I have a X509Certificate instance in Java and I need to identify if it is a CA certificate or user certificate.
Can anyone provide any help?
Thanks in advance!
According to research I have performed, it can be checked by checking basic constraints!
Check the API for returning results of getBasicConstraints()
method.
So if the method returns result != -1
, a certificate can be considered as a CA certificate
.
I have checked this with several CA certificates
(root and intermediate), and it works as described.
I have also checked this method with several user certificates, and the method returns -1 as result.