Class BasicConstraintsExtension

  • All Implemented Interfaces:
    java.io.Serializable

    @NotMutable
    @ThreadSafety(level=COMPLETELY_THREADSAFE)
    public final class BasicConstraintsExtension
    extends X509CertificateExtension
    This class provides an implementation of the basic constraints X.509 certificate extension as described in RFC 5280 section 4.2.1.9. This can be used to indicate whether a certificate is a certification authority (CA), and the maximum depth of certification paths that include this certificate.

    The OID for this extension is 2.5.29.19 and the value has the following encoding:
       BasicConstraints ::= SEQUENCE {
            cA                      BOOLEAN DEFAULT FALSE,
            pathLenConstraint       INTEGER (0..MAX) OPTIONAL }
     
    See Also:
    Serialized Form
    • Field Summary

      Fields 
      Modifier and Type Field Description
      static OID BASIC_CONSTRAINTS_OID
      The OID (2.5.29.19) for basic constraints extensions.
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.lang.String getExtensionName()
      Retrieves the name for this extension.
      java.lang.Integer getPathLengthConstraint()
      Retrieves the path length constraint for the associated certificate, if defined.
      boolean isCA()
      Indicates whether the associated certificate is a certification authority (that is, can be used to sign other certificates).
      void toString​(java.lang.StringBuilder buffer)
      Appends a string representation of this certificate extension to the provided buffer.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
    • Field Detail

      • BASIC_CONSTRAINTS_OID

        public static final OID BASIC_CONSTRAINTS_OID
        The OID (2.5.29.19) for basic constraints extensions.
    • Method Detail

      • isCA

        public boolean isCA()
        Indicates whether the associated certificate is a certification authority (that is, can be used to sign other certificates).
        Returns:
        true if the associated certificate is a certification authority, or false if not.
      • getPathLengthConstraint

        public java.lang.Integer getPathLengthConstraint()
        Retrieves the path length constraint for the associated certificate, if defined. If isCA() returns true and this method returns a non-null value, then any certificate chain that includes the associated certificate should not be trusted if the chain contains more than this number of certificates.
        Returns:
        The path length constraint for the associated certificate, or null if no path length constraint is defined.
      • toString

        public void toString​(java.lang.StringBuilder buffer)
        Appends a string representation of this certificate extension to the provided buffer.
        Overrides:
        toString in class X509CertificateExtension
        Parameters:
        buffer - The buffer to which the information should be appended.