Class BouncyCastleCertProcessingFactory


  • public class BouncyCastleCertProcessingFactory
    extends java.lang.Object
    Provides certificate processing API such as creating new certificates, certificate requests, etc.
    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods 
      Modifier and Type Method Description
      java.security.cert.X509Certificate createCertificate​(java.io.InputStream certRequestInputStream, java.security.cert.X509Certificate cert, java.security.PrivateKey privateKey, int lifetime, int delegationMode)
      Deprecated. 
      java.security.cert.X509Certificate createCertificate​(java.io.InputStream certRequestInputStream, java.security.cert.X509Certificate cert, java.security.PrivateKey privateKey, int lifetime, int delegationMode, X509ExtensionSet extSet)
      Deprecated. 
      java.security.cert.X509Certificate createCertificate​(java.io.InputStream certRequestInputStream, java.security.cert.X509Certificate cert, java.security.PrivateKey privateKey, int lifetime, int delegationMode, X509ExtensionSet extSet, java.lang.String cnValue)
      Deprecated. 
      java.security.cert.X509Certificate createCertificate​(java.io.InputStream certRequestInputStream, java.security.cert.X509Certificate cert, java.security.PrivateKey privateKey, int lifetime, GSIConstants.CertificateType certType)
      Creates a proxy certificate from the certificate request.
      java.security.cert.X509Certificate createCertificate​(java.io.InputStream certRequestInputStream, java.security.cert.X509Certificate cert, java.security.PrivateKey privateKey, int lifetime, GSIConstants.CertificateType certType, X509ExtensionSet extSet)
      Creates a proxy certificate from the certificate request.
      java.security.cert.X509Certificate createCertificate​(java.io.InputStream certRequestInputStream, java.security.cert.X509Certificate cert, java.security.PrivateKey privateKey, int lifetime, GSIConstants.CertificateType certType, X509ExtensionSet extSet, java.lang.String cnValue)
      Creates a proxy certificate from the certificate request.
      byte[] createCertificateRequest​(java.lang.String subject, java.security.KeyPair keyPair)
      Creates a certificate request from the specified subject DN and a key pair.
      byte[] createCertificateRequest​(java.security.cert.X509Certificate cert, java.security.KeyPair keyPair)
      Creates a certificate request from the specified certificate and a key pair.
      byte[] createCertificateRequest​(org.bouncycastle.asn1.x509.X509Name subjectDN, java.lang.String sigAlgName, java.security.KeyPair keyPair)
      Creates a certificate request from the specified subject name, signing algorithm, and a key pair.
      GlobusCredential createCredential​(java.security.cert.X509Certificate[] certs, java.security.PrivateKey privateKey, int bits, int lifetime, int delegationMode)
      Deprecated. 
      GlobusCredential createCredential​(java.security.cert.X509Certificate[] certs, java.security.PrivateKey privateKey, int bits, int lifetime, int delegationMode, X509ExtensionSet extSet)
      Deprecated. 
      GlobusCredential createCredential​(java.security.cert.X509Certificate[] certs, java.security.PrivateKey privateKey, int bits, int lifetime, int delegationMode, X509ExtensionSet extSet, java.lang.String cnValue)
      Deprecated. 
      X509Credential createCredential​(java.security.cert.X509Certificate[] certs, java.security.PrivateKey privateKey, int bits, int lifetime, GSIConstants.CertificateType certType)
      Creates a new proxy credential from the specified certificate chain and a private key.
      X509Credential createCredential​(java.security.cert.X509Certificate[] certs, java.security.PrivateKey privateKey, int bits, int lifetime, GSIConstants.CertificateType certType, X509ExtensionSet extSet)
      Creates a new proxy credential from the specified certificate chain and a private key.
      X509Credential createCredential​(java.security.cert.X509Certificate[] certs, java.security.PrivateKey privateKey, int bits, int lifetime, GSIConstants.CertificateType certType, X509ExtensionSet extSet, java.lang.String cnValue)
      Creates a new proxy credential from the specified certificate chain and a private key.
      X509Credential createCredential​(java.security.cert.X509Certificate[] certs, java.security.PrivateKey privateKey, int bits, int lifetime, GSIConstants.DelegationType delegType)
      Creates a new proxy credential from the specified certificate chain and a private key, using the given delegation mode.
      X509Credential createCredential​(java.security.cert.X509Certificate[] certs, java.security.PrivateKey privateKey, int bits, int lifetime, GSIConstants.DelegationType delegType, X509ExtensionSet extSet)
      Creates a new proxy credential from the specified certificate chain and a private key, using the given delegation mode.
      X509Credential createCredential​(java.security.cert.X509Certificate[] certs, java.security.PrivateKey privateKey, int bits, int lifetime, GSIConstants.DelegationType delegType, X509ExtensionSet extSet, java.lang.String cnValue)
      Creates a new proxy credential from the specified certificate chain and a private key, using the given delegation mode.
      java.security.cert.X509Certificate createProxyCertificate​(java.security.cert.X509Certificate issuerCert_, java.security.PrivateKey issuerKey, java.security.PublicKey publicKey, int lifetime, int proxyType, X509ExtensionSet extSet, java.lang.String cnValue)
      Deprecated. 
      java.security.cert.X509Certificate createProxyCertificate​(java.security.cert.X509Certificate issuerCert_, java.security.PrivateKey issuerKey, java.security.PublicKey publicKey, int lifetime, GSIConstants.CertificateType certType, X509ExtensionSet extSet, java.lang.String cnValue)
      Creates a proxy certificate.
      static GSIConstants.CertificateType decideProxyType​(java.security.cert.X509Certificate issuerCert, GSIConstants.DelegationType delegType)
      Given a delegation mode and an issuing certificate, decides an appropriate certificate type to use for proxies
      static BouncyCastleCertProcessingFactory getDefault()
      Returns an instance of this class..
      protected java.security.cert.X509Certificate[] getX509CertificateObjectChain​(java.security.cert.X509Certificate[] certs)
      Returns a chain of X509Certificate's that are instances of X509CertificateObject This is related to http://bugzilla.globus.org/globus/show_bug.cgi?id=4933
      java.security.cert.X509Certificate loadCertificate​(java.io.InputStream in)
      Loads a X509 certificate from the specified input stream.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • BouncyCastleCertProcessingFactory

        protected BouncyCastleCertProcessingFactory()
    • Method Detail

      • createCertificate

        public java.security.cert.X509Certificate createCertificate​(java.io.InputStream certRequestInputStream,
                                                                    java.security.cert.X509Certificate cert,
                                                                    java.security.PrivateKey privateKey,
                                                                    int lifetime,
                                                                    int delegationMode)
                                                             throws java.io.IOException,
                                                                    java.security.GeneralSecurityException
        Deprecated.
        Creates a proxy certificate from the certificate request.
        Throws:
        java.io.IOException
        java.security.GeneralSecurityException
        See Also:
        createCertificate
      • createCertificate

        public java.security.cert.X509Certificate createCertificate​(java.io.InputStream certRequestInputStream,
                                                                    java.security.cert.X509Certificate cert,
                                                                    java.security.PrivateKey privateKey,
                                                                    int lifetime,
                                                                    int delegationMode,
                                                                    X509ExtensionSet extSet)
                                                             throws java.io.IOException,
                                                                    java.security.GeneralSecurityException
        Deprecated.
        Creates a proxy certificate from the certificate request.
        Throws:
        java.io.IOException
        java.security.GeneralSecurityException
        See Also:
        createCertificate
      • createCertificate

        public java.security.cert.X509Certificate createCertificate​(java.io.InputStream certRequestInputStream,
                                                                    java.security.cert.X509Certificate cert,
                                                                    java.security.PrivateKey privateKey,
                                                                    int lifetime,
                                                                    int delegationMode,
                                                                    X509ExtensionSet extSet,
                                                                    java.lang.String cnValue)
                                                             throws java.io.IOException,
                                                                    java.security.GeneralSecurityException
        Deprecated.
        Creates a proxy certificate from the certificate request. (Signs a certificate request creating a new certificate)
        Parameters:
        certRequestInputStream - the input stream to read the certificate request from.
        cert - the issuer certificate
        privateKey - the private key to sign the new certificate with.
        lifetime - lifetime of the new certificate in seconds. If 0 (or less then) the new certificate will have the same lifetime as the issuing certificate.
        delegationMode - the type of proxy credential to create
        extSet - a set of X.509 extensions to be included in the new proxy certificate. Can be null. If delegation mode is GSIConstants.CertificateType.GSI_3_RESTRICTED_PROXY or GSIConstants.CertificateType.GSI_4_RESTRICTED_PROXY then ProxyCertInfoExtension must be present in the extension set.
        cnValue - the value of the CN component of the subject of the new certificate. If null, the defaults will be used depending on the proxy certificate type created.
        Returns:
        X509Certificate the new proxy certificate
        Throws:
        java.io.IOException - if error reading the certificate request
        java.security.GeneralSecurityException - if a security error occurs.
        See Also:
        createProxyCertificate
      • createCredential

        public GlobusCredential createCredential​(java.security.cert.X509Certificate[] certs,
                                                 java.security.PrivateKey privateKey,
                                                 int bits,
                                                 int lifetime,
                                                 int delegationMode)
                                          throws java.security.GeneralSecurityException
        Deprecated.
        Creates a new proxy credential from the specified certificate chain and a private key.
        Throws:
        java.security.GeneralSecurityException
        See Also:
        createCredential
      • createCredential

        public GlobusCredential createCredential​(java.security.cert.X509Certificate[] certs,
                                                 java.security.PrivateKey privateKey,
                                                 int bits,
                                                 int lifetime,
                                                 int delegationMode,
                                                 X509ExtensionSet extSet)
                                          throws java.security.GeneralSecurityException
        Deprecated.
        Creates a new proxy credential from the specified certificate chain and a private key.
        Throws:
        java.security.GeneralSecurityException
        See Also:
        createCredential
      • createCredential

        public GlobusCredential createCredential​(java.security.cert.X509Certificate[] certs,
                                                 java.security.PrivateKey privateKey,
                                                 int bits,
                                                 int lifetime,
                                                 int delegationMode,
                                                 X509ExtensionSet extSet,
                                                 java.lang.String cnValue)
                                          throws java.security.GeneralSecurityException
        Deprecated.
        Creates a new proxy credential from the specified certificate chain and a private key. A set of X.509 extensions can be optionally included in the new proxy certificate. This function automatically creates a "RSA"-based key pair.
        Parameters:
        certs - the certificate chain for the new proxy credential. The top-most certificate cert[0] will be designated as the issuing certificate.
        privateKey - the private key of the issuing certificate. The new proxy certificate will be signed with that private key.
        bits - the strength of the key pair for the new proxy certificate.
        lifetime - lifetime of the new certificate in seconds. If 0 (or less then) the new certificate will have the same lifetime as the issuing certificate.
        delegationMode - the type of proxy credential to create
        extSet - a set of X.509 extensions to be included in the new proxy certificate. Can be null. If delegation mode is GSIConstants.CertificateType.GSI_3_RESTRICTED_PROXY or GSIConstants.CertificateType.GSI_4_RESTRICTED_PROXY then ProxyCertInfoExtension must be present in the extension set.
        cnValue - the value of the CN component of the subject of the new proxy credential. If null, the defaults will be used depending on the proxy certificate type created.
        Returns:
        GlobusCredential the new proxy credential.
        Throws:
        java.security.GeneralSecurityException - if a security error occurs.
        See Also:
        createProxyCertificate
      • createCertificate

        public java.security.cert.X509Certificate createCertificate​(java.io.InputStream certRequestInputStream,
                                                                    java.security.cert.X509Certificate cert,
                                                                    java.security.PrivateKey privateKey,
                                                                    int lifetime,
                                                                    GSIConstants.CertificateType certType)
                                                             throws java.io.IOException,
                                                                    java.security.GeneralSecurityException
        Creates a proxy certificate from the certificate request.
        Throws:
        java.io.IOException
        java.security.GeneralSecurityException
        See Also:
        createCertificate
      • createCertificate

        public java.security.cert.X509Certificate createCertificate​(java.io.InputStream certRequestInputStream,
                                                                    java.security.cert.X509Certificate cert,
                                                                    java.security.PrivateKey privateKey,
                                                                    int lifetime,
                                                                    GSIConstants.CertificateType certType,
                                                                    X509ExtensionSet extSet)
                                                             throws java.io.IOException,
                                                                    java.security.GeneralSecurityException
        Creates a proxy certificate from the certificate request.
        Throws:
        java.io.IOException
        java.security.GeneralSecurityException
        See Also:
        createCertificate
      • createCertificate

        public java.security.cert.X509Certificate createCertificate​(java.io.InputStream certRequestInputStream,
                                                                    java.security.cert.X509Certificate cert,
                                                                    java.security.PrivateKey privateKey,
                                                                    int lifetime,
                                                                    GSIConstants.CertificateType certType,
                                                                    X509ExtensionSet extSet,
                                                                    java.lang.String cnValue)
                                                             throws java.io.IOException,
                                                                    java.security.GeneralSecurityException
        Creates a proxy certificate from the certificate request. (Signs a certificate request creating a new certificate)
        Parameters:
        certRequestInputStream - the input stream to read the certificate request from.
        cert - the issuer certificate
        privateKey - the private key to sign the new certificate with.
        lifetime - lifetime of the new certificate in seconds. If 0 (or less then) the new certificate will have the same lifetime as the issuing certificate.
        certType - the type of proxy credential to create
        extSet - a set of X.509 extensions to be included in the new proxy certificate. Can be null. If delegation mode is GSIConstants.CertificateType.GSI_3_RESTRICTED_PROXY or GSIConstants.CertificateType.GSI_4_RESTRICTED_PROXY then ProxyCertInfoExtension must be present in the extension set.
        cnValue - the value of the CN component of the subject of the new certificate. If null, the defaults will be used depending on the proxy certificate type created.
        Returns:
        X509Certificate the new proxy certificate
        Throws:
        java.io.IOException - if error reading the certificate request
        java.security.GeneralSecurityException - if a security error occurs.
        See Also:
        createProxyCertificate
      • createCredential

        public X509Credential createCredential​(java.security.cert.X509Certificate[] certs,
                                               java.security.PrivateKey privateKey,
                                               int bits,
                                               int lifetime,
                                               GSIConstants.CertificateType certType)
                                        throws java.security.GeneralSecurityException
        Creates a new proxy credential from the specified certificate chain and a private key.
        Throws:
        java.security.GeneralSecurityException
        See Also:
        createCredential
      • createCredential

        public X509Credential createCredential​(java.security.cert.X509Certificate[] certs,
                                               java.security.PrivateKey privateKey,
                                               int bits,
                                               int lifetime,
                                               GSIConstants.CertificateType certType,
                                               X509ExtensionSet extSet)
                                        throws java.security.GeneralSecurityException
        Creates a new proxy credential from the specified certificate chain and a private key.
        Throws:
        java.security.GeneralSecurityException
        See Also:
        createCredential
      • createCredential

        public X509Credential createCredential​(java.security.cert.X509Certificate[] certs,
                                               java.security.PrivateKey privateKey,
                                               int bits,
                                               int lifetime,
                                               GSIConstants.CertificateType certType,
                                               X509ExtensionSet extSet,
                                               java.lang.String cnValue)
                                        throws java.security.GeneralSecurityException
        Creates a new proxy credential from the specified certificate chain and a private key. A set of X.509 extensions can be optionally included in the new proxy certificate. This function automatically creates a "RSA"-based key pair.
        Parameters:
        certs - the certificate chain for the new proxy credential. The top-most certificate cert[0] will be designated as the issuing certificate.
        privateKey - the private key of the issuing certificate. The new proxy certificate will be signed with that private key.
        bits - the strength of the key pair for the new proxy certificate.
        lifetime - lifetime of the new certificate in seconds. If 0 (or less then) the new certificate will have the same lifetime as the issuing certificate.
        certType - the type of proxy credential to create
        extSet - a set of X.509 extensions to be included in the new proxy certificate. Can be null. If delegation mode is GSIConstants.CertificateType.GSI_3_RESTRICTED_PROXY or GSIConstants.CertificateType.GSI_4_RESTRICTED_PROXY then ProxyCertInfoExtension must be present in the extension set.
        cnValue - the value of the CN component of the subject of the new proxy credential. If null, the defaults will be used depending on the proxy certificate type created.
        Returns:
        GlobusCredential the new proxy credential.
        Throws:
        java.security.GeneralSecurityException - if a security error occurs.
        See Also:
        createProxyCertificate
      • createCredential

        public X509Credential createCredential​(java.security.cert.X509Certificate[] certs,
                                               java.security.PrivateKey privateKey,
                                               int bits,
                                               int lifetime,
                                               GSIConstants.DelegationType delegType)
                                        throws java.security.GeneralSecurityException
        Creates a new proxy credential from the specified certificate chain and a private key, using the given delegation mode.
        Throws:
        java.security.GeneralSecurityException
        See Also:
        createCredential
      • createCredential

        public X509Credential createCredential​(java.security.cert.X509Certificate[] certs,
                                               java.security.PrivateKey privateKey,
                                               int bits,
                                               int lifetime,
                                               GSIConstants.DelegationType delegType,
                                               X509ExtensionSet extSet)
                                        throws java.security.GeneralSecurityException
        Creates a new proxy credential from the specified certificate chain and a private key, using the given delegation mode.
        Throws:
        java.security.GeneralSecurityException
        See Also:
        createCredential
      • loadCertificate

        public java.security.cert.X509Certificate loadCertificate​(java.io.InputStream in)
                                                           throws java.io.IOException,
                                                                  java.security.GeneralSecurityException
        Loads a X509 certificate from the specified input stream. Input stream must contain DER-encoded certificate.
        Parameters:
        in - the input stream to read the certificate from.
        Returns:
        X509Certificate the loaded certificate.
        Throws:
        java.security.GeneralSecurityException - if certificate failed to load.
        java.io.IOException
      • createCertificateRequest

        public byte[] createCertificateRequest​(java.lang.String subject,
                                               java.security.KeyPair keyPair)
                                        throws java.security.GeneralSecurityException
        Creates a certificate request from the specified subject DN and a key pair. The "MD5WithRSAEncryption" is used as the signing algorithm of the certificate request.
        Parameters:
        subject - the subject of the certificate request
        keyPair - the key pair of the certificate request
        Returns:
        the certificate request.
        Throws:
        java.security.GeneralSecurityException - if security error occurs.
      • createCertificateRequest

        public byte[] createCertificateRequest​(java.security.cert.X509Certificate cert,
                                               java.security.KeyPair keyPair)
                                        throws java.security.GeneralSecurityException
        Creates a certificate request from the specified certificate and a key pair. The certificate's subject DN with "CN=proxy" name component appended to the subject is used as the subject of the certificate request. Also the certificate's signing algorithm is used as the certificate request signing algorithm.
        Parameters:
        cert - the certificate to create the certificate request from.
        keyPair - the key pair of the certificate request
        Returns:
        the certificate request.
        Throws:
        java.security.GeneralSecurityException - if security error occurs.
      • createCertificateRequest

        public byte[] createCertificateRequest​(org.bouncycastle.asn1.x509.X509Name subjectDN,
                                               java.lang.String sigAlgName,
                                               java.security.KeyPair keyPair)
                                        throws java.security.GeneralSecurityException
        Creates a certificate request from the specified subject name, signing algorithm, and a key pair.
        Parameters:
        subjectDN - the subject name of the certificate request.
        sigAlgName - the signing algorithm name.
        keyPair - the key pair of the certificate request
        Returns:
        the certificate request.
        Throws:
        java.security.GeneralSecurityException - if security error occurs.
      • decideProxyType

        public static GSIConstants.CertificateType decideProxyType​(java.security.cert.X509Certificate issuerCert,
                                                                   GSIConstants.DelegationType delegType)
                                                            throws java.security.cert.CertificateException
        Given a delegation mode and an issuing certificate, decides an appropriate certificate type to use for proxies
        Parameters:
        issuerCert - the issuing certificate of a prospective proxy
        delegType - the desired delegation mode
        Returns:
        the appropriate certificate type for proxies or GSIConstants.CertificateType.UNDEFINED when GSIConstants.DelegationType.NONE was specified
        Throws:
        java.security.cert.CertificateException - when failing to get the certificate type of the issuing certificate
      • getX509CertificateObjectChain

        protected java.security.cert.X509Certificate[] getX509CertificateObjectChain​(java.security.cert.X509Certificate[] certs)
                                                                              throws java.security.GeneralSecurityException
        Returns a chain of X509Certificate's that are instances of X509CertificateObject This is related to http://bugzilla.globus.org/globus/show_bug.cgi?id=4933
        Parameters:
        certs - input certificate chain
        Returns:
        a new chain where all X509Certificate's are instances of X509CertificateObject
        Throws:
        java.security.GeneralSecurityException - when failing to get load certificate from encoding