Java Code Examples for org.bouncycastle.asn1.x509.BasicConstraints#getPathLenConstraint()
The following examples show how to use
org.bouncycastle.asn1.x509.BasicConstraints#getPathLenConstraint() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: X509Ext.java From portecle with GNU General Public License v2.0 | 6 votes |
|
/**
* Get Basic Constraints (2.5.29.19) extension value as a string.
*
* <pre>
* BasicConstraints ::= SEQUENCE {
* cA BOOLEAN DEFAULT FALSE,
* pathLenConstraint INTEGER (0..MAX) OPTIONAL }
* </pre>
*
* @param bValue The octet string value
* @return Extension value as a string
*/
private String getBasicConstraintsStringValue(byte[] bValue)
{
BasicConstraints bc = BasicConstraints.getInstance(bValue);
StringBuilder strBuff = new StringBuilder();
strBuff.append(RB.getString(bc.isCA() ? "SubjectIsCa" : "SubjectIsNotCa"));
strBuff.append("<br><br>");
BigInteger pathLen = bc.getPathLenConstraint();
if (pathLen != null)
{
strBuff.append(MessageFormat.format(RB.getString("PathLengthConstraint"), pathLen));
}
return strBuff.toString();
}
Example 2
| Source File: ExtensionsChecker.java From xipki with Apache License 2.0 | 6 votes |
|
private void checkExtnBasicConstraints(StringBuilder failureMsg, byte[] extensionValue) {
BasicConstraints bc = BasicConstraints.getInstance(extensionValue);
CertLevel certLevel = certprofile.getCertLevel();
boolean ca = (CertLevel.RootCA == certLevel) || (CertLevel.SubCA == certLevel);
if (ca != bc.isCA()) {
addViolation(failureMsg, "ca", bc.isCA(), ca);
}
if (!bc.isCA()) {
return;
}
BigInteger tmpPathLen = bc.getPathLenConstraint();
Integer pathLen = certprofile.getPathLen();
if (pathLen == null) {
if (tmpPathLen != null) {
addViolation(failureMsg, "pathLen", tmpPathLen, "absent");
}
} else {
if (tmpPathLen == null) {
addViolation(failureMsg, "pathLen", "null", pathLen);
} else if (!BigInteger.valueOf(pathLen).equals(tmpPathLen)) {
addViolation(failureMsg, "pathLen", tmpPathLen, pathLen);
}
}
}
Example 3
| Source File: DBasicConstraints.java From keystore-explorer with GNU General Public License v3.0 | 5 votes |
|
private void prepopulateWithValue(byte[] value) throws IOException {
BasicConstraints basicConstraints = BasicConstraints.getInstance(value);
jcbSubjectIsCa.setSelected(basicConstraints.isCA());
if (basicConstraints.getPathLenConstraint() != null) {
jtfPathLengthConstraint.setText("" + basicConstraints.getPathLenConstraint().intValue());
jtfPathLengthConstraint.setCaretPosition(0);
}
}
Example 4
| Source File: CertificateModel.java From Spark with Apache License 2.0 | 5 votes |
|
private String basicConstraintsExtractor(ASN1Primitive primitive) {
BasicConstraints bc = BasicConstraints.getInstance(primitive);
String value = Res.getString("cert.extension.basic.constraints.is.ca") + ": " + bc.isCA();
if (bc.getPathLenConstraint() != null) {
value += "\n" + Res.getString("cert.extension.basic.constraints.path.length") + ": "
+ bc.getPathLenConstraint();
}
return value;
}
Example 5
| Source File: X509Ext.java From keystore-explorer with GNU General Public License v3.0 | 4 votes |
|
private String getBasicConstraintsStringValue(byte[] value) throws IOException {
// @formatter:off
/*
* BasicConstraints ::= ASN1Sequence { cA ASN1Boolean DEFAULT FALSE,
* pathLenConstraint ASN1Integer (0..MAX) OPTIONAL }
*/
// @formatter:on
/*
* Getting the DEFAULT returns a false ASN1Boolean when no value present
* which saves the bother of a null check
*/
StringBuilder sb = new StringBuilder();
BasicConstraints basicConstraints = BasicConstraints.getInstance(value);
boolean ca = basicConstraints.isCA();
BigInteger pathLenConstraint = basicConstraints.getPathLenConstraint();
if (ca) {
sb.append(res.getString("SubjectIsCa"));
sb.append(NEWLINE);
} else {
sb.append(res.getString("SubjectIsNotCa"));
sb.append(NEWLINE);
}
if (pathLenConstraint != null) {
sb.append(MessageFormat.format(res.getString("PathLengthConstraint"), pathLenConstraint
.intValue()));
sb.append(NEWLINE);
} else {
sb.append(res.getString("NoPathLengthConstraint"));
sb.append(NEWLINE);
}
return sb.toString();
}
Example 6
| Source File: X509Cert.java From xipki with Apache License 2.0 | 4 votes |
|
/**
* Gets the certificate constraints path length from the
* critical {@code BasicConstraints} extension, (OID = 2.5.29.19).
* <p/>
* The basic constraints extension identifies whether the subject
* of the certificate is a Certificate Authority (CA) and
* how deep a certification path may exist through that CA. The
* {@code pathLenConstraint} field (see below) is meaningful
* only if {@code cA} is set to TRUE. In this case, it gives the
* maximum number of CA certificates that may follow this certificate in a
* certification path. A value of zero indicates that only an end-entity
* certificate may follow in the path.
* <p/>
* The ASN.1 definition for this is:
* <pre>
* BasicConstraints ::= SEQUENCE {
* cA BOOLEAN DEFAULT FALSE,
* pathLenConstraint INTEGER (0..MAX) OPTIONAL }
* </pre>
*
* @return the value of {@code pathLenConstraint} if the
* BasicConstraints extension is present in the certificate and the
* subject of the certificate is a CA, otherwise -1.
* If the subject of the certificate is a CA and
* {@code pathLenConstraint} does not appear,
* {@code Integer.MAX_VALUE} is returned to indicate that there is no
* limit to the allowed length of the certification path.
*/
public int getBasicConstraints() {
if (basicConstrains == -2) {
synchronized (sync) {
if (bcInstance != null) {
byte[] extnValue = getCoreExtValue(Extension.basicConstraints);
if (extnValue == null) {
basicConstrains = -1;
} else {
BasicConstraints bc = BasicConstraints.getInstance(extnValue);
if (bc.isCA()) {
BigInteger bn = bc.getPathLenConstraint();
basicConstrains = bn == null ? Integer.MAX_VALUE : bn.intValueExact();
} else {
basicConstrains = -1;
}
}
} else {
basicConstrains = jceInstance.getBasicConstraints();
}
}
}
return basicConstrains;
}
