|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.glite.security.util.proxy.ProxyCertificateGenerator
public class ProxyCertificateGenerator
A class to make proxy certificates.
Field Summary | |
---|---|
static int |
DEFAULT_KEY_LENGTH
The default key length for the proxy (1024 bits). |
static int |
DEFAULT_PROXY_TYPE
The default proxy type if none is set and the cert given is end entity cert. |
Constructor Summary | |
---|---|
ProxyCertificateGenerator(java.security.cert.X509Certificate parentCert)
Create a new proxy cert generator based on the parent cert. |
|
ProxyCertificateGenerator(java.security.cert.X509Certificate[] parentCertChain)
Create a new proxy cert generator based on the parent cert chain. |
|
ProxyCertificateGenerator(java.security.cert.X509Certificate[] parentCertChain,
org.bouncycastle.jce.PKCS10CertificationRequest certReq)
Create a new proxy cert generator based on certification request and a certificate chain. |
|
ProxyCertificateGenerator(java.security.cert.X509Certificate parentCert,
org.bouncycastle.jce.PKCS10CertificationRequest certReq)
Create a new proxy cert generator based on certification request and a certificate. |
Method Summary | |
---|---|
void |
addExtension(java.lang.String oid,
boolean critical,
org.bouncycastle.asn1.DEREncodable value)
Add an extension to the proxy certificate to be generated. |
void |
generate(java.security.PrivateKey privateKey)
Generate the proxy certificate object. |
org.bouncycastle.asn1.x509.X509Name |
generateDN(org.bouncycastle.asn1.x509.X509Name basename,
java.lang.String inputCN,
boolean limited)
Generates a new proxy DN based on the basename. |
java.security.cert.X509Certificate[] |
getCertChain()
Returns the certificate chain of the proxy. |
java.lang.String |
getCertChainAsPEM()
Gives the certificate chain containing the proxy in PEM format. |
java.security.PrivateKey |
getPrivateKey()
Returns the generated or set private key of this proxy. |
java.lang.String |
getPrivateKeyAsPEM()
Gives the private key of the proxy if the keys were generated or set using setPrivateKey. |
java.lang.String |
getProxyAsPEM()
Gives the proxy credentials in PEM encoded certificate chain containing the private key in unencrypted format. |
void |
setKeyLength(int length)
Sets the length of the keys to be generated, only used if the keys are not set separately. |
void |
setLifetime(int lifetime)
Set the proxy lifetime. |
void |
setLimited()
Defines that the resulting proxy will be limited proxy, meaning job submission with is prevented. |
void |
setPolicy(java.lang.String oid,
org.bouncycastle.asn1.DEROctetString octets)
Set the RFC proxy proxy extension policy OID and octets of the policy. |
void |
setProxyPathLimit(int pathLen)
Sets the proxy path length limit of this certificate. |
void |
setProxySourceRestrictions(ProxyRestrictionData data)
Sets the proxy source restriction data. |
void |
setProxyTargetRestrictions(ProxyRestrictionData data)
Sets the proxy target restriction data. |
void |
setProxyTracingIssuer(java.lang.String url)
Sets the issuer URL for the proxy tracing. |
void |
setProxyTracingSubject(java.lang.String url)
Sets the subject URL for the proxy tracing. |
void |
setSerialNumber(java.math.BigInteger sn)
Sets the new proxy serial number. |
void |
setType(int type)
Used to set the type of the proxy. |
Methods inherited from class java.lang.Object |
---|
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final int DEFAULT_PROXY_TYPE
public static final int DEFAULT_KEY_LENGTH
Constructor Detail |
---|
public ProxyCertificateGenerator(java.security.cert.X509Certificate[] parentCertChain)
parentCertChain
- the parent certificate chain of the proxy.public ProxyCertificateGenerator(java.security.cert.X509Certificate parentCert)
parentCert
- the parent certificate chain of the proxy.public ProxyCertificateGenerator(java.security.cert.X509Certificate[] parentCertChain, org.bouncycastle.jce.PKCS10CertificationRequest certReq) throws java.security.InvalidKeyException, java.security.NoSuchAlgorithmException, java.security.NoSuchProviderException
parentCertChain
- The parent cert chain of the proxy.certReq
- The certification request to generate the certificate from.
java.security.InvalidKeyException
- Thrown if the public key in the request is invalid.
java.security.NoSuchAlgorithmException
- Thrown if the request uses unsupported algorithm.
java.security.NoSuchProviderException
- Thrown if the bouncycastle provider was not found.public ProxyCertificateGenerator(java.security.cert.X509Certificate parentCert, org.bouncycastle.jce.PKCS10CertificationRequest certReq) throws java.security.InvalidKeyException, java.security.NoSuchAlgorithmException, java.security.NoSuchProviderException
parentCert
- certReq
-
java.security.NoSuchProviderException
java.security.NoSuchAlgorithmException
java.security.InvalidKeyException
Method Detail |
---|
public void setLifetime(int lifetime)
lifetime
- the lifetime in seconds. (+-5min grace period will be added to the lifetime.)public void addExtension(java.lang.String oid, boolean critical, org.bouncycastle.asn1.DEREncodable value)
oid
- the object identifier of the extension.critical
- whether the extension is critical or not.value
- The extension value.public void generate(java.security.PrivateKey privateKey) throws java.security.InvalidKeyException, java.security.SignatureException, java.security.NoSuchAlgorithmException, java.security.cert.CertificateEncodingException
privateKey
- the private key used to sign the proxy certificate.
java.security.InvalidKeyException
java.security.SignatureException
java.security.NoSuchAlgorithmException
java.security.cert.CertificateEncodingException
public java.security.cert.X509Certificate[] getCertChain()
public java.security.PrivateKey getPrivateKey()
public java.lang.String getCertChainAsPEM() throws java.io.IOException
java.io.IOException
- In case there are string manipulation problems.public java.lang.String getPrivateKeyAsPEM()
public java.lang.String getProxyAsPEM() throws java.io.IOException
java.io.IOException
- In case the string manipulations fail.public org.bouncycastle.asn1.x509.X509Name generateDN(org.bouncycastle.asn1.x509.X509Name basename, java.lang.String inputCN, boolean limited)
basename
- The DN to use as the basis of the new DN.inputCN
- If given, this is used as the new CN value.limited
- in case the newCN is not given and the basename is old style proxy, setting this to true will
generate limited proxy.
public void setType(int type) throws java.lang.IllegalArgumentException
type
- The type, see the type definitions in BasicProxyCertificate class.
java.lang.IllegalArgumentException
- In case trying to set the type to a different one than parent, if it is a proxy
certificate.public void setKeyLength(int length)
length
- The key length in bits.public void setLimited()
public void setSerialNumber(java.math.BigInteger sn)
sn
- The serial number for the new proxy.public void setPolicy(java.lang.String oid, org.bouncycastle.asn1.DEROctetString octets)
oid
- The oid of the policy language.octets
- The actual policy info encoded as DEROctetString.public void setProxyPathLimit(int pathLen)
pathLen
- The number of allowed proxy certificates in the chain allowed after this certificate.
ProxyCertInfoExtension.UNLIMITED if not set.public void setProxySourceRestrictions(ProxyRestrictionData data)
data
- The data for the source restriction extension.public void setProxyTargetRestrictions(ProxyRestrictionData data)
data
- The data for the target restriction extension.public void setProxyTracingIssuer(java.lang.String url)
url
- The proxy tracing issuer URL in String format.public void setProxyTracingSubject(java.lang.String url)
url
- The proxy tracing subject URL in String format.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |