BouncyCastleCertProcessingFactory

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

gov.nih.nci.cagrid.gridca.common
Class BouncyCastleCertProcessingFactory

java.lang.Object
  gov.nih.nci.cagrid.gridca.common.BouncyCastleCertProcessingFactory

public class BouncyCastleCertProcessingFactory
extends java.lang.Object
extends java.lang.Object

Provides certificate processing API such as creating new certificates, certificate requests, etc.

Constructor Summary
`protected`	`BouncyCastleCertProcessingFactory()`

Method Summary
`java.security.cert.X509Certificate`	`createCertificate(java.lang.String provider, java.io.InputStream certRequestInputStream, java.security.cert.X509Certificate cert, java.security.PrivateKey privateKey, int lifetime, int delegationMode, org.globus.gsi.proxy.ext.ProxyCertInfo proxyCertInfoExt)` Deprecated.
`java.security.cert.X509Certificate`	`createCertificate(java.lang.String provider, java.io.InputStream certRequestInputStream, java.security.cert.X509Certificate cert, java.security.PrivateKey privateKey, int lifetime, int delegationMode, org.globus.gsi.proxy.ext.ProxyCertInfo proxyCertInfoExt, java.lang.String cnValue)` Deprecated. Please use `createCertificate()` instead. The `ProxyCertInfo` parameter can be passed in the `X509ExtensionSet` using `ProxyCertInfoExtension` class.
`java.security.cert.X509Certificate`	`createCertificate(java.lang.String provider, java.io.InputStream certRequestInputStream, java.security.cert.X509Certificate cert, java.security.PrivateKey privateKey, int lifetime, int delegationMode, java.lang.String signatureAlgorithm)` Creates a proxy certificate from the certificate request.
`java.security.cert.X509Certificate`	`createCertificate(java.lang.String provider, java.io.InputStream certRequestInputStream, java.security.cert.X509Certificate cert, java.security.PrivateKey privateKey, int lifetime, int delegationMode, org.globus.gsi.X509ExtensionSet extSet, java.lang.String signatureAlgorithm)` Creates a proxy certificate from the certificate request.
`java.security.cert.X509Certificate`	`createCertificate(java.lang.String provider, java.io.InputStream certRequestInputStream, java.security.cert.X509Certificate cert, java.security.PrivateKey privateKey, int lifetime, int delegationMode, org.globus.gsi.X509ExtensionSet extSet, java.lang.String cnValue, java.lang.String signatureAlgorithm)` Creates a proxy certificate from the certificate request.
`byte[]`	`createCertificateRequest(java.lang.String subject, java.security.KeyPair keyPair)` Creates a certificate request from the specified subject DN and a key pair.
`byte[]`	`createCertificateRequest(java.security.cert.X509Certificate cert, java.security.KeyPair keyPair)` Creates a certificate request from the specified certificate and a key pair.
`byte[]`	`createCertificateRequest(org.bouncycastle.asn1.x509.X509Name subjectDN, java.lang.String sigAlgName, java.security.KeyPair keyPair)` Creates a certificate request from the specified subject name, signing algorithm, and a key pair.
`org.globus.gsi.GlobusCredential`	`createCredential(java.lang.String provider, java.security.cert.X509Certificate[] certs, java.security.PrivateKey privateKey, int bits, int lifetime, int delegationMode, org.globus.gsi.proxy.ext.ProxyCertInfo proxyCertInfoExt)` Deprecated.
`org.globus.gsi.GlobusCredential`	`createCredential(java.lang.String provider, java.security.cert.X509Certificate[] certs, java.security.PrivateKey privateKey, int bits, int lifetime, int delegationMode, org.globus.gsi.proxy.ext.ProxyCertInfo proxyCertInfoExt, java.lang.String cnValue)` Deprecated. Please use `createCredential()` instead. The `ProxyCertInfo` parameter can be passed in the `X509ExtensionSet` using `ProxyCertInfoExtension` class.
`org.globus.gsi.GlobusCredential`	`createCredential(java.lang.String provider, java.security.cert.X509Certificate[] certs, java.security.PrivateKey privateKey, int bits, int lifetime, int delegationMode, java.lang.String signatureAlgorithm)` Creates a new proxy credential from the specified certificate chain and a private key.
`org.globus.gsi.GlobusCredential`	`createCredential(java.lang.String provider, java.security.cert.X509Certificate[] certs, java.security.PrivateKey privateKey, int bits, int lifetime, int delegationMode, org.globus.gsi.X509ExtensionSet extSet, java.lang.String signatureAlgorithm)` Creates a new proxy credential from the specified certificate chain and a private key.
`org.globus.gsi.GlobusCredential`	`createCredential(java.lang.String provider, java.security.cert.X509Certificate[] certs, java.security.PrivateKey privateKey, int bits, int lifetime, int delegationMode, org.globus.gsi.X509ExtensionSet extSet, java.lang.String cnValue, java.lang.String signatureAlgorithm)` Creates a new proxy credential from the specified certificate chain and a private key.
`java.security.cert.X509Certificate`	`createProxyCertificate(java.lang.String provider, java.security.cert.X509Certificate issuerCert, java.security.PrivateKey issuerKey, java.security.PublicKey publicKey, int lifetime, int proxyType, org.globus.gsi.proxy.ext.ProxyCertInfo proxyCertInfo, java.lang.String cnValue, java.lang.String signatureAlgorithm)` Deprecated. Please use `createProxyCertificate()` instead. The `ProxyCertInfo` parameter can be passed in the `X509ExtensionSet` using `ProxyCertInfoExtension` class.
`java.security.cert.X509Certificate`	`createProxyCertificate(java.lang.String provider, java.security.cert.X509Certificate issuerCert, java.security.PrivateKey issuerKey, java.security.PublicKey publicKey, int lifetime, int proxyType, org.globus.gsi.X509ExtensionSet extSet, java.lang.String cnValue, java.lang.String signatureAlgorithm)` Creates a proxy certificate.
`static BouncyCastleCertProcessingFactory`	`getDefault()` Returns an instance of this class..
`java.security.cert.X509Certificate`	`loadCertificate(java.io.InputStream in)` Loads a X509 certificate from the specified input stream.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

BouncyCastleCertProcessingFactory

protected BouncyCastleCertProcessingFactory()

Method Detail

getDefault

public static BouncyCastleCertProcessingFactory getDefault()

Returns an instance of this class..

Returns:: BouncyCastleCertProcessingFactory instance.

createCertificate

public java.security.cert.X509Certificate createCertificate(java.lang.String provider,
                                                            java.io.InputStream certRequestInputStream,
                                                            java.security.cert.X509Certificate cert,
                                                            java.security.PrivateKey privateKey,
                                                            int lifetime,
                                                            int delegationMode,
                                                            java.lang.String signatureAlgorithm)
                                                     throws java.io.IOException,
                                                            java.security.GeneralSecurityException

Creates a proxy certificate from the certificate request.

Throws:: java.io.IOException; java.security.GeneralSecurityException
See Also:: createCertificate

createCertificate

public java.security.cert.X509Certificate createCertificate(java.lang.String provider,
                                                            java.io.InputStream certRequestInputStream,
                                                            java.security.cert.X509Certificate cert,
                                                            java.security.PrivateKey privateKey,
                                                            int lifetime,
                                                            int delegationMode,
                                                            org.globus.gsi.X509ExtensionSet extSet,
                                                            java.lang.String signatureAlgorithm)
                                                     throws java.io.IOException,
                                                            java.security.GeneralSecurityException

Creates a proxy certificate from the certificate request.

Throws:: java.io.IOException; java.security.GeneralSecurityException
See Also:: createCertificate

createCertificate

public java.security.cert.X509Certificate createCertificate(java.lang.String provider,
                                                            java.io.InputStream certRequestInputStream,
                                                            java.security.cert.X509Certificate cert,
                                                            java.security.PrivateKey privateKey,
                                                            int lifetime,
                                                            int delegationMode,
                                                            org.globus.gsi.X509ExtensionSet extSet,
                                                            java.lang.String cnValue,
                                                            java.lang.String signatureAlgorithm)
                                                     throws java.io.IOException,
                                                            java.security.GeneralSecurityException

Creates a proxy certificate from the certificate request. (Signs a certificate request creating a new certificate)

Parameters:: certRequestInputStream - the input stream to read the certificate request from.; cert - the issuer certificate; privateKey - the private key to sign the new certificate with.; lifetime - lifetime of the new certificate in seconds. If 0 (or less then) the new certificate will have the same lifetime as the issuing certificate.; delegationMode - the type of proxy credential to create; extSet - a set of X.509 extensions to be included in the new proxy certificate. Can be null. If delegation mode is GSIConstants.GSI_3_RESTRICTED_PROXY then ProxyCertInfoExtension must be present in the extension set.; cnValue - the value of the CN component of the subject of the new certificate. If null, the defaults will be used depending on the proxy certificate type created.
Returns:: X509Certificate the new proxy certificate
Throws:: java.io.IOException - if error reading the certificate request; java.security.GeneralSecurityException - if a security error occurs.
See Also:: createProxyCertificate

loadCertificate

public java.security.cert.X509Certificate loadCertificate(java.io.InputStream in)
                                                   throws java.io.IOException,
                                                          java.security.GeneralSecurityException

Loads a X509 certificate from the specified input stream. Input stream must contain DER-encoded certificate.

Parameters:: in - the input stream to read the certificate from.
Returns:: X509Certificate the loaded certificate.
Throws:: java.security.GeneralSecurityException - if certificate failed to load.; java.io.IOException

createCredential

public org.globus.gsi.GlobusCredential createCredential(java.lang.String provider,
                                                        java.security.cert.X509Certificate[] certs,
                                                        java.security.PrivateKey privateKey,
                                                        int bits,
                                                        int lifetime,
                                                        int delegationMode,
                                                        java.lang.String signatureAlgorithm)
                                                 throws java.security.GeneralSecurityException

Creates a new proxy credential from the specified certificate chain and a private key.

Throws:: java.security.GeneralSecurityException
See Also:: createCredential

createCredential

public org.globus.gsi.GlobusCredential createCredential(java.lang.String provider,
                                                        java.security.cert.X509Certificate[] certs,
                                                        java.security.PrivateKey privateKey,
                                                        int bits,
                                                        int lifetime,
                                                        int delegationMode,
                                                        org.globus.gsi.X509ExtensionSet extSet,
                                                        java.lang.String signatureAlgorithm)
                                                 throws java.security.GeneralSecurityException

Creates a new proxy credential from the specified certificate chain and a private key.

Throws:: java.security.GeneralSecurityException
See Also:: createCredential

createCredential

public org.globus.gsi.GlobusCredential createCredential(java.lang.String provider,
                                                        java.security.cert.X509Certificate[] certs,
                                                        java.security.PrivateKey privateKey,
                                                        int bits,
                                                        int lifetime,
                                                        int delegationMode,
                                                        org.globus.gsi.X509ExtensionSet extSet,
                                                        java.lang.String cnValue,
                                                        java.lang.String signatureAlgorithm)
                                                 throws java.security.GeneralSecurityException

Creates a new proxy credential from the specified certificate chain and a private key. A set of X.509 extensions can be optionally included in the new proxy certificate. This function automatically creates a "RSA"-based key pair.

Parameters:: certs - the certificate chain for the new proxy credential. The top-most certificate cert[0] will be designated as the issuing certificate.; privateKey - the private key of the issuing certificate. The new proxy certificate will be signed with that private key.; bits - the strength of the key pair for the new proxy certificate.; lifetime - lifetime of the new certificate in seconds. If 0 (or less then) the new certificate will have the same lifetime as the issuing certificate.; delegationMode - the type of proxy credential to create; extSet - a set of X.509 extensions to be included in the new proxy certificate. Can be null. If delegation mode is GSIConstants.GSI_3_RESTRICTED_PROXY then ProxyCertInfoExtension must be present in the extension set.; cnValue - the value of the CN component of the subject of the new proxy credential. If null, the defaults will be used depending on the proxy certificate type created.
Returns:: GlobusCredential the new proxy credential.
Throws:: java.security.GeneralSecurityException - if a security error occurs.
See Also:: createProxyCertificate

createCertificateRequest

public byte[] createCertificateRequest(java.lang.String subject,
                                       java.security.KeyPair keyPair)
                                throws java.security.GeneralSecurityException

Creates a certificate request from the specified subject DN and a key pair. The "MD5WithRSAEncryption" is used as the signing algorithm of the certificate request.

Parameters:: subject - the subject of the certificate request; keyPair - the key pair of the certificate request
Returns:: the certificate request.
Throws:: java.security.GeneralSecurityException - if security error occurs.

createCertificateRequest

public byte[] createCertificateRequest(java.security.cert.X509Certificate cert,
                                       java.security.KeyPair keyPair)
                                throws java.security.GeneralSecurityException

Creates a certificate request from the specified certificate and a key pair. The certificate's subject DN with "CN=proxy" name component appended to the subject is used as the subject of the certificate request. Also the certificate's signing algorithm is used as the certificate request signing algorithm.

Parameters:: cert - the certificate to create the certificate request from.; keyPair - the key pair of the certificate request
Returns:: the certificate request.
Throws:: java.security.GeneralSecurityException - if security error occurs.

createCertificateRequest

public byte[] createCertificateRequest(org.bouncycastle.asn1.x509.X509Name subjectDN,
                                       java.lang.String sigAlgName,
                                       java.security.KeyPair keyPair)
                                throws java.security.GeneralSecurityException

Creates a certificate request from the specified subject name, signing algorithm, and a key pair.

Parameters:: subjectDN - the subject name of the certificate request.; sigAlgName - the signing algorithm name.; keyPair - the key pair of the certificate request
Returns:: the certificate request.
Throws:: java.security.GeneralSecurityException - if security error occurs.

createProxyCertificate

public java.security.cert.X509Certificate createProxyCertificate(java.lang.String provider,
                                                                 java.security.cert.X509Certificate issuerCert,
                                                                 java.security.PrivateKey issuerKey,
                                                                 java.security.PublicKey publicKey,
                                                                 int lifetime,
                                                                 int proxyType,
                                                                 org.globus.gsi.X509ExtensionSet extSet,
                                                                 java.lang.String cnValue,
                                                                 java.lang.String signatureAlgorithm)
                                                          throws java.security.GeneralSecurityException

Creates a proxy certificate. A set of X.509 extensions can be optionally included in the new proxy certificate.
If a GSI-2 proxy is created, the serial number of the proxy certificate will be the same as of the issuing certificate. Also, none of the extensions in the issuing certificate will be copied into the proxy certificate.
If a GSI-3 proxy is created, the serial number of the proxy certificate will be picked randomly. If the issuing certificate contains a KeyUsage extension, the extension will be copied into the proxy certificate with keyCertSign and nonRepudiation bits turned off. No other extensions are currently copied.

Parameters:: issuerCert - the issuing certificate; issuerKey - private key matching the public key of issuer certificate. The new proxy certificate will be signed by that key.; publicKey - the public key of the new certificate; lifetime - lifetime of the new certificate in seconds. If 0 (or less then) the new certificate will have the same lifetime as the issuing certificate.; proxyType - can be one of GSIConstants.DELEGATION_LIMITED, GSIConstants.DELEGATION_FULL, GSIConstants.GSI_2_LIMITED_PROXY, GSIConstants.GSI_2_PROXY, GSIConstants.GSI_3_IMPERSONATION_PROXY, GSIConstants.GSI_3_LIMITED_PROXY, GSIConstants.GSI_3_INDEPENDENT_PROXY, GSIConstants.GSI_3_RESTRICTED_PROXY. If GSIConstants.DELEGATION_LIMITED and if CertUtil.isGsi3Enabled returns true then a GSI-3 limited proxy will be created. If not, a GSI-2 limited proxy will be created. If GSIConstants.DELEGATION_FULL and if CertUtil.isGsi3Enabled returns true then a GSI-3 impersonation proxy will be created. If not, a GSI-2 full proxy will be created.; extSet - a set of X.509 extensions to be included in the new proxy certificate. Can be null. If delegation mode is GSIConstants.GSI_3_RESTRICTED_PROXY then ProxyCertInfoExtension must be present in the extension set.; cnValue - the value of the CN component of the subject of the new certificate. If null, the defaults will be used depending on the proxy certificate type created.
Returns:: X509Certificate the new proxy certificate.
Throws:: java.security.GeneralSecurityException - if a security error occurs.

createProxyCertificate

public java.security.cert.X509Certificate createProxyCertificate(java.lang.String provider,
                                                                 java.security.cert.X509Certificate issuerCert,
                                                                 java.security.PrivateKey issuerKey,
                                                                 java.security.PublicKey publicKey,
                                                                 int lifetime,
                                                                 int proxyType,
                                                                 org.globus.gsi.proxy.ext.ProxyCertInfo proxyCertInfo,
                                                                 java.lang.String cnValue,
                                                                 java.lang.String signatureAlgorithm)
                                                          throws java.security.GeneralSecurityException

Deprecated. Please use createProxyCertificate() instead. The ProxyCertInfo parameter can be passed in the X509ExtensionSet using ProxyCertInfoExtension class.

Throws:: java.security.GeneralSecurityException

createCredential

public org.globus.gsi.GlobusCredential createCredential(java.lang.String provider,
                                                        java.security.cert.X509Certificate[] certs,
                                                        java.security.PrivateKey privateKey,
                                                        int bits,
                                                        int lifetime,
                                                        int delegationMode,
                                                        org.globus.gsi.proxy.ext.ProxyCertInfo proxyCertInfoExt,
                                                        java.lang.String cnValue)
                                                 throws java.security.GeneralSecurityException

Deprecated. Please use createCredential() instead. The ProxyCertInfo parameter can be passed in the X509ExtensionSet using ProxyCertInfoExtension class.

Throws:: java.security.GeneralSecurityException

createCredential

public org.globus.gsi.GlobusCredential createCredential(java.lang.String provider,
                                                        java.security.cert.X509Certificate[] certs,
                                                        java.security.PrivateKey privateKey,
                                                        int bits,
                                                        int lifetime,
                                                        int delegationMode,
                                                        org.globus.gsi.proxy.ext.ProxyCertInfo proxyCertInfoExt)
                                                 throws java.security.GeneralSecurityException

Deprecated.

Throws:: java.security.GeneralSecurityException
See Also:: createCredential

createCertificate

public java.security.cert.X509Certificate createCertificate(java.lang.String provider,
                                                            java.io.InputStream certRequestInputStream,
                                                            java.security.cert.X509Certificate cert,
                                                            java.security.PrivateKey privateKey,
                                                            int lifetime,
                                                            int delegationMode,
                                                            org.globus.gsi.proxy.ext.ProxyCertInfo proxyCertInfoExt,
                                                            java.lang.String cnValue)
                                                     throws java.io.IOException,
                                                            java.security.GeneralSecurityException

Deprecated. Please use createCertificate() instead. The ProxyCertInfo parameter can be passed in the X509ExtensionSet using ProxyCertInfoExtension class.

Throws:: java.io.IOException; java.security.GeneralSecurityException

createCertificate

public java.security.cert.X509Certificate createCertificate(java.lang.String provider,
                                                            java.io.InputStream certRequestInputStream,
                                                            java.security.cert.X509Certificate cert,
                                                            java.security.PrivateKey privateKey,
                                                            int lifetime,
                                                            int delegationMode,
                                                            org.globus.gsi.proxy.ext.ProxyCertInfo proxyCertInfoExt)
                                                     throws java.io.IOException,
                                                            java.security.GeneralSecurityException

Deprecated.

Throws:: java.io.IOException; java.security.GeneralSecurityException
See Also:: createCertificate

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

gov.nih.nci.cagrid.gridca.common Class BouncyCastleCertProcessingFactory

BouncyCastleCertProcessingFactory

getDefault

createCertificate

createCertificate

createCertificate

loadCertificate

createCredential

createCredential

createCredential

createCertificateRequest

createCertificateRequest

createCertificateRequest

createProxyCertificate

createProxyCertificate

createCredential

createCredential

createCertificate

createCertificate

gov.nih.nci.cagrid.gridca.common
Class BouncyCastleCertProcessingFactory