All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.unboundid.util.ssl.cert.BasicConstraintsExtension Maven / Gradle / Ivy

/*
 * Copyright 2017-2018 Ping Identity Corporation
 * All Rights Reserved.
 */
/*
 * Copyright (C) 2017-2018 Ping Identity Corporation
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License (GPLv2 only)
 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
 * as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, see .
 */
package com.unboundid.util.ssl.cert;



import java.util.ArrayList;

import com.unboundid.asn1.ASN1Boolean;
import com.unboundid.asn1.ASN1Constants;
import com.unboundid.asn1.ASN1Element;
import com.unboundid.asn1.ASN1Integer;
import com.unboundid.asn1.ASN1Sequence;
import com.unboundid.util.Debug;
import com.unboundid.util.NotMutable;
import com.unboundid.util.OID;
import com.unboundid.util.StaticUtils;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;

import static com.unboundid.util.ssl.cert.CertMessages.*;



/**
 * This class provides an implementation of the basic constraints X.509
 * certificate extension as described in
 * RFC 5280 section 4.2.1.9.
 * This can be used to indicate whether a certificate is a certification
 * authority (CA), and the maximum depth of certification paths that include
 * this certificate.
 * 

* The OID for this extension is 2.5.29.19 and the value has the following * encoding: *
 *   BasicConstraints ::= SEQUENCE {
 *        cA                      BOOLEAN DEFAULT FALSE,
 *        pathLenConstraint       INTEGER (0..MAX) OPTIONAL }
 * 
*/ @NotMutable() @ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE) public final class BasicConstraintsExtension extends X509CertificateExtension { /** * The OID (2.5.29.19) for basic constraints extensions. */ public static final OID BASIC_CONSTRAINTS_OID = new OID("2.5.29.19"); /** * The serial version UID for this serializable class. */ private static final long serialVersionUID = 7597324354728536247L; // Indicates whether the certificate is a certification authority. private final boolean isCA; // The path length constraint for paths that include the certificate. private final Integer pathLengthConstraint; /** * Creates a new basic constraints extension from the provided information. * * @param isCritical Indicates whether this extension should be * considered critical. * @param isCA Indicates whether the associated certificate * is a certification authority. * @param pathLengthConstraint The path length constraint for paths that * include the certificate. This may be * {@code null} if it should not be included in * the extension. */ BasicConstraintsExtension(final boolean isCritical, final boolean isCA, final Integer pathLengthConstraint) { super(BASIC_CONSTRAINTS_OID, isCritical, encodeValue(isCA, pathLengthConstraint)); this.isCA = isCA; this.pathLengthConstraint = pathLengthConstraint; } /** * Creates a new basic constraints extension from the provided generic * extension. * * @param extension The extension to decode as a basic constraints * extension. * * @throws CertException If the provided extension cannot be decoded as a * basic constraints extension. */ BasicConstraintsExtension(final X509CertificateExtension extension) throws CertException { super(extension); try { boolean ca = false; Integer lengthConstraint = null; for (final ASN1Element e : ASN1Sequence.decodeAsSequence(extension.getValue()).elements()) { switch (e.getType()) { case ASN1Constants.UNIVERSAL_BOOLEAN_TYPE: ca = e.decodeAsBoolean().booleanValue(); break; case ASN1Constants.UNIVERSAL_INTEGER_TYPE: lengthConstraint = e.decodeAsInteger().intValue(); break; } } isCA = ca; pathLengthConstraint = lengthConstraint; } catch (final Exception e) { Debug.debugException(e); throw new CertException( ERR_BASIC_CONSTRAINTS_EXTENSION_CANNOT_PARSE.get( String.valueOf(extension), StaticUtils.getExceptionMessage(e)), e); } } /** * Encodes the provided information into a value for this extension. * * @param isCA Indicates whether the associated certificate * is a certification authority. * @param pathLengthConstraint The path length constraint for paths that * include the certificate. This may be * {@code null} if it should not be included in * the extension. * * @return The encoded extension value. */ private static byte[] encodeValue(final boolean isCA, final Integer pathLengthConstraint) { final ArrayList elements = new ArrayList<>(2); if (isCA) { elements.add(new ASN1Boolean(isCA)); } if (pathLengthConstraint != null) { elements.add(new ASN1Integer(pathLengthConstraint)); } return new ASN1Sequence(elements).encode(); } /** * Indicates whether the associated certificate is a certification authority * (that is, can be used to sign other certificates). * * @return {@code true} if the associated certificate is a certification * authority, or {@code false} if not. */ public boolean isCA() { return isCA; } /** * Retrieves the path length constraint for the associated certificate, if * defined. If {@link #isCA()} returns {@code true} and this method returns * a non-{@code null} value, then any certificate chain that includes the * associated certificate should not be trusted if the chain contains more * than this number of certificates. * * @return The path length constraint for the associated certificate, or * {@code null} if no path length constraint is defined. */ public Integer getPathLengthConstraint() { return pathLengthConstraint; } /** * {@inheritDoc} */ @Override() public String getExtensionName() { return INFO_BASIC_CONSTRAINTS_EXTENSION_NAME.get(); } /** * {@inheritDoc} */ @Override() public void toString(final StringBuilder buffer) { buffer.append("BasicConstraintsExtension(oid='"); buffer.append(getOID()); buffer.append("', isCritical="); buffer.append(isCritical()); buffer.append(", isCA="); buffer.append(isCA); if (pathLengthConstraint != null) { buffer.append(", pathLengthConstraint="); buffer.append(pathLengthConstraint); } buffer.append(')'); } }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy