org.globus.gsi
Class CertUtil

java.lang.Object
  extended byorg.globus.gsi.CertUtil

public class CertUtil
extends Object

Contains various security-related utility methods.


Constructor Summary
CertUtil()
           
 
Method Summary
static KeyPair generateKeyPair(String algorithm, int bits)
          Generates a key pair of given algorithm and strength.
protected static CertificateFactory getCertificateFactory()
          Returns appropriate CertificateFactory.
static String getProxyTypeAsString(int proxyType)
          Returns a string description of a specified proxy type.
static void init()
          A no-op function that can be used to force the class to load and initialize.
static void installSecureRandomProvider()
          Installs SecureRandom provider.
static boolean isGsi2Proxy(int certType)
          Determines if a specified certificate type indicates a GSI-2 proxy certificate.
static boolean isGsi3Enabled()
          Checks if GSI-3 mode is enabled.
static boolean isGsi3Proxy(int certType)
          Determines if a specified certificate type indicates a GSI-3 proxy certificate.
static boolean isGsi4Proxy(int certType)
          Determines if a specified certificate type indicates a GSI-4 proxy certificate.
static boolean isImpersonationProxy(int certType)
          Determines if a specified certificate type indicates a GSI-2 or GSI-3 impersonation proxy certificate.
static boolean isIndependentProxy(int certType)
          Determines if a specified certificate type indicates a GSI-3 or GS-4 limited proxy certificate.
static boolean isLimitedProxy(int certType)
          Determines if a specified certificate type indicates a GSI-2 or GSI-3 limited proxy certificate.
static boolean isProxy(int certType)
          Determines if a specified certificate type indicates a GSI-2 or GSI-3 proxy certificate.
static X509Certificate loadCertificate(InputStream in)
          Loads a X509 certificate from the specified input stream.
static X509Certificate loadCertificate(String file)
          Loads an X.509 certificate from the specified file.
static X509Certificate[] loadCertificates(String file)
          Loads multiple X.509 certificates from the specified file.
static X509CRL loadCrl(InputStream in)
           
static X509CRL loadCrl(String file)
           
static X509Certificate readCertificate(BufferedReader reader)
          Loads a X.509 certificate from the specified reader.
static void setProvider(String providerName)
          Sets a provider name to use for loading certificates and for generating key pairs.
static String toGlobusID(Principal name)
          Converts the specified principal into Globus format.
static String toGlobusID(String dn)
          Converts DN of the form "CN=A, OU=B, O=C" into Globus format "/CN=A/OU=B/O=C".
This function might return incorrect Globus-formatted ID when one of the RDNs in the DN contains commas.
static String toGlobusID(String dn, boolean noreverse)
          Converts DN of the form "CN=A, OU=B, O=C" into Globus format "/CN=A/OU=B/O=C" or "/O=C/OU=B/CN=A" depending on the noreverse option.
static void writeCertificate(OutputStream out, X509Certificate cert)
          Writes certificate to the specified output stream in PEM format.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

CertUtil

public CertUtil()
Method Detail

init

public static void init()
A no-op function that can be used to force the class to load and initialize.


setProvider

public static void setProvider(String providerName)
Sets a provider name to use for loading certificates and for generating key pairs.

Parameters:
providerName - provider name to use.

getCertificateFactory

protected static CertificateFactory getCertificateFactory()
                                                   throws GeneralSecurityException
Returns appropriate CertificateFactory. If provider was set a provider-specific CertificateFactory will be used. Otherwise, a default CertificateFactory will be used.

Returns:
CertificateFactory
Throws:
GeneralSecurityException

loadCertificate

public static X509Certificate loadCertificate(InputStream in)
                                       throws GeneralSecurityException
Loads a X509 certificate from the specified input stream. Input stream must contain DER-encoded certificate.

Parameters:
in - the input stream to read the certificate from.
Returns:
X509Certificate the loaded certificate.
Throws:
GeneralSecurityException - if certificate failed to load.

loadCertificate

public static X509Certificate loadCertificate(String file)
                                       throws IOException,
                                              GeneralSecurityException
Loads an X.509 certificate from the specified file. The certificate file must be in PEM/Base64 format and start with "BEGIN CERTIFICATE" and end with "END CERTIFICATE" line.

Parameters:
file - the file to load the certificate from.
Returns:
java.security.cert.X509Certificate the loaded certificate.
Throws:
IOException - if I/O error occurs
GeneralSecurityException - if security problems occurs.

loadCertificates

public static X509Certificate[] loadCertificates(String file)
                                          throws IOException,
                                                 GeneralSecurityException
Loads multiple X.509 certificates from the specified file. Each certificate must be in PEM/Base64 format and start with "BEGIN CERTIFICATE" and end with "END CERTIFICATE" line.

Parameters:
file - the certificate file to load the certificate from.
Returns:
an array of certificates loaded from the file.
Throws:
IOException - if I/O error occurs
GeneralSecurityException - if security problems occurs.

readCertificate

public static X509Certificate readCertificate(BufferedReader reader)
                                       throws IOException,
                                              GeneralSecurityException
Loads a X.509 certificate from the specified reader. The certificate contents must start with "BEGIN CERTIFICATE" line and end with "END CERTIFICATE" line, and be in PEM/Base64 format. This function does not close the input stream.

Parameters:
reader - the stream from which load the certificate.
Returns:
the loaded certificate or null if there was no certificate in the stream or the stream is closed.
Throws:
IOException - if I/O error occurs
GeneralSecurityException - if security problems occurs.

writeCertificate

public static void writeCertificate(OutputStream out,
                                    X509Certificate cert)
                             throws IOException,
                                    CertificateEncodingException
Writes certificate to the specified output stream in PEM format.

Throws:
IOException
CertificateEncodingException

toGlobusID

public static String toGlobusID(String dn)
Converts DN of the form "CN=A, OU=B, O=C" into Globus format "/CN=A/OU=B/O=C".
This function might return incorrect Globus-formatted ID when one of the RDNs in the DN contains commas.

Parameters:
dn - the DN to convert to Globus format.
Returns:
the converted DN in Globus format.
See Also:
toGlobusID(String, boolean)

toGlobusID

public static String toGlobusID(String dn,
                                boolean noreverse)
Converts DN of the form "CN=A, OU=B, O=C" into Globus format "/CN=A/OU=B/O=C" or "/O=C/OU=B/CN=A" depending on the noreverse option. If noreverse is true the order of the DN components is not reveresed - "/CN=A/OU=B/O=C" is returned. If noreverse is false, the order of the DN components is reversed - "/O=C/OU=B/CN=A" is returned.
This function might return incorrect Globus-formatted ID when one of the RDNs in the DN contains commas.

Parameters:
dn - the DN to convert to Globus format.
noreverse - the direction of the conversion.
Returns:
the converted DN in Globus format.

toGlobusID

public static String toGlobusID(Principal name)
Converts the specified principal into Globus format. If the principal is of unrecognized type a simple string-based conversion is made using the toGlobusID() function.

Parameters:
name - the principal to convert to Globus format.
Returns:
the converted DN in Globus format.
See Also:
toGlobusID(String)

installSecureRandomProvider

public static void installSecureRandomProvider()
Installs SecureRandom provider. This function is automatically called when this class is loaded.


generateKeyPair

public static KeyPair generateKeyPair(String algorithm,
                                      int bits)
                               throws GeneralSecurityException
Generates a key pair of given algorithm and strength.

Parameters:
algorithm - the algorithm of the key pair.
bits - the strength
Returns:
KeyPair the generated key pair.
Throws:
GeneralSecurityException - if something goes wrong.

isProxy

public static boolean isProxy(int certType)
Determines if a specified certificate type indicates a GSI-2 or GSI-3 proxy certificate.

Parameters:
certType - the certificate type to check.
Returns:
true if certType is a GSI-2 or GSI-3 proxy, false otherwise.

isGsi4Proxy

public static boolean isGsi4Proxy(int certType)
Determines if a specified certificate type indicates a GSI-4 proxy certificate.

Parameters:
certType - the certificate type to check.
Returns:
true if certType is a GSI-3 proxy, false otherwise.

isGsi3Proxy

public static boolean isGsi3Proxy(int certType)
Determines if a specified certificate type indicates a GSI-3 proxy certificate.

Parameters:
certType - the certificate type to check.
Returns:
true if certType is a GSI-3 proxy, false otherwise.

isGsi2Proxy

public static boolean isGsi2Proxy(int certType)
Determines if a specified certificate type indicates a GSI-2 proxy certificate.

Parameters:
certType - the certificate type to check.
Returns:
true if certType is a GSI-2 proxy, false otherwise.

isLimitedProxy

public static boolean isLimitedProxy(int certType)
Determines if a specified certificate type indicates a GSI-2 or GSI-3 limited proxy certificate.

Parameters:
certType - the certificate type to check.
Returns:
true if certType is a GSI-2 or GSI-3 limited proxy, false otherwise.

isIndependentProxy

public static boolean isIndependentProxy(int certType)
Determines if a specified certificate type indicates a GSI-3 or GS-4 limited proxy certificate.

Parameters:
certType - the certificate type to check.
Returns:
true if certType is a GSI-3 or GSI-4 independent proxy, false otherwise.

isImpersonationProxy

public static boolean isImpersonationProxy(int certType)
Determines if a specified certificate type indicates a GSI-2 or GSI-3 impersonation proxy certificate.

Parameters:
certType - the certificate type to check.
Returns:
true if certType is a GSI-2 or GSI-3 impersonation proxy, false otherwise.

getProxyTypeAsString

public static String getProxyTypeAsString(int proxyType)
Returns a string description of a specified proxy type.

Parameters:
proxyType - the proxy type to get the string description of.
Returns:
the string description of the proxy type.

isGsi3Enabled

public static boolean isGsi3Enabled()
Checks if GSI-3 mode is enabled.

Returns:
true if "org.globus.gsi.version" system property is set to "3". Otherwise, false.

loadCrl

public static X509CRL loadCrl(String file)
                       throws IOException,
                              GeneralSecurityException
Throws:
IOException
GeneralSecurityException

loadCrl

public static X509CRL loadCrl(InputStream in)
                       throws GeneralSecurityException
Throws:
GeneralSecurityException