Java Globus API: Class BouncyCastleUtil

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.globus.gsi.bc
Class BouncyCastleUtil

java.lang.Object
  |
  +--org.globus.gsi.bc.BouncyCastleUtil

public class BouncyCastleUtil
extends Object

A collection of various utility functions.

Constructor Summary
`BouncyCastleUtil()`

Method Summary
`static DERObject`	`duplicate(DERObject obj)` Replicates a given `DERObject`.
`static BasicConstraints`	`getBasicConstraints(X509Extension ext)` Creates a `BasicConstraints` object from given extension.
`static int`	`getCertificateType(TBSCertificateStructure crt)` Returns certificate type of the given TBS certificate.
`static int`	`getCertificateType(TBSCertificateStructure crt, TrustedCertificates trustedCerts)` Returns certificate type of the given certificate.
`static int`	`getCertificateType(X509Certificate cert)` Returns certificate type of the given certificate.
`static int`	`getCertificateType(X509Certificate cert, TrustedCertificates trustedCerts)` Returns certificate type of the given certificate.
`static DERObject`	`getExtensionObject(X509Extension ext)` Extracts the value of a certificate extension.
`static String`	`getIdentity(X509Certificate cert)` Returns the subject DN of the given certificate in the Globus format.
`static String`	`getIdentity(X509Certificate[] chain)` Finds the identity certificate in the given chain and returns the subject DN of that certificate in the Globus format.
`static X509Certificate`	`getIdentityCertificate(X509Certificate[] chain)` Finds the identity certificate in the given chain.
`static boolean[]`	`getKeyUsage(X509Extension ext)` Gets a boolean array representing bits of the KeyUsage extension.
`static ProxyCertInfo`	`getProxyCertInfo(X509Extension ext)` Creates a `ProxyCertInfo` object from given extension.
`static TBSCertificateStructure`	`getTBSCertificateStructure(X509Certificate cert)` Extracts the TBS certificate from the given certificate.
`static byte[]`	`toByteArray(DERObject obj)` Converts given `DERObject` into a DER-encoded byte array.
`static DERObject`	`toDERObject(byte[] data)` Converts the DER-encoded byte array into a `DERObject`.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

BouncyCastleUtil

public BouncyCastleUtil()

Method Detail

toByteArray

public static byte[] toByteArray(DERObject obj)
                          throws IOException

Converts given DERObject into a DER-encoded byte array.

Parameters:: obj - DERObject to convert.
Returns:: the DER-encoded byte array
Throws:: IOException - if conversion fails

toDERObject

public static DERObject toDERObject(byte[] data)
                             throws IOException

Converts the DER-encoded byte array into a DERObject.

Parameters:: data - the DER-encoded byte array to convert.
Returns:: the DERObject.
Throws:: IOException - if conversion fails

duplicate

public static DERObject duplicate(DERObject obj)
                           throws IOException

Replicates a given DERObject.

Parameters:: obj - the DERObject to replicate.
Returns:: a copy of the DERObject.
Throws:: IOException - if replication fails

getTBSCertificateStructure

public static TBSCertificateStructure getTBSCertificateStructure(X509Certificate cert)
                                                          throws CertificateEncodingException,
                                                                 IOException

Extracts the TBS certificate from the given certificate.

Parameters:: cert - the X.509 certificate to extract the TBS certificate from.
Returns:: the TBS certificate
Throws:: IOException - if extraction fails.; CertificateEncodingException - if extraction fails.

getExtensionObject

public static DERObject getExtensionObject(X509Extension ext)
                                    throws IOException

Extracts the value of a certificate extension.

Parameters:: ext - the certificate extension to extract the value from.
Throws:: IOException - if extraction fails.

getCertificateType

public static int getCertificateType(X509Certificate cert,
                                     TrustedCertificates trustedCerts)
                              throws CertificateException

Returns certificate type of the given certificate. Please see getCertificateType for details for determining the certificate type.

Parameters:: cert - the certificate to get the type of.; trustedCerts - the trusted certificates to double check the GSIConstants.EEC certificate against.
Returns:: the certificate type as determined by getCertificateType.
Throws:: CertificateException - if something goes wrong.

getCertificateType

public static int getCertificateType(X509Certificate cert)
                              throws CertificateException

Returns certificate type of the given certificate. Please see getCertificateType for details for determining the certificate type.

Parameters:: cert - the certificate to get the type of.
Returns:: the certificate type as determined by getCertificateType.
Throws:: CertificateException - if something goes wrong.

getCertificateType

public static int getCertificateType(TBSCertificateStructure crt,
                                     TrustedCertificates trustedCerts)
                              throws CertificateException,
                                     IOException

Returns certificate type of the given certificate. This function calls getCertificateType to get the certificate type. In case the certificate type was initially determined as GSIConstants.EEC it is checked against the trusted certificate list to see if it really is a CA certificate. If the certificate is present in the trusted certificate list the certificate type is changed to GSIConstants.CA. Otherwise, it is left as it is (This is useful in cases where a valid CA certificate does not have a BasicConstraints extension)

Parameters:: cert - the certificate to get the type of.; trustedCerts - the trusted certificates to double check the GSIConstants.EEC certificate against. If null, a default set of trusted certificate will be loaded from a standard location.
Returns:: the certificate type. The certificate type is determined by rules described above.
Throws:: IOException - if something goes wrong.; CertificateException - for proxy certificates, if the issuer DN of the certificate does not match the subject DN of the certificate without the last CN component. Also, for GSI-3 proxies when the ProxyCertInfo extension is not marked as critical.

getCertificateType

public static int getCertificateType(TBSCertificateStructure crt)
                              throws CertificateException,
                                     IOException

Returns certificate type of the given TBS certificate.
The certificate type is GSIConstants.CA only if the certificate contains a BasicConstraints extension and it is marked as CA.
A certificate is a GSI-2 proxy when the subject DN of the certificate ends with "CN=proxy" (certificate type GSIConstants.GSI_2_PROXY) or "CN=limited proxy" (certificate type GSIConstants.LIMITED_PROXY) component and the issuer DN of the certificate matches the subject DN without the last proxy CN component.
A certificate is a GSI-3 proxy when the subject DN of the certificate ends with a CN component, the issuer DN of the certificate matches the subject DN without the last CN component and the certificate contains ProxyCertInfo critical extension. The certificate type is GSIConstants.GSI_3_IMPERSONATION_PROXY if the policy language of the ProxyCertInfo extension is set to ProxyPolicy.IMPERSONATION OID. The certificate type is GSIConstants.GSI_3_LIMITED_PROXY if the policy language of the ProxyCertInfo extension is set to ProxyPolicy.LIMITED OID. The certificate type is GSIConstants.GSI_3_INDEPENDENT_PROXY if the policy language of the ProxyCertInfo extension is set to ProxyPolicy.INDEPENDENT OID. The certificate type is GSIConstants.GSI_3_RESTRICTED_PROXY if the policy language of the ProxyCertInfo extension is set to any other OID then the above.
The certificate type is GSIConstants.EEC if the certificate is not a CA certificate or a GSI-2 or GSI-3 proxy.

Parameters:: crt - the TBS certificate to get the type of.
Returns:: the certificate type. The certificate type is determined by rules described above.
Throws:: IOException - if something goes wrong.; CertificateException - for proxy certificates, if the issuer DN of the certificate does not match the subject DN of the certificate without the last CN component. Also, for GSI-3 proxies when the ProxyCertInfo extension is not marked as critical.

getKeyUsage

public static boolean[] getKeyUsage(X509Extension ext)
                             throws IOException

Gets a boolean array representing bits of the KeyUsage extension.

Throws:: IOException - if failed to extract the KeyUsage extension value.
See Also:: X509Certificate.getKeyUsage()

getBasicConstraints

public static BasicConstraints getBasicConstraints(X509Extension ext)
                                            throws IOException

Creates a BasicConstraints object from given extension.

Parameters:: ext - the extension.
Returns:: the BasicConstraints object.
Throws:: IOException - if something fails.

getProxyCertInfo

public static ProxyCertInfo getProxyCertInfo(X509Extension ext)
                                      throws IOException

Creates a ProxyCertInfo object from given extension.

Parameters:: ext - the extension.
Returns:: the ProxyCertInfo object.
Throws:: IOException - if something fails.

getIdentity

public static String getIdentity(X509Certificate cert)

Returns the subject DN of the given certificate in the Globus format.

Parameters:: cert - the certificate to get the subject of.
Returns:: the subject DN of the certificate in the Globus format.

getIdentity

public static String getIdentity(X509Certificate[] chain)
                          throws CertificateException

Finds the identity certificate in the given chain and returns the subject DN of that certificate in the Globus format.

Parameters:: chain - the certificate chain to find the identity certificate in.
Returns:: the subject DN of the identity certificate in the Globus format.
Throws:: CertificateException - if something goes wrong.

getIdentityCertificate

public static X509Certificate getIdentityCertificate(X509Certificate[] chain)
                                              throws CertificateException

Finds the identity certificate in the given chain. The identity certificate is the first certificate in the chain that is not an impersonation proxy (full or limited)

Parameters:: chain - the certificate chain to find the identity certificate in.
Returns:: the identity certificate.
Throws:: CertificateException - if something goes wrong.

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.globus.gsi.bc Class BouncyCastleUtil

BouncyCastleUtil

toByteArray

toDERObject

duplicate

getTBSCertificateStructure

getExtensionObject

getCertificateType

getCertificateType

getCertificateType

getCertificateType

getKeyUsage

getBasicConstraints

getProxyCertInfo

getIdentity

getIdentity

getIdentityCertificate

org.globus.gsi.bc
Class BouncyCastleUtil