Bouncy Castle Library
Trust
A trust anchor or most-trusted Certification Authority (CA).
This class represents a "most-trusted CA", which is used as a trust anchor
for validating X.509 certification paths. A most-trusted CA includes the
public key of the CA, the CA's name, and any constraints upon the set of
paths which may be validated using this key. These parameters can be
specified in the form of a trusted X509Certificate or as individual
parameters.
Definition
Namespace: Org.BouncyCastle.Pkix
Assembly: BouncyCastle.Cryptography (in BouncyCastle.Cryptography.dll) Version: 2.3.0-beta.187+d6da5648ae
Assembly: BouncyCastle.Cryptography (in BouncyCastle.Cryptography.dll) Version: 2.3.0-beta.187+d6da5648ae
C#
public class TrustAnchorVB
Public Class TrustAnchorC++
public ref class TrustAnchorJavaScript
Org.BouncyCastle.Pkix.TrustAnchor = function();
Type.createClass(
'Org.BouncyCastle.Pkix.TrustAnchor');- Inheritance
- Object TrustAnchor
Constructors
| TrustAnchor(X509Certificate, Byte) |
Creates an instance of TrustAnchor with the specified X509Certificate and
optional name constraints, which are intended to be used as additional
constraints when validating an X.509 certification path.
The name constraints are specified as a byte array. This byte array
should contain the DER encoded form of the name constraints, as they
would appear in the NameConstraints structure defined in RFC 2459 and
X.509. The ASN.1 definition of this structure appears below.
NameConstraints ::= SEQUENCE {
permittedSubtrees [0] GeneralSubtrees OPTIONAL,
excludedSubtrees [1] GeneralSubtrees OPTIONAL }
GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
GeneralSubtree ::= SEQUENCE {
base GeneralName,
minimum [0] BaseDistance DEFAULT 0,
maximum [1] BaseDistance OPTIONAL }
BaseDistance ::= INTEGER (0..MAX)
GeneralName ::= CHOICE {
otherName [0] OtherName,
rfc822Name [1] IA5String,
dNSName [2] IA5String,
x400Address [3] ORAddress,
directoryName [4] Name,
ediPartyName [5] EDIPartyName,
uniformResourceIdentifier [6] IA5String,
iPAddress [7] OCTET STRING,
registeredID [8] OBJECT IDENTIFIER}
Note that the name constraints byte array supplied is cloned to protect
against subsequent modifications.
|
| TrustAnchor(String, AsymmetricKeyParameter, Byte) |
Creates an instance of C# The name constraints are specified as a byte array. This byte array contains the DER encoded form of the name constraints, as they would appear in the NameConstraints structure defined in RFC 2459 and X.509. |
| TrustAnchor(X509Name, AsymmetricKeyParameter, Byte) | Creates an instance of TrustAnchor where the most-trusted CA is specified as an X500Principal and public key. |
Properties
| CA | Returns the name of the most-trusted CA as an X509Name. |
| CAName | Returns the name of the most-trusted CA in RFC 2253 string format. |
| CAPublicKey | Returns the public key of the most-trusted CA. |
| GetNameConstraints | |
| TrustedCert | Returns the most-trusted CA certificate. |
Methods
| Equals | Determines whether the specified object is equal to the current object. (Inherited from Object) |
| Finalize | Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object) |
| GetHashCode | Serves as the default hash function. (Inherited from Object) |
| GetType | Gets the Type of the current instance. (Inherited from Object) |
| MemberwiseClone | Creates a shallow copy of the current Object. (Inherited from Object) |
| ToString |
Returns a formatted string describing the C# (Overrides ObjectToString) |