/* * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package java.security.cert; import java.security.PublicKey; /** * This class represents the successful result of the PKIX certification * path validation algorithm. * *
Instances of {@code PKIXCertPathValidatorResult} are returned by the * {@link CertPathValidator#validate validate} method of * {@code CertPathValidator} objects implementing the PKIX algorithm. * *
All {@code PKIXCertPathValidatorResult} objects contain the * valid policy tree and subject public key resulting from the * validation algorithm, as well as a {@code TrustAnchor} describing * the certification authority (CA) that served as a trust anchor for the * certification path. *
* Concurrent Access *
* Unless otherwise specified, the methods defined in this class are not * thread-safe. Multiple threads that need to access a single * object concurrently should synchronize amongst themselves and * provide the necessary locking. Multiple threads each manipulating * separate objects need not synchronize. * * @see CertPathValidatorResult * * @since 1.4 * @author Yassir Elley * @author Sean Mullan */ public class PKIXCertPathValidatorResult implements CertPathValidatorResult { private TrustAnchor trustAnchor; private PolicyNode policyTree; private PublicKey subjectPublicKey; /** * Creates an instance of {@code PKIXCertPathValidatorResult} * containing the specified parameters. * * @param trustAnchor a {@code TrustAnchor} describing the CA that * served as a trust anchor for the certification path * @param policyTree the immutable valid policy tree, or {@code null} * if there are no valid policies * @param subjectPublicKey the public key of the subject * @throws NullPointerException if the {@code subjectPublicKey} or * {@code trustAnchor} parameters are {@code null} */ public PKIXCertPathValidatorResult(TrustAnchor trustAnchor, PolicyNode policyTree, PublicKey subjectPublicKey) { if (subjectPublicKey == null) throw new NullPointerException("subjectPublicKey must be non-null"); if (trustAnchor == null) throw new NullPointerException("trustAnchor must be non-null"); this.trustAnchor = trustAnchor; this.policyTree = policyTree; this.subjectPublicKey = subjectPublicKey; } /** * Returns the {@code TrustAnchor} describing the CA that served * as a trust anchor for the certification path. * * @return the {@code TrustAnchor} (never {@code null}) */ public TrustAnchor getTrustAnchor() { return trustAnchor; } /** * Returns the root node of the valid policy tree resulting from the * PKIX certification path validation algorithm. The * {@code PolicyNode} object that is returned and any objects that * it returns through public methods are immutable. * *
Most applications will not need to examine the valid policy tree. * They can achieve their policy processing goals by setting the * policy-related parameters in {@code PKIXParameters}. However, more * sophisticated applications, especially those that process policy * qualifiers, may need to traverse the valid policy tree using the * {@link PolicyNode#getParent PolicyNode.getParent} and * {@link PolicyNode#getChildren PolicyNode.getChildren} methods. * * @return the root node of the valid policy tree, or {@code null} * if there are no valid policies */ public PolicyNode getPolicyTree() { return policyTree; } /** * Returns the public key of the subject (target) of the certification * path, including any inherited public key parameters if applicable. * * @return the public key of the subject (never {@code null}) */ public PublicKey getPublicKey() { return subjectPublicKey; } /** * Returns a copy of this object. * * @return the copy */ public Object clone() { try { return super.clone(); } catch (CloneNotSupportedException e) { /* Cannot happen */ throw new InternalError(e.toString(), e); } } /** * Return a printable representation of this * {@code PKIXCertPathValidatorResult}. * * @return a {@code String} describing the contents of this * {@code PKIXCertPathValidatorResult} */ public String toString() { StringBuffer sb = new StringBuffer(); sb.append("PKIXCertPathValidatorResult: [\n"); sb.append(" Trust Anchor: " + trustAnchor.toString() + "\n"); sb.append(" Policy Tree: " + String.valueOf(policyTree) + "\n"); sb.append(" Subject Public Key: " + subjectPublicKey + "\n"); sb.append("]"); return sb.toString(); } }