|
|||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.globus.gsi.bc.BouncyCastleUtil
A collection of various utility functions.
Constructor Summary | |
BouncyCastleUtil()
|
Method Summary | |
static DERObject |
duplicate(DERObject obj)
Replicates a given DERObject . |
static BasicConstraints |
getBasicConstraints(X509Extension ext)
Creates a BasicConstraints object from given
extension. |
static int |
getCertificateType(TBSCertificateStructure crt)
Returns certificate type of the given TBS certificate. |
static int |
getCertificateType(TBSCertificateStructure crt,
TrustedCertificates trustedCerts)
Returns certificate type of the given certificate. |
static int |
getCertificateType(X509Certificate cert)
Returns certificate type of the given certificate. |
static int |
getCertificateType(X509Certificate cert,
TrustedCertificates trustedCerts)
Returns certificate type of the given certificate. |
static DERObject |
getExtensionObject(X509Extension ext)
Extracts the value of a certificate extension. |
static byte[] |
getExtensionValue(byte[] certExtValue)
Retrieves the actual value of the X.509 extension. |
static String |
getIdentity(X509Certificate cert)
Returns the subject DN of the given certificate in the Globus format. |
static String |
getIdentity(X509Certificate[] chain)
Finds the identity certificate in the given chain and returns the subject DN of that certificate in the Globus format. |
static X509Certificate |
getIdentityCertificate(X509Certificate[] chain)
Finds the identity certificate in the given chain. |
static boolean[] |
getKeyUsage(X509Extension ext)
Gets a boolean array representing bits of the KeyUsage extension. |
static ProxyCertInfo |
getProxyCertInfo(TBSCertificateStructure crt)
|
static ProxyCertInfo |
getProxyCertInfo(X509Extension ext)
Creates a ProxyCertInfo object from given
extension. |
static int |
getProxyPathConstraint(TBSCertificateStructure crt)
|
static int |
getProxyPathConstraint(X509Certificate cert)
|
static TBSCertificateStructure |
getTBSCertificateStructure(X509Certificate cert)
Extracts the TBS certificate from the given certificate. |
static byte[] |
toByteArray(DERObject obj)
Converts given DERObject into
a DER-encoded byte array. |
static DERObject |
toDERObject(byte[] data)
Converts the DER-encoded byte array into a DERObject . |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
public BouncyCastleUtil()
Method Detail |
public static byte[] toByteArray(DERObject obj) throws IOException
DERObject
into
a DER-encoded byte array.
obj
- DERObject to convert.
IOException
- if conversion failspublic static DERObject toDERObject(byte[] data) throws IOException
DERObject
.
data
- the DER-encoded byte array to convert.
IOException
- if conversion failspublic static DERObject duplicate(DERObject obj) throws IOException
DERObject
.
obj
- the DERObject to replicate.
IOException
- if replication failspublic static TBSCertificateStructure getTBSCertificateStructure(X509Certificate cert) throws CertificateEncodingException, IOException
cert
- the X.509 certificate to extract the TBS certificate from.
IOException
- if extraction fails.
CertificateEncodingException
- if extraction fails.public static DERObject getExtensionObject(X509Extension ext) throws IOException
ext
- the certificate extension to extract the value from.
IOException
- if extraction fails.public static int getCertificateType(X509Certificate cert, TrustedCertificates trustedCerts) throws CertificateException
getCertificateType
for details for
determining the certificate type.
cert
- the certificate to get the type of.trustedCerts
- the trusted certificates to double check the
GSIConstants.EEC
certificate against.
getCertificateType
.
CertificateException
- if something goes wrong.public static int getCertificateType(X509Certificate cert) throws CertificateException
getCertificateType
for details for determining the certificate type.
cert
- the certificate to get the type of.
getCertificateType
.
CertificateException
- if something goes wrong.public static int getCertificateType(TBSCertificateStructure crt, TrustedCertificates trustedCerts) throws CertificateException, IOException
getCertificateType
to get the certificate type. In case
the certificate type was initially determined as
GSIConstants.EEC
it is checked
against the trusted certificate list to see if it really
is a CA certificate. If the certificate is present in the
trusted certificate list the certificate type is changed
to GSIConstants.CA
. Otherwise, it is
left as it is (This is useful in cases where a valid CA
certificate does not have a BasicConstraints extension)
crt
- the certificate to get the type of.trustedCerts
- the trusted certificates to double check the
GSIConstants.EEC
certificate against. If null, a default
set of trusted certificate will be loaded
from a standard location.
IOException
- if something goes wrong.
CertificateException
- for proxy certificates, if
the issuer DN of the certificate does not match
the subject DN of the certificate without the
last CN component. Also, for GSI-3 proxies
when the ProxyCertInfo
extension is
not marked as critical.public static int getCertificateType(TBSCertificateStructure crt) throws CertificateException, IOException
GSIConstants.CA
only if the certificate contains a
BasicConstraints extension and it is marked as CA.GSIConstants.GSI_2_PROXY
) or
"CN=limited proxy" (certificate type GSIConstants.LIMITED_PROXY
) component
and the issuer DN of the certificate matches the subject DN without
the last proxy CN component.ProxyCertInfo
critical
extension.
The certificate type is GSIConstants.GSI_3_IMPERSONATION_PROXY
if the policy language of
the ProxyCertInfo
extension is set to
ProxyPolicy.IMPERSONATION
OID.
The certificate type is GSIConstants.GSI_3_LIMITED_PROXY
if the policy language of
the ProxyCertInfo
extension is set to
ProxyPolicy.LIMITED
OID.
The certificate type is GSIConstants.GSI_3_INDEPENDENT_PROXY
if the policy language of
the ProxyCertInfo
extension is set to
ProxyPolicy.INDEPENDENT
OID.
The certificate type is GSIConstants.GSI_3_RESTRICTED_PROXY
if the policy language of
the ProxyCertInfo
extension is set to
any other OID then the above.GSIConstants.EEC
if the certificate is not a CA certificate or a GSI-2 or GSI-3 proxy.
crt
- the TBS certificate to get the type of.
IOException
- if something goes wrong.
CertificateException
- for proxy certificates, if
the issuer DN of the certificate does not match
the subject DN of the certificate without the
last CN component. Also, for GSI-3 proxies
when the ProxyCertInfo
extension is
not marked as critical.public static boolean[] getKeyUsage(X509Extension ext) throws IOException
IOException
- if failed to extract the KeyUsage extension value.X509Certificate.getKeyUsage()
public static BasicConstraints getBasicConstraints(X509Extension ext) throws IOException
BasicConstraints
object from given
extension.
ext
- the extension.
BasicConstraints
object.
IOException
- if something fails.public static ProxyCertInfo getProxyCertInfo(X509Extension ext) throws IOException
ProxyCertInfo
object from given
extension.
ext
- the extension.
ProxyCertInfo
object.
IOException
- if something fails.public static String getIdentity(X509Certificate cert)
cert
- the certificate to get the subject of. The certificate
must be of X509CertificateObject
type.
public static String getIdentity(X509Certificate[] chain) throws CertificateException
chain
- the certificate chain to find the identity
certificate in. The certificates must be
of X509CertificateObject
type.
CertificateException
- if something goes wrong.public static X509Certificate getIdentityCertificate(X509Certificate[] chain) throws CertificateException
chain
- the certificate chain to find the identity
certificate in.
CertificateException
- if something goes wrong.public static byte[] getExtensionValue(byte[] certExtValue) throws IOException
certExtValue
- the DER-encoded OCTET string value of the extension.
IOException
public static int getProxyPathConstraint(X509Certificate cert) throws IOException, CertificateEncodingException
IOException
CertificateEncodingException
public static int getProxyPathConstraint(TBSCertificateStructure crt) throws IOException
IOException
public static ProxyCertInfo getProxyCertInfo(TBSCertificateStructure crt) throws IOException
IOException
|
|||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |