[Solved] Validate names against Name Constraints extension of a X509Certificate CA [closed]
Even though I could see the JDK has decent APIs for this, they are all internal. So I ended up using Bouncy Castle. public boolean validateAgainstNamingConstraints(X509Certificate certificate, GeneralName name) { NameConstraints nameConstraints = null; try { nameConstraints = NameConstraints.getInstance( JcaX509ExtensionUtils.parseExtensionValue(certificate.getExtensionValue(Extension.nameConstraints.getId()))); } catch (IOException e) { log.warn(“Failed to parse name constraint. Skipping validation. {}”, e.getMessage()); return … Read more