BasicConstraints

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

be.cardon.asn1.x509.extensions
Class BasicConstraints

java.lang.Object
  org.bouncycastle.asn1.ASN1Encodable
      be.cardon.asn1.x509.extensions.BasicConstraints

All Implemented Interfaces:: org.bouncycastle.asn1.DEREncodable

public class BasicConstraints
extends org.bouncycastle.asn1.ASN1Encodable
extends org.bouncycastle.asn1.ASN1Encodable

Extension BasicConstraints.

Documentation from RFC 3280:

The basic constraints extension identifies whether the subject of the certificate is a CA and the maximum depth of valid certification paths that include this certificate.

The cA boolean indicates whether the certified public key belongs to a CA. If the cA boolean is not asserted, then the keyCertSign bit in the key usage extension MUST NOT be asserted.

The pathLenConstraint field is meaningful only if the cA boolean is asserted and the key usage extension asserts the keyCertSign bit (section 4.2.1.3). In this case, it gives the maximum number of non- self-issued intermediate certificates that may follow this certificate in a valid certification path. A certificate is self- issued if the DNs that appear in the subject and issuer fields are identical and are not empty. (Note: The last certificate in the certification path is not an intermediate certificate, and is not included in this limit. Usually, the last certificate is an end entity certificate, but it can be a CA certificate.) A pathLenConstraint of zero indicates that only one more certificate may follow in a valid certification path. Where it appears, the pathLenConstraint field MUST be greater than or equal to zero. Where pathLenConstraint does not appear, no limit is imposed.

This extension MUST appear as a critical extension in all CA certificates that contain public keys used to validate digital signatures on certificates. This extension MAY appear as a critical or non-critical extension in CA certificates that contain public keys used exclusively for purposes other than validating digital signatures on certificates. Such CA certificates include ones that contain public keys used exclusively for validating digital signatures on CRLs and ones that contain key management public keys used with certificate enrollment protocols. This extension MAY appear as a critical or non-critical extension in end entity certificates.

CAs MUST NOT include the pathLenConstraint field unless the cA boolean is asserted and the key usage extension asserts the keyCertSign bit.

ASN.1 definitions:

   id-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-ce 19 }

   BasicConstraints ::= SEQUENCE {
        cA                      BOOLEAN DEFAULT FALSE,
        pathLenConstraint       INTEGER (0..MAX) OPTIONAL }

Field Summary

Fields inherited from class org.bouncycastle.asn1.ASN1Encodable
`BER, DER`

Constructor Summary
`BasicConstraints(org.bouncycastle.asn1.ASN1Sequence seq)` Creates an instance from a `ASN1Sequence` object.
`BasicConstraints(boolean cA)` Creates an instance with the given `cA` value.
`BasicConstraints(int pathLenConstraint)` Creates a `cA=true` object for the given path length constraint.

Method Summary
`static BasicConstraints`	`getInstance(org.bouncycastle.asn1.ASN1TaggedObject obj, boolean explicit)` Returns an instance from a tagged ASN.1 object.
`static BasicConstraints`	`getInstance(java.lang.Object obj)` Returns an instance from a `ASN1Sequence` or a `BasicConstraints` object.
`java.math.BigInteger`	`getPathLenConstraint()`
`boolean`	`isCA()` Returns true if the `cA` value is `true`.
`org.bouncycastle.asn1.DERObject`	`toASN1Object()`
`java.lang.String`	`toString()` Returns information about the value.

Methods inherited from class org.bouncycastle.asn1.ASN1Encodable
`equals, getDEREncoded, getDERObject, getEncoded, getEncoded, hashCode`

Methods inherited from class java.lang.Object
`clone, finalize, getClass, notify, notifyAll, wait, wait, wait`

Constructor Detail