public final class CertificateUtil
extends java.lang.Object
Modifier and Type | Field and Description |
---|---|
static int |
CRL_SIGN |
static int |
DATA_ENCIPHERMENT |
static int |
DECIPHER_ONLY |
static int |
DEFAULT_USAGE_LENGTH |
static int |
DIGITAL_SIGNATURE |
static int |
ENCIPHER_ONLY |
static int |
KEY_AGREEMENT |
static int |
KEY_CERTSIGN |
static int |
KEY_ENCIPHERMENT |
static int |
NON_REPUDIATION |
Modifier and Type | Method and Description |
---|---|
static java.security.KeyPair |
generateKeyPair(java.lang.String algorithm,
int bits)
Generates a key pair of given algorithm and strength.
|
static org.bouncycastle.asn1.x509.BasicConstraints |
getBasicConstraints(org.bouncycastle.asn1.x509.X509Extension ext)
Creates a
BasicConstraints object from given extension. |
static int |
getCAPathConstraint(org.bouncycastle.asn1.x509.TBSCertificateStructure crt)
Return CA Path constraint
|
static GSIConstants.CertificateType |
getCertificateType(org.bouncycastle.asn1.x509.TBSCertificateStructure crt)
Returns certificate type of the given TBS certificate.
|
static java.security.cert.CertPath |
getCertPath(java.security.cert.X509Certificate[] certs) |
static org.bouncycastle.asn1.ASN1Primitive |
getExtensionObject(org.bouncycastle.asn1.x509.X509Extension ext)
Extracts the value of a certificate extension.
|
static boolean[] |
getKeyUsage(org.bouncycastle.asn1.x509.TBSCertificateStructure crt) |
static boolean[] |
getKeyUsage(org.bouncycastle.asn1.x509.X509Extension ext)
Gets a boolean array representing bits of the KeyUsage extension.
|
static org.bouncycastle.asn1.x509.TBSCertificateStructure |
getTBSCertificateStructure(java.security.cert.X509Certificate cert)
Extracts the TBS certificate from the given certificate.
|
static void |
init()
A no-op function that can be used to force the class
to load and initialize.
|
static void |
installSecureRandomProvider()
Installs SecureRandom provider.
|
static void |
setProvider(java.lang.String providerName)
Sets a provider name to use for loading certificates
and for generating key pairs.
|
static org.bouncycastle.asn1.ASN1Primitive |
toASN1Primitive(byte[] data)
Converts the DER-encoded byte array into a
DERObject . |
static java.lang.String |
toGlobusID(java.security.Principal name)
Converts the specified principal into Globus format.
|
static java.lang.String |
toGlobusID(java.lang.String dn)
Converts DN of the form "CN=A, OU=B, O=C" into Globus
format "/CN=A/OU=B/O=C".
This function might return incorrect Globus-formatted ID when one of the RDNs in the DN contains commas. |
static java.lang.String |
toGlobusID(java.lang.String dn,
boolean noreverse)
Converts DN of the form "CN=A, OU=B, O=C" into Globus
format "/CN=A/OU=B/O=C" or "/O=C/OU=B/CN=A" depending on the
noreverse option. |
static java.lang.String |
toGlobusID(javax.security.auth.x500.X500Principal principal)
Converts DN of the form "CN=A, OU=B, O=C" into Globus format
"/O=C/OU=B/CN=A"
This function might return incorrect Globus-formatted ID when one of the RDNs in the DN contains commas. |
static javax.security.auth.x500.X500Principal |
toPrincipal(java.lang.String globusID)
Converts Globus DN format "/O=C/OU=B/CN=A" into an X500Principal
representation, which accepts RFC 2253 or 1779 formatted DN's and also
attribute types as defined in RFC 2459 (e.g.
|
public static final int DIGITAL_SIGNATURE
public static final int NON_REPUDIATION
public static final int KEY_ENCIPHERMENT
public static final int DATA_ENCIPHERMENT
public static final int KEY_AGREEMENT
public static final int KEY_CERTSIGN
public static final int CRL_SIGN
public static final int ENCIPHER_ONLY
public static final int DECIPHER_ONLY
public static final int DEFAULT_USAGE_LENGTH
public static void init()
public static void setProvider(java.lang.String providerName)
providerName
- provider name to use.public static void installSecureRandomProvider()
public static int getCAPathConstraint(org.bouncycastle.asn1.x509.TBSCertificateStructure crt) throws java.io.IOException
crt
- java.io.IOException
public static java.security.KeyPair generateKeyPair(java.lang.String algorithm, int bits) throws java.security.GeneralSecurityException
algorithm
- the algorithm of the key pair.bits
- the strengthKeyPair
the generated key pair.java.security.GeneralSecurityException
- if something goes wrong.public static GSIConstants.CertificateType getCertificateType(org.bouncycastle.asn1.x509.TBSCertificateStructure crt) throws java.security.cert.CertificateException, java.io.IOException
CertificateType.CA
only if the certificate contains a
BasicConstraints extension and it is marked as CA.CertificateType.GSI_2_PROXY
) or "CN=limited proxy" (certificate
type CertificateType.LIMITED_PROXY
) component and the issuer DN of the
certificate matches the subject DN without the last proxy CN
component.ProxyCertInfo
critical extension. The certificate type is CertificateType.GSI_3_IMPERSONATION_PROXY
if the policy language of the
ProxyCertInfo
extension is set to ProxyPolicy.IMPERSONATION
OID. The certificate type is CertificateType.GSI_3_LIMITED_PROXY
if the policy language of the ProxyCertInfo
extension
is set to ProxyPolicy.LIMITED
OID. The certificate type is CertificateType.GSI_3_INDEPENDENT_PROXY
if the policy language of the
ProxyCertInfo
extension is set to ProxyPolicy.INDEPENDENT
OID. The certificate type is CertificateType.GSI_3_RESTRICTED_PROXY
if the policy language of the
ProxyCertInfo
extension is set to any other OID then the above.CertificateType.EEC
if the certificate is not a CA certificate or a
GSI-2 or GSI-3 proxy.crt
- the TBS certificate to get the type of.java.io.IOException
- if something goes wrong.java.security.cert.CertificateException
- for proxy certificates, if the issuer DN of
the certificate does not match the subject DN
of the certificate without the last CN
component. Also, for GSI-3 proxies when the
ProxyCertInfo
extension is not
marked as critical.public static org.bouncycastle.asn1.x509.BasicConstraints getBasicConstraints(org.bouncycastle.asn1.x509.X509Extension ext) throws java.io.IOException
BasicConstraints
object from given extension.ext
- the extension.BasicConstraints
object.java.io.IOException
- if something fails.public static org.bouncycastle.asn1.ASN1Primitive toASN1Primitive(byte[] data) throws java.io.IOException
DERObject
.data
- the DER-encoded byte array to convert.java.io.IOException
- if conversion failspublic static org.bouncycastle.asn1.x509.TBSCertificateStructure getTBSCertificateStructure(java.security.cert.X509Certificate cert) throws java.security.cert.CertificateEncodingException, java.io.IOException
cert
- the X.509 certificate to extract the TBS certificate from.java.io.IOException
- if extraction fails.java.security.cert.CertificateEncodingException
- if extraction fails.public static boolean[] getKeyUsage(org.bouncycastle.asn1.x509.TBSCertificateStructure crt) throws java.io.IOException
java.io.IOException
public static boolean[] getKeyUsage(org.bouncycastle.asn1.x509.X509Extension ext) throws java.io.IOException
java.io.IOException
- if failed to extract the KeyUsage extension value.X509Certificate.getKeyUsage()
public static org.bouncycastle.asn1.ASN1Primitive getExtensionObject(org.bouncycastle.asn1.x509.X509Extension ext) throws java.io.IOException
ext
- the certificate extension to extract the value from.java.io.IOException
- if extraction fails.public static java.lang.String toGlobusID(java.lang.String dn)
dn
- the DN to convert to Globus format.toGlobusID(String, boolean)
public static java.lang.String toGlobusID(java.lang.String dn, boolean noreverse)
noreverse
option. If noreverse
is true
the order of the DN components is not reveresed - "/CN=A/OU=B/O=C" is
returned. If noreverse
is false, the order of the
DN components is reversed - "/O=C/OU=B/CN=A" is returned. dn
- the DN to convert to Globus format.noreverse
- the direction of the conversion.public static java.lang.String toGlobusID(java.security.Principal name)
toGlobusID()
function.name
- the principal to convert to Globus format.toGlobusID(String)
public static java.lang.String toGlobusID(javax.security.auth.x500.X500Principal principal)
public static javax.security.auth.x500.X500Principal toPrincipal(java.lang.String globusID)
globusID
- DN in Globus formatpublic static java.security.cert.CertPath getCertPath(java.security.cert.X509Certificate[] certs) throws java.security.cert.CertificateException
java.security.cert.CertificateException
Copyright © 2013. All Rights Reserved.