public void validate(CertPathValidationContext context, X509CertificateHolder certificate) throws CertPathValidationException { context.addHandledExtension(Extension.keyUsage); if (!context.isEndEntity()) { KeyUsage usage = KeyUsage.fromExtensions(certificate.getExtensions()); if (usage != null) { if (!usage.hasUsages(KeyUsage.keyCertSign)) { throw new CertPathValidationException("Issuer certificate KeyUsage extension does not permit key signing"); } } else { if (isMandatory) { throw new CertPathValidationException("KeyUsage extension not present in CA certificate"); } } } }
public void validate(CertPathValidationContext context, X509CertificateHolder certificate) throws CertPathValidationException { context.addHandledExtension(Extension.keyUsage); if (!context.isEndEntity()) { KeyUsage usage = KeyUsage.fromExtensions(certificate.getExtensions()); if (usage != null) { if (!usage.hasUsages(KeyUsage.keyCertSign)) { throw new CertPathValidationException("Issuer certificate KeyUsage extension does not permit key signing"); } } else { if (isMandatory) { throw new CertPathValidationException("KeyUsage extension not present in CA certificate"); } } } }