Class ProxyGeneratorHelper
- java.lang.Object
-
- eu.emi.security.authn.x509.helpers.proxy.ProxyGeneratorHelper
-
public class ProxyGeneratorHelper extends java.lang.ObjectActual implementation of the Proxy generation. The object is for one use only, i.e. it should not be reused to generate first certificate. It is strongly suggested to useProxyGenerator.
-
-
Field Summary
Fields Modifier and Type Field Description private X509v3CertificateBuildercertBuilderprivate java.security.cert.X509Certificateproxyprivate java.security.PrivateKeyproxyPrivateKeyprivate org.bouncycastle.asn1.x509.SubjectPublicKeyInfoproxyPublicKeyInfo
-
Constructor Summary
Constructors Constructor Description ProxyGeneratorHelper()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description private voidaddExtensions(BaseProxyCertificateOptions param)private voidbuildCertificate(java.security.cert.X509Certificate issuingCert, java.security.PrivateKey privateKey)private voidestablishKeys(ProxyCertificateOptions param)private org.bouncycastle.asn1.x509.KeyUsageestablishKeyUsage(BaseProxyCertificateOptions param)static java.math.BigIntegerestablishSerial(BaseProxyCertificateOptions param)For LEGACY proxies returns the serial from the issuing certificate.ProxyCertificategenerate(ProxyCertificateOptions param, java.security.PrivateKey privateKey)Generate the proxy certificate object from the local certificate.java.security.cert.X509Certificate[]generate(ProxyRequestOptions param, java.security.PrivateKey privateKey)Generate the proxy certificate object from the received Certificate Signing Request.private ProxyCertificategenerateCommon(BaseProxyCertificateOptions param, java.security.PrivateKey privateKey)static org.bouncycastle.asn1.x500.X500NamegenerateDN(javax.security.auth.x500.X500Principal parentSubject, ProxyType type, boolean limited, java.math.BigInteger serial)Generate a correct DN for the proxy, depending on its type.static java.security.KeyPairgenerateKeyPair(int len)static java.lang.IntegergetChainKeyUsage(java.security.cert.X509Certificate[] chain)If the input chain has no KeyUsage extension null is returned.private voidsetupCertBuilder(BaseProxyCertificateOptions param)private ProxyCertificatewrapResult(java.security.cert.X509Certificate[] originalChain)
-
-
-
Field Detail
-
proxyPublicKeyInfo
private org.bouncycastle.asn1.x509.SubjectPublicKeyInfo proxyPublicKeyInfo
-
proxyPrivateKey
private transient java.security.PrivateKey proxyPrivateKey
-
certBuilder
private X509v3CertificateBuilder certBuilder
-
proxy
private java.security.cert.X509Certificate proxy
-
-
Method Detail
-
generate
public ProxyCertificate generate(ProxyCertificateOptions param, java.security.PrivateKey privateKey) throws java.security.InvalidKeyException, java.security.SignatureException, java.security.NoSuchAlgorithmException, java.security.cert.CertificateParsingException, java.io.IOException
Generate the proxy certificate object from the local certificate.- Parameters:
param- proxy parametersprivateKey- key to sign the proxy- Returns:
- a newly created proxy certificate, wrapped together with a private key if it was also generated.
- Throws:
java.security.InvalidKeyException- invalid key exceptionjava.security.SignatureException- signature exceptionjava.security.NoSuchAlgorithmException- no such algorithm exceptionjava.security.cert.CertificateParsingException- certificate parsing exceptionjava.io.IOException- IO exception
-
generate
public java.security.cert.X509Certificate[] generate(ProxyRequestOptions param, java.security.PrivateKey privateKey) throws java.security.InvalidKeyException, java.security.SignatureException, java.security.NoSuchAlgorithmException, java.security.cert.CertificateParsingException, java.io.IOException
Generate the proxy certificate object from the received Certificate Signing Request.- Parameters:
param- proxy parametersprivateKey- key to sign the proxy- Returns:
- chain with the new proxy on the first position
- Throws:
java.security.InvalidKeyException- invalid key exceptionjava.security.SignatureException- signature exceptionjava.security.NoSuchAlgorithmException- no such algorithm exceptionjava.security.cert.CertificateParsingException- certificate encoding exceptionjava.io.IOException- IO exception
-
generateCommon
private ProxyCertificate generateCommon(BaseProxyCertificateOptions param, java.security.PrivateKey privateKey) throws java.security.InvalidKeyException, java.security.SignatureException, java.security.NoSuchAlgorithmException, java.security.cert.CertificateParsingException, java.io.IOException
- Throws:
java.security.InvalidKeyExceptionjava.security.SignatureExceptionjava.security.NoSuchAlgorithmExceptionjava.security.cert.CertificateParsingExceptionjava.io.IOException
-
establishKeys
private void establishKeys(ProxyCertificateOptions param) throws java.security.InvalidKeyException
- Throws:
java.security.InvalidKeyException
-
setupCertBuilder
private void setupCertBuilder(BaseProxyCertificateOptions param) throws java.security.InvalidKeyException
- Throws:
java.security.InvalidKeyException
-
getChainKeyUsage
public static java.lang.Integer getChainKeyUsage(java.security.cert.X509Certificate[] chain)
If the input chain has no KeyUsage extension null is returned. If at least one certificate in the chain has the Key Usage extension then a KeyUsage is returned which contains bitwise AND of KeyUsage flags from all certificates. The CA certificates are ignored in the computation.- Parameters:
chain- certificate chain- Returns:
- chain key usage
-
establishKeyUsage
private org.bouncycastle.asn1.x509.KeyUsage establishKeyUsage(BaseProxyCertificateOptions param)
-
addExtensions
private void addExtensions(BaseProxyCertificateOptions param) throws java.io.IOException
- Throws:
java.io.IOException
-
buildCertificate
private void buildCertificate(java.security.cert.X509Certificate issuingCert, java.security.PrivateKey privateKey) throws java.security.cert.CertificateParsingException, java.security.InvalidKeyException, java.security.NoSuchProviderException, java.security.NoSuchAlgorithmException, java.security.SignatureException, java.io.IOException- Throws:
java.security.cert.CertificateParsingExceptionjava.security.InvalidKeyExceptionjava.security.NoSuchProviderExceptionjava.security.NoSuchAlgorithmExceptionjava.security.SignatureExceptionjava.io.IOException
-
wrapResult
private ProxyCertificate wrapResult(java.security.cert.X509Certificate[] originalChain) throws java.security.InvalidKeyException
- Throws:
java.security.InvalidKeyException
-
establishSerial
public static java.math.BigInteger establishSerial(BaseProxyCertificateOptions param)
For LEGACY proxies returns the serial from the issuing certificate. For the Draft/rfc proxies returns the manually set serial, or generateas a random one if not set.- Parameters:
param- proxy certificate options- Returns:
- serial number
-
generateDN
public static org.bouncycastle.asn1.x500.X500Name generateDN(javax.security.auth.x500.X500Principal parentSubject, ProxyType type, boolean limited, java.math.BigInteger serial)Generate a correct DN for the proxy, depending on its type.- Parameters:
parentSubject- parent subjecttype- proxy typelimited- true if limited proxyserial- serial number- Returns:
- generated proxy DN
-
generateKeyPair
public static java.security.KeyPair generateKeyPair(int len)
-
-