Package eu.emi.security.authn.x509.proxy
Class ProxyCSRGenerator
java.lang.Object
eu.emi.security.authn.x509.proxy.ProxyCSRGenerator
Generates a proxy certificate signing request. The request parameters may contain
extensions which are passed in the generated Certificate Signing Request.
Of course the peer issuing the proxy certificate may ignore them.
The following rules are applied basing on the parameters object:
- [RFC proxy only] If the serial number is set then it is used as requested CN part of the proxy. Otherwise the CN part is set to the serial number of the issuing certificate. Note that this value most probably will be ignored anyway by the part which issues the actual proxy, as this is this party responsibility to guarantee uniqueness of serial numbers across all proxies issued.
- All additional extensions, SAML, tracing and address restrictions are added as Attributes of extensionRequest type (PKCS 9) if are set.
- Proxy path limit and policy (if set) are wrapped into the proxy extension and then included in the Attributes list (as above). If only one of the values is set then the second receives the default value. If the type is set to the legacy proxy then those parameters are ignored.
- There is no way to request a validity time of the generated proxy, therefore the lifetime parameter is ignored.
- Author:
- K. Benedyczak
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic ProxyCSRgenerate(ProxyCertificateOptions param) Generate the proxy certificate object.static ProxyCSRgenerate(ProxyCertificateOptions param, PrivateKey signingKey) Generate the proxy certificate object.
-
Constructor Details
-
ProxyCSRGenerator
public ProxyCSRGenerator()
-
-
Method Details
-
generate
public static ProxyCSR generate(ProxyCertificateOptions param) throws InvalidKeyException, SignatureException, NoSuchAlgorithmException, CertificateEncodingException Generate the proxy certificate object. Use this method if you want to sign the proxy with the key which will be autogenerated together with the public part which will be included in the proxy itself. This method will throw an exception if used with parameter which has public key manually set.- Parameters:
param- request creation parameters- Returns:
- Proxy certificate signing request
- Throws:
InvalidKeyException- invalid key exceptionSignatureException- signature exceptionNoSuchAlgorithmException- no such algorithm exceptionCertificateEncodingException- certificate encoding exceptionIllegalArgumentException- when signingKey is null and public key was manully set
-
generate
public static ProxyCSR generate(ProxyCertificateOptions param, PrivateKey signingKey) throws InvalidKeyException, SignatureException, NoSuchAlgorithmException, CertificateEncodingException Generate the proxy certificate object. Use this method if you want to manually specify the CSR signing key. This is normally the case when theProxyCertificateOptionsparameter contains a manually set public key.- Parameters:
param- request creation parameterssigningKey- private key- Returns:
- Proxy certificate signing request
- Throws:
InvalidKeyException- invalid key exceptionSignatureException- signature exceptionNoSuchAlgorithmException- no such algorithm exceptionCertificateEncodingException- certificate encoding exceptionIllegalArgumentException- when signingKey is null and public key was manually set
-