org.globus.gsi.util
Class CertificateUtil

java.lang.Object
  extended by org.globus.gsi.util.CertificateUtil

public final class CertificateUtil
extends java.lang.Object

FILL ME

Author:
ranantha@mcs.anl.gov

Field Summary
static int CRL_SIGN
           
static int DATA_ENCIPHERMENT
           
static int DECIPHER_ONLY
           
static int DEFAULT_USAGE_LENGTH
           
static int DIGITAL_SIGNATURE
           
static int ENCIPHER_ONLY
           
static int KEY_AGREEMENT
           
static int KEY_CERTSIGN
           
static int KEY_ENCIPHERMENT
           
static int NON_REPUDIATION
           
 
Method Summary
static java.security.KeyPair generateKeyPair(java.lang.String algorithm, int bits)
          Generates a key pair of given algorithm and strength.
static org.bouncycastle.asn1.x509.BasicConstraints getBasicConstraints(org.bouncycastle.asn1.x509.X509Extension ext)
          Creates a BasicConstraints object from given extension.
static int getCAPathConstraint(org.bouncycastle.asn1.x509.TBSCertificateStructure crt)
          Return CA Path constraint
static GSIConstants.CertificateType getCertificateType(org.bouncycastle.asn1.x509.TBSCertificateStructure crt)
          Returns certificate type of the given TBS certificate.
static java.security.cert.CertPath getCertPath(java.security.cert.X509Certificate[] certs)
           
static org.bouncycastle.asn1.DERObject getExtensionObject(org.bouncycastle.asn1.x509.X509Extension ext)
          Extracts the value of a certificate extension.
static boolean[] getKeyUsage(org.bouncycastle.asn1.x509.TBSCertificateStructure crt)
           
static boolean[] getKeyUsage(org.bouncycastle.asn1.x509.X509Extension ext)
          Gets a boolean array representing bits of the KeyUsage extension.
static org.bouncycastle.asn1.x509.TBSCertificateStructure getTBSCertificateStructure(java.security.cert.X509Certificate cert)
          Extracts the TBS certificate from the given certificate.
static void init()
          A no-op function that can be used to force the class to load and initialize.
static void installSecureRandomProvider()
          Installs SecureRandom provider.
static void setProvider(java.lang.String providerName)
          Sets a provider name to use for loading certificates and for generating key pairs.
static org.bouncycastle.asn1.DERObject toDERObject(byte[] data)
          Converts the DER-encoded byte array into a DERObject.
static java.lang.String toGlobusID(java.security.Principal name)
          Converts the specified principal into Globus format.
static java.lang.String toGlobusID(java.lang.String dn)
          Converts DN of the form "CN=A, OU=B, O=C" into Globus format "/CN=A/OU=B/O=C".
This function might return incorrect Globus-formatted ID when one of the RDNs in the DN contains commas.
static java.lang.String toGlobusID(java.lang.String dn, boolean noreverse)
          Converts DN of the form "CN=A, OU=B, O=C" into Globus format "/CN=A/OU=B/O=C" or "/O=C/OU=B/CN=A" depending on the noreverse option.
static java.lang.String toGlobusID(javax.security.auth.x500.X500Principal principal)
          Converts DN of the form "CN=A, OU=B, O=C" into Globus format "/O=C/OU=B/CN=A"
This function might return incorrect Globus-formatted ID when one of the RDNs in the DN contains commas.
static javax.security.auth.x500.X500Principal toPrincipal(java.lang.String globusID)
          Converts Globus DN format "/O=C/OU=B/CN=A" into an X500Principal representation, which accepts RFC 2253 or 1779 formatted DN's and also attribute types as defined in RFC 2459 (e.g.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

DIGITAL_SIGNATURE

public static final int DIGITAL_SIGNATURE
See Also:
Constant Field Values

NON_REPUDIATION

public static final int NON_REPUDIATION
See Also:
Constant Field Values

KEY_ENCIPHERMENT

public static final int KEY_ENCIPHERMENT
See Also:
Constant Field Values

DATA_ENCIPHERMENT

public static final int DATA_ENCIPHERMENT
See Also:
Constant Field Values

KEY_AGREEMENT

public static final int KEY_AGREEMENT
See Also:
Constant Field Values

KEY_CERTSIGN

public static final int KEY_CERTSIGN
See Also:
Constant Field Values

CRL_SIGN

public static final int CRL_SIGN
See Also:
Constant Field Values

ENCIPHER_ONLY

public static final int ENCIPHER_ONLY
See Also:
Constant Field Values

DECIPHER_ONLY

public static final int DECIPHER_ONLY
See Also:
Constant Field Values

DEFAULT_USAGE_LENGTH

public static final int DEFAULT_USAGE_LENGTH
See Also:
Constant Field Values
Method Detail

init

public static void init()
A no-op function that can be used to force the class to load and initialize.


setProvider

public static void setProvider(java.lang.String providerName)
Sets a provider name to use for loading certificates and for generating key pairs.

Parameters:
providerName - provider name to use.

installSecureRandomProvider

public static void installSecureRandomProvider()
Installs SecureRandom provider. This function is automatically called when this class is loaded.


getCAPathConstraint

public static int getCAPathConstraint(org.bouncycastle.asn1.x509.TBSCertificateStructure crt)
                               throws java.io.IOException
Return CA Path constraint

Parameters:
crt -
Returns:
the CA path constraint
Throws:
java.io.IOException

generateKeyPair

public static java.security.KeyPair generateKeyPair(java.lang.String algorithm,
                                                    int bits)
                                             throws java.security.GeneralSecurityException
Generates a key pair of given algorithm and strength.

Parameters:
algorithm - the algorithm of the key pair.
bits - the strength
Returns:
KeyPair the generated key pair.
Throws:
java.security.GeneralSecurityException - if something goes wrong.

getCertificateType

public static GSIConstants.CertificateType getCertificateType(org.bouncycastle.asn1.x509.TBSCertificateStructure crt)
                                                       throws java.security.cert.CertificateException,
                                                              java.io.IOException
Returns certificate type of the given TBS certificate.
The certificate type is CertificateType.CA only if the certificate contains a BasicConstraints extension and it is marked as CA.
A certificate is a GSI-2 proxy when the subject DN of the certificate ends with "CN=proxy" (certificate type CertificateType.GSI_2_PROXY) or "CN=limited proxy" (certificate type CertificateType.LIMITED_PROXY) component and the issuer DN of the certificate matches the subject DN without the last proxy CN component.
A certificate is a GSI-3 proxy when the subject DN of the certificate ends with a CN component, the issuer DN of the certificate matches the subject DN without the last CN component and the certificate contains ProxyCertInfo critical extension. The certificate type is CertificateType.GSI_3_IMPERSONATION_PROXY if the policy language of the ProxyCertInfo extension is set to ProxyPolicy.IMPERSONATION OID. The certificate type is CertificateType.GSI_3_LIMITED_PROXY if the policy language of the ProxyCertInfo extension is set to ProxyPolicy.LIMITED OID. The certificate type is CertificateType.GSI_3_INDEPENDENT_PROXY if the policy language of the ProxyCertInfo extension is set to ProxyPolicy.INDEPENDENT OID. The certificate type is CertificateType.GSI_3_RESTRICTED_PROXY if the policy language of the ProxyCertInfo extension is set to any other OID then the above.
The certificate type is CertificateType.EEC if the certificate is not a CA certificate or a GSI-2 or GSI-3 proxy.

Parameters:
crt - the TBS certificate to get the type of.
Returns:
the certificate type. The certificate type is determined by rules described above.
Throws:
java.io.IOException - if something goes wrong.
java.security.cert.CertificateException - for proxy certificates, if the issuer DN of the certificate does not match the subject DN of the certificate without the last CN component. Also, for GSI-3 proxies when the ProxyCertInfo extension is not marked as critical.

getBasicConstraints

public static org.bouncycastle.asn1.x509.BasicConstraints getBasicConstraints(org.bouncycastle.asn1.x509.X509Extension ext)
                                                                       throws java.io.IOException
Creates a BasicConstraints object from given extension.

Parameters:
ext - the extension.
Returns:
the BasicConstraints object.
Throws:
java.io.IOException - if something fails.

toDERObject

public static org.bouncycastle.asn1.DERObject toDERObject(byte[] data)
                                                   throws java.io.IOException
Converts the DER-encoded byte array into a DERObject.

Parameters:
data - the DER-encoded byte array to convert.
Returns:
the DERObject.
Throws:
java.io.IOException - if conversion fails

getTBSCertificateStructure

public static org.bouncycastle.asn1.x509.TBSCertificateStructure getTBSCertificateStructure(java.security.cert.X509Certificate cert)
                                                                                     throws java.security.cert.CertificateEncodingException,
                                                                                            java.io.IOException
Extracts the TBS certificate from the given certificate.

Parameters:
cert - the X.509 certificate to extract the TBS certificate from.
Returns:
the TBS certificate
Throws:
java.io.IOException - if extraction fails.
java.security.cert.CertificateEncodingException - if extraction fails.

getKeyUsage

public static boolean[] getKeyUsage(org.bouncycastle.asn1.x509.TBSCertificateStructure crt)
                             throws java.io.IOException
Throws:
java.io.IOException

getKeyUsage

public static boolean[] getKeyUsage(org.bouncycastle.asn1.x509.X509Extension ext)
                             throws java.io.IOException
Gets a boolean array representing bits of the KeyUsage extension.

Throws:
java.io.IOException - if failed to extract the KeyUsage extension value.
See Also:
X509Certificate.getKeyUsage()

getExtensionObject

public static org.bouncycastle.asn1.DERObject getExtensionObject(org.bouncycastle.asn1.x509.X509Extension ext)
                                                          throws java.io.IOException
Extracts the value of a certificate extension.

Parameters:
ext - the certificate extension to extract the value from.
Throws:
java.io.IOException - if extraction fails.

toGlobusID

public static java.lang.String toGlobusID(java.lang.String dn)
Converts DN of the form "CN=A, OU=B, O=C" into Globus format "/CN=A/OU=B/O=C".
This function might return incorrect Globus-formatted ID when one of the RDNs in the DN contains commas.

Parameters:
dn - the DN to convert to Globus format.
Returns:
the converted DN in Globus format.
See Also:
toGlobusID(String, boolean)

toGlobusID

public static java.lang.String toGlobusID(java.lang.String dn,
                                          boolean noreverse)
Converts DN of the form "CN=A, OU=B, O=C" into Globus format "/CN=A/OU=B/O=C" or "/O=C/OU=B/CN=A" depending on the noreverse option. If noreverse is true the order of the DN components is not reveresed - "/CN=A/OU=B/O=C" is returned. If noreverse is false, the order of the DN components is reversed - "/O=C/OU=B/CN=A" is returned.
This function might return incorrect Globus-formatted ID when one of the RDNs in the DN contains commas.

Parameters:
dn - the DN to convert to Globus format.
noreverse - the direction of the conversion.
Returns:
the converted DN in Globus format.

toGlobusID

public static java.lang.String toGlobusID(java.security.Principal name)
Converts the specified principal into Globus format. If the principal is of unrecognized type a simple string-based conversion is made using the toGlobusID() function.

Parameters:
name - the principal to convert to Globus format.
Returns:
the converted DN in Globus format.
See Also:
toGlobusID(String)

toGlobusID

public static java.lang.String toGlobusID(javax.security.auth.x500.X500Principal principal)
Converts DN of the form "CN=A, OU=B, O=C" into Globus format "/O=C/OU=B/CN=A"
This function might return incorrect Globus-formatted ID when one of the RDNs in the DN contains commas.

Returns:
the converted DN in Globus format.

toPrincipal

public static javax.security.auth.x500.X500Principal toPrincipal(java.lang.String globusID)
Converts Globus DN format "/O=C/OU=B/CN=A" into an X500Principal representation, which accepts RFC 2253 or 1779 formatted DN's and also attribute types as defined in RFC 2459 (e.g. "CN=A,OU=B,O=C"). This method should allow the forward slash, "/", to occur in attribute values (see GFD.125 section 3.2.2 -- RFC 2252 allows "/" in PrintableStrings).

Parameters:
globusID - DN in Globus format
Returns:
the X500Principal representation of the given DN

getCertPath

public static java.security.cert.CertPath getCertPath(java.security.cert.X509Certificate[] certs)
                                               throws java.security.cert.CertificateException
Throws:
java.security.cert.CertificateException


Copyright © 2013. All Rights Reserved.