summary refs log tree commit diff
path: root/crypto/src
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2023-05-04 16:43:06 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2023-05-04 16:43:06 +0700
commite7cb9e780da9b4ed2cee55feb0c4e7302222267d (patch)
treeb5fb6c8609afbc925021b763b06b45e61df3c4f8 /crypto/src
parentUpdate Dilithium PrivateKeyInfo code from bc-java (diff)
downloadBouncyCastle.NET-ed25519-e7cb9e780da9b4ed2cee55feb0c4e7302222267d.tar.xz
Refactoring around BasicConstraints
Diffstat (limited to 'crypto/src')
-rw-r--r--crypto/src/asn1/x509/BasicConstraints.cs9


-rw-r--r--crypto/src/pkix/Rfc3280CertPathUtilities.cs14


-rw-r--r--crypto/src/x509/X509Certificate.cs13


3 files changed, 10 insertions, 26 deletions
diff --git a/crypto/src/asn1/x509/BasicConstraints.cs b/crypto/src/asn1/x509/BasicConstraints.cs

index acc8766a7..92e0e3dae 100644
--- a/crypto/src/asn1/x509/BasicConstraints.cs
+++ b/crypto/src/asn1/x509/BasicConstraints.cs
@@ -82,10 +82,11 @@ namespace Org.BouncyCastle.Asn1.X509
             return cA != null && cA.IsTrue;
         }
 
-		public BigInteger PathLenConstraint
-        {
-            get { return pathLenConstraint == null ? null : pathLenConstraint.Value; }
-        }
+        // TODO[api] Return DerInteger
+        public BigInteger PathLenConstraint => pathLenConstraint?.Value;
+
+        internal int PathLenConstraint_Int32 =>
+            pathLenConstraint == null ? int.MaxValue : pathLenConstraint.IntValueExact;
 
 		/**
          * Produce an object suitable for an Asn1OutputStream.
diff --git a/crypto/src/pkix/Rfc3280CertPathUtilities.cs b/crypto/src/pkix/Rfc3280CertPathUtilities.cs

index 1a2346d9e..88b842abb 100644
--- a/crypto/src/pkix/Rfc3280CertPathUtilities.cs
+++ b/crypto/src/pkix/Rfc3280CertPathUtilities.cs
@@ -1776,19 +1776,9 @@ namespace Org.BouncyCastle.Pkix
 			{
 				throw new PkixCertPathValidatorException("Basic constraints extension cannot be decoded.", e, index);
 			}
-			if (bc != null)
+			if (bc != null && bc.IsCA())
 			{
-				BigInteger _pathLengthConstraint = bc.PathLenConstraint;
-
-				if (_pathLengthConstraint != null)
-				{
-					int _plc = _pathLengthConstraint.IntValue;
-
-					if (_plc < maxPathLength)
-					{
-						return _plc;
-					}
-				}
+				maxPathLength = System.Math.Min(maxPathLength, bc.PathLenConstraint_Int32);
 			}
 			return maxPathLength;
 		}
diff --git a/crypto/src/x509/X509Certificate.cs b/crypto/src/x509/X509Certificate.cs

index c903811d4..30cdd6e2d 100644
--- a/crypto/src/x509/X509Certificate.cs
+++ b/crypto/src/x509/X509Certificate.cs
@@ -364,17 +364,10 @@ namespace Org.BouncyCastle.X509
 
         public virtual int GetBasicConstraints()
         {
-            if (basicConstraints != null && basicConstraints.IsCA())
-            {
-                if (basicConstraints.PathLenConstraint == null)
-                {
-                    return int.MaxValue;
-                }
-
-                return basicConstraints.PathLenConstraint.IntValue;
-            }
+            if (basicConstraints == null || !basicConstraints.IsCA())
+                return -1;
 
-            return -1;
+            return basicConstraints.PathLenConstraint_Int32;
         }
 
         public virtual GeneralNames GetIssuerAlternativeNameExtension()

 

generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-07-02 22:20:08 +0000