Java Code Examples for org.bouncycastle.asn1.x509.BasicConstraints#getPathLenConstraint()

The following examples show how to use org.bouncycastle.asn1.x509.BasicConstraints#getPathLenConstraint() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: X509Ext.java    From portecle with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Get Basic Constraints (2.5.29.19) extension value as a string.
 *
 * <pre>
 * BasicConstraints ::= SEQUENCE {
 *     cA                      BOOLEAN DEFAULT FALSE,
 *     pathLenConstraint       INTEGER (0..MAX) OPTIONAL }
 * </pre>
 *
 * @param bValue The octet string value
 * @return Extension value as a string
 */
private String getBasicConstraintsStringValue(byte[] bValue)
{
	BasicConstraints bc = BasicConstraints.getInstance(bValue);
	StringBuilder strBuff = new StringBuilder();

	strBuff.append(RB.getString(bc.isCA() ? "SubjectIsCa" : "SubjectIsNotCa"));
	strBuff.append("<br><br>");

	BigInteger pathLen = bc.getPathLenConstraint();
	if (pathLen != null)
	{
		strBuff.append(MessageFormat.format(RB.getString("PathLengthConstraint"), pathLen));
	}

	return strBuff.toString();
}
 
Example 2
Source File: ExtensionsChecker.java    From xipki with Apache License 2.0 6 votes vote down vote up
private void checkExtnBasicConstraints(StringBuilder failureMsg, byte[] extensionValue) {
  BasicConstraints bc = BasicConstraints.getInstance(extensionValue);
  CertLevel certLevel = certprofile.getCertLevel();
  boolean ca = (CertLevel.RootCA == certLevel) || (CertLevel.SubCA == certLevel);
  if (ca != bc.isCA()) {
    addViolation(failureMsg, "ca", bc.isCA(), ca);
  }

  if (!bc.isCA()) {
    return;
  }

  BigInteger tmpPathLen = bc.getPathLenConstraint();
  Integer pathLen = certprofile.getPathLen();
  if (pathLen == null) {
    if (tmpPathLen != null) {
      addViolation(failureMsg, "pathLen", tmpPathLen, "absent");
    }
  } else {
    if (tmpPathLen == null) {
      addViolation(failureMsg, "pathLen", "null", pathLen);
    } else if (!BigInteger.valueOf(pathLen).equals(tmpPathLen)) {
      addViolation(failureMsg, "pathLen", tmpPathLen, pathLen);
    }
  }
}
 
Example 3
Source File: DBasicConstraints.java    From keystore-explorer with GNU General Public License v3.0 5 votes vote down vote up
private void prepopulateWithValue(byte[] value) throws IOException {
	BasicConstraints basicConstraints = BasicConstraints.getInstance(value);

	jcbSubjectIsCa.setSelected(basicConstraints.isCA());

	if (basicConstraints.getPathLenConstraint() != null) {
		jtfPathLengthConstraint.setText("" + basicConstraints.getPathLenConstraint().intValue());
		jtfPathLengthConstraint.setCaretPosition(0);
	}
}
 
Example 4
Source File: CertificateModel.java    From Spark with Apache License 2.0 5 votes vote down vote up
private String basicConstraintsExtractor(ASN1Primitive primitive) {
	BasicConstraints bc = BasicConstraints.getInstance(primitive);
	String value = Res.getString("cert.extension.basic.constraints.is.ca") + ": " + bc.isCA();
	if (bc.getPathLenConstraint() != null) {
		value += "\n" + Res.getString("cert.extension.basic.constraints.path.length") + ": "
				+ bc.getPathLenConstraint();
	}
	return value;
}
 
Example 5
Source File: X509Ext.java    From keystore-explorer with GNU General Public License v3.0 4 votes vote down vote up
private String getBasicConstraintsStringValue(byte[] value) throws IOException {
	// @formatter:off

	/*
	 * BasicConstraints ::= ASN1Sequence { cA ASN1Boolean DEFAULT FALSE,
	 * pathLenConstraint ASN1Integer (0..MAX) OPTIONAL }
	 */

	// @formatter:on

	/*
	 * Getting the DEFAULT returns a false ASN1Boolean when no value present
	 * which saves the bother of a null check
	 */

	StringBuilder sb = new StringBuilder();

	BasicConstraints basicConstraints = BasicConstraints.getInstance(value);

	boolean ca = basicConstraints.isCA();
	BigInteger pathLenConstraint = basicConstraints.getPathLenConstraint();

	if (ca) {
		sb.append(res.getString("SubjectIsCa"));
		sb.append(NEWLINE);
	} else {
		sb.append(res.getString("SubjectIsNotCa"));
		sb.append(NEWLINE);
	}

	if (pathLenConstraint != null) {
		sb.append(MessageFormat.format(res.getString("PathLengthConstraint"), pathLenConstraint
				.intValue()));
		sb.append(NEWLINE);
	} else {
		sb.append(res.getString("NoPathLengthConstraint"));
		sb.append(NEWLINE);
	}

	return sb.toString();
}
 
Example 6
Source File: X509Cert.java    From xipki with Apache License 2.0 4 votes vote down vote up
/**
 * Gets the certificate constraints path length from the
 * critical {@code BasicConstraints} extension, (OID = 2.5.29.19).
 * <p/>
 * The basic constraints extension identifies whether the subject
 * of the certificate is a Certificate Authority (CA) and
 * how deep a certification path may exist through that CA. The
 * {@code pathLenConstraint} field (see below) is meaningful
 * only if {@code cA} is set to TRUE. In this case, it gives the
 * maximum number of CA certificates that may follow this certificate in a
 * certification path. A value of zero indicates that only an end-entity
 * certificate may follow in the path.
 * <p/>
 * The ASN.1 definition for this is:
 * <pre>
 * BasicConstraints ::= SEQUENCE {
 *     cA                  BOOLEAN DEFAULT FALSE,
 *     pathLenConstraint   INTEGER (0..MAX) OPTIONAL }
 * </pre>
 *
 * @return the value of {@code pathLenConstraint} if the
 *     BasicConstraints extension is present in the certificate and the
 *     subject of the certificate is a CA, otherwise -1.
 *     If the subject of the certificate is a CA and
 *     {@code pathLenConstraint} does not appear,
 *     {@code Integer.MAX_VALUE} is returned to indicate that there is no
 *     limit to the allowed length of the certification path.
 */
public int getBasicConstraints() {
  if (basicConstrains == -2) {
    synchronized (sync) {
      if (bcInstance != null) {
        byte[] extnValue = getCoreExtValue(Extension.basicConstraints);
        if (extnValue == null) {
          basicConstrains = -1;
        } else {
          BasicConstraints bc = BasicConstraints.getInstance(extnValue);
          if (bc.isCA()) {
            BigInteger bn = bc.getPathLenConstraint();
            basicConstrains = bn == null ? Integer.MAX_VALUE : bn.intValueExact();
          } else {
            basicConstrains = -1;
          }
        }
      } else {
        basicConstrains = jceInstance.getBasicConstraints();
      }
    }
  }

  return basicConstrains;
}