eu.emi.security.authn.x509.helpers.proxy

Class ProxyGeneratorHelper

java.lang.Object

eu.emi.security.authn.x509.helpers.proxy.ProxyGeneratorHelper

public class ProxyGeneratorHelper
extends java.lang.Object

Actual implementation of the Proxy generation. The object is for one use only, i.e. it should not be reused to generate first certificate. It is strongly suggested to use ProxyGenerator.

Author:

K. Benedyczak

Constructor Summary

Constructors

Constructor and Description
ProxyGeneratorHelper()

Method Summary

Methods

Modifier and Type	Method and Description
static java.math.BigInteger	establishSerial(BaseProxyCertificateOptions param) For LEGACY proxies returns the serial from the issuing certificate.
ProxyCertificate	generate(ProxyCertificateOptions param, java.security.PrivateKey privateKey) Generate the proxy certificate object from the local certificate.
java.security.cert.X509Certificate[]	generate(ProxyRequestOptions param, java.security.PrivateKey privateKey) Generate the proxy certificate object from the received Certificate Signing Request.
static org.bouncycastle.asn1.x500.X500Name	generateDN(javax.security.auth.x500.X500Principal parentSubject, ProxyType type, boolean limited, java.math.BigInteger serial) Generate a correct DN for the proxy, depending on its type.
static java.security.KeyPair	generateKeyPair(int len)
static java.lang.Integer	getChainKeyUsage(java.security.cert.X509Certificate[] chain) If the input chain has no KeyUsage extension null is returned.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ProxyGeneratorHelper

public ProxyGeneratorHelper()

Method Detail

generate

public ProxyCertificate generate(ProxyCertificateOptions param,
                        java.security.PrivateKey privateKey)
                          throws java.security.InvalidKeyException,
                                 java.security.SignatureException,
                                 java.security.NoSuchAlgorithmException,
                                 java.security.cert.CertificateParsingException,
                                 java.io.IOException

Generate the proxy certificate object from the local certificate.

Parameters:

param - proxy parameters

privateKey - key to sign the proxy

Returns:

a newly created proxy certificate, wrapped together with a private key if it was also generated.

Throws:

java.security.InvalidKeyException - invalid key exception

java.security.SignatureException - signature exception

java.security.NoSuchAlgorithmException - no such algorithm exception

java.security.cert.CertificateParsingException - certificate parsing exception

java.io.IOException - IO exception

generate

public java.security.cert.X509Certificate[] generate(ProxyRequestOptions param,
                                            java.security.PrivateKey privateKey)
                                              throws java.security.InvalidKeyException,
                                                     java.security.SignatureException,
                                                     java.security.NoSuchAlgorithmException,
                                                     java.security.cert.CertificateParsingException,
                                                     java.io.IOException

Generate the proxy certificate object from the received Certificate Signing Request.

Parameters:

param - proxy parameters

privateKey - key to sign the proxy

Returns:

chain with the new proxy on the first position

Throws:

java.security.InvalidKeyException - invalid key exception

java.security.SignatureException - signature exception

java.security.NoSuchAlgorithmException - no such algorithm exception

java.security.cert.CertificateParsingException - certificate encoding exception

java.io.IOException - IO exception

getChainKeyUsage

public static java.lang.Integer getChainKeyUsage(java.security.cert.X509Certificate[] chain)

If the input chain has no KeyUsage extension null is returned. If at least one certificate in the chain has the Key Usage extension then a KeyUsage is returned which contains bitwise AND of KeyUsage flags from all certificates. The CA certificates are ignored in the computation.

Parameters:

chain - certificate chain

Returns:

chain key usage

establishSerial

public static java.math.BigInteger establishSerial(BaseProxyCertificateOptions param)

For LEGACY proxies returns the serial from the issuing certificate. For the Draft/rfc proxies returns the manually set serial, or generateas a random one if not set.

Parameters:

param - proxy certificate options

Returns:

serial number

generateDN

public static org.bouncycastle.asn1.x500.X500Name generateDN(javax.security.auth.x500.X500Principal parentSubject,
                                             ProxyType type,
                                             boolean limited,
                                             java.math.BigInteger serial)

Generate a correct DN for the proxy, depending on its type.

Parameters:

parentSubject - parent subject

type - proxy type

limited - true if limited proxy

serial - serial number

Returns:

generated proxy DN

generateKeyPair

public static java.security.KeyPair generateKeyPair(int len)