diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2023-05-05 19:00:34 +0700 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2023-05-05 19:00:34 +0700 |
commit | eec1e384fc311c22550cc4654fcf8272d65e2978 (patch) | |
tree | d08b71b94008b1065b8612d9c20af860fa61c92a /crypto/src | |
parent | Refactoring around BasicConstraints (diff) | |
download | BouncyCastle.NET-ed25519-eec1e384fc311c22550cc4654fcf8272d65e2978.tar.xz |
Improvements to pathLenConstraints checks
Diffstat (limited to 'crypto/src')
-rw-r--r-- | crypto/src/asn1/x509/BasicConstraints.cs | 4 | ||||
-rw-r--r-- | crypto/src/pkix/Rfc3280CertPathUtilities.cs | 8 | ||||
-rw-r--r-- | crypto/src/x509/X509Certificate.cs | 6 |
3 files changed, 12 insertions, 6 deletions
diff --git a/crypto/src/asn1/x509/BasicConstraints.cs b/crypto/src/asn1/x509/BasicConstraints.cs index 92e0e3dae..67f7f6618 100644 --- a/crypto/src/asn1/x509/BasicConstraints.cs +++ b/crypto/src/asn1/x509/BasicConstraints.cs @@ -82,11 +82,9 @@ namespace Org.BouncyCastle.Asn1.X509 return cA != null && cA.IsTrue; } - // TODO[api] Return DerInteger public BigInteger PathLenConstraint => pathLenConstraint?.Value; - internal int PathLenConstraint_Int32 => - pathLenConstraint == null ? int.MaxValue : pathLenConstraint.IntValueExact; + public DerInteger PathLenConstraintInteger => pathLenConstraint; /** * Produce an object suitable for an Asn1OutputStream. diff --git a/crypto/src/pkix/Rfc3280CertPathUtilities.cs b/crypto/src/pkix/Rfc3280CertPathUtilities.cs index 88b842abb..82fe44c35 100644 --- a/crypto/src/pkix/Rfc3280CertPathUtilities.cs +++ b/crypto/src/pkix/Rfc3280CertPathUtilities.cs @@ -1778,8 +1778,12 @@ namespace Org.BouncyCastle.Pkix } if (bc != null && bc.IsCA()) { - maxPathLength = System.Math.Min(maxPathLength, bc.PathLenConstraint_Int32); - } + var pathLenConstraint = bc.PathLenConstraintInteger; + if (pathLenConstraint != null) + { + maxPathLength = System.Math.Min(maxPathLength, pathLenConstraint.IntPositiveValueExact); + } + } return maxPathLength; } diff --git a/crypto/src/x509/X509Certificate.cs b/crypto/src/x509/X509Certificate.cs index 30cdd6e2d..b1307d90e 100644 --- a/crypto/src/x509/X509Certificate.cs +++ b/crypto/src/x509/X509Certificate.cs @@ -367,7 +367,11 @@ namespace Org.BouncyCastle.X509 if (basicConstraints == null || !basicConstraints.IsCA()) return -1; - return basicConstraints.PathLenConstraint_Int32; + var pathLenConstraint = basicConstraints.PathLenConstraintInteger; + if (pathLenConstraint == null) + return int.MaxValue; + + return pathLenConstraint.IntPositiveValueExact; } public virtual GeneralNames GetIssuerAlternativeNameExtension() |