public class BouncyCastleCertProcessingFactory extends Object
Modifier | Constructor and Description |
---|---|
protected |
BouncyCastleCertProcessingFactory() |
Modifier and Type | Method and Description |
---|---|
X509Certificate |
createCertificate(InputStream certRequestInputStream,
X509Certificate cert,
PrivateKey privateKey,
int lifetime,
GSIConstants.CertificateType certType)
Creates a proxy certificate from the certificate request.
|
X509Certificate |
createCertificate(InputStream certRequestInputStream,
X509Certificate cert,
PrivateKey privateKey,
int lifetime,
GSIConstants.CertificateType certType,
X509ExtensionSet extSet)
Creates a proxy certificate from the certificate request.
|
X509Certificate |
createCertificate(InputStream certRequestInputStream,
X509Certificate cert,
PrivateKey privateKey,
int lifetime,
GSIConstants.CertificateType certType,
X509ExtensionSet extSet,
String cnValue)
Creates a proxy certificate from the certificate request.
|
X509Certificate |
createCertificate(InputStream certRequestInputStream,
X509Certificate cert,
PrivateKey privateKey,
int lifetime,
int delegationMode)
Deprecated.
|
X509Certificate |
createCertificate(InputStream certRequestInputStream,
X509Certificate cert,
PrivateKey privateKey,
int lifetime,
int delegationMode,
X509ExtensionSet extSet)
Deprecated.
|
X509Certificate |
createCertificate(InputStream certRequestInputStream,
X509Certificate cert,
PrivateKey privateKey,
int lifetime,
int delegationMode,
X509ExtensionSet extSet,
String cnValue)
Deprecated.
|
byte[] |
createCertificateRequest(String subject,
KeyPair keyPair)
Creates a certificate request from the specified subject DN and a key pair.
|
byte[] |
createCertificateRequest(X509Certificate cert,
KeyPair keyPair)
Creates a certificate request from the specified certificate and a key pair.
|
byte[] |
createCertificateRequest(org.bouncycastle.asn1.x509.X509Name subjectDN,
String sigAlgName,
KeyPair keyPair)
Creates a certificate request from the specified subject name, signing algorithm, and a key pair.
|
X509Credential |
createCredential(X509Certificate[] certs,
PrivateKey privateKey,
int bits,
int lifetime,
GSIConstants.CertificateType certType)
Creates a new proxy credential from the specified certificate chain and a private key.
|
X509Credential |
createCredential(X509Certificate[] certs,
PrivateKey privateKey,
int bits,
int lifetime,
GSIConstants.CertificateType certType,
X509ExtensionSet extSet)
Creates a new proxy credential from the specified certificate chain and a private key.
|
X509Credential |
createCredential(X509Certificate[] certs,
PrivateKey privateKey,
int bits,
int lifetime,
GSIConstants.CertificateType certType,
X509ExtensionSet extSet,
String cnValue)
Creates a new proxy credential from the specified certificate chain and a private key.
|
X509Credential |
createCredential(X509Certificate[] certs,
PrivateKey privateKey,
int bits,
int lifetime,
GSIConstants.DelegationType delegType)
Creates a new proxy credential from the specified certificate chain and a private key,
using the given delegation mode.
|
X509Credential |
createCredential(X509Certificate[] certs,
PrivateKey privateKey,
int bits,
int lifetime,
GSIConstants.DelegationType delegType,
X509ExtensionSet extSet)
Creates a new proxy credential from the specified certificate chain and a private key,
using the given delegation mode.
|
X509Credential |
createCredential(X509Certificate[] certs,
PrivateKey privateKey,
int bits,
int lifetime,
GSIConstants.DelegationType delegType,
X509ExtensionSet extSet,
String cnValue)
Creates a new proxy credential from the specified certificate chain and a private key,
using the given delegation mode.
|
GlobusCredential |
createCredential(X509Certificate[] certs,
PrivateKey privateKey,
int bits,
int lifetime,
int delegationMode)
Deprecated.
|
GlobusCredential |
createCredential(X509Certificate[] certs,
PrivateKey privateKey,
int bits,
int lifetime,
int delegationMode,
X509ExtensionSet extSet)
Deprecated.
|
GlobusCredential |
createCredential(X509Certificate[] certs,
PrivateKey privateKey,
int bits,
int lifetime,
int delegationMode,
X509ExtensionSet extSet,
String cnValue)
Deprecated.
|
X509Certificate |
createProxyCertificate(X509Certificate issuerCert_,
PrivateKey issuerKey,
PublicKey publicKey,
int lifetime,
GSIConstants.CertificateType certType,
X509ExtensionSet extSet,
String cnValue)
Creates a proxy certificate.
|
X509Certificate |
createProxyCertificate(X509Certificate issuerCert_,
PrivateKey issuerKey,
PublicKey publicKey,
int lifetime,
int proxyType,
X509ExtensionSet extSet,
String cnValue)
Deprecated.
|
static GSIConstants.CertificateType |
decideProxyType(X509Certificate issuerCert,
GSIConstants.DelegationType delegType)
Given a delegation mode and an issuing certificate, decides an
appropriate certificate type to use for proxies
|
static BouncyCastleCertProcessingFactory |
getDefault()
Returns an instance of this class..
|
protected X509Certificate[] |
getX509CertificateObjectChain(X509Certificate[] certs)
Returns a chain of X509Certificate's that are instances of X509CertificateObject
This is related to http://bugzilla.globus.org/globus/show_bug.cgi?id=4933
|
X509Certificate |
loadCertificate(InputStream in)
Loads a X509 certificate from the specified input stream.
|
public static BouncyCastleCertProcessingFactory getDefault()
BouncyCastleCertProcessingFactory
instance.public X509Certificate createCertificate(InputStream certRequestInputStream, X509Certificate cert, PrivateKey privateKey, int lifetime, int delegationMode) throws IOException, GeneralSecurityException
IOException
GeneralSecurityException
createCertificate
public X509Certificate createCertificate(InputStream certRequestInputStream, X509Certificate cert, PrivateKey privateKey, int lifetime, int delegationMode, X509ExtensionSet extSet) throws IOException, GeneralSecurityException
IOException
GeneralSecurityException
createCertificate
public X509Certificate createCertificate(InputStream certRequestInputStream, X509Certificate cert, PrivateKey privateKey, int lifetime, int delegationMode, X509ExtensionSet extSet, String cnValue) throws IOException, GeneralSecurityException
certRequestInputStream
- the input stream to read the certificate request from.cert
- the issuer certificateprivateKey
- the private key to sign the new certificate with.lifetime
- lifetime of the new certificate in seconds. If 0 (or less then) the new certificate will
have the same lifetime as the issuing certificate.delegationMode
- the type of proxy credential to createextSet
- a set of X.509 extensions to be included in the new proxy certificate. Can be null. If
delegation mode is GSIConstants.CertificateType.GSI_3_RESTRICTED_PROXY
or GSIConstants.CertificateType.GSI_4_RESTRICTED_PROXY
then
ProxyCertInfoExtension
must be
present in the extension set.cnValue
- the value of the CN component of the subject of the new certificate. If null, the defaults
will be used depending on the proxy certificate type created.X509Certificate
the new proxy certificateIOException
- if error reading the certificate requestGeneralSecurityException
- if a security error occurs.createProxyCertificate
public GlobusCredential createCredential(X509Certificate[] certs, PrivateKey privateKey, int bits, int lifetime, int delegationMode) throws GeneralSecurityException
GeneralSecurityException
createCredential
public GlobusCredential createCredential(X509Certificate[] certs, PrivateKey privateKey, int bits, int lifetime, int delegationMode, X509ExtensionSet extSet) throws GeneralSecurityException
GeneralSecurityException
createCredential
public GlobusCredential createCredential(X509Certificate[] certs, PrivateKey privateKey, int bits, int lifetime, int delegationMode, X509ExtensionSet extSet, String cnValue) throws GeneralSecurityException
certs
- the certificate chain for the new proxy credential. The top-most certificate
cert[0]
will be designated as the issuing certificate.privateKey
- the private key of the issuing certificate. The new proxy certificate will be signed with
that private key.bits
- the strength of the key pair for the new proxy certificate.lifetime
- lifetime of the new certificate in seconds. If 0 (or less then) the new certificate will
have the same lifetime as the issuing certificate.delegationMode
- the type of proxy credential to createextSet
- a set of X.509 extensions to be included in the new proxy certificate. Can be null. If
delegation mode is GSIConstants.CertificateType.GSI_3_RESTRICTED_PROXY
or GSIConstants.CertificateType.GSI_4_RESTRICTED_PROXY
then
ProxyCertInfoExtension
must be
present in the extension set.cnValue
- the value of the CN component of the subject of the new proxy credential. If null, the
defaults will be used depending on the proxy certificate type created.GlobusCredential
the new proxy credential.GeneralSecurityException
- if a security error occurs.createProxyCertificate
public X509Certificate createProxyCertificate(X509Certificate issuerCert_, PrivateKey issuerKey, PublicKey publicKey, int lifetime, int proxyType, X509ExtensionSet extSet, String cnValue) throws GeneralSecurityException
issuerCert_
- the issuing certificateissuerKey
- private key matching the public key of issuer certificate. The new proxy certificate will be
signed by that key.publicKey
- the public key of the new certificatelifetime
- lifetime of the new certificate in seconds. If 0 (or less then) the new certificate will
have the same lifetime as the issuing certificate.proxyType
- can be one of GSIConstants.DELEGATION_LIMITED
,
GSIConstants.DELEGATION_FULL
,
GSIConstants.GSI_2_LIMITED_PROXY
,
GSIConstants.GSI_2_PROXY
,
GSIConstants.GSI_3_IMPERSONATION_PROXY
,
GSIConstants.GSI_3_LIMITED_PROXY
,
GSIConstants.GSI_3_INDEPENDENT_PROXY
,
GSIConstants.GSI_3_RESTRICTED_PROXY
.
GSIConstants.GSI_4_IMPERSONATION_PROXY
,
GSIConstants.GSI_3_LIMITED_PROXY
,
GSIConstants.GSI_4_INDEPENDENT_PROXY
,
GSIConstants.GSI_4_RESTRICTED_PROXY
.
If GSIConstants.DELEGATION_LIMITED
and if
CertUtil.isGsi2Enabled
returns true then a GSI-2 limited
proxy will be created. Else if CertUtil.isGsi3Enabled
returns true then a GSI-3 limited proxy will be created. If not, a GSI-4 limited proxy will
be created.
If GSIConstants.DELEGATION_FULL
and if
CertUtil.isGsi2Enabled
returns true then a GSI-2 full proxy
will be created. Else if CertUtil.isGsi3Enabled
returns
true then a GSI-3 full proxy will be created. If not, a GSI-4 full proxy will be created.extSet
- a set of X.509 extensions to be included in the new proxy certificate. Can be null. If
delegation mode is GSIConstants.GSI_3_RESTRICTED_PROXY
or GSIConstants.GSI_4_RESTRICTED_PROXY
then
ProxyCertInfoExtension
must be
present in the extension set.cnValue
- the value of the CN component of the subject of the new certificate. If null, the defaults
will be used depending on the proxy certificate type created.X509Certificate
the new proxy certificate.GeneralSecurityException
- if a security error occurs.public X509Certificate createCertificate(InputStream certRequestInputStream, X509Certificate cert, PrivateKey privateKey, int lifetime, GSIConstants.CertificateType certType) throws IOException, GeneralSecurityException
IOException
GeneralSecurityException
createCertificate
public X509Certificate createCertificate(InputStream certRequestInputStream, X509Certificate cert, PrivateKey privateKey, int lifetime, GSIConstants.CertificateType certType, X509ExtensionSet extSet) throws IOException, GeneralSecurityException
IOException
GeneralSecurityException
createCertificate
public X509Certificate createCertificate(InputStream certRequestInputStream, X509Certificate cert, PrivateKey privateKey, int lifetime, GSIConstants.CertificateType certType, X509ExtensionSet extSet, String cnValue) throws IOException, GeneralSecurityException
certRequestInputStream
- the input stream to read the certificate request from.cert
- the issuer certificateprivateKey
- the private key to sign the new certificate with.lifetime
- lifetime of the new certificate in seconds. If 0 (or less then) the new certificate will
have the same lifetime as the issuing certificate.certType
- the type of proxy credential to createextSet
- a set of X.509 extensions to be included in the new proxy certificate. Can be null. If
delegation mode is GSIConstants.CertificateType.GSI_3_RESTRICTED_PROXY
or GSIConstants.CertificateType.GSI_4_RESTRICTED_PROXY
then
ProxyCertInfoExtension
must be
present in the extension set.cnValue
- the value of the CN component of the subject of the new certificate. If null, the defaults
will be used depending on the proxy certificate type created.X509Certificate
the new proxy certificateIOException
- if error reading the certificate requestGeneralSecurityException
- if a security error occurs.createProxyCertificate
public X509Credential createCredential(X509Certificate[] certs, PrivateKey privateKey, int bits, int lifetime, GSIConstants.CertificateType certType) throws GeneralSecurityException
GeneralSecurityException
createCredential
public X509Credential createCredential(X509Certificate[] certs, PrivateKey privateKey, int bits, int lifetime, GSIConstants.CertificateType certType, X509ExtensionSet extSet) throws GeneralSecurityException
GeneralSecurityException
createCredential
public X509Credential createCredential(X509Certificate[] certs, PrivateKey privateKey, int bits, int lifetime, GSIConstants.CertificateType certType, X509ExtensionSet extSet, String cnValue) throws GeneralSecurityException
certs
- the certificate chain for the new proxy credential. The top-most certificate
cert[0]
will be designated as the issuing certificate.privateKey
- the private key of the issuing certificate. The new proxy certificate will be signed with
that private key.bits
- the strength of the key pair for the new proxy certificate.lifetime
- lifetime of the new certificate in seconds. If 0 (or less then) the new certificate will
have the same lifetime as the issuing certificate.certType
- the type of proxy credential to createextSet
- a set of X.509 extensions to be included in the new proxy certificate. Can be null. If
delegation mode is GSIConstants.CertificateType.GSI_3_RESTRICTED_PROXY
or GSIConstants.CertificateType.GSI_4_RESTRICTED_PROXY
then
ProxyCertInfoExtension
must be
present in the extension set.cnValue
- the value of the CN component of the subject of the new proxy credential. If null, the
defaults will be used depending on the proxy certificate type created.GlobusCredential
the new proxy credential.GeneralSecurityException
- if a security error occurs.createProxyCertificate
public X509Credential createCredential(X509Certificate[] certs, PrivateKey privateKey, int bits, int lifetime, GSIConstants.DelegationType delegType) throws GeneralSecurityException
GeneralSecurityException
createCredential
public X509Credential createCredential(X509Certificate[] certs, PrivateKey privateKey, int bits, int lifetime, GSIConstants.DelegationType delegType, X509ExtensionSet extSet) throws GeneralSecurityException
GeneralSecurityException
createCredential
public X509Credential createCredential(X509Certificate[] certs, PrivateKey privateKey, int bits, int lifetime, GSIConstants.DelegationType delegType, X509ExtensionSet extSet, String cnValue) throws GeneralSecurityException
public X509Certificate createProxyCertificate(X509Certificate issuerCert_, PrivateKey issuerKey, PublicKey publicKey, int lifetime, GSIConstants.CertificateType certType, X509ExtensionSet extSet, String cnValue) throws GeneralSecurityException
issuerCert_
- the issuing certificateissuerKey
- private key matching the public key of issuer certificate. The new proxy certificate will be
signed by that key.publicKey
- the public key of the new certificatelifetime
- lifetime of the new certificate in seconds. If 0 (or less then) the new certificate will
have the same lifetime as the issuing certificate.certType
- can be one of GSIConstants.CertificateType.GSI_2_LIMITED_PROXY
,
GSIConstants.CertificateType.GSI_2_PROXY
,
GSIConstants.CertificateType.GSI_3_IMPERSONATION_PROXY
,
GSIConstants.CertificateType.GSI_3_LIMITED_PROXY
,
GSIConstants.CertificateType.GSI_3_INDEPENDENT_PROXY
,
GSIConstants.CertificateType.GSI_3_RESTRICTED_PROXY
.
GSIConstants.CertificateType.GSI_4_IMPERSONATION_PROXY
,
GSIConstants.CertificateType.GSI_3_LIMITED_PROXY
,
GSIConstants.CertificateType.GSI_4_INDEPENDENT_PROXY
,
GSIConstants.CertificateType.GSI_4_RESTRICTED_PROXY
.extSet
- a set of X.509 extensions to be included in the new proxy certificate. Can be null. If
delegation mode is GSIConstants.CertificateType.GSI_3_RESTRICTED_PROXY
or GSIConstants.CertificateType.GSI_4_RESTRICTED_PROXY
then
ProxyCertInfoExtension
must be
present in the extension set.cnValue
- the value of the CN component of the subject of the new certificate. If null, the defaults
will be used depending on the proxy certificate type created.X509Certificate
the new proxy certificate.GeneralSecurityException
- if a security error occurs.public X509Certificate loadCertificate(InputStream in) throws IOException, GeneralSecurityException
in
- the input stream to read the certificate from.X509Certificate
the loaded certificate.GeneralSecurityException
- if certificate failed to load.IOException
public byte[] createCertificateRequest(String subject, KeyPair keyPair) throws GeneralSecurityException
subject
- the subject of the certificate requestkeyPair
- the key pair of the certificate requestGeneralSecurityException
- if security error occurs.public byte[] createCertificateRequest(X509Certificate cert, KeyPair keyPair) throws GeneralSecurityException
cert
- the certificate to create the certificate request from.keyPair
- the key pair of the certificate requestGeneralSecurityException
- if security error occurs.public byte[] createCertificateRequest(org.bouncycastle.asn1.x509.X509Name subjectDN, String sigAlgName, KeyPair keyPair) throws GeneralSecurityException
subjectDN
- the subject name of the certificate request.sigAlgName
- the signing algorithm name.keyPair
- the key pair of the certificate requestGeneralSecurityException
- if security error occurs.public static GSIConstants.CertificateType decideProxyType(X509Certificate issuerCert, GSIConstants.DelegationType delegType) throws CertificateException
issuerCert
- the issuing certificate of a prospective proxydelegType
- the desired delegation modeCertificateException
- when failing to get the certificate type
of the issuing certificateprotected X509Certificate[] getX509CertificateObjectChain(X509Certificate[] certs) throws GeneralSecurityException
certs
- input certificate chainGeneralSecurityException
- when failing to get load certificate from encodingCopyright © 2016. All rights reserved.