summary refs log tree commit diff
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2023-05-05 19:00:34 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2023-05-05 19:00:34 +0700
commiteec1e384fc311c22550cc4654fcf8272d65e2978 (patch)
treed08b71b94008b1065b8612d9c20af860fa61c92a
parentRefactoring around BasicConstraints (diff)
downloadBouncyCastle.NET-ed25519-eec1e384fc311c22550cc4654fcf8272d65e2978.tar.xz
Improvements to pathLenConstraints checks
Diffstat
-rw-r--r--crypto/src/asn1/x509/BasicConstraints.cs4


-rw-r--r--crypto/src/pkix/Rfc3280CertPathUtilities.cs8


-rw-r--r--crypto/src/x509/X509Certificate.cs6


3 files changed, 12 insertions, 6 deletions
diff --git a/crypto/src/asn1/x509/BasicConstraints.cs b/crypto/src/asn1/x509/BasicConstraints.cs
index 92e0e3dae..67f7f6618 100644
--- a/crypto/src/asn1/x509/BasicConstraints.cs
+++ b/crypto/src/asn1/x509/BasicConstraints.cs
@@ -82,11 +82,9 @@ namespace Org.BouncyCastle.Asn1.X509
             return cA != null && cA.IsTrue;
         }
 
-        // TODO[api] Return DerInteger
         public BigInteger PathLenConstraint => pathLenConstraint?.Value;
 
-        internal int PathLenConstraint_Int32 =>
-            pathLenConstraint == null ? int.MaxValue : pathLenConstraint.IntValueExact;
+        public DerInteger PathLenConstraintInteger => pathLenConstraint;
 
 		/**
          * Produce an object suitable for an Asn1OutputStream.
diff --git a/crypto/src/pkix/Rfc3280CertPathUtilities.cs b/crypto/src/pkix/Rfc3280CertPathUtilities.cs
index 88b842abb..82fe44c35 100644
--- a/crypto/src/pkix/Rfc3280CertPathUtilities.cs
+++ b/crypto/src/pkix/Rfc3280CertPathUtilities.cs
@@ -1778,8 +1778,12 @@ namespace Org.BouncyCastle.Pkix
 			}
 			if (bc != null && bc.IsCA())
 			{
-				maxPathLength = System.Math.Min(maxPathLength, bc.PathLenConstraint_Int32);
-			}
+				var pathLenConstraint = bc.PathLenConstraintInteger;
+				if (pathLenConstraint != null)
+				{
+                    maxPathLength = System.Math.Min(maxPathLength, pathLenConstraint.IntPositiveValueExact);
+                }
+            }
 			return maxPathLength;
 		}
 
diff --git a/crypto/src/x509/X509Certificate.cs b/crypto/src/x509/X509Certificate.cs
index 30cdd6e2d..b1307d90e 100644
--- a/crypto/src/x509/X509Certificate.cs
+++ b/crypto/src/x509/X509Certificate.cs
@@ -367,7 +367,11 @@ namespace Org.BouncyCastle.X509
             if (basicConstraints == null || !basicConstraints.IsCA())
                 return -1;
 
-            return basicConstraints.PathLenConstraint_Int32;
+            var pathLenConstraint = basicConstraints.PathLenConstraintInteger;
+            if (pathLenConstraint == null)
+                return int.MaxValue;
+
+            return pathLenConstraint.IntPositiveValueExact;
         }
 
         public virtual GeneralNames GetIssuerAlternativeNameExtension()

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-19 16:25:15 +0000