protected void validateKeyUsage(int keyUsageBits) throws IOException { Extensions exts = certificate.getTBSCertificate().getExtensions(); if (exts != null) { KeyUsage ku = KeyUsage.fromExtensions(exts); if (ku != null) { int bits = ku.getBytes()[0] & 0xff; if ((bits & keyUsageBits) != keyUsageBits) { throw new TlsFatalAlert(AlertDescription.certificate_unknown); } } } }
static void validateKeyUsage(org.spongycastle.asn1.x509.Certificate c, int keyUsageBits) throws IOException { Extensions exts = c.getTBSCertificate().getExtensions(); if (exts != null) { KeyUsage ku = KeyUsage.fromExtensions(exts); if (ku != null) { int bits = ku.getBytes()[0] & 0xff; if ((bits & keyUsageBits) != keyUsageBits) { throw new TlsFatalAlert(AlertDescription.certificate_unknown); } } } }
private boolean isSuitableKeyUsage(int keyUsageBits, X509Certificate c) { try { Extensions exts = TBSCertificate.getInstance(c.getTBSCertificate()).getExtensions(); if (exts != null) { KeyUsage ku = KeyUsage.fromExtensions(exts); if (ku != null) { int bits = ku.getBytes()[0] & 0xff; if ((bits & keyUsageBits) != keyUsageBits) { return false; } } } } catch (Exception e) { return false; } return true; } }
KeyUsage keyUsage = KeyUsage.fromExtensions(cert.getExtensions());
private boolean isSuitableKeyUsage(int keyUsageBits, X509Certificate c) { try { Extensions exts = TBSCertificate.getInstance(c.getTBSCertificate()).getExtensions(); if (exts != null) { KeyUsage ku = KeyUsage.fromExtensions(exts); if (ku != null) { int bits = ku.getBytes()[0] & 0xff; if ((bits & keyUsageBits) != keyUsageBits) { return false; } } } } catch (Exception e) { return false; } return true; }
public void validate(CertPathValidationContext context, X509CertificateHolder certificate) throws CertPathValidationException { context.addHandledExtension(Extension.keyUsage); if (!context.isEndEntity()) { KeyUsage usage = KeyUsage.fromExtensions(certificate.getExtensions()); if (usage != null) { if (!usage.hasUsages(KeyUsage.keyCertSign)) { throw new CertPathValidationException("Issuer certificate KeyUsage extension does not permit key signing"); } } else { if (isMandatory) { throw new CertPathValidationException("KeyUsage extension not present in CA certificate"); } } } }
public void validate(CertPathValidationContext context, X509CertificateHolder certificate) throws CertPathValidationException { context.addHandledExtension(Extension.keyUsage); if (!context.isEndEntity()) { KeyUsage usage = KeyUsage.fromExtensions(certificate.getExtensions()); if (usage != null) { if (!usage.hasUsages(KeyUsage.keyCertSign)) { throw new CertPathValidationException("Issuer certificate KeyUsage extension does not permit key signing"); } } else { if (isMandatory) { throw new CertPathValidationException("KeyUsage extension not present in CA certificate"); } } } }
protected void validateKeyUsage(int keyUsageBits) throws IOException { Extensions exts; try { exts = TBSCertificate.getInstance(certificate.getTBSCertificate()).getExtensions(); } catch (CertificateEncodingException e) { throw new TlsCryptoException("unable to parse certificate extensions: " + e.getMessage(), e); } if (exts != null) { KeyUsage ku = KeyUsage.fromExtensions(exts); if (ku != null) { int bits = ku.getBytes()[0] & 0xff; if ((bits & keyUsageBits) != keyUsageBits) { throw new TlsFatalAlert(AlertDescription.certificate_unknown); } } } }