org.globus.gsi
Class X509Credential

java.lang.Object
  extended by org.globus.gsi.X509Credential

public class X509Credential
extends java.lang.Object

FILL ME

This class equivalent was called GlobusCredential in CoG -maybe a better name?

Author:
ranantha@mcs.anl.gov

Field Summary
static int BUFFER_SIZE
           
 
Constructor Summary
X509Credential(java.io.InputStream input)
           
X509Credential(java.io.InputStream certInputStream, java.io.InputStream keyInputStream)
           
X509Credential(java.security.PrivateKey initKey, java.security.cert.X509Certificate[] initCertChain)
           
X509Credential(java.lang.String proxyFile)
           
X509Credential(java.lang.String certFile, java.lang.String keyFile)
           
 
Method Summary
 java.security.cert.X509Certificate[] getCertificateChain()
           
 int getCertNum()
          Returns the number of certificates in the credential without the self-signed certificates.
static X509Credential getDefaultCredential()
          Returns the default credential.
 java.lang.String getIdentity()
          Returns the identity of this credential.
 java.security.cert.X509Certificate getIdentityCertificate()
          Returns the identity certificate of this credential.
 java.lang.String getIssuer()
          Returns the issuer DN of the first certificate in the chain.
 java.util.Date getNotBefore()
           
 int getPathConstraint()
          Returns the path length constraint.
 java.security.PrivateKey getPrivateKey()
           
 java.security.PrivateKey getPrivateKey(java.lang.String password)
           
 GSIConstants.CertificateType getProxyType()
          Returns the certificate type of the first certificate in the chain.
 int getStrength()
          Returns strength of the private/public key in bits.
 int getStrength(java.lang.String password)
          Returns strength of the private/public key in bits.
 java.lang.String getSubject()
          Returns the subject DN of the first certificate in the chain.
 long getTimeLeft()
          Returns time left of this credential.
 boolean isEncryptedKey()
           
protected  void load(java.io.InputStream input)
           
protected  void loadCertificate(java.io.InputStream input)
           
protected  void loadKey(java.io.InputStream input)
           
 void save(java.io.OutputStream out)
           
 void saveCertificateChain(java.io.OutputStream out)
           
 void saveKey(java.io.OutputStream out)
           
static void setDefaultCredential(X509Credential cred)
          Sets default credential.
 java.lang.String toString()
           
 void verify()
          Verifies the validity of the credentials.
 void writeToFile(java.io.File file)
           
 void writeToFile(java.io.File certFile, java.io.File keyFile)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

BUFFER_SIZE

public static final int BUFFER_SIZE
See Also:
Constant Field Values
Constructor Detail

X509Credential

public X509Credential(java.security.PrivateKey initKey,
                      java.security.cert.X509Certificate[] initCertChain)

X509Credential

public X509Credential(java.io.InputStream certInputStream,
                      java.io.InputStream keyInputStream)
               throws CredentialException
Throws:
CredentialException

X509Credential

public X509Credential(java.lang.String certFile,
                      java.lang.String keyFile)
               throws CredentialException,
                      java.io.IOException
Throws:
CredentialException
java.io.IOException

X509Credential

public X509Credential(java.lang.String proxyFile)
               throws CredentialException
Throws:
CredentialException

X509Credential

public X509Credential(java.io.InputStream input)
               throws CredentialException
Throws:
CredentialException
Method Detail

getCertificateChain

public java.security.cert.X509Certificate[] getCertificateChain()

getPrivateKey

public java.security.PrivateKey getPrivateKey()
                                       throws CredentialException
Throws:
CredentialException

getPrivateKey

public java.security.PrivateKey getPrivateKey(java.lang.String password)
                                       throws CredentialException
Throws:
CredentialException

isEncryptedKey

public boolean isEncryptedKey()

saveKey

public void saveKey(java.io.OutputStream out)
             throws java.io.IOException
Throws:
java.io.IOException

saveCertificateChain

public void saveCertificateChain(java.io.OutputStream out)
                          throws java.io.IOException,
                                 java.security.cert.CertificateEncodingException
Throws:
java.io.IOException
java.security.cert.CertificateEncodingException

save

public void save(java.io.OutputStream out)
          throws java.io.IOException,
                 java.security.cert.CertificateEncodingException
Throws:
java.io.IOException
java.security.cert.CertificateEncodingException

writeToFile

public void writeToFile(java.io.File file)
                 throws java.io.IOException,
                        java.security.cert.CertificateEncodingException
Throws:
java.io.IOException
java.security.cert.CertificateEncodingException

writeToFile

public void writeToFile(java.io.File certFile,
                        java.io.File keyFile)
                 throws java.io.IOException,
                        java.security.cert.CertificateEncodingException
Throws:
java.io.IOException
java.security.cert.CertificateEncodingException

getNotBefore

public java.util.Date getNotBefore()

getCertNum

public int getCertNum()
Returns the number of certificates in the credential without the self-signed certificates.

Returns:
number of certificates without counting self-signed certificates

getStrength

public int getStrength()
                throws CredentialException
Returns strength of the private/public key in bits.

Returns:
strength of the key in bits. Returns -1 if unable to determine it.
Throws:
CredentialException

getStrength

public int getStrength(java.lang.String password)
                throws CredentialException
Returns strength of the private/public key in bits.

Returns:
strength of the key in bits. Returns -1 if unable to determine it.
Throws:
CredentialException

getSubject

public java.lang.String getSubject()
Returns the subject DN of the first certificate in the chain.

Returns:
subject DN.

getIssuer

public java.lang.String getIssuer()
Returns the issuer DN of the first certificate in the chain.

Returns:
issuer DN.

getProxyType

public GSIConstants.CertificateType getProxyType()
Returns the certificate type of the first certificate in the chain. Returns -1 if unable to determine the certificate type (an error occurred)

Returns:
the type of first certificate in the chain. -1 if unable to determine the certificate type.
See Also:
BouncyCastleUtil.getCertificateType(X509Certificate)

getTimeLeft

public long getTimeLeft()
Returns time left of this credential. The time left of the credential is based on the certificate with the shortest validity time.

Returns:
time left in seconds. Returns 0 if the certificate has expired.

getIdentity

public java.lang.String getIdentity()
Returns the identity of this credential.

Returns:
The identity cert in Globus format (e.g. /C=US/..). Null, if unable to get the identity (an error occurred)
See Also:
getIdentityCertificate()

getIdentityCertificate

public java.security.cert.X509Certificate getIdentityCertificate()
Returns the identity certificate of this credential. The identity certificate is the first certificate in the chain that is not an impersonation proxy certificate.

Returns:
X509Certificate the identity cert. Null, if unable to get the identity certificate (an error occurred)

getPathConstraint

public int getPathConstraint()
Returns the path length constraint. The shortest length in the chain of certificates is returned as the credential's path length.

Returns:
The path length constraint of the credential. -1 is any error occurs.

verify

public void verify()
            throws CredentialException
Verifies the validity of the credentials. All certificate path validation is performed using trusted certificates in default locations.

Throws:
CredentialException - if one of the certificates in the chain expired or if path validiation fails.

getDefaultCredential

public static X509Credential getDefaultCredential()
                                           throws CredentialException
Returns the default credential. The default credential is usually the user proxy certificate.
The credential will be loaded on the initial call. It must not be expired. All subsequent calls to this function return cached credential object. Once the credential is cached, and the underlying file changes, the credential will be reloaded.

Returns:
the default credential.
Throws:
CredentialException - if the credential expired or some other error with the credential.

setDefaultCredential

public static void setDefaultCredential(X509Credential cred)
Sets default credential.

Parameters:
cred - the credential to set a default.

toString

public java.lang.String toString()
Overrides:
toString in class java.lang.Object

load

protected void load(java.io.InputStream input)
             throws CredentialException
Throws:
CredentialException

loadCertificate

protected void loadCertificate(java.io.InputStream input)
                        throws CredentialException
Throws:
CredentialException

loadKey

protected void loadKey(java.io.InputStream input)
                throws CredentialException
Throws:
CredentialException