public class BasicConstraints extends V3Extension
BasicConstraints Extension.
 
 The BasicConstraints extension is a standard X509v3 extension, which
 shall be used only in CA certificates where it has to be marked as being critical.
 
 Each extension is associated with a specific certificateExtension
 object identifier, derived from:
 
 certificateExtension  OBJECT IDENTIFIER ::=
                            {joint-iso-ccitt(2) ds(5) 29}
 id-ce                 OBJECT IDENTIFIER ::=  certificateExtension
 
 The object identifier for the BasicConstraints extension
 is defined as:
 
 id-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-ce 19 }
 
which corresponds to the OID string "2.5.29.19".
The X.509 Certificate and CRL profile presented in RFC 3280 specifies the basic constraints extension for identifying whether the subject of the certificate is a CA and how deep a certification path may exist through that CA. This profile requires the use of this extension.
 The ASN.1 definition of the BasicConstraints extension is specified
 as follows:
 
 BasicConstraints ::= SEQUENCE {
     cA                      BOOLEAN DEFAULT FALSE,
     pathLenConstraint       INTEGER (0..MAX) OPTIONAL }
 
 
 The pathLenConstraint field is meaningful only if cA is set
 to TRUE.
 In this case, it gives the maximum number of CA certificates that may
 follow this certificate in a certification path. A value of zero
 indicates that only an end-entity certificate may follow in the path.
 
 If the pathLenConstraint value is set, it has to be greater than or
 equal to zero. If it is not set, the certification path may be of
 any length.
 
 This class provides several methods for setting respectively getting the
 component values of an BasicConstraints extension object.
 
 For adding a BasicConstraints extension object to
 a X509Certificate, use the addExtension method of the
 iaik.x509.X509Certificate
 class:
 
X509Certificate cert = new X509Certificate(); ... BasicConstraints bc = new BasicConstraints(true, 0); bc.setCritical(true); cert.addExtension(bc);
 where true sets the cA value for indicating that the subject
 of the certificate is a CA, and the 0 pathLenConstraint value
 implements the case stated above indicating that only an end-entity certificate
 may follow in the path. Note that per default cA is set to false
 and pathLenConstraint is set to -1 indicating that the
 subject of the certificate is not a CA and that the pathLenConstraint value
 is not specified.
 
 Since the BasicConstraints extension is a critical extension, critical
 has to be set to true before adding the BasicConstraints extension
 to a certificate:
 
bc.setCritical(true)
ObjectID, 
X509Certificate, 
X509Extensions, 
V3Extension| Modifier and Type | Field and Description | 
|---|---|
| static ObjectID | oidThe object identifier of this  BasicConstraintsextension. | 
critical| Constructor and Description | 
|---|
| BasicConstraints()Default constructor. | 
| BasicConstraints(boolean ca)Creates a new  BasicConstraintsextension settingcAto the given parameter value. | 
| BasicConstraints(boolean ca,
                int plc)Creates a new  BasicConstraintsextension with the givencAandpathLenConstraintvalues. | 
| Modifier and Type | Method and Description | 
|---|---|
| boolean | ca()Returns  trueif the subject of the certificate holding thisBasicConstraintsextension is a CA. | 
| ObjectID | getObjectID()Returns the object ID of this  BasicConstraintsextension | 
| int | getPathLenConstraint()Returns the  pathLenConstraintvalue of thisBasicConstraintsextension specifying the maximum number of CA certificates that may follow the
 certificate in a certification path. | 
| int | hashCode()Returns a hashcode for this identity. | 
| void | init(ASN1Object obj)Inits this  BasicConstraintsimplementation with an ASN1Object
 representing the value of this extension. | 
| void | setCa(boolean ca)Sets the  cAvalue of thisBasicConstraintsextension totrueif the subject is a CA. | 
| void | setPathLenConstraint(int plc)Sets the  pathLenConstraintvalue of thisBasicConstraintsextension specifying the maximum number of CA certificates that may follow the
 certificate in a certification path. | 
| ASN1Object | toASN1Object()Returns an ASN1Object representing the value of this  BasicConstraintsextension object. | 
| java.lang.String | toString()Returns a string that represents the contents of this
  BasicConstraintsextension. | 
getName, isCritical, setCriticalpublic static final ObjectID oid
BasicConstraints extension.
 The corresponding OID string is "2.5.29.19".public BasicConstraints()
BasicConstraints object.
 
 Per default cA is set to false and pathLenConstraint
 is set to -1 indicating that the subject of the certificate is not a CA and
 that the pathLenConstraint value is not specified. Use setCa and setPathLenConstraint
 for explicitly setting the corresponding values.
 
Do not forget to specify this extension as critical before adding it to a certificate:
BasicConstraints bc = new BasicConstraints(); bc.setCa(true); bc.setPathLenConstraint(1); bc.setCritical(true); cert.addExtension(bc);
V3Extension.setCritical(boolean)public BasicConstraints(boolean ca,
                int plc)
BasicConstraints extension with the given
 cA and pathLenConstraint values.
 
 The ca parameter specifies if the subject of the certificate
 holding this BasicConstraints extension is a CA, and the
 plc value specifies how deep a certification path may exist.
 
Do not forget to specify this extension as critical before adding it to a certificate, e.g.:
BasicConstraints bc = new BasicConstraints(true, 1); ... bc.setCritical(true); cert.addExtension(bc);
ca - true if the certificate subject is a CA,
        false otherwiseplc - the maximum number of CA certificates that may
            follow this certificate in a certification pathV3Extension.setCritical(boolean)public BasicConstraints(boolean ca)
BasicConstraints extension setting cA
 to the given parameter value.
 
 The ca parameter specifies whether the subject of the certificate
 holding this BasicConstraints extension is a CA or not. Use this
 constructor for indicating a CA certificate and leaving the
 pathLenConstraint value at -1 indicating
 that there is no limit to the allowed length of the certification path.
 
Do not forget to specify this extension as critical before adding it to a certificate, e.g.:
BasicConstraints bc = new BasicConstraints(true); ... bc.setCritical(true); cert.addExtension(bc);
ca - true if the certificate subject is a CA,
           false otherwiseV3Extension.setCritical(boolean)public ObjectID getObjectID()
BasicConstraints extensiongetObjectID in class V3Extensionpublic void init(ASN1Object obj) throws X509ExtensionException
BasicConstraints implementation with an ASN1Object
 representing the value of this extension.
 
 The given ASN1Object represents the cA and (optioanl)
 pathLenConstraint values of this  extension.
 
 The given ASN1Object is the one created by toASN1Object().
 
 This method is used by the X509Extensions class when parsing the ASN.1 representation
 of a certificate for properly initializing an included
 BasicConstraints extension. This method initializes the
 extension only with its value, but not with its critical
 specification. For that reason, this method shall not be
 explicitly called by an application.
init in class V3Extensionobj - the BasicConstraints as ASN1ObjectX509ExtensionException - if the extension could not be parsedpublic ASN1Object toASN1Object()
BasicConstraints
 extension object.
 
 The returned ASN1Object is an ASN.1 Sequence representing the cA and
 (optioanl) pathLenConstraint values of this  extension:
 
 BasicConstraints ::= SEQUENCE {
     cA                      BOOLEAN DEFAULT FALSE,
     pathLenConstraint       INTEGER (0..MAX) OPTIONAL }
 toASN1Object in class V3ExtensionBasicConstraints as ASN1Objectpublic void setPathLenConstraint(int plc)
pathLenConstraint value of this BasicConstraints
 extension specifying the maximum number of CA certificates that may follow the
 certificate in a certification path.
 For instance:
BasicConstraints bc = new BasicConstraints(); bc.setCa(true); bc.setPathLenConstraint(1); bc.setCritical(true); cert.addExtension(bc);
plc - the pathLenConstraint valuegetPathLenConstraint()public void setCa(boolean ca)
cA value of this BasicConstraints
 extension to true if the subject is a CA.
 For instance:
BasicConstraints bc = new BasicConstraints(); bc.setCa(true); bc.setPathLenConstraint(1); bc.setCritical(true); cert.addExtension(bc);
ca - the cA value, true if the subject is a CAca()public int getPathLenConstraint()
pathLenConstraint value of this BasicConstraints
 extension specifying the maximum number of CA certificates that may follow the
 certificate in a certification path.
 
 The pathLenConstraint field is meaningful only if cA
 is set to true:
 
cA is set to true and pathLenConstraint
 is set, this method returns the maximum number of CA certificates that may follow
 the certificate in a certification path.
 
cA is set to true and pathLenConstraint
 is not specified, this method returns -1 indicating that there is no limit to the
 allowed length of the certification path.
 pathLenConstraint value specifying the maximum number of CA
         certificates that may follow the certificate in a certification path, or
         allowing any length of the certification path, if set to -1; only
         meaningful, if the cA value is set to truesetPathLenConstraint(int)public boolean ca()
true if the subject of the certificate holding this
 BasicConstraints extension is a CA.true if the subject is a CA, false if not.setCa(boolean)public int hashCode()
hashCode in class V3Extensionpublic java.lang.String toString()
BasicConstraints extension.toString in class java.lang.Object