Class CertificateUtil


  • public final class CertificateUtil
    extends java.lang.Object
    FILL ME
    Author:
    ranantha@mcs.anl.gov
    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static java.security.KeyPair generateKeyPair​(java.lang.String algorithm, int bits)
      Generates a key pair of given algorithm and strength.
      static org.bouncycastle.asn1.x509.BasicConstraints getBasicConstraints​(org.bouncycastle.asn1.x509.X509Extension ext)
      Creates a BasicConstraints object from given extension.
      static int getCAPathConstraint​(org.bouncycastle.asn1.x509.TBSCertificateStructure crt)
      Return CA Path constraint
      static GSIConstants.CertificateType getCertificateType​(org.bouncycastle.asn1.x509.TBSCertificateStructure crt)
      Returns certificate type of the given TBS certificate.
      static java.security.cert.CertPath getCertPath​(java.security.cert.X509Certificate[] certs)  
      static org.bouncycastle.asn1.ASN1Primitive getExtensionObject​(org.bouncycastle.asn1.x509.X509Extension ext)
      Extracts the value of a certificate extension.
      static java.util.EnumSet<KeyUsage> getKeyUsage​(org.bouncycastle.asn1.x509.TBSCertificateStructure crt)  
      static java.util.EnumSet<KeyUsage> getKeyUsage​(org.bouncycastle.asn1.x509.X509Extension ext)
      Gets a boolean array representing bits of the KeyUsage extension.
      static org.bouncycastle.asn1.x509.TBSCertificateStructure getTBSCertificateStructure​(java.security.cert.X509Certificate cert)
      Extracts the TBS certificate from the given certificate.
      static void init()
      A no-op function that can be used to force the class to load and initialize.
      static void installSecureRandomProvider()
      Installs SecureRandom provider.
      static void setProvider​(java.lang.String providerName)
      Sets a provider name to use for loading certificates and for generating key pairs.
      static org.bouncycastle.asn1.ASN1Primitive toASN1Primitive​(byte[] data)
      Converts the DER-encoded byte array into a DERObject.
      static java.lang.String toGlobusID​(java.lang.String dn)
      Converts DN of the form "CN=A, OU=B, O=C" into Globus format "/CN=A/OU=B/O=C".
      This function might return incorrect Globus-formatted ID when one of the RDNs in the DN contains commas.
      static java.lang.String toGlobusID​(java.lang.String dn, boolean noreverse)
      Converts DN of the form "CN=A, OU=B, O=C" into Globus format "/CN=A/OU=B/O=C" or "/O=C/OU=B/CN=A" depending on the noreverse option.
      static java.lang.String toGlobusID​(java.security.Principal name)
      Converts the specified principal into Globus format.
      static java.lang.String toGlobusID​(javax.security.auth.x500.X500Principal principal)
      Converts DN of the form "CN=A, OU=B, O=C" into Globus format "/O=C/OU=B/CN=A"
      This function might return incorrect Globus-formatted ID when one of the RDNs in the DN contains commas.
      static javax.security.auth.x500.X500Principal toPrincipal​(java.lang.String globusID)
      Converts Globus DN format "/O=C/OU=B/CN=A" into an X500Principal representation, which accepts RFC 2253 or 1779 formatted DN's and also attribute types as defined in RFC 2459 (e.g.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Method Detail

      • init

        public static void init()
        A no-op function that can be used to force the class to load and initialize.
      • setProvider

        public static void setProvider​(java.lang.String providerName)
        Sets a provider name to use for loading certificates and for generating key pairs.
        Parameters:
        providerName - provider name to use.
      • installSecureRandomProvider

        public static void installSecureRandomProvider()
        Installs SecureRandom provider. This function is automatically called when this class is loaded.
      • getCAPathConstraint

        public static int getCAPathConstraint​(org.bouncycastle.asn1.x509.TBSCertificateStructure crt)
                                       throws java.io.IOException
        Return CA Path constraint
        Parameters:
        crt -
        Returns:
        the CA path constraint
        Throws:
        java.io.IOException
      • generateKeyPair

        public static java.security.KeyPair generateKeyPair​(java.lang.String algorithm,
                                                            int bits)
                                                     throws java.security.GeneralSecurityException
        Generates a key pair of given algorithm and strength.
        Parameters:
        algorithm - the algorithm of the key pair.
        bits - the strength
        Returns:
        KeyPair the generated key pair.
        Throws:
        java.security.GeneralSecurityException - if something goes wrong.
      • getBasicConstraints

        public static org.bouncycastle.asn1.x509.BasicConstraints getBasicConstraints​(org.bouncycastle.asn1.x509.X509Extension ext)
                                                                               throws java.io.IOException
        Creates a BasicConstraints object from given extension.
        Parameters:
        ext - the extension.
        Returns:
        the BasicConstraints object.
        Throws:
        java.io.IOException - if something fails.
      • toASN1Primitive

        public static org.bouncycastle.asn1.ASN1Primitive toASN1Primitive​(byte[] data)
                                                                   throws java.io.IOException
        Converts the DER-encoded byte array into a DERObject.
        Parameters:
        data - the DER-encoded byte array to convert.
        Returns:
        the DERObject.
        Throws:
        java.io.IOException - if conversion fails
      • getTBSCertificateStructure

        public static org.bouncycastle.asn1.x509.TBSCertificateStructure getTBSCertificateStructure​(java.security.cert.X509Certificate cert)
                                                                                             throws java.security.cert.CertificateEncodingException,
                                                                                                    java.io.IOException
        Extracts the TBS certificate from the given certificate.
        Parameters:
        cert - the X.509 certificate to extract the TBS certificate from.
        Returns:
        the TBS certificate
        Throws:
        java.io.IOException - if extraction fails.
        java.security.cert.CertificateEncodingException - if extraction fails.
      • getKeyUsage

        public static java.util.EnumSet<KeyUsage> getKeyUsage​(org.bouncycastle.asn1.x509.TBSCertificateStructure crt)
                                                       throws java.io.IOException
        Throws:
        java.io.IOException
      • getKeyUsage

        public static java.util.EnumSet<KeyUsage> getKeyUsage​(org.bouncycastle.asn1.x509.X509Extension ext)
                                                       throws java.io.IOException
        Gets a boolean array representing bits of the KeyUsage extension.
        Throws:
        java.io.IOException - if failed to extract the KeyUsage extension value.
        See Also:
        X509Certificate.getKeyUsage()
      • getExtensionObject

        public static org.bouncycastle.asn1.ASN1Primitive getExtensionObject​(org.bouncycastle.asn1.x509.X509Extension ext)
                                                                      throws java.io.IOException
        Extracts the value of a certificate extension.
        Parameters:
        ext - the certificate extension to extract the value from.
        Throws:
        java.io.IOException - if extraction fails.
      • toGlobusID

        public static java.lang.String toGlobusID​(java.lang.String dn)
        Converts DN of the form "CN=A, OU=B, O=C" into Globus format "/CN=A/OU=B/O=C".
        This function might return incorrect Globus-formatted ID when one of the RDNs in the DN contains commas.
        Parameters:
        dn - the DN to convert to Globus format.
        Returns:
        the converted DN in Globus format.
        See Also:
        toGlobusID(String, boolean)
      • toGlobusID

        public static java.lang.String toGlobusID​(java.lang.String dn,
                                                  boolean noreverse)
        Converts DN of the form "CN=A, OU=B, O=C" into Globus format "/CN=A/OU=B/O=C" or "/O=C/OU=B/CN=A" depending on the noreverse option. If noreverse is true the order of the DN components is not reveresed - "/CN=A/OU=B/O=C" is returned. If noreverse is false, the order of the DN components is reversed - "/O=C/OU=B/CN=A" is returned.
        This function might return incorrect Globus-formatted ID when one of the RDNs in the DN contains commas.
        Parameters:
        dn - the DN to convert to Globus format.
        noreverse - the direction of the conversion.
        Returns:
        the converted DN in Globus format.
      • toGlobusID

        public static java.lang.String toGlobusID​(java.security.Principal name)
        Converts the specified principal into Globus format. If the principal is of unrecognized type a simple string-based conversion is made using the toGlobusID() function.
        Parameters:
        name - the principal to convert to Globus format.
        Returns:
        the converted DN in Globus format.
        See Also:
        toGlobusID(String)
      • toGlobusID

        public static java.lang.String toGlobusID​(javax.security.auth.x500.X500Principal principal)
        Converts DN of the form "CN=A, OU=B, O=C" into Globus format "/O=C/OU=B/CN=A"
        This function might return incorrect Globus-formatted ID when one of the RDNs in the DN contains commas.
        Returns:
        the converted DN in Globus format.
      • toPrincipal

        public static javax.security.auth.x500.X500Principal toPrincipal​(java.lang.String globusID)
        Converts Globus DN format "/O=C/OU=B/CN=A" into an X500Principal representation, which accepts RFC 2253 or 1779 formatted DN's and also attribute types as defined in RFC 2459 (e.g. "CN=A,OU=B,O=C"). This method should allow the forward slash, "/", to occur in attribute values (see GFD.125 section 3.2.2 -- RFC 2252 allows "/" in PrintableStrings).
        Parameters:
        globusID - DN in Globus format
        Returns:
        the X500Principal representation of the given DN
      • getCertPath

        public static java.security.cert.CertPath getCertPath​(java.security.cert.X509Certificate[] certs)
                                                       throws java.security.cert.CertificateException
        Throws:
        java.security.cert.CertificateException