eu.emi.security.authn.x509.proxy
Class ProxyCSRGenerator
java.lang.Object
eu.emi.security.authn.x509.proxy.ProxyCSRGenerator
public class ProxyCSRGenerator
- extends Object
Generates a proxy certificate signing request. The request parameters may contain
extensions which are passed in the generated Certificate Signing Request.
Of course the peer issuing the proxy certificate may ignore them.
The following rules are applied basing on the parameters object:
- [RFC proxy only] If the serial number is set then it is used as requested CN part of the proxy.
Otherwise the CN part is set to the serial number of the issuing certificate. Note that
this value most probably will be ignored anyway by the part which issues the actual proxy,
as this is this party responsibility to guarantee uniqueness of serial numbers across all proxies
issued.
- All additional extensions, SAML, tracing and address restrictions are added as Attributes
of extensionRequest type (PKCS 9) if are set.
- Proxy path limit and policy (if set) are wrapped into the proxy extension and then included in
the Attributes list (as above). If only one of the values is set then the second receives the default
value. If the type is set to the legacy proxy then those parameters are ignored.
- There is no way to request a validity time of the generated proxy, therefore the lifetime
parameter is ignored.
- Author:
- K. Benedyczak
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
ProxyCSRGenerator
public ProxyCSRGenerator()
generate
public static ProxyCSR generate(ProxyCertificateOptions param)
throws InvalidKeyException,
SignatureException,
NoSuchAlgorithmException,
CertificateEncodingException
- Generate the proxy certificate object. Use this method if you want to sign
the proxy with the key which will be autogenerated together with the public part
which will be included in the proxy itself. This method will throw an exception
if used with parameter which has public key manually set.
- Parameters:
param
- request creation parameters
- Returns:
- Proxy certificate signing request
- Throws:
InvalidKeyException
SignatureException
NoSuchAlgorithmException
CertificateEncodingException
IllegalArgumentException
- when signingKey is null and public key was manully set
generate
public static ProxyCSR generate(ProxyCertificateOptions param,
PrivateKey signingKey)
throws InvalidKeyException,
SignatureException,
NoSuchAlgorithmException,
CertificateEncodingException
- Generate the proxy certificate object. Use this method if you want to manually
specify the CSR signing key. This is normally the case when
the
ProxyCertificateOptions
parameter contains a manually set public key.
- Parameters:
param
- request creation parameters
- Returns:
- Proxy certificate signing request
- Throws:
InvalidKeyException
SignatureException
NoSuchAlgorithmException
CertificateEncodingException
IllegalArgumentException
- when signingKey is null and public key was manully set
Copyright © 2012-2013 European Middleware Initiative. All Rights Reserved.