BasicConstraints (6.0 API Documentation)

java.lang.Object
- iaik.x509.V3Extension
- - iaik.x509.extensions.BasicConstraints

```
public class BasicConstraints
extends V3Extension
```
This class implements the BasicConstraints Extension.
The BasicConstraints extension is a standard X509v3 extension, which shall be used only in CA certificates where it has to be marked as being critical.
Each extension is associated with a specific certificateExtension object identifier, derived from:
```
 certificateExtension  OBJECT IDENTIFIER ::=
                            {joint-iso-ccitt(2) ds(5) 29}
 id-ce                 OBJECT IDENTIFIER ::=  certificateExtension
 
```
The object identifier for the BasicConstraints extension is defined as:
id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }
which corresponds to the OID string "2.5.29.19".
The X.509 Certificate and CRL profile presented in RFC 3280 specifies the basic constraints extension for identifying whether the subject of the certificate is a CA and how deep a certification path may exist through that CA. This profile requires the use of this extension.
The ASN.1 definition of the BasicConstraints extension is specified as follows:
```
 BasicConstraints ::= SEQUENCE {
     cA                      BOOLEAN DEFAULT FALSE,
     pathLenConstraint       INTEGER (0..MAX) OPTIONAL }
 
```
The pathLenConstraint field is meaningful only if cA is set to TRUE. In this case, it gives the maximum number of CA certificates that may follow this certificate in a certification path. A value of zero indicates that only an end-entity certificate may follow in the path.
If the pathLenConstraint value is set, it has to be greater than or equal to zero. If it is not set, the certification path may be of any length.
This class provides several methods for setting respectively getting the component values of an BasicConstraints extension object.
For adding a BasicConstraints extension object to a X509Certificate, use the addExtension method of the iaik.x509.X509Certificate class:
```
 X509Certificate cert = new X509Certificate();
  ...
 BasicConstraints bc = new BasicConstraints(true, 0);
 bc.setCritical(true);
 cert.addExtension(bc);
 
```
where true sets the cA value for indicating that the subject of the certificate is a CA, and the 0 pathLenConstraint value implements the case stated above indicating that only an end-entity certificate may follow in the path. Note that per default cA is set to false and pathLenConstraint is set to -1 indicating that the subject of the certificate is not a CA and that the pathLenConstraint value is not specified.
Since the BasicConstraints extension is a critical extension, critical has to be set to true before adding the BasicConstraints extension to a certificate:
```
 bc.setCritical(true)
 
```
Version:

File Revision 24

See Also:
ObjectID, X509Certificate, X509Extensions, V3Extension

Field Summary

Fields
Modifier and Type Field and Description

static ObjectID oid
The object identifier of this BasicConstraints extension.
- Fields inherited from class iaik.x509.V3Extension
  critical

Fields
Modifier and Type	Field and Description
`static ObjectID`	`oid` The object identifier of this `BasicConstraints` extension.

Constructor Summary

Constructors
Constructor and Description
`BasicConstraints()` Default constructor.
`BasicConstraints(boolean ca)` Creates a new `BasicConstraints` extension setting `cA` to the given parameter value.
`BasicConstraints(boolean ca, int plc)` Creates a new `BasicConstraints` extension with the given `cA` and `pathLenConstraint` values.

Method Summary

Methods
Modifier and Type	Method and Description
`boolean`	`ca()` Returns `true` if the subject of the certificate holding this `BasicConstraints` extension is a CA.
`ObjectID`	`getObjectID()` Returns the object ID of this `BasicConstraints` extension
`int`	`getPathLenConstraint()` Returns the `pathLenConstraint` value of this `BasicConstraints` extension specifying the maximum number of CA certificates that may follow the certificate in a certification path.
`int`	`hashCode()` Returns a hashcode for this identity.
`void`	`init(ASN1Object obj)` Inits this `BasicConstraints` implementation with an ASN1Object representing the value of this extension.
`void`	`setCa(boolean ca)` Sets the `cA` value of this `BasicConstraints` extension to `true` if the subject is a CA.
`void`	`setPathLenConstraint(int plc)` Sets the `pathLenConstraint` value of this `BasicConstraints` extension specifying the maximum number of CA certificates that may follow the certificate in a certification path.
`ASN1Object`	`toASN1Object()` Returns an ASN1Object representing the value of this `BasicConstraints` extension object.
`java.lang.String`	`toString()` Returns a string that represents the contents of this `BasicConstraints` extension.

Methods inherited from class iaik.x509.V3Extension
getName, isCritical, setCritical

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, notify, notifyAll, wait, wait, wait

- Field Detail
  - oid
```
public static final ObjectID oid
```
    The object identifier of this BasicConstraints extension. The corresponding OID string is "2.5.29.19".
- Constructor Detail
  - BasicConstraints
```
public BasicConstraints()
```
    Default constructor. Creates an empty BasicConstraints object.
    Per default cA is set to false and pathLenConstraint is set to -1 indicating that the subject of the certificate is not a CA and that the pathLenConstraint value is not specified. Use setCa and setPathLenConstraint for explicitly setting the corresponding values.
    Do not forget to specify this extension as critical before adding it to a certificate:
```
 BasicConstraints bc = new BasicConstraints();
 bc.setCa(true);
 bc.setPathLenConstraint(1);
 bc.setCritical(true);
 cert.addExtension(bc);
 
```
    See Also:
    V3Extension.setCritical(boolean)
  - BasicConstraints
```
public BasicConstraints(boolean ca,
                int plc)
```
    Creates a new BasicConstraints extension with the given cA and pathLenConstraint values.
    The ca parameter specifies if the subject of the certificate holding this BasicConstraints extension is a CA, and the plc value specifies how deep a certification path may exist.
    Do not forget to specify this extension as critical before adding it to a certificate, e.g.:
```
 BasicConstraints bc = new BasicConstraints(true, 1);
   ...
 bc.setCritical(true);
 cert.addExtension(bc);
 
```
    Parameters:
    ca - true if the certificate subject is a CA, false otherwise
    plc - the maximum number of CA certificates that may follow this certificate in a certification path
    See Also:
    V3Extension.setCritical(boolean)
  - BasicConstraints
```
public BasicConstraints(boolean ca)
```
    Creates a new BasicConstraints extension setting cA to the given parameter value.
    The ca parameter specifies whether the subject of the certificate holding this BasicConstraints extension is a CA or not. Use this constructor for indicating a CA certificate and leaving the pathLenConstraint value at -1 indicating that there is no limit to the allowed length of the certification path.
    Do not forget to specify this extension as critical before adding it to a certificate, e.g.:
```
 BasicConstraints bc = new BasicConstraints(true);
   ...
 bc.setCritical(true);
 cert.addExtension(bc);
 
```
    Parameters:
    ca - true if the certificate subject is a CA, false otherwise
    See Also:
    V3Extension.setCritical(boolean)
- Method Detail
  - getObjectID
```
public ObjectID getObjectID()
```
    Returns the object ID of this BasicConstraints extension
    
    Specified by:
    
    getObjectID in class V3Extension
    
    Returns:
    the object ID
  - init
```
public void init(ASN1Object obj)
          throws X509ExtensionException
```
    Inits this BasicConstraints implementation with an ASN1Object representing the value of this extension.
    The given ASN1Object represents the cA and (optioanl) pathLenConstraint values of this extension.
    The given ASN1Object is the one created by toASN1Object().
    This method is used by the X509Extensions class when parsing the ASN.1 representation of a certificate for properly initializing an included BasicConstraints extension. This method initializes the extension only with its value, but not with its critical specification. For that reason, this method shall not be explicitly called by an application.
    
    Specified by:
    
    init in class V3Extension
    
    Parameters:
    obj - the BasicConstraints as ASN1Object
    
    Throws:
    
    X509ExtensionException - if the extension could not be parsed
  - toASN1Object
```
public ASN1Object toASN1Object()
```
    Returns an ASN1Object representing the value of this BasicConstraints extension object.
    The returned ASN1Object is an ASN.1 Sequence representing the cA and (optioanl) pathLenConstraint values of this extension:
```
 BasicConstraints ::= SEQUENCE {
     cA                      BOOLEAN DEFAULT FALSE,
     pathLenConstraint       INTEGER (0..MAX) OPTIONAL }
 
```
    Specified by:
    
    toASN1Object in class V3Extension
    
    Returns:
    the value of this BasicConstraints as ASN1Object
  - setPathLenConstraint
```
public void setPathLenConstraint(int plc)
```
    Sets the pathLenConstraint value of this BasicConstraints extension specifying the maximum number of CA certificates that may follow the certificate in a certification path.
    For instance:
```
 BasicConstraints bc = new BasicConstraints();
 bc.setCa(true);
 bc.setPathLenConstraint(1);
 bc.setCritical(true);
 cert.addExtension(bc);
 
```
    Parameters:
    plc - the pathLenConstraint value
    See Also:
    getPathLenConstraint()
  - setCa
```
public void setCa(boolean ca)
```
    Sets the cA value of this BasicConstraints extension to true if the subject is a CA.
    For instance:
```
 BasicConstraints bc = new BasicConstraints();
 bc.setCa(true);
 bc.setPathLenConstraint(1);
 bc.setCritical(true);
 cert.addExtension(bc);
 
```
    Parameters:
    ca - the cA value, true if the subject is a CA
    See Also:
    ca()
  - getPathLenConstraint
```
public int getPathLenConstraint()
```
    Returns the pathLenConstraint value of this BasicConstraints extension specifying the maximum number of CA certificates that may follow the certificate in a certification path.
    The pathLenConstraint field is meaningful only if cA is set to true:
    - If cA is set to true and pathLenConstraint is set, this method returns the maximum number of CA certificates that may follow the certificate in a certification path.
    - If cA is set to true and pathLenConstraint is not specified, this method returns -1 indicating that there is no limit to the allowed length of the certification path.
    Returns:
    the pathLenConstraint value specifying the maximum number of CA certificates that may follow the certificate in a certification path, or allowing any length of the certification path, if set to -1; only meaningful, if the cA value is set to true
    See Also:
    setPathLenConstraint(int)
  - ca
```
public boolean ca()
```
    Returns true if the subject of the certificate holding this BasicConstraints extension is a CA.
    
    Returns:
    true if the subject is a CA, false if not.
    See Also:
    setCa(boolean)
  - hashCode
```
public int hashCode()
```
    Returns a hashcode for this identity.
    
    Specified by:
    
    hashCode in class V3Extension
    
    Returns:
    a hash code for this identity
  - toString
```
public java.lang.String toString()
```
    Returns a string that represents the contents of this BasicConstraints extension.
    
    Overrides:
    
    toString in class java.lang.Object
    
    Returns:
    the string representation

Class BasicConstraints

Field Summary

Fields inherited from class iaik.x509.V3Extension

Constructor Summary

Method Summary

Methods inherited from class iaik.x509.V3Extension

Methods inherited from class java.lang.Object

Field Detail

oid

Constructor Detail

BasicConstraints

BasicConstraints

BasicConstraints

Method Detail

getObjectID

init

toASN1Object

setPathLenConstraint

setCa

getPathLenConstraint

ca

hashCode

toString