Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to identify if X509Certificate is CA certificate ?

 
Jurica Krizanic
Ranch Hand
Posts: 38
Java Spring
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,
I have an X509Certificate and I need to identify if it is a CA certificate or user certificarte.

Anyone knows how to do it?

Not sure if I can rely on KeyUsage parameters.

Thanks in advance!

Best regards,
Jurica Krizanic
 
Jurica Krizanic
Ranch Hand
Posts: 38
Java Spring
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
According to the research I have performed, it can be checked by checking basic constraints! Check the API of X509Certificate class for returning results of getBasicConstraints() method.

So if the method returns result != -1, a certificate can be considered as a CA certificate.

I have checked this with several CA certificates (root and intermediate), and it works as described.

I have also checked this method with several user certificates, and the method returns -1 as result.
 
Rishi Shah
Ranch Hand
Posts: 43
Java Mac Ruby
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you pass it through the default TrustManager, it should throw an exception if it is a user-signed certificate and not CA.
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic