org.bouncycastle.cert.path.validations.KeyUsageValidation Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of bcpkix-jdk15on Show documentation
Show all versions of bcpkix-jdk15on Show documentation
The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.
package org.bouncycastle.cert.path.validations;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.path.CertPathValidation;
import org.bouncycastle.cert.path.CertPathValidationContext;
import org.bouncycastle.cert.path.CertPathValidationException;
import org.bouncycastle.util.Memoable;
public class KeyUsageValidation
implements CertPathValidation
{
private boolean isMandatory;
public KeyUsageValidation()
{
this(true);
}
public KeyUsageValidation(boolean isMandatory)
{
this.isMandatory = isMandatory;
}
public void validate(CertPathValidationContext context, X509CertificateHolder certificate)
throws CertPathValidationException
{
context.addHandledExtension(Extension.keyUsage);
if (!context.isEndEntity())
{
KeyUsage usage = KeyUsage.fromExtensions(certificate.getExtensions());
if (usage != null)
{
if (!usage.hasUsages(KeyUsage.keyCertSign))
{
throw new CertPathValidationException("Issuer certificate KeyUsage extension does not permit key signing");
}
}
else
{
if (isMandatory)
{
throw new CertPathValidationException("KeyUsage extension not present in CA certificate");
}
}
}
}
public Memoable copy()
{
return new KeyUsageValidation(isMandatory);
}
public void reset(Memoable other)
{
KeyUsageValidation v = (KeyUsageValidation)other;
this.isMandatory = v.isMandatory;
}
}