bcpkix/src/main/java/org/bouncycastle/cert/path/validations/KeyUsageValidation.java - platform/external/bouncycastle - Git at Google

 package org.bouncycastle.cert.path.validations;

 import org.bouncycastle.asn1.x509.Extension;
 import org.bouncycastle.asn1.x509.KeyUsage;
 import org.bouncycastle.cert.X509CertificateHolder;
 import org.bouncycastle.cert.path.CertPathValidation;
 import org.bouncycastle.cert.path.CertPathValidationContext;
 import org.bouncycastle.cert.path.CertPathValidationException;
 import org.bouncycastle.util.Memoable;

 public class KeyUsageValidation
     implements CertPathValidation
 {
     private boolean          isMandatory;

     public KeyUsageValidation()
     {
         this(true);
     }

     public KeyUsageValidation(boolean isMandatory)
     {
         this.isMandatory = isMandatory;
     }

     public void validate(CertPathValidationContext context, X509CertificateHolder certificate)
         throws CertPathValidationException
     {
         context.addHandledExtension(Extension.keyUsage);

         if (!context.isEndEntity())
         {
             KeyUsage usage = KeyUsage.fromExtensions(certificate.getExtensions());

             if (usage != null)
             {
                 if (!usage.hasUsages(KeyUsage.keyCertSign))
                 {
                     throw new CertPathValidationException("Issuer certificate KeyUsage extension does not permit key signing");
                 }
             }
             else
             {
                 if (isMandatory)
                 {
                     throw new CertPathValidationException("KeyUsage extension not present in CA certificate");
                 }
             }
         }
     }

     public Memoable copy()
     {
         return new KeyUsageValidation(isMandatory);
     }

     public void reset(Memoable other)
     {
         KeyUsageValidation v = (KeyUsageValidation)other;

         this.isMandatory = v.isMandatory;
     }
 }
	package org.bouncycastle.cert.path.validations;

	import org.bouncycastle.asn1.x509.Extension;
	import org.bouncycastle.asn1.x509.KeyUsage;
	import org.bouncycastle.cert.X509CertificateHolder;
	import org.bouncycastle.cert.path.CertPathValidation;
	import org.bouncycastle.cert.path.CertPathValidationContext;
	import org.bouncycastle.cert.path.CertPathValidationException;
	import org.bouncycastle.util.Memoable;

	public class KeyUsageValidation
	implements CertPathValidation
	{
	private boolean isMandatory;

	public KeyUsageValidation()
	{
	this(true);
	}

	public KeyUsageValidation(boolean isMandatory)
	{
	this.isMandatory = isMandatory;
	}

	public void validate(CertPathValidationContext context, X509CertificateHolder certificate)
	throws CertPathValidationException
	{
	context.addHandledExtension(Extension.keyUsage);

	if (!context.isEndEntity())
	{
	KeyUsage usage = KeyUsage.fromExtensions(certificate.getExtensions());

	if (usage != null)
	{
	if (!usage.hasUsages(KeyUsage.keyCertSign))
	{
	throw new CertPathValidationException("Issuer certificate KeyUsage extension does not permit key signing");
	}
	}
	else
	{
	if (isMandatory)
	{
	throw new CertPathValidationException("KeyUsage extension not present in CA certificate");
	}
	}
	}
	}

	public Memoable copy()
	{
	return new KeyUsageValidation(isMandatory);
	}

	public void reset(Memoable other)
	{
	KeyUsageValidation v = (KeyUsageValidation)other;

	this.isMandatory = v.isMandatory;
	}
	}