public final class CertificateUtil extends Object
Modifier and Type | Method and Description |
---|---|
static KeyPair |
generateKeyPair(String algorithm,
int bits)
Generates a key pair of given algorithm and strength.
|
static org.bouncycastle.asn1.x509.BasicConstraints |
getBasicConstraints(org.bouncycastle.asn1.x509.X509Extension ext)
Creates a
BasicConstraints object from given extension. |
static int |
getCAPathConstraint(org.bouncycastle.asn1.x509.TBSCertificateStructure crt)
Return CA Path constraint
|
static GSIConstants.CertificateType |
getCertificateType(org.bouncycastle.asn1.x509.TBSCertificateStructure crt)
Returns certificate type of the given TBS certificate.
|
static CertPath |
getCertPath(X509Certificate[] certs) |
static org.bouncycastle.asn1.ASN1Primitive |
getExtensionObject(org.bouncycastle.asn1.x509.X509Extension ext)
Extracts the value of a certificate extension.
|
static EnumSet<KeyUsage> |
getKeyUsage(org.bouncycastle.asn1.x509.TBSCertificateStructure crt) |
static EnumSet<KeyUsage> |
getKeyUsage(org.bouncycastle.asn1.x509.X509Extension ext)
Gets a boolean array representing bits of the KeyUsage extension.
|
static org.bouncycastle.asn1.x509.TBSCertificateStructure |
getTBSCertificateStructure(X509Certificate cert)
Extracts the TBS certificate from the given certificate.
|
static void |
init()
A no-op function that can be used to force the class
to load and initialize.
|
static void |
installSecureRandomProvider()
Installs SecureRandom provider.
|
static void |
setProvider(String providerName)
Sets a provider name to use for loading certificates
and for generating key pairs.
|
static org.bouncycastle.asn1.ASN1Primitive |
toASN1Primitive(byte[] data)
Converts the DER-encoded byte array into a
DERObject . |
static String |
toGlobusID(Principal name)
Converts the specified principal into Globus format.
|
static String |
toGlobusID(String dn)
Converts DN of the form "CN=A, OU=B, O=C" into Globus
format "/CN=A/OU=B/O=C".
This function might return incorrect Globus-formatted ID when one of the RDNs in the DN contains commas. |
static String |
toGlobusID(String dn,
boolean noreverse)
Converts DN of the form "CN=A, OU=B, O=C" into Globus
format "/CN=A/OU=B/O=C" or "/O=C/OU=B/CN=A" depending on the
noreverse option. |
static String |
toGlobusID(X500Principal principal)
Converts DN of the form "CN=A, OU=B, O=C" into Globus format
"/O=C/OU=B/CN=A"
This function might return incorrect Globus-formatted ID when one of the RDNs in the DN contains commas. |
static X500Principal |
toPrincipal(String globusID)
Converts Globus DN format "/O=C/OU=B/CN=A" into an X500Principal
representation, which accepts RFC 2253 or 1779 formatted DN's and also
attribute types as defined in RFC 2459 (e.g.
|
public static void init()
public static void setProvider(String providerName)
providerName
- provider name to use.public static void installSecureRandomProvider()
public static int getCAPathConstraint(org.bouncycastle.asn1.x509.TBSCertificateStructure crt) throws IOException
crt
- IOException
public static KeyPair generateKeyPair(String algorithm, int bits) throws GeneralSecurityException
algorithm
- the algorithm of the key pair.bits
- the strengthKeyPair
the generated key pair.GeneralSecurityException
- if something goes wrong.public static GSIConstants.CertificateType getCertificateType(org.bouncycastle.asn1.x509.TBSCertificateStructure crt) throws CertificateException, IOException
GSIConstants.CertificateType.CA
only if the certificate contains a
BasicConstraints extension and it is marked as CA.GSIConstants.CertificateType.GSI_2_PROXY
) or "CN=limited proxy" (certificate
type GSIConstants.CertificateType.LIMITED_PROXY
) component and the issuer DN of the
certificate matches the subject DN without the last proxy CN
component.ProxyCertInfo
critical extension. The certificate type is GSIConstants.CertificateType.GSI_3_IMPERSONATION_PROXY
if the policy language of the
ProxyCertInfo
extension is set to ProxyPolicy.IMPERSONATION
OID. The certificate type is GSIConstants.CertificateType.GSI_3_LIMITED_PROXY
if the policy language of the ProxyCertInfo
extension
is set to ProxyPolicy.LIMITED
OID. The certificate type is GSIConstants.CertificateType.GSI_3_INDEPENDENT_PROXY
if the policy language of the
ProxyCertInfo
extension is set to ProxyPolicy.INDEPENDENT
OID. The certificate type is GSIConstants.CertificateType.GSI_3_RESTRICTED_PROXY
if the policy language of the
ProxyCertInfo
extension is set to any other OID then the above.GSIConstants.CertificateType.EEC
if the certificate is not a CA certificate or a
GSI-2 or GSI-3 proxy.crt
- the TBS certificate to get the type of.IOException
- if something goes wrong.CertificateException
- for proxy certificates, if the issuer DN of
the certificate does not match the subject DN
of the certificate without the last CN
component. Also, for GSI-3 proxies when the
ProxyCertInfo
extension is not
marked as critical.public static org.bouncycastle.asn1.x509.BasicConstraints getBasicConstraints(org.bouncycastle.asn1.x509.X509Extension ext) throws IOException
BasicConstraints
object from given extension.ext
- the extension.BasicConstraints
object.IOException
- if something fails.public static org.bouncycastle.asn1.ASN1Primitive toASN1Primitive(byte[] data) throws IOException
DERObject
.data
- the DER-encoded byte array to convert.IOException
- if conversion failspublic static org.bouncycastle.asn1.x509.TBSCertificateStructure getTBSCertificateStructure(X509Certificate cert) throws CertificateEncodingException, IOException
cert
- the X.509 certificate to extract the TBS certificate from.IOException
- if extraction fails.CertificateEncodingException
- if extraction fails.public static EnumSet<KeyUsage> getKeyUsage(org.bouncycastle.asn1.x509.TBSCertificateStructure crt) throws IOException
IOException
public static EnumSet<KeyUsage> getKeyUsage(org.bouncycastle.asn1.x509.X509Extension ext) throws IOException
IOException
- if failed to extract the KeyUsage extension value.X509Certificate.getKeyUsage()
public static org.bouncycastle.asn1.ASN1Primitive getExtensionObject(org.bouncycastle.asn1.x509.X509Extension ext) throws IOException
ext
- the certificate extension to extract the value from.IOException
- if extraction fails.public static String toGlobusID(String dn)
dn
- the DN to convert to Globus format.toGlobusID(String, boolean)
public static String toGlobusID(String dn, boolean noreverse)
noreverse
option. If noreverse
is true
the order of the DN components is not reveresed - "/CN=A/OU=B/O=C" is
returned. If noreverse
is false, the order of the
DN components is reversed - "/O=C/OU=B/CN=A" is returned. dn
- the DN to convert to Globus format.noreverse
- the direction of the conversion.public static String toGlobusID(Principal name)
toGlobusID()
function.name
- the principal to convert to Globus format.toGlobusID(String)
public static String toGlobusID(X500Principal principal)
public static X500Principal toPrincipal(String globusID)
globusID
- DN in Globus formatpublic static CertPath getCertPath(X509Certificate[] certs) throws CertificateException
CertificateException
Copyright © 2016. All rights reserved.