Package eu.emi.security.authn.x509.helpers.proxy

Class ProxyGeneratorHelper

  • public class ProxyGeneratorHelper
extends java.lang.Object
    Actual implementation of the Proxy generation. The object is for one use only, i.e. it should not be reused to generate first certificate. It is strongly suggested to use ProxyGenerator.
    Author:
    K. Benedyczak

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      static java.math.BigInteger establishSerial​(BaseProxyCertificateOptions param)
      For LEGACY proxies returns the serial from the issuing certificate.
      ProxyCertificate generate​(ProxyCertificateOptions param, java.security.PrivateKey privateKey)
      Generate the proxy certificate object from the local certificate.
      java.security.cert.X509Certificate[] generate​(ProxyRequestOptions param, java.security.PrivateKey privateKey)
      Generate the proxy certificate object from the received Certificate Signing Request.
      static org.bouncycastle.asn1.x500.X500Name generateDN​(javax.security.auth.x500.X500Principal parentSubject, ProxyType type, boolean limited, java.math.BigInteger serial)
      Generate a correct DN for the proxy, depending on its type.
      static java.security.KeyPair generateKeyPair​(int len)  
      static java.lang.Integer getChainKeyUsage​(java.security.cert.X509Certificate[] chain)
      If the input chain has no KeyUsage extension null is returned.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • ProxyGeneratorHelper

        public ProxyGeneratorHelper()

    • Method Detail

      • generate

        public ProxyCertificate generate​(ProxyCertificateOptions param,
                                 java.security.PrivateKey privateKey)
                          throws java.security.InvalidKeyException,
                                 java.security.SignatureException,
                                 java.security.NoSuchAlgorithmException,
                                 java.security.cert.CertificateParsingException,
                                 java.io.IOException
        Generate the proxy certificate object from the local certificate.
        Parameters:
        param - proxy parameters
        privateKey - key to sign the proxy
        Returns:
        a newly created proxy certificate, wrapped together with a private key if it was also generated.
        Throws:
        java.security.InvalidKeyException - invalid key exception
        java.security.SignatureException - signature exception
        java.security.NoSuchAlgorithmException - no such algorithm exception
        java.security.cert.CertificateParsingException - certificate parsing exception
        java.io.IOException - IO exception

      • generate

        public java.security.cert.X509Certificate[] generate​(ProxyRequestOptions param,
                                                     java.security.PrivateKey privateKey)
                                              throws java.security.InvalidKeyException,
                                                     java.security.SignatureException,
                                                     java.security.NoSuchAlgorithmException,
                                                     java.security.cert.CertificateParsingException,
                                                     java.io.IOException
        Generate the proxy certificate object from the received Certificate Signing Request.
        Parameters:
        param - proxy parameters
        privateKey - key to sign the proxy
        Returns:
        chain with the new proxy on the first position
        Throws:
        java.security.InvalidKeyException - invalid key exception
        java.security.SignatureException - signature exception
        java.security.NoSuchAlgorithmException - no such algorithm exception
        java.security.cert.CertificateParsingException - certificate encoding exception
        java.io.IOException - IO exception

      • getChainKeyUsage

        public static java.lang.Integer getChainKeyUsage​(java.security.cert.X509Certificate[] chain)
        If the input chain has no KeyUsage extension null is returned. If at least one certificate in the chain has the Key Usage extension then a KeyUsage is returned which contains bitwise AND of KeyUsage flags from all certificates. The CA certificates are ignored in the computation.
        Parameters:
        chain - certificate chain
        Returns:
        chain key usage

      • establishSerial

        public static java.math.BigInteger establishSerial​(BaseProxyCertificateOptions param)
        For LEGACY proxies returns the serial from the issuing certificate. For the Draft/rfc proxies returns the manually set serial, or generateas a random one if not set.
        Parameters:
        param - proxy certificate options
        Returns:
        serial number

      • generateDN

        public static org.bouncycastle.asn1.x500.X500Name generateDN​(javax.security.auth.x500.X500Principal parentSubject,
                                                             ProxyType type,
                                                             boolean limited,
                                                             java.math.BigInteger serial)
        Generate a correct DN for the proxy, depending on its type.
        Parameters:
        parentSubject - parent subject
        type - proxy type
        limited - true if limited proxy
        serial - serial number
        Returns:
        generated proxy DN

      • generateKeyPair

        public static java.security.KeyPair generateKeyPair​(int len)