Class CertificateUtil

java.lang.Object
org.globus.gsi.util.CertificateUtil

public final class CertificateUtil extends Object
FILL ME
Author:
ranantha@mcs.anl.gov
  • Method Summary

    Modifier and Type
    Method
    Description
    static KeyPair
    generateKeyPair(String algorithm, int bits)
    Generates a key pair of given algorithm and strength.
    static org.bouncycastle.asn1.x509.BasicConstraints
    getBasicConstraints(org.bouncycastle.asn1.x509.X509Extension ext)
    Creates a BasicConstraints object from given extension.
    static int
    getCAPathConstraint(org.bouncycastle.asn1.x509.TBSCertificateStructure crt)
    Return CA Path constraint
    getCertificateType(org.bouncycastle.asn1.x509.TBSCertificateStructure crt)
    Returns certificate type of the given TBS certificate.
    static CertPath
     
    static org.bouncycastle.asn1.ASN1Primitive
    getExtensionObject(org.bouncycastle.asn1.x509.X509Extension ext)
    Extracts the value of a certificate extension.
    getKeyUsage(org.bouncycastle.asn1.x509.TBSCertificateStructure crt)
     
    getKeyUsage(org.bouncycastle.asn1.x509.X509Extension ext)
    Gets a boolean array representing bits of the KeyUsage extension.
    static org.bouncycastle.asn1.x509.TBSCertificateStructure
    Extracts the TBS certificate from the given certificate.
    static void
    A no-op function that can be used to force the class to load and initialize.
    static void
    Installs SecureRandom provider.
    static void
    setProvider(String providerName)
    Sets a provider name to use for loading certificates and for generating key pairs.
    static org.bouncycastle.asn1.ASN1Primitive
    toASN1Primitive(byte[] data)
    Converts the DER-encoded byte array into a DERObject.
    static String
    Converts DN of the form "CN=A, OU=B, O=C" into Globus format "/CN=A/OU=B/O=C".
    This function might return incorrect Globus-formatted ID when one of the RDNs in the DN contains commas.
    static String
    toGlobusID(String dn, boolean noreverse)
    Converts DN of the form "CN=A, OU=B, O=C" into Globus format "/CN=A/OU=B/O=C" or "/O=C/OU=B/CN=A" depending on the noreverse option.
    static String
    Converts the specified principal into Globus format.
    static String
    Converts DN of the form "CN=A, OU=B, O=C" into Globus format "/O=C/OU=B/CN=A"
    This function might return incorrect Globus-formatted ID when one of the RDNs in the DN contains commas.
    toPrincipal(String globusID)
    Converts Globus DN format "/O=C/OU=B/CN=A" into an X500Principal representation, which accepts RFC 2253 or 1779 formatted DN's and also attribute types as defined in RFC 2459 (e.g.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Method Details

    • init

      public static void init()
      A no-op function that can be used to force the class to load and initialize.
    • setProvider

      public static void setProvider(String providerName)
      Sets a provider name to use for loading certificates and for generating key pairs.
      Parameters:
      providerName - provider name to use.
    • installSecureRandomProvider

      public static void installSecureRandomProvider()
      Installs SecureRandom provider. This function is automatically called when this class is loaded.
    • getCAPathConstraint

      public static int getCAPathConstraint(org.bouncycastle.asn1.x509.TBSCertificateStructure crt) throws IOException
      Return CA Path constraint
      Parameters:
      crt -
      Returns:
      the CA path constraint
      Throws:
      IOException
    • generateKeyPair

      public static KeyPair generateKeyPair(String algorithm, int bits) throws GeneralSecurityException
      Generates a key pair of given algorithm and strength.
      Parameters:
      algorithm - the algorithm of the key pair.
      bits - the strength
      Returns:
      KeyPair the generated key pair.
      Throws:
      GeneralSecurityException - if something goes wrong.
    • getCertificateType

      public static GSIConstants.CertificateType getCertificateType(org.bouncycastle.asn1.x509.TBSCertificateStructure crt) throws CertificateException, IOException
      Returns certificate type of the given TBS certificate.
      The certificate type is GSIConstants.CertificateType.CA only if the certificate contains a BasicConstraints extension and it is marked as CA.
      A certificate is a GSI-2 proxy when the subject DN of the certificate ends with "CN=proxy" (certificate type GSIConstants.CertificateType.GSI_2_PROXY) or "CN=limited proxy" (certificate type GSIConstants.CertificateType.LIMITED_PROXY) component and the issuer DN of the certificate matches the subject DN without the last proxy CN component.
      A certificate is a GSI-3 proxy when the subject DN of the certificate ends with a CN component, the issuer DN of the certificate matches the subject DN without the last CN component and the certificate contains ProxyCertInfo critical extension. The certificate type is GSIConstants.CertificateType.GSI_3_IMPERSONATION_PROXY if the policy language of the ProxyCertInfo extension is set to ProxyPolicy.IMPERSONATION OID. The certificate type is GSIConstants.CertificateType.GSI_3_LIMITED_PROXY if the policy language of the ProxyCertInfo extension is set to ProxyPolicy.LIMITED OID. The certificate type is GSIConstants.CertificateType.GSI_3_INDEPENDENT_PROXY if the policy language of the ProxyCertInfo extension is set to ProxyPolicy.INDEPENDENT OID. The certificate type is GSIConstants.CertificateType.GSI_3_RESTRICTED_PROXY if the policy language of the ProxyCertInfo extension is set to any other OID then the above.
      The certificate type is GSIConstants.CertificateType.EEC if the certificate is not a CA certificate or a GSI-2 or GSI-3 proxy.
      Parameters:
      crt - the TBS certificate to get the type of.
      Returns:
      the certificate type. The certificate type is determined by rules described above.
      Throws:
      IOException - if something goes wrong.
      CertificateException - for proxy certificates, if the issuer DN of the certificate does not match the subject DN of the certificate without the last CN component. Also, for GSI-3 proxies when the ProxyCertInfo extension is not marked as critical.
    • getBasicConstraints

      public static org.bouncycastle.asn1.x509.BasicConstraints getBasicConstraints(org.bouncycastle.asn1.x509.X509Extension ext) throws IOException
      Creates a BasicConstraints object from given extension.
      Parameters:
      ext - the extension.
      Returns:
      the BasicConstraints object.
      Throws:
      IOException - if something fails.
    • toASN1Primitive

      public static org.bouncycastle.asn1.ASN1Primitive toASN1Primitive(byte[] data) throws IOException
      Converts the DER-encoded byte array into a DERObject.
      Parameters:
      data - the DER-encoded byte array to convert.
      Returns:
      the DERObject.
      Throws:
      IOException - if conversion fails
    • getTBSCertificateStructure

      public static org.bouncycastle.asn1.x509.TBSCertificateStructure getTBSCertificateStructure(X509Certificate cert) throws CertificateEncodingException, IOException
      Extracts the TBS certificate from the given certificate.
      Parameters:
      cert - the X.509 certificate to extract the TBS certificate from.
      Returns:
      the TBS certificate
      Throws:
      IOException - if extraction fails.
      CertificateEncodingException - if extraction fails.
    • getKeyUsage

      public static EnumSet<KeyUsage> getKeyUsage(org.bouncycastle.asn1.x509.TBSCertificateStructure crt) throws IOException
      Throws:
      IOException
    • getKeyUsage

      public static EnumSet<KeyUsage> getKeyUsage(org.bouncycastle.asn1.x509.X509Extension ext) throws IOException
      Gets a boolean array representing bits of the KeyUsage extension.
      Throws:
      IOException - if failed to extract the KeyUsage extension value.
      See Also:
    • getExtensionObject

      public static org.bouncycastle.asn1.ASN1Primitive getExtensionObject(org.bouncycastle.asn1.x509.X509Extension ext) throws IOException
      Extracts the value of a certificate extension.
      Parameters:
      ext - the certificate extension to extract the value from.
      Throws:
      IOException - if extraction fails.
    • toGlobusID

      public static String toGlobusID(String dn)
      Converts DN of the form "CN=A, OU=B, O=C" into Globus format "/CN=A/OU=B/O=C".
      This function might return incorrect Globus-formatted ID when one of the RDNs in the DN contains commas.
      Parameters:
      dn - the DN to convert to Globus format.
      Returns:
      the converted DN in Globus format.
      See Also:
    • toGlobusID

      public static String toGlobusID(String dn, boolean noreverse)
      Converts DN of the form "CN=A, OU=B, O=C" into Globus format "/CN=A/OU=B/O=C" or "/O=C/OU=B/CN=A" depending on the noreverse option. If noreverse is true the order of the DN components is not reveresed - "/CN=A/OU=B/O=C" is returned. If noreverse is false, the order of the DN components is reversed - "/O=C/OU=B/CN=A" is returned.
      This function might return incorrect Globus-formatted ID when one of the RDNs in the DN contains commas.
      Parameters:
      dn - the DN to convert to Globus format.
      noreverse - the direction of the conversion.
      Returns:
      the converted DN in Globus format.
    • toGlobusID

      public static String toGlobusID(Principal name)
      Converts the specified principal into Globus format. If the principal is of unrecognized type a simple string-based conversion is made using the toGlobusID() function.
      Parameters:
      name - the principal to convert to Globus format.
      Returns:
      the converted DN in Globus format.
      See Also:
    • toGlobusID

      public static String toGlobusID(X500Principal principal)
      Converts DN of the form "CN=A, OU=B, O=C" into Globus format "/O=C/OU=B/CN=A"
      This function might return incorrect Globus-formatted ID when one of the RDNs in the DN contains commas.
      Returns:
      the converted DN in Globus format.
    • toPrincipal

      public static X500Principal toPrincipal(String globusID)
      Converts Globus DN format "/O=C/OU=B/CN=A" into an X500Principal representation, which accepts RFC 2253 or 1779 formatted DN's and also attribute types as defined in RFC 2459 (e.g. "CN=A,OU=B,O=C"). This method should allow the forward slash, "/", to occur in attribute values (see GFD.125 section 3.2.2 -- RFC 2252 allows "/" in PrintableStrings).
      Parameters:
      globusID - DN in Globus format
      Returns:
      the X500Principal representation of the given DN
    • getCertPath

      public static CertPath getCertPath(X509Certificate[] certs) throws CertificateException
      Throws:
      CertificateException