diff options
-rw-r--r-- | crypto/src/asn1/x509/BasicConstraints.cs | 9 | ||||
-rw-r--r-- | crypto/src/pkix/Rfc3280CertPathUtilities.cs | 14 | ||||
-rw-r--r-- | crypto/src/x509/X509Certificate.cs | 13 |
3 files changed, 10 insertions, 26 deletions
diff --git a/crypto/src/asn1/x509/BasicConstraints.cs b/crypto/src/asn1/x509/BasicConstraints.cs index acc8766a7..92e0e3dae 100644 --- a/crypto/src/asn1/x509/BasicConstraints.cs +++ b/crypto/src/asn1/x509/BasicConstraints.cs @@ -82,10 +82,11 @@ namespace Org.BouncyCastle.Asn1.X509 return cA != null && cA.IsTrue; } - public BigInteger PathLenConstraint - { - get { return pathLenConstraint == null ? null : pathLenConstraint.Value; } - } + // TODO[api] Return DerInteger + public BigInteger PathLenConstraint => pathLenConstraint?.Value; + + internal int PathLenConstraint_Int32 => + pathLenConstraint == null ? int.MaxValue : pathLenConstraint.IntValueExact; /** * Produce an object suitable for an Asn1OutputStream. diff --git a/crypto/src/pkix/Rfc3280CertPathUtilities.cs b/crypto/src/pkix/Rfc3280CertPathUtilities.cs index 1a2346d9e..88b842abb 100644 --- a/crypto/src/pkix/Rfc3280CertPathUtilities.cs +++ b/crypto/src/pkix/Rfc3280CertPathUtilities.cs @@ -1776,19 +1776,9 @@ namespace Org.BouncyCastle.Pkix { throw new PkixCertPathValidatorException("Basic constraints extension cannot be decoded.", e, index); } - if (bc != null) + if (bc != null && bc.IsCA()) { - BigInteger _pathLengthConstraint = bc.PathLenConstraint; - - if (_pathLengthConstraint != null) - { - int _plc = _pathLengthConstraint.IntValue; - - if (_plc < maxPathLength) - { - return _plc; - } - } + maxPathLength = System.Math.Min(maxPathLength, bc.PathLenConstraint_Int32); } return maxPathLength; } diff --git a/crypto/src/x509/X509Certificate.cs b/crypto/src/x509/X509Certificate.cs index c903811d4..30cdd6e2d 100644 --- a/crypto/src/x509/X509Certificate.cs +++ b/crypto/src/x509/X509Certificate.cs @@ -364,17 +364,10 @@ namespace Org.BouncyCastle.X509 public virtual int GetBasicConstraints() { - if (basicConstraints != null && basicConstraints.IsCA()) - { - if (basicConstraints.PathLenConstraint == null) - { - return int.MaxValue; - } - - return basicConstraints.PathLenConstraint.IntValue; - } + if (basicConstraints == null || !basicConstraints.IsCA()) + return -1; - return -1; + return basicConstraints.PathLenConstraint_Int32; } public virtual GeneralNames GetIssuerAlternativeNameExtension() |