org.mozilla.jss.crypto.X509Certificate does not implement java.security.cert.X509Certificate, and specifically does not implement the getKeyUsage() method. I recommend you use a CertificateFactory to convert the certificate into a java.security.X509Certificate, and call the getKeyUsage() method on that.
Patrick wrote: >1. Here's repeat question: in JSS, how can one check for a cert's keyUsage >(digitalSignature, keyEncipherment...) besides checking with NSS via JNI :) >? I did not see anything in JSS, did I miss it? > >2. the SSLCertificateApprovalCallback.ValidityStatus class returns >BAD_CERT_DOMAIN to indicate a common name mismatch *even on a client >cert*...This look like it was unecessary, but come to think of it, it may be >useful in cases where a server app is talking to another server app...So >this is a good thing. (Jamie, never my suggestion about fixing this...) > >-- Patrick > > >
