-
Type:
Bug
-
Resolution: Fixed
-
Priority:
P4
-
Affects Version/s: 1.2.0
-
Component/s: security-libs
-
None
-
kestrel
-
generic
-
generic
The javadoc for X509Certificate.getKeyUsage says that the method returns
"the bit values of the KeyUsage extension as an array of booleans, or
null if the KeyUsage extension is not present in the certificate."
I would interpret this as meaning that if we create a certificate with a
KeyUsage of digitalSignature only, getKeyUsage() should return a boolean
array of length 9 with the values:
{true, false, false, false, false, false, false, false, false}
Using our CA, if we generate a certificate with a KeyUsage of digitalSignature
only and then call getKeyUsage, it returns a boolean array of length 1 with the value
{true}
"the bit values of the KeyUsage extension as an array of booleans, or
null if the KeyUsage extension is not present in the certificate."
I would interpret this as meaning that if we create a certificate with a
KeyUsage of digitalSignature only, getKeyUsage() should return a boolean
array of length 9 with the values:
{true, false, false, false, false, false, false, false, false}
Using our CA, if we generate a certificate with a KeyUsage of digitalSignature
only and then call getKeyUsage, it returns a boolean array of length 1 with the value
{true}