|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
org.globus.gsi.bc
Class BouncyCastleCertProcessingFactory
java.lang.Objectorg.globus.gsi.bc.BouncyCastleCertProcessingFactory
public class BouncyCastleCertProcessingFactory
- extends Object
Provides certificate processing API such as creating new certificates, certificate requests, etc.
| Constructor Summary | |
|---|---|
protected |
BouncyCastleCertProcessingFactory()
|
| Method Summary | |
|---|---|
X509Certificate |
createCertificate(InputStream certRequestInputStream,
X509Certificate cert,
PrivateKey privateKey,
int lifetime,
int delegationMode)
Creates a proxy certificate from the certificate request. |
X509Certificate |
createCertificate(InputStream certRequestInputStream,
X509Certificate cert,
PrivateKey privateKey,
int lifetime,
int delegationMode,
ProxyCertInfo proxyCertInfoExt)
Deprecated. |
X509Certificate |
createCertificate(InputStream certRequestInputStream,
X509Certificate cert,
PrivateKey privateKey,
int lifetime,
int delegationMode,
ProxyCertInfo proxyCertInfoExt,
String cnValue)
Deprecated. Please use createCertificate() instead. The
ProxyCertInfo parameter can be passed in the
X509ExtensionSet using
ProxyCertInfoExtension class. |
X509Certificate |
createCertificate(InputStream certRequestInputStream,
X509Certificate cert,
PrivateKey privateKey,
int lifetime,
int delegationMode,
X509ExtensionSet extSet)
Creates a proxy certificate from the certificate request. |
X509Certificate |
createCertificate(InputStream certRequestInputStream,
X509Certificate cert,
PrivateKey privateKey,
int lifetime,
int delegationMode,
X509ExtensionSet extSet,
String cnValue)
Creates a proxy certificate from the certificate request. |
byte[] |
createCertificateRequest(String subject,
KeyPair keyPair)
Creates a certificate request from the specified subject DN and a key pair. |
byte[] |
createCertificateRequest(X509Certificate cert,
KeyPair keyPair)
Creates a certificate request from the specified certificate and a key pair. |
byte[] |
createCertificateRequest(X509Name subjectDN,
String sigAlgName,
KeyPair keyPair)
Creates a certificate request from the specified subject name, signing algorithm, and a key pair. |
GlobusCredential |
createCredential(X509Certificate[] certs,
PrivateKey privateKey,
int bits,
int lifetime,
int delegationMode)
Creates a new proxy credential from the specified certificate chain and a private key. |
GlobusCredential |
createCredential(X509Certificate[] certs,
PrivateKey privateKey,
int bits,
int lifetime,
int delegationMode,
ProxyCertInfo proxyCertInfoExt)
Deprecated. |
GlobusCredential |
createCredential(X509Certificate[] certs,
PrivateKey privateKey,
int bits,
int lifetime,
int delegationMode,
ProxyCertInfo proxyCertInfoExt,
String cnValue)
Deprecated. Please use createCredential()
instead. The ProxyCertInfo parameter can be passed in the
X509ExtensionSet using
ProxyCertInfoExtension class. |
GlobusCredential |
createCredential(X509Certificate[] certs,
PrivateKey privateKey,
int bits,
int lifetime,
int delegationMode,
X509ExtensionSet extSet)
Creates a new proxy credential from the specified certificate chain and a private key. |
GlobusCredential |
createCredential(X509Certificate[] certs,
PrivateKey privateKey,
int bits,
int lifetime,
int delegationMode,
X509ExtensionSet extSet,
String cnValue)
Creates a new proxy credential from the specified certificate chain and a private key. |
X509Certificate |
createProxyCertificate(X509Certificate issuerCert,
PrivateKey issuerKey,
PublicKey publicKey,
int lifetime,
int proxyType,
ProxyCertInfo proxyCertInfo,
String cnValue)
Deprecated. Please use createProxyCertificate() instead.
The ProxyCertInfo parameter can be passed in the
X509ExtensionSet using
ProxyCertInfoExtension class. |
X509Certificate |
createProxyCertificate(X509Certificate issuerCert_,
PrivateKey issuerKey,
PublicKey publicKey,
int lifetime,
int proxyType,
X509ExtensionSet extSet,
String cnValue)
Creates a proxy certificate. |
static BouncyCastleCertProcessingFactory |
getDefault()
Returns an instance of this class.. |
X509Certificate |
loadCertificate(InputStream in)
Loads a X509 certificate from the specified input stream. |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Constructor Detail |
|---|
BouncyCastleCertProcessingFactory
protected BouncyCastleCertProcessingFactory()
| Method Detail |
|---|
getDefault
public static BouncyCastleCertProcessingFactory getDefault()
- Returns an instance of this class..
- Returns:
BouncyCastleCertProcessingFactoryinstance.
createCertificate
public X509Certificate createCertificate(InputStream certRequestInputStream, X509Certificate cert, PrivateKey privateKey, int lifetime, int delegationMode) throws IOException, GeneralSecurityException
- Creates a proxy certificate from the certificate request.
- Throws:
IOExceptionGeneralSecurityException- See Also:
createCertificate
createCertificate
public X509Certificate createCertificate(InputStream certRequestInputStream, X509Certificate cert, PrivateKey privateKey, int lifetime, int delegationMode, X509ExtensionSet extSet) throws IOException, GeneralSecurityException
- Creates a proxy certificate from the certificate request.
- Throws:
IOExceptionGeneralSecurityException- See Also:
createCertificate
createCertificate
public X509Certificate createCertificate(InputStream certRequestInputStream, X509Certificate cert, PrivateKey privateKey, int lifetime, int delegationMode, X509ExtensionSet extSet, String cnValue) throws IOException, GeneralSecurityException
- Creates a proxy certificate from the certificate request.
(Signs a certificate request creating a new certificate)
- Parameters:
certRequestInputStream- the input stream to read the certificate request from.cert- the issuer certificateprivateKey- the private key to sign the new certificate with.lifetime- lifetime of the new certificate in seconds. If 0 (or less then) the new certificate will have the same lifetime as the issuing certificate.delegationMode- the type of proxy credential to createextSet- a set of X.509 extensions to be included in the new proxy certificate. Can be null. If delegation mode isGSIConstants.GSI_3_RESTRICTED_PROXYorGSIConstants.GSI_4_RESTRICTED_PROXYthenProxyCertInfoExtensionmust be present in the extension set.cnValue- the value of the CN component of the subject of the new certificate. If null, the defaults will be used depending on the proxy certificate type created.- Returns:
X509Certificatethe new proxy certificate- Throws:
IOException- if error reading the certificate requestGeneralSecurityException- if a security error occurs.- See Also:
createProxyCertificate
loadCertificate
public X509Certificate loadCertificate(InputStream in) throws IOException, GeneralSecurityException
- Loads a X509 certificate from the specified input stream.
Input stream must contain DER-encoded certificate.
- Parameters:
in- the input stream to read the certificate from.- Returns:
X509Certificatethe loaded certificate.- Throws:
GeneralSecurityException- if certificate failed to load.IOException
createCredential
public GlobusCredential createCredential(X509Certificate[] certs, PrivateKey privateKey, int bits, int lifetime, int delegationMode) throws GeneralSecurityException
- Creates a new proxy credential from the specified certificate
chain and a private key.
- Throws:
GeneralSecurityException- See Also:
createCredential
createCredential
public GlobusCredential createCredential(X509Certificate[] certs, PrivateKey privateKey, int bits, int lifetime, int delegationMode, X509ExtensionSet extSet) throws GeneralSecurityException
- Creates a new proxy credential from the specified certificate
chain and a private key.
- Throws:
GeneralSecurityException- See Also:
createCredential
createCredential
public GlobusCredential createCredential(X509Certificate[] certs, PrivateKey privateKey, int bits, int lifetime, int delegationMode, X509ExtensionSet extSet, String cnValue) throws GeneralSecurityException
- Creates a new proxy credential from the specified certificate
chain and a private key. A set of X.509 extensions
can be optionally included in the new proxy certificate.
This function automatically creates a "RSA"-based key pair.
- Parameters:
certs- the certificate chain for the new proxy credential. The top-most certificatecert[0]will be designated as the issuing certificate.privateKey- the private key of the issuing certificate. The new proxy certificate will be signed with that private key.bits- the strength of the key pair for the new proxy certificate.lifetime- lifetime of the new certificate in seconds. If 0 (or less then) the new certificate will have the same lifetime as the issuing certificate.delegationMode- the type of proxy credential to createextSet- a set of X.509 extensions to be included in the new proxy certificate. Can be null. If delegation mode isGSIConstants.GSI_3_RESTRICTED_PROXYorGSIConstants.GSI_4_RESTRICTED_PROXYthenProxyCertInfoExtensionmust be present in the extension set.cnValue- the value of the CN component of the subject of the new proxy credential. If null, the defaults will be used depending on the proxy certificate type created.- Returns:
GlobusCredentialthe new proxy credential.- Throws:
GeneralSecurityException- if a security error occurs.- See Also:
createProxyCertificate
createCertificateRequest
public byte[] createCertificateRequest(String subject, KeyPair keyPair) throws GeneralSecurityException
- Creates a certificate request from the specified
subject DN and a key pair.
The "MD5WithRSAEncryption" is used as the
signing algorithm of the certificate request.
- Parameters:
subject- the subject of the certificate requestkeyPair- the key pair of the certificate request- Returns:
- the certificate request.
- Throws:
GeneralSecurityException- if security error occurs.
createCertificateRequest
public byte[] createCertificateRequest(X509Certificate cert, KeyPair keyPair) throws GeneralSecurityException
- Creates a certificate request from the specified
certificate and a key pair. The certificate's
subject DN with "CN=proxy" name component
appended to the subject is used as the subject
of the certificate request.
Also the certificate's signing algorithm is
used as the certificate request signing algorithm.
- Parameters:
cert- the certificate to create the certificate request from.keyPair- the key pair of the certificate request- Returns:
- the certificate request.
- Throws:
GeneralSecurityException- if security error occurs.
createCertificateRequest
public byte[] createCertificateRequest(X509Name subjectDN, String sigAlgName, KeyPair keyPair) throws GeneralSecurityException
- Creates a certificate request from the specified
subject name, signing algorithm, and a key pair.
- Parameters:
subjectDN- the subject name of the certificate request.sigAlgName- the signing algorithm name.keyPair- the key pair of the certificate request- Returns:
- the certificate request.
- Throws:
GeneralSecurityException- if security error occurs.
createProxyCertificate
public X509Certificate createProxyCertificate(X509Certificate issuerCert_, PrivateKey issuerKey, PublicKey publicKey, int lifetime, int proxyType, X509ExtensionSet extSet, String cnValue) throws GeneralSecurityException
- Creates a proxy certificate. A set of X.509 extensions
can be optionally included in the new proxy certificate.
If a GSI-2 proxy is created, the serial number of the proxy certificate will be the same as of the issuing certificate. Also, none of the extensions in the issuing certificate will be copied into the proxy certificate.
If a GSI-3 or GSI 4 proxy is created, the serial number of the proxy certificate will be picked randomly. If the issuing certificate contains a KeyUsage extension, the extension will be copied into the proxy certificate with keyCertSign and nonRepudiation bits turned off. No other extensions are currently copied. The methods defaults to creating GSI 4 proxy- Parameters:
issuerCert- the issuing certificateissuerKey- private key matching the public key of issuer certificate. The new proxy certificate will be signed by that key.publicKey- the public key of the new certificatelifetime- lifetime of the new certificate in seconds. If 0 (or less then) the new certificate will have the same lifetime as the issuing certificate.proxyType- can be one ofGSIConstants.DELEGATION_LIMITED,GSIConstants.DELEGATION_FULL,GSIConstants.GSI_2_LIMITED_PROXY,GSIConstants.GSI_2_PROXY,GSIConstants.GSI_3_IMPERSONATION_PROXY,GSIConstants.GSI_3_LIMITED_PROXY,GSIConstants.GSI_3_INDEPENDENT_PROXY,GSIConstants.GSI_3_RESTRICTED_PROXY.GSIConstants.GSI_4_IMPERSONATION_PROXY,GSIConstants.GSI_3_LIMITED_PROXY,GSIConstants.GSI_4_INDEPENDENT_PROXY,GSIConstants.GSI_4_RESTRICTED_PROXY. IfGSIConstants.DELEGATION_LIMITEDand ifCertUtil.isGsi2Enabledreturns true then a GSI-2 limited proxy will be created. Else ifCertUtil.isGsi3Enabledreturns true then a GSI-3 limited proxy will be created. If not, a GSI-4 limited proxy will be created. IfGSIConstants.DELEGATION_FULLand ifCertUtil.isGsi2Enabledreturns true then a GSI-2 full proxy will be created. Else ifCertUtil.isGsi3Enabledreturns true then a GSI-3 full proxy will be created. If not, a GSI-4 full proxy will be created.extSet- a set of X.509 extensions to be included in the new proxy certificate. Can be null. If delegation mode isGSIConstants.GSI_3_RESTRICTED_PROXYorGSIConstants.GSI_4_RESTRICTED_PROXYthenProxyCertInfoExtensionmust be present in the extension set.cnValue- the value of the CN component of the subject of the new certificate. If null, the defaults will be used depending on the proxy certificate type created.- Returns:
X509Certificatethe new proxy certificate.- Throws:
GeneralSecurityException- if a security error occurs.
createProxyCertificate
public X509Certificate createProxyCertificate(X509Certificate issuerCert, PrivateKey issuerKey, PublicKey publicKey, int lifetime, int proxyType, ProxyCertInfo proxyCertInfo, String cnValue) throws GeneralSecurityException
- Deprecated. Please use
createProxyCertificate()instead. TheProxyCertInfoparameter can be passed in theX509ExtensionSetusingProxyCertInfoExtensionclass.- Throws:
GeneralSecurityException
createCredential
public GlobusCredential createCredential(X509Certificate[] certs, PrivateKey privateKey, int bits, int lifetime, int delegationMode, ProxyCertInfo proxyCertInfoExt, String cnValue) throws GeneralSecurityException
- Deprecated. Please use
createCredential()instead. TheProxyCertInfoparameter can be passed in theX509ExtensionSetusingProxyCertInfoExtensionclass.- Throws:
GeneralSecurityException
createCredential
public GlobusCredential createCredential(X509Certificate[] certs, PrivateKey privateKey, int bits, int lifetime, int delegationMode, ProxyCertInfo proxyCertInfoExt) throws GeneralSecurityException
- Deprecated.
- Throws:
GeneralSecurityException- See Also:
createCredential
createCertificate
public X509Certificate createCertificate(InputStream certRequestInputStream, X509Certificate cert, PrivateKey privateKey, int lifetime, int delegationMode, ProxyCertInfo proxyCertInfoExt, String cnValue) throws IOException, GeneralSecurityException
- Deprecated. Please use
createCertificate()instead. TheProxyCertInfoparameter can be passed in theX509ExtensionSetusingProxyCertInfoExtensionclass.- Throws:
IOExceptionGeneralSecurityException
createCertificate
public X509Certificate createCertificate(InputStream certRequestInputStream, X509Certificate cert, PrivateKey privateKey, int lifetime, int delegationMode, ProxyCertInfo proxyCertInfoExt) throws IOException, GeneralSecurityException
- Deprecated.
- Throws:
IOExceptionGeneralSecurityException- See Also:
createCertificate
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||