Package com.unboundid.util.ssl.cert

Class BasicConstraintsExtension

java.lang.Object

com.unboundid.util.ssl.cert.X509CertificateExtension

com.unboundid.util.ssl.cert.BasicConstraintsExtension

All Implemented Interfaces:

Serializable

@NotMutable
@ThreadSafety(level=COMPLETELY_THREADSAFE)
public final class BasicConstraintsExtension
extends X509CertificateExtension

This class provides an implementation of the basic constraints X.509 certificate extension as described in RFC 5280 section 4.2.1.9. This can be used to indicate whether a certificate is a certification authority (CA), and the maximum depth of certification paths that include this certificate.

The OID for this extension is 2.5.29.19 and the value has the following encoding:

   BasicConstraints ::= SEQUENCE {
        cA                      BOOLEAN DEFAULT FALSE,
        pathLenConstraint       INTEGER (0..MAX) OPTIONAL }
 

See Also:

• Serialized Form

Field Summary

Fields

Modifier and Type	Field	Description
static final OID	BASIC_CONSTRAINTS_OID	The OID (2.5.29.19) for basic constraints extensions.

Method Summary

Modifier and Type	Method	Description
String	getExtensionName()	Retrieves the name for this extension.
Integer	getPathLengthConstraint()	Retrieves the path length constraint for the associated certificate, if defined.
boolean	isCA()	Indicates whether the associated certificate is a certification authority (that is, can be used to sign other certificates).
void	toString(StringBuilder buffer)	Appends a string representation of this certificate extension to the provided buffer.

Methods inherited from class com.unboundid.util.ssl.cert.X509CertificateExtension

getOID, getValue, isCritical, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Details

BASIC_CONSTRAINTS_OID

@NotNull
public static final OID BASIC_CONSTRAINTS_OID

The OID (2.5.29.19) for basic constraints extensions.

Method Details

isCA

public boolean isCA()

Indicates whether the associated certificate is a certification authority (that is, can be used to sign other certificates).

Returns:

true if the associated certificate is a certification authority, or false if not.

getPathLengthConstraint

@Nullable
public Integer getPathLengthConstraint()

Retrieves the path length constraint for the associated certificate, if defined. If isCA() returns true and this method returns a non-null value, then any certificate chain that includes the associated certificate should not be trusted if the chain contains more than this number of certificates.

Returns:

The path length constraint for the associated certificate, or null if no path length constraint is defined.

getExtensionName

@NotNull
public String getExtensionName()

Retrieves the name for this extension.

Overrides:

getExtensionName in class X509CertificateExtension

Returns:

The name for this extension.

toString

public void toString(@NotNull
 StringBuilder buffer)

Appends a string representation of this certificate extension to the provided buffer.

Overrides:

toString in class X509CertificateExtension

Parameters:

buffer - The buffer to which the information should be appended.