|
|||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.globus.gsi.bc.BouncyCastleCertProcessingFactory
Provides certificate processing API such as creating new certificates, certificate requests, etc.
Constructor Summary | |
protected |
BouncyCastleCertProcessingFactory()
|
Method Summary | |
X509Certificate |
createCertificate(InputStream certRequestInputStream,
X509Certificate cert,
PrivateKey privateKey,
int lifetime,
int delegationMode)
Creates a proxy certificate from the certificate request. |
X509Certificate |
createCertificate(InputStream certRequestInputStream,
X509Certificate cert,
PrivateKey privateKey,
int lifetime,
int delegationMode,
ProxyCertInfo proxyCertInfoExt)
Deprecated. |
X509Certificate |
createCertificate(InputStream certRequestInputStream,
X509Certificate cert,
PrivateKey privateKey,
int lifetime,
int delegationMode,
ProxyCertInfo proxyCertInfoExt,
String cnValue)
Deprecated. Please use createCertificate() instead. The
ProxyCertInfo parameter can be passed in the
X509ExtensionSet using
ProxyCertInfoExtension class. |
X509Certificate |
createCertificate(InputStream certRequestInputStream,
X509Certificate cert,
PrivateKey privateKey,
int lifetime,
int delegationMode,
X509ExtensionSet extSet)
Creates a proxy certificate from the certificate request. |
X509Certificate |
createCertificate(InputStream certRequestInputStream,
X509Certificate cert,
PrivateKey privateKey,
int lifetime,
int delegationMode,
X509ExtensionSet extSet,
String cnValue)
Creates a proxy certificate from the certificate request. |
byte[] |
createCertificateRequest(String subject,
KeyPair keyPair)
Creates a certificate request from the specified subject DN and a key pair. |
byte[] |
createCertificateRequest(X509Certificate cert,
KeyPair keyPair)
Creates a certificate request from the specified certificate and a key pair. |
byte[] |
createCertificateRequest(X509Name subjectDN,
String sigAlgName,
KeyPair keyPair)
Creates a certificate request from the specified subject name, signing algorithm, and a key pair. |
GlobusCredential |
createCredential(X509Certificate[] certs,
PrivateKey privateKey,
int bits,
int lifetime,
int delegationMode)
Creates a new proxy credential from the specified certificate chain and a private key. |
GlobusCredential |
createCredential(X509Certificate[] certs,
PrivateKey privateKey,
int bits,
int lifetime,
int delegationMode,
ProxyCertInfo proxyCertInfoExt)
Deprecated. |
GlobusCredential |
createCredential(X509Certificate[] certs,
PrivateKey privateKey,
int bits,
int lifetime,
int delegationMode,
ProxyCertInfo proxyCertInfoExt,
String cnValue)
Deprecated. Please use createCredential()
instead. The ProxyCertInfo parameter can be passed in the
X509ExtensionSet using
ProxyCertInfoExtension class. |
GlobusCredential |
createCredential(X509Certificate[] certs,
PrivateKey privateKey,
int bits,
int lifetime,
int delegationMode,
X509ExtensionSet extSet)
Creates a new proxy credential from the specified certificate chain and a private key. |
GlobusCredential |
createCredential(X509Certificate[] certs,
PrivateKey privateKey,
int bits,
int lifetime,
int delegationMode,
X509ExtensionSet extSet,
String cnValue)
Creates a new proxy credential from the specified certificate chain and a private key. |
X509Certificate |
createProxyCertificate(X509Certificate issuerCert,
PrivateKey issuerKey,
PublicKey publicKey,
int lifetime,
int proxyType,
ProxyCertInfo proxyCertInfo,
String cnValue)
Deprecated. Please use createProxyCertificate() instead.
The ProxyCertInfo parameter can be passed in the
X509ExtensionSet using
ProxyCertInfoExtension class. |
X509Certificate |
createProxyCertificate(X509Certificate issuerCert,
PrivateKey issuerKey,
PublicKey publicKey,
int lifetime,
int proxyType,
X509ExtensionSet extSet,
String cnValue)
Creates a proxy certificate. |
static BouncyCastleCertProcessingFactory |
getDefault()
Returns an instance of this class.. |
X509Certificate |
loadCertificate(InputStream in)
Loads a X509 certificate from the specified input stream. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
protected BouncyCastleCertProcessingFactory()
Method Detail |
public static BouncyCastleCertProcessingFactory getDefault()
BouncyCastleCertProcessingFactory
instance.public X509Certificate createCertificate(InputStream certRequestInputStream, X509Certificate cert, PrivateKey privateKey, int lifetime, int delegationMode) throws IOException, GeneralSecurityException
IOException
GeneralSecurityException
createCertificate
public X509Certificate createCertificate(InputStream certRequestInputStream, X509Certificate cert, PrivateKey privateKey, int lifetime, int delegationMode, X509ExtensionSet extSet) throws IOException, GeneralSecurityException
IOException
GeneralSecurityException
createCertificate
public X509Certificate createCertificate(InputStream certRequestInputStream, X509Certificate cert, PrivateKey privateKey, int lifetime, int delegationMode, X509ExtensionSet extSet, String cnValue) throws IOException, GeneralSecurityException
certRequestInputStream
- the input stream to read the
certificate request from.cert
- the issuer certificateprivateKey
- the private key to sign the new
certificate with.lifetime
- lifetime of the new certificate in seconds.
If 0 (or less then) the new certificate will have the
same lifetime as the issuing certificate.delegationMode
- the type of proxy credential to createextSet
- a set of X.509 extensions to be included in the new
proxy certificate. Can be null. If delegation mode is
GSIConstants.GSI_3_RESTRICTED_PROXY
then
ProxyCertInfoExtension
must be present in the extension
set.cnValue
- the value of the CN component of the subject of
the new certificate. If null, the defaults will be used
depending on the proxy certificate type created.
X509Certificate
the new proxy certificate
IOException
- if error reading the certificate
request
GeneralSecurityException
- if a security error
occurs.createProxyCertificate
public X509Certificate loadCertificate(InputStream in) throws IOException, GeneralSecurityException
in
- the input stream to read the certificate from.
X509Certificate
the loaded certificate.
GeneralSecurityException
- if certificate failed to load.
IOException
public GlobusCredential createCredential(X509Certificate[] certs, PrivateKey privateKey, int bits, int lifetime, int delegationMode) throws GeneralSecurityException
GeneralSecurityException
createCredential
public GlobusCredential createCredential(X509Certificate[] certs, PrivateKey privateKey, int bits, int lifetime, int delegationMode, X509ExtensionSet extSet) throws GeneralSecurityException
GeneralSecurityException
createCredential
public GlobusCredential createCredential(X509Certificate[] certs, PrivateKey privateKey, int bits, int lifetime, int delegationMode, X509ExtensionSet extSet, String cnValue) throws GeneralSecurityException
certs
- the certificate chain for the new proxy credential.
The top-most certificate cert[0]
will be
designated as the issuing certificate.privateKey
- the private key of the issuing certificate.
The new proxy certificate will be signed with that
private key.bits
- the strength of the key pair for the new
proxy certificate.lifetime
- lifetime of the new certificate in seconds.
If 0 (or less then) the new certificate will have the
same lifetime as the issuing certificate.delegationMode
- the type of proxy credential to createextSet
- a set of X.509 extensions to be included in the new
proxy certificate. Can be null. If delegation mode is
GSIConstants.GSI_3_RESTRICTED_PROXY
then
ProxyCertInfoExtension
must be present in the extension
set.cnValue
- the value of the CN component of the subject of
the new proxy credential. If null, the defaults will be used
depending on the proxy certificate type created.
GlobusCredential
the new proxy credential.
GeneralSecurityException
- if a security error
occurs.createProxyCertificate
public byte[] createCertificateRequest(String subject, KeyPair keyPair) throws GeneralSecurityException
subject
- the subject of the certificate requestkeyPair
- the key pair of the certificate request
GeneralSecurityException
- if security error
occurs.public byte[] createCertificateRequest(X509Certificate cert, KeyPair keyPair) throws GeneralSecurityException
cert
- the certificate to create the certificate
request from.keyPair
- the key pair of the certificate request
GeneralSecurityException
- if security error
occurs.public byte[] createCertificateRequest(X509Name subjectDN, String sigAlgName, KeyPair keyPair) throws GeneralSecurityException
subjectDN
- the subject name of the certificate
request.sigAlgName
- the signing algorithm name.keyPair
- the key pair of the certificate request
GeneralSecurityException
- if security error
occurs.public X509Certificate createProxyCertificate(X509Certificate issuerCert, PrivateKey issuerKey, PublicKey publicKey, int lifetime, int proxyType, X509ExtensionSet extSet, String cnValue) throws GeneralSecurityException
issuerCert
- the issuing certificateissuerKey
- private key matching the public key of issuer
certificate. The new proxy certificate will be
signed by that key.publicKey
- the public key of the new certificatelifetime
- lifetime of the new certificate in seconds.
If 0 (or less then) the new certificate will have the
same lifetime as the issuing certificate.proxyType
- can be one of
GSIConstants.DELEGATION_LIMITED
,
GSIConstants.DELEGATION_FULL
,
GSIConstants.GSI_2_LIMITED_PROXY
,
GSIConstants.GSI_2_PROXY
,
GSIConstants.GSI_3_IMPERSONATION_PROXY
,
GSIConstants.GSI_3_LIMITED_PROXY
,
GSIConstants.GSI_3_INDEPENDENT_PROXY
,
GSIConstants.GSI_3_RESTRICTED_PROXY
.
If GSIConstants.DELEGATION_LIMITED
and if
CertUtil.isGsi3Enabled
returns true then a GSI-3 limited proxy will be created. If not,
a GSI-2 limited proxy will be created.
If GSIConstants.DELEGATION_FULL
and if
CertUtil.isGsi3Enabled
returns true then a GSI-3 impersonation proxy will be created.
If not, a GSI-2 full proxy will be created.extSet
- a set of X.509 extensions to be included in the new
proxy certificate. Can be null. If delegation mode is
GSIConstants.GSI_3_RESTRICTED_PROXY
then
ProxyCertInfoExtension
must be present in the extension
set.cnValue
- the value of the CN component of the subject of
the new certificate. If null, the defaults will be used
depending on the proxy certificate type created.
X509Certificate
the new proxy certificate.
GeneralSecurityException
- if a security error
occurs.public X509Certificate createProxyCertificate(X509Certificate issuerCert, PrivateKey issuerKey, PublicKey publicKey, int lifetime, int proxyType, ProxyCertInfo proxyCertInfo, String cnValue) throws GeneralSecurityException
createProxyCertificate()
instead.
The ProxyCertInfo
parameter can be passed in the
X509ExtensionSet
using
ProxyCertInfoExtension
class.
GeneralSecurityException
public GlobusCredential createCredential(X509Certificate[] certs, PrivateKey privateKey, int bits, int lifetime, int delegationMode, ProxyCertInfo proxyCertInfoExt, String cnValue) throws GeneralSecurityException
createCredential()
instead. The ProxyCertInfo
parameter can be passed in the
X509ExtensionSet
using
ProxyCertInfoExtension
class.
GeneralSecurityException
public GlobusCredential createCredential(X509Certificate[] certs, PrivateKey privateKey, int bits, int lifetime, int delegationMode, ProxyCertInfo proxyCertInfoExt) throws GeneralSecurityException
GeneralSecurityException
createCredential
public X509Certificate createCertificate(InputStream certRequestInputStream, X509Certificate cert, PrivateKey privateKey, int lifetime, int delegationMode, ProxyCertInfo proxyCertInfoExt, String cnValue) throws IOException, GeneralSecurityException
createCertificate()
instead. The
ProxyCertInfo
parameter can be passed in the
X509ExtensionSet
using
ProxyCertInfoExtension
class.
IOException
GeneralSecurityException
public X509Certificate createCertificate(InputStream certRequestInputStream, X509Certificate cert, PrivateKey privateKey, int lifetime, int delegationMode, ProxyCertInfo proxyCertInfoExt) throws IOException, GeneralSecurityException
IOException
GeneralSecurityException
createCertificate
|
|||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |