org.globus.gsi.bc
Class BouncyCastleCertProcessingFactory

java.lang.Object
  extended by org.globus.gsi.bc.BouncyCastleCertProcessingFactory

public class BouncyCastleCertProcessingFactory
extends java.lang.Object

Provides certificate processing API such as creating new certificates, certificate requests, etc.


Constructor Summary
protected BouncyCastleCertProcessingFactory()
           
 
Method Summary
 java.security.cert.X509Certificate createCertificate(java.io.InputStream certRequestInputStream, java.security.cert.X509Certificate cert, java.security.PrivateKey privateKey, int lifetime, GSIConstants.CertificateType certType)
          Creates a proxy certificate from the certificate request.
 java.security.cert.X509Certificate createCertificate(java.io.InputStream certRequestInputStream, java.security.cert.X509Certificate cert, java.security.PrivateKey privateKey, int lifetime, GSIConstants.CertificateType certType, X509ExtensionSet extSet)
          Creates a proxy certificate from the certificate request.
 java.security.cert.X509Certificate createCertificate(java.io.InputStream certRequestInputStream, java.security.cert.X509Certificate cert, java.security.PrivateKey privateKey, int lifetime, GSIConstants.CertificateType certType, X509ExtensionSet extSet, java.lang.String cnValue)
          Creates a proxy certificate from the certificate request.
 java.security.cert.X509Certificate createCertificate(java.io.InputStream certRequestInputStream, java.security.cert.X509Certificate cert, java.security.PrivateKey privateKey, int lifetime, int delegationMode)
          Deprecated.  
 java.security.cert.X509Certificate createCertificate(java.io.InputStream certRequestInputStream, java.security.cert.X509Certificate cert, java.security.PrivateKey privateKey, int lifetime, int delegationMode, X509ExtensionSet extSet)
          Deprecated.  
 java.security.cert.X509Certificate createCertificate(java.io.InputStream certRequestInputStream, java.security.cert.X509Certificate cert, java.security.PrivateKey privateKey, int lifetime, int delegationMode, X509ExtensionSet extSet, java.lang.String cnValue)
          Deprecated.  
 byte[] createCertificateRequest(java.lang.String subject, java.security.KeyPair keyPair)
          Creates a certificate request from the specified subject DN and a key pair.
 byte[] createCertificateRequest(java.security.cert.X509Certificate cert, java.security.KeyPair keyPair)
          Creates a certificate request from the specified certificate and a key pair.
 byte[] createCertificateRequest(org.bouncycastle.asn1.x509.X509Name subjectDN, java.lang.String sigAlgName, java.security.KeyPair keyPair)
          Creates a certificate request from the specified subject name, signing algorithm, and a key pair.
 X509Credential createCredential(java.security.cert.X509Certificate[] certs, java.security.PrivateKey privateKey, int bits, int lifetime, GSIConstants.CertificateType certType)
          Creates a new proxy credential from the specified certificate chain and a private key.
 X509Credential createCredential(java.security.cert.X509Certificate[] certs, java.security.PrivateKey privateKey, int bits, int lifetime, GSIConstants.CertificateType certType, X509ExtensionSet extSet)
          Creates a new proxy credential from the specified certificate chain and a private key.
 X509Credential createCredential(java.security.cert.X509Certificate[] certs, java.security.PrivateKey privateKey, int bits, int lifetime, GSIConstants.CertificateType certType, X509ExtensionSet extSet, java.lang.String cnValue)
          Creates a new proxy credential from the specified certificate chain and a private key.
 X509Credential createCredential(java.security.cert.X509Certificate[] certs, java.security.PrivateKey privateKey, int bits, int lifetime, GSIConstants.DelegationType delegType)
          Creates a new proxy credential from the specified certificate chain and a private key, using the given delegation mode.
 X509Credential createCredential(java.security.cert.X509Certificate[] certs, java.security.PrivateKey privateKey, int bits, int lifetime, GSIConstants.DelegationType delegType, X509ExtensionSet extSet)
          Creates a new proxy credential from the specified certificate chain and a private key, using the given delegation mode.
 X509Credential createCredential(java.security.cert.X509Certificate[] certs, java.security.PrivateKey privateKey, int bits, int lifetime, GSIConstants.DelegationType delegType, X509ExtensionSet extSet, java.lang.String cnValue)
          Creates a new proxy credential from the specified certificate chain and a private key, using the given delegation mode.
 GlobusCredential createCredential(java.security.cert.X509Certificate[] certs, java.security.PrivateKey privateKey, int bits, int lifetime, int delegationMode)
          Deprecated.  
 GlobusCredential createCredential(java.security.cert.X509Certificate[] certs, java.security.PrivateKey privateKey, int bits, int lifetime, int delegationMode, X509ExtensionSet extSet)
          Deprecated.  
 GlobusCredential createCredential(java.security.cert.X509Certificate[] certs, java.security.PrivateKey privateKey, int bits, int lifetime, int delegationMode, X509ExtensionSet extSet, java.lang.String cnValue)
          Deprecated.  
 java.security.cert.X509Certificate createProxyCertificate(java.security.cert.X509Certificate issuerCert_, java.security.PrivateKey issuerKey, java.security.PublicKey publicKey, int lifetime, GSIConstants.CertificateType certType, X509ExtensionSet extSet, java.lang.String cnValue)
          Creates a proxy certificate.
 java.security.cert.X509Certificate createProxyCertificate(java.security.cert.X509Certificate issuerCert_, java.security.PrivateKey issuerKey, java.security.PublicKey publicKey, int lifetime, int proxyType, X509ExtensionSet extSet, java.lang.String cnValue)
          Deprecated.  
static GSIConstants.CertificateType decideProxyType(java.security.cert.X509Certificate issuerCert, GSIConstants.DelegationType delegType)
          Given a delegation mode and an issuing certificate, decides an appropriate certificate type to use for proxies
static BouncyCastleCertProcessingFactory getDefault()
          Returns an instance of this class..
protected  java.security.cert.X509Certificate[] getX509CertificateObjectChain(java.security.cert.X509Certificate[] certs)
          Returns a chain of X509Certificate's that are instances of X509CertificateObject This is related to http://bugzilla.globus.org/globus/show_bug.cgi?id=4933
 java.security.cert.X509Certificate loadCertificate(java.io.InputStream in)
          Loads a X509 certificate from the specified input stream.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

BouncyCastleCertProcessingFactory

protected BouncyCastleCertProcessingFactory()
Method Detail

getDefault

public static BouncyCastleCertProcessingFactory getDefault()
Returns an instance of this class..

Returns:
BouncyCastleCertProcessingFactory instance.

createCertificate

public java.security.cert.X509Certificate createCertificate(java.io.InputStream certRequestInputStream,
                                                            java.security.cert.X509Certificate cert,
                                                            java.security.PrivateKey privateKey,
                                                            int lifetime,
                                                            int delegationMode)
                                                     throws java.io.IOException,
                                                            java.security.GeneralSecurityException
Deprecated. 

Creates a proxy certificate from the certificate request.

Throws:
java.io.IOException
java.security.GeneralSecurityException
See Also:
createCertificate

createCertificate

public java.security.cert.X509Certificate createCertificate(java.io.InputStream certRequestInputStream,
                                                            java.security.cert.X509Certificate cert,
                                                            java.security.PrivateKey privateKey,
                                                            int lifetime,
                                                            int delegationMode,
                                                            X509ExtensionSet extSet)
                                                     throws java.io.IOException,
                                                            java.security.GeneralSecurityException
Deprecated. 

Creates a proxy certificate from the certificate request.

Throws:
java.io.IOException
java.security.GeneralSecurityException
See Also:
createCertificate

createCertificate

public java.security.cert.X509Certificate createCertificate(java.io.InputStream certRequestInputStream,
                                                            java.security.cert.X509Certificate cert,
                                                            java.security.PrivateKey privateKey,
                                                            int lifetime,
                                                            int delegationMode,
                                                            X509ExtensionSet extSet,
                                                            java.lang.String cnValue)
                                                     throws java.io.IOException,
                                                            java.security.GeneralSecurityException
Deprecated. 

Creates a proxy certificate from the certificate request. (Signs a certificate request creating a new certificate)

Parameters:
certRequestInputStream - the input stream to read the certificate request from.
cert - the issuer certificate
privateKey - the private key to sign the new certificate with.
lifetime - lifetime of the new certificate in seconds. If 0 (or less then) the new certificate will have the same lifetime as the issuing certificate.
delegationMode - the type of proxy credential to create
extSet - a set of X.509 extensions to be included in the new proxy certificate. Can be null. If delegation mode is GSIConstants.GSI_3_RESTRICTED_PROXY or GSIConstants.GSI_4_RESTRICTED_PROXY then ProxyCertInfoExtension must be present in the extension set.
cnValue - the value of the CN component of the subject of the new certificate. If null, the defaults will be used depending on the proxy certificate type created.
Returns:
X509Certificate the new proxy certificate
Throws:
java.io.IOException - if error reading the certificate request
java.security.GeneralSecurityException - if a security error occurs.
See Also:
createProxyCertificate

createCredential

public GlobusCredential createCredential(java.security.cert.X509Certificate[] certs,
                                         java.security.PrivateKey privateKey,
                                         int bits,
                                         int lifetime,
                                         int delegationMode)
                                  throws java.security.GeneralSecurityException
Deprecated. 

Creates a new proxy credential from the specified certificate chain and a private key.

Throws:
java.security.GeneralSecurityException
See Also:
createCredential

createCredential

public GlobusCredential createCredential(java.security.cert.X509Certificate[] certs,
                                         java.security.PrivateKey privateKey,
                                         int bits,
                                         int lifetime,
                                         int delegationMode,
                                         X509ExtensionSet extSet)
                                  throws java.security.GeneralSecurityException
Deprecated. 

Creates a new proxy credential from the specified certificate chain and a private key.

Throws:
java.security.GeneralSecurityException
See Also:
createCredential

createCredential

public GlobusCredential createCredential(java.security.cert.X509Certificate[] certs,
                                         java.security.PrivateKey privateKey,
                                         int bits,
                                         int lifetime,
                                         int delegationMode,
                                         X509ExtensionSet extSet,
                                         java.lang.String cnValue)
                                  throws java.security.GeneralSecurityException
Deprecated. 

Creates a new proxy credential from the specified certificate chain and a private key. A set of X.509 extensions can be optionally included in the new proxy certificate. This function automatically creates a "RSA"-based key pair.

Parameters:
certs - the certificate chain for the new proxy credential. The top-most certificate cert[0] will be designated as the issuing certificate.
privateKey - the private key of the issuing certificate. The new proxy certificate will be signed with that private key.
bits - the strength of the key pair for the new proxy certificate.
lifetime - lifetime of the new certificate in seconds. If 0 (or less then) the new certificate will have the same lifetime as the issuing certificate.
delegationMode - the type of proxy credential to create
extSet - a set of X.509 extensions to be included in the new proxy certificate. Can be null. If delegation mode is GSIConstants.GSI_3_RESTRICTED_PROXY or GSIConstants.GSI_4_RESTRICTED_PROXY then ProxyCertInfoExtension must be present in the extension set.
cnValue - the value of the CN component of the subject of the new proxy credential. If null, the defaults will be used depending on the proxy certificate type created.
Returns:
GlobusCredential the new proxy credential.
Throws:
java.security.GeneralSecurityException - if a security error occurs.
See Also:
createProxyCertificate

createProxyCertificate

public java.security.cert.X509Certificate createProxyCertificate(java.security.cert.X509Certificate issuerCert_,
                                                                 java.security.PrivateKey issuerKey,
                                                                 java.security.PublicKey publicKey,
                                                                 int lifetime,
                                                                 int proxyType,
                                                                 X509ExtensionSet extSet,
                                                                 java.lang.String cnValue)
                                                          throws java.security.GeneralSecurityException
Deprecated. 

Creates a proxy certificate. A set of X.509 extensions can be optionally included in the new proxy certificate.
If a GSI-2 proxy is created, the serial number of the proxy certificate will be the same as of the issuing certificate. Also, none of the extensions in the issuing certificate will be copied into the proxy certificate.
If a GSI-3 or GSI 4 proxy is created, the serial number of the proxy certificate will be picked randomly. If the issuing certificate contains a KeyUsage extension, the extension will be copied into the proxy certificate with keyCertSign and nonRepudiation bits turned off. No other extensions are currently copied. The methods defaults to creating GSI 4 proxy

Parameters:
issuerCert - the issuing certificate
issuerKey - private key matching the public key of issuer certificate. The new proxy certificate will be signed by that key.
publicKey - the public key of the new certificate
lifetime - lifetime of the new certificate in seconds. If 0 (or less then) the new certificate will have the same lifetime as the issuing certificate.
proxyType - can be one of GSIConstants.DELEGATION_LIMITED, GSIConstants.DELEGATION_FULL, GSIConstants.GSI_2_LIMITED_PROXY, GSIConstants.GSI_2_PROXY, GSIConstants.GSI_3_IMPERSONATION_PROXY, GSIConstants.GSI_3_LIMITED_PROXY, GSIConstants.GSI_3_INDEPENDENT_PROXY, GSIConstants.GSI_3_RESTRICTED_PROXY. GSIConstants.GSI_4_IMPERSONATION_PROXY, GSIConstants.GSI_3_LIMITED_PROXY, GSIConstants.GSI_4_INDEPENDENT_PROXY, GSIConstants.GSI_4_RESTRICTED_PROXY. If GSIConstants.DELEGATION_LIMITED and if CertUtil.isGsi2Enabled returns true then a GSI-2 limited proxy will be created. Else if CertUtil.isGsi3Enabled returns true then a GSI-3 limited proxy will be created. If not, a GSI-4 limited proxy will be created. If GSIConstants.DELEGATION_FULL and if CertUtil.isGsi2Enabled returns true then a GSI-2 full proxy will be created. Else if CertUtil.isGsi3Enabled returns true then a GSI-3 full proxy will be created. If not, a GSI-4 full proxy will be created.
extSet - a set of X.509 extensions to be included in the new proxy certificate. Can be null. If delegation mode is GSIConstants.GSI_3_RESTRICTED_PROXY or GSIConstants.GSI_4_RESTRICTED_PROXY then ProxyCertInfoExtension must be present in the extension set.
cnValue - the value of the CN component of the subject of the new certificate. If null, the defaults will be used depending on the proxy certificate type created.
Returns:
X509Certificate the new proxy certificate.
Throws:
java.security.GeneralSecurityException - if a security error occurs.

createCertificate

public java.security.cert.X509Certificate createCertificate(java.io.InputStream certRequestInputStream,
                                                            java.security.cert.X509Certificate cert,
                                                            java.security.PrivateKey privateKey,
                                                            int lifetime,
                                                            GSIConstants.CertificateType certType)
                                                     throws java.io.IOException,
                                                            java.security.GeneralSecurityException
Creates a proxy certificate from the certificate request.

Throws:
java.io.IOException
java.security.GeneralSecurityException
See Also:
createCertificate

createCertificate

public java.security.cert.X509Certificate createCertificate(java.io.InputStream certRequestInputStream,
                                                            java.security.cert.X509Certificate cert,
                                                            java.security.PrivateKey privateKey,
                                                            int lifetime,
                                                            GSIConstants.CertificateType certType,
                                                            X509ExtensionSet extSet)
                                                     throws java.io.IOException,
                                                            java.security.GeneralSecurityException
Creates a proxy certificate from the certificate request.

Throws:
java.io.IOException
java.security.GeneralSecurityException
See Also:
createCertificate

createCertificate

public java.security.cert.X509Certificate createCertificate(java.io.InputStream certRequestInputStream,
                                                            java.security.cert.X509Certificate cert,
                                                            java.security.PrivateKey privateKey,
                                                            int lifetime,
                                                            GSIConstants.CertificateType certType,
                                                            X509ExtensionSet extSet,
                                                            java.lang.String cnValue)
                                                     throws java.io.IOException,
                                                            java.security.GeneralSecurityException
Creates a proxy certificate from the certificate request. (Signs a certificate request creating a new certificate)

Parameters:
certRequestInputStream - the input stream to read the certificate request from.
cert - the issuer certificate
privateKey - the private key to sign the new certificate with.
lifetime - lifetime of the new certificate in seconds. If 0 (or less then) the new certificate will have the same lifetime as the issuing certificate.
certType - the type of proxy credential to create
extSet - a set of X.509 extensions to be included in the new proxy certificate. Can be null. If delegation mode is GSIConstants.CertificateType.GSI_3_RESTRICTED_PROXY or GSIConstants.CertificateType.GSI_4_RESTRICTED_PROXY then ProxyCertInfoExtension must be present in the extension set.
cnValue - the value of the CN component of the subject of the new certificate. If null, the defaults will be used depending on the proxy certificate type created.
Returns:
X509Certificate the new proxy certificate
Throws:
java.io.IOException - if error reading the certificate request
java.security.GeneralSecurityException - if a security error occurs.
See Also:
createProxyCertificate

createCredential

public X509Credential createCredential(java.security.cert.X509Certificate[] certs,
                                       java.security.PrivateKey privateKey,
                                       int bits,
                                       int lifetime,
                                       GSIConstants.CertificateType certType)
                                throws java.security.GeneralSecurityException
Creates a new proxy credential from the specified certificate chain and a private key.

Throws:
java.security.GeneralSecurityException
See Also:
createCredential

createCredential

public X509Credential createCredential(java.security.cert.X509Certificate[] certs,
                                       java.security.PrivateKey privateKey,
                                       int bits,
                                       int lifetime,
                                       GSIConstants.CertificateType certType,
                                       X509ExtensionSet extSet)
                                throws java.security.GeneralSecurityException
Creates a new proxy credential from the specified certificate chain and a private key.

Throws:
java.security.GeneralSecurityException
See Also:
createCredential

createCredential

public X509Credential createCredential(java.security.cert.X509Certificate[] certs,
                                       java.security.PrivateKey privateKey,
                                       int bits,
                                       int lifetime,
                                       GSIConstants.CertificateType certType,
                                       X509ExtensionSet extSet,
                                       java.lang.String cnValue)
                                throws java.security.GeneralSecurityException
Creates a new proxy credential from the specified certificate chain and a private key. A set of X.509 extensions can be optionally included in the new proxy certificate. This function automatically creates a "RSA"-based key pair.

Parameters:
certs - the certificate chain for the new proxy credential. The top-most certificate cert[0] will be designated as the issuing certificate.
privateKey - the private key of the issuing certificate. The new proxy certificate will be signed with that private key.
bits - the strength of the key pair for the new proxy certificate.
lifetime - lifetime of the new certificate in seconds. If 0 (or less then) the new certificate will have the same lifetime as the issuing certificate.
certType - the type of proxy credential to create
extSet - a set of X.509 extensions to be included in the new proxy certificate. Can be null. If delegation mode is GSIConstants.CertificateType.GSI_3_RESTRICTED_PROXY or GSIConstants.CertificateType.GSI_4_RESTRICTED_PROXY then ProxyCertInfoExtension must be present in the extension set.
cnValue - the value of the CN component of the subject of the new proxy credential. If null, the defaults will be used depending on the proxy certificate type created.
Returns:
GlobusCredential the new proxy credential.
Throws:
java.security.GeneralSecurityException - if a security error occurs.
See Also:
createProxyCertificate

createCredential

public X509Credential createCredential(java.security.cert.X509Certificate[] certs,
                                       java.security.PrivateKey privateKey,
                                       int bits,
                                       int lifetime,
                                       GSIConstants.DelegationType delegType)
                                throws java.security.GeneralSecurityException
Creates a new proxy credential from the specified certificate chain and a private key, using the given delegation mode.

Throws:
java.security.GeneralSecurityException
See Also:
createCredential

createCredential

public X509Credential createCredential(java.security.cert.X509Certificate[] certs,
                                       java.security.PrivateKey privateKey,
                                       int bits,
                                       int lifetime,
                                       GSIConstants.DelegationType delegType,
                                       X509ExtensionSet extSet)
                                throws java.security.GeneralSecurityException
Creates a new proxy credential from the specified certificate chain and a private key, using the given delegation mode.

Throws:
java.security.GeneralSecurityException
See Also:
createCredential

createCredential

public X509Credential createCredential(java.security.cert.X509Certificate[] certs,
                                       java.security.PrivateKey privateKey,
                                       int bits,
                                       int lifetime,
                                       GSIConstants.DelegationType delegType,
                                       X509ExtensionSet extSet,
                                       java.lang.String cnValue)
                                throws java.security.GeneralSecurityException
Creates a new proxy credential from the specified certificate chain and a private key, using the given delegation mode.

Throws:
java.security.GeneralSecurityException
See Also:
createCredential(X509Certificate[], PrivateKey, int, int, GSIConstants.CertificateType, X509ExtensionSet, String)

createProxyCertificate

public java.security.cert.X509Certificate createProxyCertificate(java.security.cert.X509Certificate issuerCert_,
                                                                 java.security.PrivateKey issuerKey,
                                                                 java.security.PublicKey publicKey,
                                                                 int lifetime,
                                                                 GSIConstants.CertificateType certType,
                                                                 X509ExtensionSet extSet,
                                                                 java.lang.String cnValue)
                                                          throws java.security.GeneralSecurityException
Creates a proxy certificate. A set of X.509 extensions can be optionally included in the new proxy certificate.
If a GSI-2 proxy is created, the serial number of the proxy certificate will be the same as of the issuing certificate. Also, none of the extensions in the issuing certificate will be copied into the proxy certificate.
If a GSI-3 or GSI 4 proxy is created, the serial number of the proxy certificate will be picked randomly. If the issuing certificate contains a KeyUsage extension, the extension will be copied into the proxy certificate with keyCertSign and nonRepudiation bits turned off. No other extensions are currently copied. The methods defaults to creating GSI 4 proxy

Parameters:
issuerCert - the issuing certificate
issuerKey - private key matching the public key of issuer certificate. The new proxy certificate will be signed by that key.
publicKey - the public key of the new certificate
lifetime - lifetime of the new certificate in seconds. If 0 (or less then) the new certificate will have the same lifetime as the issuing certificate.
certType - can be one of GSIConstants.CertificateTypeDELEGATION_LIMITED, GSIConstants.CertificateTypeDELEGATION_FULL, GSIConstants.CertificateType.GSI_2_LIMITED_PROXY, GSIConstants.CertificateType.GSI_2_PROXY, GSIConstants.CertificateType.GSI_3_IMPERSONATION_PROXY, GSIConstants.CertificateType.GSI_3_LIMITED_PROXY, GSIConstants.CertificateType.GSI_3_INDEPENDENT_PROXY, GSIConstants.CertificateType.GSI_3_RESTRICTED_PROXY. GSIConstants.CertificateType.GSI_4_IMPERSONATION_PROXY, GSIConstants.CertificateType.GSI_3_LIMITED_PROXY, GSIConstants.CertificateType.GSI_4_INDEPENDENT_PROXY, GSIConstants.CertificateType.GSI_4_RESTRICTED_PROXY. If GSIConstants.CertificateTypeDELEGATION_LIMITED and if CertUtil.isGsi2Enabled returns true then a GSI-2 limited proxy will be created. Else if CertUtil.isGsi3Enabled returns true then a GSI-3 limited proxy will be created. If not, a GSI-4 limited proxy will be created. If GSIConstants.CertificateTypeDELEGATION_FULL and if CertUtil.isGsi2Enabled returns true then a GSI-2 full proxy will be created. Else if CertUtil.isGsi3Enabled returns true then a GSI-3 full proxy will be created. If not, a GSI-4 full proxy will be created.
extSet - a set of X.509 extensions to be included in the new proxy certificate. Can be null. If delegation mode is GSIConstants.CertificateType.GSI_3_RESTRICTED_PROXY or GSIConstants.GSI_4_RESTRICTED_PROXY then ProxyCertInfoExtension must be present in the extension set.
cnValue - the value of the CN component of the subject of the new certificate. If null, the defaults will be used depending on the proxy certificate type created.
Returns:
X509Certificate the new proxy certificate.
Throws:
java.security.GeneralSecurityException - if a security error occurs.

loadCertificate

public java.security.cert.X509Certificate loadCertificate(java.io.InputStream in)
                                                   throws java.io.IOException,
                                                          java.security.GeneralSecurityException
Loads a X509 certificate from the specified input stream. Input stream must contain DER-encoded certificate.

Parameters:
in - the input stream to read the certificate from.
Returns:
X509Certificate the loaded certificate.
Throws:
java.security.GeneralSecurityException - if certificate failed to load.
java.io.IOException

createCertificateRequest

public byte[] createCertificateRequest(java.lang.String subject,
                                       java.security.KeyPair keyPair)
                                throws java.security.GeneralSecurityException
Creates a certificate request from the specified subject DN and a key pair. The "MD5WithRSAEncryption" is used as the signing algorithm of the certificate request.

Parameters:
subject - the subject of the certificate request
keyPair - the key pair of the certificate request
Returns:
the certificate request.
Throws:
java.security.GeneralSecurityException - if security error occurs.

createCertificateRequest

public byte[] createCertificateRequest(java.security.cert.X509Certificate cert,
                                       java.security.KeyPair keyPair)
                                throws java.security.GeneralSecurityException
Creates a certificate request from the specified certificate and a key pair. The certificate's subject DN with "CN=proxy" name component appended to the subject is used as the subject of the certificate request. Also the certificate's signing algorithm is used as the certificate request signing algorithm.

Parameters:
cert - the certificate to create the certificate request from.
keyPair - the key pair of the certificate request
Returns:
the certificate request.
Throws:
java.security.GeneralSecurityException - if security error occurs.

createCertificateRequest

public byte[] createCertificateRequest(org.bouncycastle.asn1.x509.X509Name subjectDN,
                                       java.lang.String sigAlgName,
                                       java.security.KeyPair keyPair)
                                throws java.security.GeneralSecurityException
Creates a certificate request from the specified subject name, signing algorithm, and a key pair.

Parameters:
subjectDN - the subject name of the certificate request.
sigAlgName - the signing algorithm name.
keyPair - the key pair of the certificate request
Returns:
the certificate request.
Throws:
java.security.GeneralSecurityException - if security error occurs.

decideProxyType

public static GSIConstants.CertificateType decideProxyType(java.security.cert.X509Certificate issuerCert,
                                                           GSIConstants.DelegationType delegType)
                                                    throws java.security.cert.CertificateException
Given a delegation mode and an issuing certificate, decides an appropriate certificate type to use for proxies

Parameters:
issuerCert - the issuing certificate of a prospective proxy
delegType - the desired delegation mode
Returns:
the appropriate certificate type for proxies or GSIConstants#CertificateType#UNDEFINED when GSIConstants#DelegationType#NONE was specified
Throws:
java.security.cert.CertificateException - when failing to get the certificate type of the issuing certificate

getX509CertificateObjectChain

protected java.security.cert.X509Certificate[] getX509CertificateObjectChain(java.security.cert.X509Certificate[] certs)
                                                                      throws java.security.GeneralSecurityException
Returns a chain of X509Certificate's that are instances of X509CertificateObject This is related to http://bugzilla.globus.org/globus/show_bug.cgi?id=4933

Parameters:
certs - input certificate chain
Returns:
a new chain where all X509Certificate's are instances of X509CertificateObject
Throws:
java.security.GeneralSecurityException - when failing to get load certificate from encoding