Share via


TrustAnchor Constructors

Definition

Overloads

TrustAnchor(X509Certificate, Byte[])

Creates an instance of TrustAnchor with the specified X509Certificate and optional name constraints, which are intended to be used as additional constraints when validating an X.

TrustAnchor(IntPtr, JniHandleOwnership)

A constructor used when creating managed representations of JNI objects; called by the runtime.

TrustAnchor(X500Principal, IPublicKey, Byte[])

Creates an instance of TrustAnchor where the most-trusted CA is specified as an X500Principal and public key.

TrustAnchor(String, IPublicKey, Byte[])

Creates an instance of TrustAnchor where the most-trusted CA is specified as a distinguished name and public key.

TrustAnchor(X509Certificate, Byte[])

Creates an instance of TrustAnchor with the specified X509Certificate and optional name constraints, which are intended to be used as additional constraints when validating an X.

[Android.Runtime.Register(".ctor", "(Ljava/security/cert/X509Certificate;[B)V", "")]
public TrustAnchor (Java.Security.Cert.X509Certificate? trustedCert, byte[]? nameConstraints);
[<Android.Runtime.Register(".ctor", "(Ljava/security/cert/X509Certificate;[B)V", "")>]
new Java.Security.Cert.TrustAnchor : Java.Security.Cert.X509Certificate * byte[] -> Java.Security.Cert.TrustAnchor

Parameters

trustedCert
X509Certificate

a trusted X509Certificate

nameConstraints
Byte[]

a byte array containing the ASN.1 DER encoding of a NameConstraints extension to be used for checking name constraints. Only the value of the extension is included, not the OID or criticality flag. Specify null to omit the parameter.

Attributes

Exceptions

if the decoding of the name constraints fail.

Remarks

Creates an instance of TrustAnchor with the specified X509Certificate and optional name constraints, which are intended to be used as additional constraints when validating an X.509 certification path.

The name constraints are specified as a byte array. This byte array should contain the DER encoded form of the name constraints, as they would appear in the NameConstraints structure defined in RFC 5280 and X.509. The ASN.1 definition of this structure appears below.

{@code
             NameConstraints ::= SEQUENCE {
                  permittedSubtrees       [0]     GeneralSubtrees OPTIONAL,
                  excludedSubtrees        [1]     GeneralSubtrees OPTIONAL }

             GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree

             GeneralSubtree ::= SEQUENCE {
                  base                    GeneralName,
                  minimum         [0]     BaseDistance DEFAULT 0,
                  maximum         [1]     BaseDistance OPTIONAL }

             BaseDistance ::= INTEGER (0..MAX)

             GeneralName ::= CHOICE {
                  otherName                       [0]     OtherName,
                  rfc822Name                      [1]     IA5String,
                  dNSName                         [2]     IA5String,
                  x400Address                     [3]     ORAddress,
                  directoryName                   [4]     Name,
                  ediPartyName                    [5]     EDIPartyName,
                  uniformResourceIdentifier       [6]     IA5String,
                  iPAddress                       [7]     OCTET STRING,
                  registeredID                    [8]     OBJECT IDENTIFIER}
            }

Note that the name constraints byte array supplied is cloned to protect against subsequent modifications.

Java documentation for java.security.cert.TrustAnchor.TrustAnchor(java.security.cert.X509Certificate, byte[]).

Portions of this page are modifications based on work created and shared by the Android Open Source Project and used according to terms described in the Creative Commons 2.5 Attribution License.

Applies to

TrustAnchor(IntPtr, JniHandleOwnership)

A constructor used when creating managed representations of JNI objects; called by the runtime.

protected TrustAnchor (IntPtr javaReference, Android.Runtime.JniHandleOwnership transfer);
new Java.Security.Cert.TrustAnchor : nativeint * Android.Runtime.JniHandleOwnership -> Java.Security.Cert.TrustAnchor

Parameters

javaReference
IntPtr

nativeint

A IntPtrcontaining a Java Native Interface (JNI) object reference.

transfer
JniHandleOwnership

A JniHandleOwnershipindicating how to handle javaReference

Remarks

Portions of this page are modifications based on work created and shared by the Android Open Source Project and used according to terms described in the Creative Commons 2.5 Attribution License.

Applies to

TrustAnchor(X500Principal, IPublicKey, Byte[])

Creates an instance of TrustAnchor where the most-trusted CA is specified as an X500Principal and public key.

[Android.Runtime.Register(".ctor", "(Ljavax/security/auth/x500/X500Principal;Ljava/security/PublicKey;[B)V", "")]
public TrustAnchor (Javax.Security.Auth.X500.X500Principal? caPrincipal, Java.Security.IPublicKey? pubKey, byte[]? nameConstraints);
[<Android.Runtime.Register(".ctor", "(Ljavax/security/auth/x500/X500Principal;Ljava/security/PublicKey;[B)V", "")>]
new Java.Security.Cert.TrustAnchor : Javax.Security.Auth.X500.X500Principal * Java.Security.IPublicKey * byte[] -> Java.Security.Cert.TrustAnchor

Parameters

caPrincipal
X500Principal

the name of the most-trusted CA as X500Principal

pubKey
IPublicKey

the public key of the most-trusted CA

nameConstraints
Byte[]

a byte array containing the ASN.1 DER encoding of a NameConstraints extension to be used for checking name constraints. Only the value of the extension is included, not the OID or criticality flag. Specify null to omit the parameter.

Attributes

Exceptions

if decoding of the name constraints fail.

Remarks

Creates an instance of TrustAnchor where the most-trusted CA is specified as an X500Principal and public key. Name constraints are an optional parameter, and are intended to be used as additional constraints when validating an X.509 certification path.

The name constraints are specified as a byte array. This byte array contains the DER encoded form of the name constraints, as they would appear in the NameConstraints structure defined in RFC 5280 and X.509. The ASN.1 notation for this structure is supplied in the documentation for #TrustAnchor(X509Certificate, byte[]) TrustAnchor(X509Certificate trustedCert, byte[] nameConstraints) .

Note that the name constraints byte array supplied here is cloned to protect against subsequent modifications.

Added in 1.5.

Java documentation for java.security.cert.TrustAnchor.TrustAnchor(javax.security.auth.x500.X500Principal, java.security.PublicKey, byte[]).

Portions of this page are modifications based on work created and shared by the Android Open Source Project and used according to terms described in the Creative Commons 2.5 Attribution License.

Applies to

TrustAnchor(String, IPublicKey, Byte[])

Creates an instance of TrustAnchor where the most-trusted CA is specified as a distinguished name and public key.

[Android.Runtime.Register(".ctor", "(Ljava/lang/String;Ljava/security/PublicKey;[B)V", "")]
public TrustAnchor (string? caName, Java.Security.IPublicKey? pubKey, byte[]? nameConstraints);
[<Android.Runtime.Register(".ctor", "(Ljava/lang/String;Ljava/security/PublicKey;[B)V", "")>]
new Java.Security.Cert.TrustAnchor : string * Java.Security.IPublicKey * byte[] -> Java.Security.Cert.TrustAnchor

Parameters

caName
String

the X.500 distinguished name of the most-trusted CA in RFC 2253String format

pubKey
IPublicKey

the public key of the most-trusted CA

nameConstraints
Byte[]

a byte array containing the ASN.1 DER encoding of a NameConstraints extension to be used for checking name constraints. Only the value of the extension is included, not the OID or criticality flag. Specify null to omit the parameter.

Attributes

Exceptions

if the caName is empty or if decoding of the name constraints fail.

Remarks

Creates an instance of TrustAnchor where the most-trusted CA is specified as a distinguished name and public key. Name constraints are an optional parameter, and are intended to be used as additional constraints when validating an X.509 certification path.

The name constraints are specified as a byte array. This byte array contains the DER encoded form of the name constraints, as they would appear in the NameConstraints structure defined in RFC 5280 and X.509. The ASN.1 notation for this structure is supplied in the documentation for #TrustAnchor(X509Certificate, byte[]) TrustAnchor(X509Certificate trustedCert, byte[] nameConstraints) .

Note that the name constraints byte array supplied here is cloned to protect against subsequent modifications.

Java documentation for java.security.cert.TrustAnchor.TrustAnchor(java.lang.String, java.security.PublicKey, byte[]).

Portions of this page are modifications based on work created and shared by the Android Open Source Project and used according to terms described in the Creative Commons 2.5 Attribution License.

Applies to