|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Objectorg.glite.security.util.proxy.ProxyCertificateGenerator
public class ProxyCertificateGenerator
A class to make proxy certificates.
| Field Summary | |
|---|---|
static int |
DEFAULT_KEY_LENGTH
The default key length for the proxy (1024 bits). |
static int |
DEFAULT_PROXY_TYPE
The default proxy type if none is set and the cert given is end entity cert. |
| Constructor Summary | |
|---|---|
ProxyCertificateGenerator(java.security.cert.X509Certificate parentCert)
Create a new proxy cert generator based on the parent cert. |
|
ProxyCertificateGenerator(java.security.cert.X509Certificate[] parentCertChain)
Create a new proxy cert generator based on the parent cert chain. |
|
ProxyCertificateGenerator(java.security.cert.X509Certificate[] parentCertChain,
org.bouncycastle.jce.PKCS10CertificationRequest certReq)
Create a new proxy cert generator based on certification request and a certificate chain. |
|
ProxyCertificateGenerator(java.security.cert.X509Certificate parentCert,
org.bouncycastle.jce.PKCS10CertificationRequest certReq)
Create a new proxy cert generator based on certification request and a certificate. |
|
| Method Summary | |
|---|---|
void |
addExtension(java.lang.String oid,
boolean critical,
org.bouncycastle.asn1.DEREncodable value)
Add an extension to the proxy certificate to be generated. |
void |
generate(java.security.PrivateKey privateKey)
Generate the proxy certificate object. |
org.bouncycastle.asn1.x509.X509Name |
generateDN(org.bouncycastle.asn1.x509.X509Name basename,
java.lang.String inputCN,
boolean limited)
Generates a new proxy DN based on the basename. |
java.security.cert.X509Certificate[] |
getCertChain()
Returns the certificate chain of the proxy. |
java.lang.String |
getCertChainAsPEM()
Gives the certificate chain containing the proxy in PEM format. |
java.security.PrivateKey |
getPrivateKey()
Returns the generated or set private key of this proxy. |
java.lang.String |
getPrivateKeyAsPEM()
Gives the private key of the proxy if the keys were generated or set using setPrivateKey. |
java.lang.String |
getProxyAsPEM()
Gives the proxy credentials in PEM encoded certificate chain containing the private key in unencrypted format. |
void |
setKeyLength(int length)
Sets the length of the keys to be generated, only used if the keys are not set separately. |
void |
setLifetime(int lifetime)
Set the proxy lifetime. |
void |
setLimited()
Defines that the resulting proxy will be limited proxy, meaning job submission with is prevented. |
void |
setPolicy(java.lang.String oid,
org.bouncycastle.asn1.DEROctetString octets)
Set the RFC proxy proxy extension policy OID and octets of the policy. |
void |
setProxyPathLimit(int pathLen)
Sets the proxy path length limit of this certificate. |
void |
setProxySourceRestrictions(ProxyRestrictionData data)
Sets the proxy source restriction data. |
void |
setProxyTargetRestrictions(ProxyRestrictionData data)
Sets the proxy target restriction data. |
void |
setProxyTracingIssuer(java.lang.String url)
Sets the issuer URL for the proxy tracing. |
void |
setProxyTracingSubject(java.lang.String url)
Sets the subject URL for the proxy tracing. |
void |
setSerialNumber(java.math.BigInteger sn)
Sets the new proxy serial number. |
void |
setType(int type)
Used to set the type of the proxy. |
| Methods inherited from class java.lang.Object |
|---|
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
|---|
public static final int DEFAULT_PROXY_TYPE
public static final int DEFAULT_KEY_LENGTH
| Constructor Detail |
|---|
public ProxyCertificateGenerator(java.security.cert.X509Certificate[] parentCertChain)
parentCertChain - the parent certificate chain of the proxy.public ProxyCertificateGenerator(java.security.cert.X509Certificate parentCert)
parentCert - the parent certificate chain of the proxy.
public ProxyCertificateGenerator(java.security.cert.X509Certificate[] parentCertChain,
org.bouncycastle.jce.PKCS10CertificationRequest certReq)
throws java.security.InvalidKeyException,
java.security.NoSuchAlgorithmException,
java.security.NoSuchProviderException
parentCertChain - The parent cert chain of the proxy.certReq - The certification request to generate the certificate from.
java.security.InvalidKeyException - Thrown if the public key in the request is invalid.
java.security.NoSuchAlgorithmException - Thrown if the request uses unsupported algorithm.
java.security.NoSuchProviderException - Thrown if the bouncycastle provider was not found.
public ProxyCertificateGenerator(java.security.cert.X509Certificate parentCert,
org.bouncycastle.jce.PKCS10CertificationRequest certReq)
throws java.security.InvalidKeyException,
java.security.NoSuchAlgorithmException,
java.security.NoSuchProviderException
parentCert - certReq -
java.security.NoSuchProviderException
java.security.NoSuchAlgorithmException
java.security.InvalidKeyException| Method Detail |
|---|
public void setLifetime(int lifetime)
lifetime - the lifetime in seconds. (+-5min grace period will be added to the lifetime.)
public void addExtension(java.lang.String oid,
boolean critical,
org.bouncycastle.asn1.DEREncodable value)
oid - the object identifier of the extension.critical - whether the extension is critical or not.value - The extension value.
public void generate(java.security.PrivateKey privateKey)
throws java.security.InvalidKeyException,
java.security.SignatureException,
java.security.NoSuchAlgorithmException,
java.security.cert.CertificateEncodingException
privateKey - the private key used to sign the proxy certificate.
java.security.InvalidKeyException
java.security.SignatureException
java.security.NoSuchAlgorithmException
java.security.cert.CertificateEncodingExceptionpublic java.security.cert.X509Certificate[] getCertChain()
public java.security.PrivateKey getPrivateKey()
public java.lang.String getCertChainAsPEM()
throws java.io.IOException
java.io.IOException - In case there are string manipulation problems.public java.lang.String getPrivateKeyAsPEM()
public java.lang.String getProxyAsPEM()
throws java.io.IOException
java.io.IOException - In case the string manipulations fail.
public org.bouncycastle.asn1.x509.X509Name generateDN(org.bouncycastle.asn1.x509.X509Name basename,
java.lang.String inputCN,
boolean limited)
basename - The DN to use as the basis of the new DN.inputCN - If given, this is used as the new CN value.limited - in case the newCN is not given and the basename is old style proxy, setting this to true will
generate limited proxy.
public void setType(int type)
throws java.lang.IllegalArgumentException
type - The type, see the type definitions in BasicProxyCertificate class.
java.lang.IllegalArgumentException - In case trying to set the type to a different one than parent, if it is a proxy
certificate.public void setKeyLength(int length)
length - The key length in bits.public void setLimited()
public void setSerialNumber(java.math.BigInteger sn)
sn - The serial number for the new proxy.
public void setPolicy(java.lang.String oid,
org.bouncycastle.asn1.DEROctetString octets)
oid - The oid of the policy language.octets - The actual policy info encoded as DEROctetString.public void setProxyPathLimit(int pathLen)
pathLen - The number of allowed proxy certificates in the chain allowed after this certificate.
ProxyCertInfoExtension.UNLIMITED if not set.public void setProxySourceRestrictions(ProxyRestrictionData data)
data - The data for the source restriction extension.public void setProxyTargetRestrictions(ProxyRestrictionData data)
data - The data for the target restriction extension.public void setProxyTracingIssuer(java.lang.String url)
url - The proxy tracing issuer URL in String format.public void setProxyTracingSubject(java.lang.String url)
url - The proxy tracing subject URL in String format.
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||