Improvements to pathLenConstraints checks
3 files changed, 12 insertions, 6 deletions
diff --git a/crypto/src/asn1/x509/BasicConstraints.cs b/crypto/src/asn1/x509/BasicConstraints.cs
index 92e0e3dae..67f7f6618 100644
--- a/crypto/src/asn1/x509/BasicConstraints.cs
+++ b/crypto/src/asn1/x509/BasicConstraints.cs
@@ -82,11 +82,9 @@ namespace Org.BouncyCastle.Asn1.X509
return cA != null && cA.IsTrue;
}
- // TODO[api] Return DerInteger
public BigInteger PathLenConstraint => pathLenConstraint?.Value;
- internal int PathLenConstraint_Int32 =>
- pathLenConstraint == null ? int.MaxValue : pathLenConstraint.IntValueExact;
+ public DerInteger PathLenConstraintInteger => pathLenConstraint;
/**
* Produce an object suitable for an Asn1OutputStream.
diff --git a/crypto/src/pkix/Rfc3280CertPathUtilities.cs b/crypto/src/pkix/Rfc3280CertPathUtilities.cs
index 88b842abb..82fe44c35 100644
--- a/crypto/src/pkix/Rfc3280CertPathUtilities.cs
+++ b/crypto/src/pkix/Rfc3280CertPathUtilities.cs
@@ -1778,8 +1778,12 @@ namespace Org.BouncyCastle.Pkix
}
if (bc != null && bc.IsCA())
{
- maxPathLength = System.Math.Min(maxPathLength, bc.PathLenConstraint_Int32);
- }
+ var pathLenConstraint = bc.PathLenConstraintInteger;
+ if (pathLenConstraint != null)
+ {
+ maxPathLength = System.Math.Min(maxPathLength, pathLenConstraint.IntPositiveValueExact);
+ }
+ }
return maxPathLength;
}
diff --git a/crypto/src/x509/X509Certificate.cs b/crypto/src/x509/X509Certificate.cs
index 30cdd6e2d..b1307d90e 100644
--- a/crypto/src/x509/X509Certificate.cs
+++ b/crypto/src/x509/X509Certificate.cs
@@ -367,7 +367,11 @@ namespace Org.BouncyCastle.X509
if (basicConstraints == null || !basicConstraints.IsCA())
return -1;
- return basicConstraints.PathLenConstraint_Int32;
+ var pathLenConstraint = basicConstraints.PathLenConstraintInteger;
+ if (pathLenConstraint == null)
+ return int.MaxValue;
+
+ return pathLenConstraint.IntPositiveValueExact;
}
public virtual GeneralNames GetIssuerAlternativeNameExtension()
|
