|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.bouncycastle.asn1.ASN1Encodable
be.cardon.asn1.x509.extensions.BasicConstraints
public class BasicConstraints
Extension BasicConstraints
.
Documentation from RFC 3280:
The basic constraints extension identifies whether the subject of the certificate is a CA and the maximum depth of valid certification paths that include this certificate.
The cA
boolean indicates whether the certified public key belongs to
a CA. If the cA
boolean is not asserted, then the keyCertSign
bit in the key usage extension MUST NOT be asserted.
The pathLenConstraint
field is meaningful only if the cA
boolean is asserted and the key usage extension asserts the
keyCertSign
bit
(section 4.2.1.3). In this case, it gives the maximum number of non-
self-issued intermediate certificates that may follow this
certificate in a valid certification path. A certificate is self-
issued if the DNs that appear in the subject and issuer fields are
identical and are not empty. (Note: The last certificate in the
certification path is not an intermediate certificate, and is not
included in this limit. Usually, the last certificate is an end
entity certificate, but it can be a CA certificate.) A
pathLenConstraint
of zero indicates that only one more certificate
may follow in a valid certification path. Where it appears, the
pathLenConstraint
field MUST be greater than or equal to zero. Where
pathLenConstraint
does not appear, no limit is imposed.
This extension MUST appear as a critical extension in all CA certificates that contain public keys used to validate digital signatures on certificates. This extension MAY appear as a critical or non-critical extension in CA certificates that contain public keys used exclusively for purposes other than validating digital signatures on certificates. Such CA certificates include ones that contain public keys used exclusively for validating digital signatures on CRLs and ones that contain key management public keys used with certificate enrollment protocols. This extension MAY appear as a critical or non-critical extension in end entity certificates.
CAs MUST NOT include the pathLenConstraint field unless the cA
boolean is asserted and the key usage extension asserts the
keyCertSign
bit.
ASN.1 definitions:
id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } BasicConstraints ::= SEQUENCE { cA BOOLEAN DEFAULT FALSE, pathLenConstraint INTEGER (0..MAX) OPTIONAL }
Field Summary |
---|
Fields inherited from class org.bouncycastle.asn1.ASN1Encodable |
---|
BER, DER |
Constructor Summary | |
---|---|
BasicConstraints(org.bouncycastle.asn1.ASN1Sequence seq)
Creates an instance from a ASN1Sequence object. |
|
BasicConstraints(boolean cA)
Creates an instance with the given cA value. |
|
BasicConstraints(int pathLenConstraint)
Creates a cA=true object for the given path length constraint. |
Method Summary | |
---|---|
static BasicConstraints |
getInstance(org.bouncycastle.asn1.ASN1TaggedObject obj,
boolean explicit)
Returns an instance from a tagged ASN.1 object. |
static BasicConstraints |
getInstance(java.lang.Object obj)
Returns an instance from a ASN1Sequence or
a BasicConstraints object. |
java.math.BigInteger |
getPathLenConstraint()
|
boolean |
isCA()
Returns true if the cA value is true . |
org.bouncycastle.asn1.DERObject |
toASN1Object()
|
java.lang.String |
toString()
Returns information about the value. |
Methods inherited from class org.bouncycastle.asn1.ASN1Encodable |
---|
equals, getDEREncoded, getDERObject, getEncoded, getEncoded, hashCode |
Methods inherited from class java.lang.Object |
---|
clone, finalize, getClass, notify, notifyAll, wait, wait, wait |
Constructor Detail |
---|
public BasicConstraints(org.bouncycastle.asn1.ASN1Sequence seq)
ASN1Sequence
object.
public BasicConstraints(boolean cA)
cA
value.
public BasicConstraints(int pathLenConstraint)
cA=true
object for the given path length constraint.
pathLenConstraint
- Path length constraint.Method Detail |
---|
public static BasicConstraints getInstance(org.bouncycastle.asn1.ASN1TaggedObject obj, boolean explicit)
public static BasicConstraints getInstance(java.lang.Object obj)
ASN1Sequence
or
a BasicConstraints
object.
public boolean isCA()
true if the cA
value is true
.
public java.math.BigInteger getPathLenConstraint()
public org.bouncycastle.asn1.DERObject toASN1Object()
toASN1Object
in class org.bouncycastle.asn1.ASN1Encodable
public java.lang.String toString()
toString
in class java.lang.Object
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |