eu.emi.security.authn.x509.proxy

Class ProxyCSRGenerator

java.lang.Object

eu.emi.security.authn.x509.proxy.ProxyCSRGenerator

public class ProxyCSRGenerator
extends java.lang.Object

Generates a proxy certificate signing request. The request parameters may contain extensions which are passed in the generated Certificate Signing Request. Of course the peer issuing the proxy certificate may ignore them.

The following rules are applied basing on the parameters object:

• [RFC proxy only] If the serial number is set then it is used as requested CN part of the proxy. Otherwise the CN part is set to the serial number of the issuing certificate. Note that this value most probably will be ignored anyway by the part which issues the actual proxy, as this is this party responsibility to guarantee uniqueness of serial numbers across all proxies issued.
• All additional extensions, SAML, tracing and address restrictions are added as Attributes of extensionRequest type (PKCS 9) if are set.
• Proxy path limit and policy (if set) are wrapped into the proxy extension and then included in the Attributes list (as above). If only one of the values is set then the second receives the default value. If the type is set to the legacy proxy then those parameters are ignored.
• There is no way to request a validity time of the generated proxy, therefore the lifetime parameter is ignored.

Author:

K. Benedyczak

Constructor Summary

Constructors

Constructor and Description
ProxyCSRGenerator()

Method Summary

Methods

Modifier and Type	Method and Description
static ProxyCSR	generate(ProxyCertificateOptions param) Generate the proxy certificate object.
static ProxyCSR	generate(ProxyCertificateOptions param, java.security.PrivateKey signingKey) Generate the proxy certificate object.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ProxyCSRGenerator

public ProxyCSRGenerator()

Method Detail

generate

public static ProxyCSR generate(ProxyCertificateOptions param)
                         throws java.security.InvalidKeyException,
                                java.security.SignatureException,
                                java.security.NoSuchAlgorithmException,
                                java.security.cert.CertificateEncodingException

Generate the proxy certificate object. Use this method if you want to sign the proxy with the key which will be autogenerated together with the public part which will be included in the proxy itself. This method will throw an exception if used with parameter which has public key manually set.

Parameters:

param - request creation parameters

Returns:

Proxy certificate signing request

Throws:

java.security.InvalidKeyException - invalid key exception

java.security.SignatureException - signature exception

java.security.NoSuchAlgorithmException - no such algorithm exception

java.security.cert.CertificateEncodingException - certificate encoding exception

java.lang.IllegalArgumentException - when signingKey is null and public key was manully set

generate

public static ProxyCSR generate(ProxyCertificateOptions param,
                java.security.PrivateKey signingKey)
                         throws java.security.InvalidKeyException,
                                java.security.SignatureException,
                                java.security.NoSuchAlgorithmException,
                                java.security.cert.CertificateEncodingException

Generate the proxy certificate object. Use this method if you want to manually specify the CSR signing key. This is normally the case when the ProxyCertificateOptions parameter contains a manually set public key.

Parameters:

param - request creation parameters

signingKey - private key

Returns:

Proxy certificate signing request

Throws:

java.security.InvalidKeyException - invalid key exception

java.security.SignatureException - signature exception

java.security.NoSuchAlgorithmException - no such algorithm exception

java.security.cert.CertificateEncodingException - certificate encoding exception

java.lang.IllegalArgumentException - when signingKey is null and public key was manually set