blob: 7211b7cd9351b44eca62fd74fbfbacdc3e9cb403 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
package org.spongycastle.cert.path.validations;
import org.spongycastle.asn1.x509.Extension;
import org.spongycastle.asn1.x509.KeyUsage;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cert.path.CertPathValidation;
import org.spongycastle.cert.path.CertPathValidationContext;
import org.spongycastle.cert.path.CertPathValidationException;
import org.spongycastle.util.Memoable;
public class KeyUsageValidation
implements CertPathValidation
{
private boolean isMandatory;
public KeyUsageValidation()
{
this(true);
}
public KeyUsageValidation(boolean isMandatory)
{
this.isMandatory = isMandatory;
}
public void validate(CertPathValidationContext context, X509CertificateHolder certificate)
throws CertPathValidationException
{
context.addHandledExtension(Extension.keyUsage);
if (!context.isEndEntity())
{
KeyUsage usage = KeyUsage.fromExtensions(certificate.getExtensions());
if (usage != null)
{
if (!usage.hasUsages(KeyUsage.keyCertSign))
{
throw new CertPathValidationException("Issuer certificate KeyUsage extension does not permit key signing");
}
}
else
{
if (isMandatory)
{
throw new CertPathValidationException("KeyUsage extension not present in CA certificate");
}
}
}
}
public Memoable copy()
{
return new KeyUsageValidation(isMandatory);
}
public void reset(Memoable other)
{
KeyUsageValidation v = (KeyUsageValidation)other;
this.isMandatory = v.isMandatory;
}
}
|