org.globus.gsi.bc
Class BouncyCastleCertProcessingFactory

java.lang.Object
  extended byorg.globus.gsi.bc.BouncyCastleCertProcessingFactory

public class BouncyCastleCertProcessingFactory
extends Object

Provides certificate processing API such as creating new certificates, certificate requests, etc.


Constructor Summary
protected BouncyCastleCertProcessingFactory()
           
 
Method Summary
 X509Certificate createCertificate(InputStream certRequestInputStream, X509Certificate cert, PrivateKey privateKey, int lifetime, int delegationMode)
          Creates a proxy certificate from the certificate request.
 X509Certificate createCertificate(InputStream certRequestInputStream, X509Certificate cert, PrivateKey privateKey, int lifetime, int delegationMode, ProxyCertInfo proxyCertInfoExt)
          Deprecated.  
 X509Certificate createCertificate(InputStream certRequestInputStream, X509Certificate cert, PrivateKey privateKey, int lifetime, int delegationMode, ProxyCertInfo proxyCertInfoExt, String cnValue)
          Deprecated. Please use createCertificate() instead. The ProxyCertInfo parameter can be passed in the X509ExtensionSet using ProxyCertInfoExtension class.
 X509Certificate createCertificate(InputStream certRequestInputStream, X509Certificate cert, PrivateKey privateKey, int lifetime, int delegationMode, X509ExtensionSet extSet)
          Creates a proxy certificate from the certificate request.
 X509Certificate createCertificate(InputStream certRequestInputStream, X509Certificate cert, PrivateKey privateKey, int lifetime, int delegationMode, X509ExtensionSet extSet, String cnValue)
          Creates a proxy certificate from the certificate request.
 byte[] createCertificateRequest(String subject, KeyPair keyPair)
          Creates a certificate request from the specified subject DN and a key pair.
 byte[] createCertificateRequest(X509Certificate cert, KeyPair keyPair)
          Creates a certificate request from the specified certificate and a key pair.
 byte[] createCertificateRequest(X509Name subjectDN, String sigAlgName, KeyPair keyPair)
          Creates a certificate request from the specified subject name, signing algorithm, and a key pair.
 GlobusCredential createCredential(X509Certificate[] certs, PrivateKey privateKey, int bits, int lifetime, int delegationMode)
          Creates a new proxy credential from the specified certificate chain and a private key.
 GlobusCredential createCredential(X509Certificate[] certs, PrivateKey privateKey, int bits, int lifetime, int delegationMode, ProxyCertInfo proxyCertInfoExt)
          Deprecated.  
 GlobusCredential createCredential(X509Certificate[] certs, PrivateKey privateKey, int bits, int lifetime, int delegationMode, ProxyCertInfo proxyCertInfoExt, String cnValue)
          Deprecated. Please use createCredential() instead. The ProxyCertInfo parameter can be passed in the X509ExtensionSet using ProxyCertInfoExtension class.
 GlobusCredential createCredential(X509Certificate[] certs, PrivateKey privateKey, int bits, int lifetime, int delegationMode, X509ExtensionSet extSet)
          Creates a new proxy credential from the specified certificate chain and a private key.
 GlobusCredential createCredential(X509Certificate[] certs, PrivateKey privateKey, int bits, int lifetime, int delegationMode, X509ExtensionSet extSet, String cnValue)
          Creates a new proxy credential from the specified certificate chain and a private key.
 X509Certificate createProxyCertificate(X509Certificate issuerCert, PrivateKey issuerKey, PublicKey publicKey, int lifetime, int proxyType, ProxyCertInfo proxyCertInfo, String cnValue)
          Deprecated. Please use createProxyCertificate() instead. The ProxyCertInfo parameter can be passed in the X509ExtensionSet using ProxyCertInfoExtension class.
 X509Certificate createProxyCertificate(X509Certificate issuerCert_, PrivateKey issuerKey, PublicKey publicKey, int lifetime, int proxyType, X509ExtensionSet extSet, String cnValue)
          Creates a proxy certificate.
static BouncyCastleCertProcessingFactory getDefault()
          Returns an instance of this class..
 X509Certificate loadCertificate(InputStream in)
          Loads a X509 certificate from the specified input stream.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

BouncyCastleCertProcessingFactory

protected BouncyCastleCertProcessingFactory()
Method Detail

getDefault

public static BouncyCastleCertProcessingFactory getDefault()
Returns an instance of this class..

Returns:
BouncyCastleCertProcessingFactory instance.

createCertificate

public X509Certificate createCertificate(InputStream certRequestInputStream,
                                         X509Certificate cert,
                                         PrivateKey privateKey,
                                         int lifetime,
                                         int delegationMode)
                                  throws IOException,
                                         GeneralSecurityException
Creates a proxy certificate from the certificate request.

Throws:
IOException
GeneralSecurityException
See Also:
createCertificate

createCertificate

public X509Certificate createCertificate(InputStream certRequestInputStream,
                                         X509Certificate cert,
                                         PrivateKey privateKey,
                                         int lifetime,
                                         int delegationMode,
                                         X509ExtensionSet extSet)
                                  throws IOException,
                                         GeneralSecurityException
Creates a proxy certificate from the certificate request.

Throws:
IOException
GeneralSecurityException
See Also:
createCertificate

createCertificate

public X509Certificate createCertificate(InputStream certRequestInputStream,
                                         X509Certificate cert,
                                         PrivateKey privateKey,
                                         int lifetime,
                                         int delegationMode,
                                         X509ExtensionSet extSet,
                                         String cnValue)
                                  throws IOException,
                                         GeneralSecurityException
Creates a proxy certificate from the certificate request. (Signs a certificate request creating a new certificate)

Parameters:
certRequestInputStream - the input stream to read the certificate request from.
cert - the issuer certificate
privateKey - the private key to sign the new certificate with.
lifetime - lifetime of the new certificate in seconds. If 0 (or less then) the new certificate will have the same lifetime as the issuing certificate.
delegationMode - the type of proxy credential to create
extSet - a set of X.509 extensions to be included in the new proxy certificate. Can be null. If delegation mode is GSIConstants.GSI_3_RESTRICTED_PROXY or GSIConstants.GSI_4_RESTRICTED_PROXY then ProxyCertInfoExtension must be present in the extension set.
cnValue - the value of the CN component of the subject of the new certificate. If null, the defaults will be used depending on the proxy certificate type created.
Returns:
X509Certificate the new proxy certificate
Throws:
IOException - if error reading the certificate request
GeneralSecurityException - if a security error occurs.
See Also:
createProxyCertificate

loadCertificate

public X509Certificate loadCertificate(InputStream in)
                                throws IOException,
                                       GeneralSecurityException
Loads a X509 certificate from the specified input stream. Input stream must contain DER-encoded certificate.

Parameters:
in - the input stream to read the certificate from.
Returns:
X509Certificate the loaded certificate.
Throws:
GeneralSecurityException - if certificate failed to load.
IOException

createCredential

public GlobusCredential createCredential(X509Certificate[] certs,
                                         PrivateKey privateKey,
                                         int bits,
                                         int lifetime,
                                         int delegationMode)
                                  throws GeneralSecurityException
Creates a new proxy credential from the specified certificate chain and a private key.

Throws:
GeneralSecurityException
See Also:
createCredential

createCredential

public GlobusCredential createCredential(X509Certificate[] certs,
                                         PrivateKey privateKey,
                                         int bits,
                                         int lifetime,
                                         int delegationMode,
                                         X509ExtensionSet extSet)
                                  throws GeneralSecurityException
Creates a new proxy credential from the specified certificate chain and a private key.

Throws:
GeneralSecurityException
See Also:
createCredential

createCredential

public GlobusCredential createCredential(X509Certificate[] certs,
                                         PrivateKey privateKey,
                                         int bits,
                                         int lifetime,
                                         int delegationMode,
                                         X509ExtensionSet extSet,
                                         String cnValue)
                                  throws GeneralSecurityException
Creates a new proxy credential from the specified certificate chain and a private key. A set of X.509 extensions can be optionally included in the new proxy certificate. This function automatically creates a "RSA"-based key pair.

Parameters:
certs - the certificate chain for the new proxy credential. The top-most certificate cert[0] will be designated as the issuing certificate.
privateKey - the private key of the issuing certificate. The new proxy certificate will be signed with that private key.
bits - the strength of the key pair for the new proxy certificate.
lifetime - lifetime of the new certificate in seconds. If 0 (or less then) the new certificate will have the same lifetime as the issuing certificate.
delegationMode - the type of proxy credential to create
extSet - a set of X.509 extensions to be included in the new proxy certificate. Can be null. If delegation mode is GSIConstants.GSI_3_RESTRICTED_PROXY or GSIConstants.GSI_4_RESTRICTED_PROXY then ProxyCertInfoExtension must be present in the extension set.
cnValue - the value of the CN component of the subject of the new proxy credential. If null, the defaults will be used depending on the proxy certificate type created.
Returns:
GlobusCredential the new proxy credential.
Throws:
GeneralSecurityException - if a security error occurs.
See Also:
createProxyCertificate

createCertificateRequest

public byte[] createCertificateRequest(String subject,
                                       KeyPair keyPair)
                                throws GeneralSecurityException
Creates a certificate request from the specified subject DN and a key pair. The "MD5WithRSAEncryption" is used as the signing algorithm of the certificate request.

Parameters:
subject - the subject of the certificate request
keyPair - the key pair of the certificate request
Returns:
the certificate request.
Throws:
GeneralSecurityException - if security error occurs.

createCertificateRequest

public byte[] createCertificateRequest(X509Certificate cert,
                                       KeyPair keyPair)
                                throws GeneralSecurityException
Creates a certificate request from the specified certificate and a key pair. The certificate's subject DN with "CN=proxy" name component appended to the subject is used as the subject of the certificate request. Also the certificate's signing algorithm is used as the certificate request signing algorithm.

Parameters:
cert - the certificate to create the certificate request from.
keyPair - the key pair of the certificate request
Returns:
the certificate request.
Throws:
GeneralSecurityException - if security error occurs.

createCertificateRequest

public byte[] createCertificateRequest(X509Name subjectDN,
                                       String sigAlgName,
                                       KeyPair keyPair)
                                throws GeneralSecurityException
Creates a certificate request from the specified subject name, signing algorithm, and a key pair.

Parameters:
subjectDN - the subject name of the certificate request.
sigAlgName - the signing algorithm name.
keyPair - the key pair of the certificate request
Returns:
the certificate request.
Throws:
GeneralSecurityException - if security error occurs.

createProxyCertificate

public X509Certificate createProxyCertificate(X509Certificate issuerCert_,
                                              PrivateKey issuerKey,
                                              PublicKey publicKey,
                                              int lifetime,
                                              int proxyType,
                                              X509ExtensionSet extSet,
                                              String cnValue)
                                       throws GeneralSecurityException
Creates a proxy certificate. A set of X.509 extensions can be optionally included in the new proxy certificate.
If a GSI-2 proxy is created, the serial number of the proxy certificate will be the same as of the issuing certificate. Also, none of the extensions in the issuing certificate will be copied into the proxy certificate.
If a GSI-3 or GSI 4 proxy is created, the serial number of the proxy certificate will be picked randomly. If the issuing certificate contains a KeyUsage extension, the extension will be copied into the proxy certificate with keyCertSign and nonRepudiation bits turned off. No other extensions are currently copied. The methods defaults to creating GSI 4 proxy

Parameters:
issuerKey - private key matching the public key of issuer certificate. The new proxy certificate will be signed by that key.
publicKey - the public key of the new certificate
lifetime - lifetime of the new certificate in seconds. If 0 (or less then) the new certificate will have the same lifetime as the issuing certificate.
proxyType - can be one of GSIConstants.DELEGATION_LIMITED, GSIConstants.DELEGATION_FULL, GSIConstants.GSI_2_LIMITED_PROXY, GSIConstants.GSI_2_PROXY, GSIConstants.GSI_3_IMPERSONATION_PROXY, GSIConstants.GSI_3_LIMITED_PROXY, GSIConstants.GSI_3_INDEPENDENT_PROXY, GSIConstants.GSI_3_RESTRICTED_PROXY. GSIConstants.GSI_4_IMPERSONATION_PROXY, GSIConstants.GSI_3_LIMITED_PROXY, GSIConstants.GSI_4_INDEPENDENT_PROXY, GSIConstants.GSI_4_RESTRICTED_PROXY. If GSIConstants.DELEGATION_LIMITED and if CertUtil.isGsi2Enabled returns true then a GSI-2 limited proxy will be created. Else if CertUtil.isGsi3Enabled returns true then a GSI-3 limited proxy will be created. If not, a GSI-4 limited proxy will be created. If GSIConstants.DELEGATION_FULL and if CertUtil.isGsi2Enabled returns true then a GSI-2 full proxy will be created. Else if CertUtil.isGsi3Enabled returns true then a GSI-3 full proxy will be created. If not, a GSI-4 full proxy will be created.
extSet - a set of X.509 extensions to be included in the new proxy certificate. Can be null. If delegation mode is GSIConstants.GSI_3_RESTRICTED_PROXY or GSIConstants.GSI_4_RESTRICTED_PROXY then ProxyCertInfoExtension must be present in the extension set.
cnValue - the value of the CN component of the subject of the new certificate. If null, the defaults will be used depending on the proxy certificate type created.
Returns:
X509Certificate the new proxy certificate.
Throws:
GeneralSecurityException - if a security error occurs.

createProxyCertificate

public X509Certificate createProxyCertificate(X509Certificate issuerCert,
                                              PrivateKey issuerKey,
                                              PublicKey publicKey,
                                              int lifetime,
                                              int proxyType,
                                              ProxyCertInfo proxyCertInfo,
                                              String cnValue)
                                       throws GeneralSecurityException
Deprecated. Please use createProxyCertificate() instead. The ProxyCertInfo parameter can be passed in the X509ExtensionSet using ProxyCertInfoExtension class.

Throws:
GeneralSecurityException

createCredential

public GlobusCredential createCredential(X509Certificate[] certs,
                                         PrivateKey privateKey,
                                         int bits,
                                         int lifetime,
                                         int delegationMode,
                                         ProxyCertInfo proxyCertInfoExt,
                                         String cnValue)
                                  throws GeneralSecurityException
Deprecated. Please use createCredential() instead. The ProxyCertInfo parameter can be passed in the X509ExtensionSet using ProxyCertInfoExtension class.

Throws:
GeneralSecurityException

createCredential

public GlobusCredential createCredential(X509Certificate[] certs,
                                         PrivateKey privateKey,
                                         int bits,
                                         int lifetime,
                                         int delegationMode,
                                         ProxyCertInfo proxyCertInfoExt)
                                  throws GeneralSecurityException
Deprecated.  

Throws:
GeneralSecurityException
See Also:
createCredential

createCertificate

public X509Certificate createCertificate(InputStream certRequestInputStream,
                                         X509Certificate cert,
                                         PrivateKey privateKey,
                                         int lifetime,
                                         int delegationMode,
                                         ProxyCertInfo proxyCertInfoExt,
                                         String cnValue)
                                  throws IOException,
                                         GeneralSecurityException
Deprecated. Please use createCertificate() instead. The ProxyCertInfo parameter can be passed in the X509ExtensionSet using ProxyCertInfoExtension class.

Throws:
IOException
GeneralSecurityException

createCertificate

public X509Certificate createCertificate(InputStream certRequestInputStream,
                                         X509Certificate cert,
                                         PrivateKey privateKey,
                                         int lifetime,
                                         int delegationMode,
                                         ProxyCertInfo proxyCertInfoExt)
                                  throws IOException,
                                         GeneralSecurityException
Deprecated.  

Throws:
IOException
GeneralSecurityException
See Also:
createCertificate