* @param trustAnchor a {@code TrustAnchor} describing the CA that
* served as a trust anchor for the certification path
* @param policyTree the immutable valid policy tree, or {@code null}
* if there are no valid policies
* @param subjectPublicKey the public key of the subject
* @throws NullPointerException if the {@code subjectPublicKey} or
* {@code trustAnchor} parameters are {@code null}
*/
public PKIXCertPathValidatorResult(TrustAnchor trustAnchor,
PolicyNode policyTree, PublicKey subjectPublicKey)
{
if (subjectPublicKey == null)
throw new NullPointerException("subjectPublicKey must be non-null");
if (trustAnchor == null)
throw new NullPointerException("trustAnchor must be non-null");
this.trustAnchor = trustAnchor;
this.policyTree = policyTree;
this.subjectPublicKey = subjectPublicKey;
}
Returns the TrustAnchor
describing the CA that served as a trust anchor for the certification path. Returns: the TrustAnchor
(never null
)
/**
* Returns the {@code TrustAnchor} describing the CA that served
* as a trust anchor for the certification path.
*
* @return the {@code TrustAnchor} (never {@code null})
*/
public TrustAnchor getTrustAnchor() {
return trustAnchor;
}
Returns the root node of the valid policy tree resulting from the PKIX certification path validation algorithm. The PolicyNode
object that is returned and any objects that it returns through public methods are immutable. Most applications will not need to examine the valid policy tree. They can achieve their policy processing goals by setting the policy-related parameters in PKIXParameters
. However, more sophisticated applications, especially those that process policy qualifiers, may need to traverse the valid policy tree using the PolicyNode.getParent
and PolicyNode.getChildren
methods.
Returns: the root node of the valid policy tree, or null
if there are no valid policies
/**
* Returns the root node of the valid policy tree resulting from the
* PKIX certification path validation algorithm. The
* {@code PolicyNode} object that is returned and any objects that
* it returns through public methods are immutable.
*
* <p>Most applications will not need to examine the valid policy tree.
* They can achieve their policy processing goals by setting the
* policy-related parameters in {@code PKIXParameters}. However, more
* sophisticated applications, especially those that process policy
* qualifiers, may need to traverse the valid policy tree using the
* {@link PolicyNode#getParent PolicyNode.getParent} and
* {@link PolicyNode#getChildren PolicyNode.getChildren} methods.
*
* @return the root node of the valid policy tree, or {@code null}
* if there are no valid policies
*/
public PolicyNode getPolicyTree() {
return policyTree;
}
Returns the public key of the subject (target) of the certification
path, including any inherited public key parameters if applicable.
Returns: the public key of the subject (never null
)
/**
* Returns the public key of the subject (target) of the certification
* path, including any inherited public key parameters if applicable.
*
* @return the public key of the subject (never {@code null})
*/
public PublicKey getPublicKey() {
return subjectPublicKey;
}
Returns a copy of this object.
Returns: the copy
/**
* Returns a copy of this object.
*
* @return the copy
*/
public Object clone() {
try {
return super.clone();
} catch (CloneNotSupportedException e) {
/* Cannot happen */
throw new InternalError(e.toString(), e);
}
}
Return a printable representation of this PKIXCertPathValidatorResult
. Returns: a String
describing the contents of this PKIXCertPathValidatorResult
/**
* Return a printable representation of this
* {@code PKIXCertPathValidatorResult}.
*
* @return a {@code String} describing the contents of this
* {@code PKIXCertPathValidatorResult}
*/
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("PKIXCertPathValidatorResult: [\n");
sb.append(" Trust Anchor: " + trustAnchor.toString() + "\n");
sb.append(" Policy Tree: " + String.valueOf(policyTree) + "\n");
sb.append(" Subject Public Key: " + subjectPublicKey + "\n");
sb.append("]");
return sb.toString();
}
}