eu.emi.security.authn.x509.helpers.proxy

Class ProxyGeneratorHelper

java.lang.Object

eu.emi.security.authn.x509.helpers.proxy.ProxyGeneratorHelper

public class ProxyGeneratorHelper
extends java.lang.Object

Actual implementation of the Proxy generation. The object is for one use only, i.e. it should not be reused to generate first certificate. It is strongly suggested to use ProxyGenerator.

Field Summary

Fields

Modifier and Type	Field and Description
private X509v3CertificateBuilder	certBuilder
private java.security.cert.X509Certificate	proxy
private java.security.PrivateKey	proxyPrivateKey
private org.bouncycastle.asn1.x509.SubjectPublicKeyInfo	proxyPublicKeyInfo

Constructor Summary

Constructors

Constructor and Description
ProxyGeneratorHelper()

Method Summary

Modifier and Type	Method and Description
private void	addExtensions(BaseProxyCertificateOptions param)
private void	buildCertificate(java.security.cert.X509Certificate issuingCert, java.security.PrivateKey privateKey)
private void	establishKeys(ProxyCertificateOptions param)
private org.bouncycastle.asn1.x509.KeyUsage	establishKeyUsage(BaseProxyCertificateOptions param)
static java.math.BigInteger	establishSerial(BaseProxyCertificateOptions param) For LEGACY proxies returns the serial from the issuing certificate.
ProxyCertificate	generate(ProxyCertificateOptions param, java.security.PrivateKey privateKey) Generate the proxy certificate object from the local certificate.
java.security.cert.X509Certificate[]	generate(ProxyRequestOptions param, java.security.PrivateKey privateKey) Generate the proxy certificate object from the received Certificate Signing Request.
private ProxyCertificate	generateCommon(BaseProxyCertificateOptions param, java.security.PrivateKey privateKey)
static org.bouncycastle.asn1.x500.X500Name	generateDN(javax.security.auth.x500.X500Principal parentSubject, ProxyType type, boolean limited, java.math.BigInteger serial) Generate a correct DN for the proxy, depending on its type.
static java.security.KeyPair	generateKeyPair(int len)
static java.lang.Integer	getChainKeyUsage(java.security.cert.X509Certificate[] chain) If the input chain has no KeyUsage extension null is returned.
private void	setupCertBuilder(BaseProxyCertificateOptions param)
private ProxyCertificate	wrapResult(java.security.cert.X509Certificate[] originalChain)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

proxyPublicKeyInfo

private org.bouncycastle.asn1.x509.SubjectPublicKeyInfo proxyPublicKeyInfo

proxyPrivateKey

private transient java.security.PrivateKey proxyPrivateKey

certBuilder

private X509v3CertificateBuilder certBuilder

proxy

private java.security.cert.X509Certificate proxy

Constructor Detail

ProxyGeneratorHelper

public ProxyGeneratorHelper()

Method Detail

generate

public ProxyCertificate generate(ProxyCertificateOptions param,
                                 java.security.PrivateKey privateKey)
                          throws java.security.InvalidKeyException,
                                 java.security.SignatureException,
                                 java.security.NoSuchAlgorithmException,
                                 java.security.cert.CertificateParsingException,
                                 java.io.IOException

Generate the proxy certificate object from the local certificate.

Parameters:

param - proxy parameters

privateKey - key to sign the proxy

Returns:

a newly created proxy certificate, wrapped together with a private key if it was also generated.

Throws:

java.security.InvalidKeyException - invalid key exception

java.security.SignatureException - signature exception

java.security.NoSuchAlgorithmException - no such algorithm exception

java.security.cert.CertificateParsingException - certificate parsing exception

java.io.IOException - IO exception

generate

public java.security.cert.X509Certificate[] generate(ProxyRequestOptions param,
                                                     java.security.PrivateKey privateKey)
                                              throws java.security.InvalidKeyException,
                                                     java.security.SignatureException,
                                                     java.security.NoSuchAlgorithmException,
                                                     java.security.cert.CertificateParsingException,
                                                     java.io.IOException

Generate the proxy certificate object from the received Certificate Signing Request.

Parameters:

param - proxy parameters

privateKey - key to sign the proxy

Returns:

chain with the new proxy on the first position

Throws:

java.security.InvalidKeyException - invalid key exception

java.security.SignatureException - signature exception

java.security.NoSuchAlgorithmException - no such algorithm exception

java.security.cert.CertificateParsingException - certificate encoding exception

java.io.IOException - IO exception

generateCommon

private ProxyCertificate generateCommon(BaseProxyCertificateOptions param,
                                        java.security.PrivateKey privateKey)
                                 throws java.security.InvalidKeyException,
                                        java.security.SignatureException,
                                        java.security.NoSuchAlgorithmException,
                                        java.security.cert.CertificateParsingException,
                                        java.io.IOException

Throws:

java.security.InvalidKeyException

java.security.SignatureException

java.security.NoSuchAlgorithmException

java.security.cert.CertificateParsingException

java.io.IOException

establishKeys

private void establishKeys(ProxyCertificateOptions param)
                    throws java.security.InvalidKeyException

Throws:

java.security.InvalidKeyException

setupCertBuilder

private void setupCertBuilder(BaseProxyCertificateOptions param)
                       throws java.security.InvalidKeyException

Throws:

java.security.InvalidKeyException

getChainKeyUsage

public static java.lang.Integer getChainKeyUsage(java.security.cert.X509Certificate[] chain)

If the input chain has no KeyUsage extension null is returned. If at least one certificate in the chain has the Key Usage extension then a KeyUsage is returned which contains bitwise AND of KeyUsage flags from all certificates. The CA certificates are ignored in the computation.

Parameters:

chain - certificate chain

Returns:

chain key usage

establishKeyUsage

private org.bouncycastle.asn1.x509.KeyUsage establishKeyUsage(BaseProxyCertificateOptions param)

addExtensions

private void addExtensions(BaseProxyCertificateOptions param)
                    throws java.io.IOException

Throws:

java.io.IOException

buildCertificate

private void buildCertificate(java.security.cert.X509Certificate issuingCert,
                              java.security.PrivateKey privateKey)
                       throws java.security.cert.CertificateParsingException,
                              java.security.InvalidKeyException,
                              java.security.NoSuchProviderException,
                              java.security.NoSuchAlgorithmException,
                              java.security.SignatureException,
                              java.io.IOException

Throws:

java.security.cert.CertificateParsingException

java.security.InvalidKeyException

java.security.NoSuchProviderException

java.security.NoSuchAlgorithmException

java.security.SignatureException

java.io.IOException

wrapResult

private ProxyCertificate wrapResult(java.security.cert.X509Certificate[] originalChain)
                             throws java.security.InvalidKeyException

Throws:

java.security.InvalidKeyException

establishSerial

public static java.math.BigInteger establishSerial(BaseProxyCertificateOptions param)

For LEGACY proxies returns the serial from the issuing certificate. For the Draft/rfc proxies returns the manually set serial, or generateas a random one if not set.

Parameters:

param - proxy certificate options

Returns:

serial number

generateDN

public static org.bouncycastle.asn1.x500.X500Name generateDN(javax.security.auth.x500.X500Principal parentSubject,
                                                             ProxyType type,
                                                             boolean limited,
                                                             java.math.BigInteger serial)

Generate a correct DN for the proxy, depending on its type.

Parameters:

parentSubject - parent subject

type - proxy type

limited - true if limited proxy

serial - serial number

Returns:

generated proxy DN

generateKeyPair

public static java.security.KeyPair generateKeyPair(int len)