Package org.globus.gsi.bc

Class BouncyCastleUtil

java.lang.Object

org.globus.gsi.bc.BouncyCastleUtil

public class BouncyCastleUtil
extends Object

A collection of various utility functions.

Constructor Summary

Constructors

Constructor	Description
BouncyCastleUtil()

Method Summary

Modifier and Type	Method	Description
static org.bouncycastle.asn1.ASN1Primitive	duplicate(org.bouncycastle.asn1.ASN1Primitive obj)	Replicates a given DERObject.
static GSIConstants.CertificateType	getCertificateType(X509Certificate cert)	Returns certificate type of the given certificate.
static GSIConstants.CertificateType	getCertificateType(X509Certificate cert, CertStore trustedCerts)	Returns the certificate type of the given certificate.
static GSIConstants.CertificateType	getCertificateType(X509Certificate cert, TrustedCertificates trustedCerts)	Deprecated.
static GSIConstants.CertificateType	getCertificateType(org.bouncycastle.asn1.x509.TBSCertificateStructure crt, TrustedCertificates trustedCerts)
static org.bouncycastle.asn1.ASN1Primitive	getExtensionObject(org.bouncycastle.asn1.x509.X509Extension ext)	Extracts the value of a certificate extension.
static byte[]	getExtensionValue(byte[] certExtValue)	Retrieves the actual value of the X.509 extension.
static byte[]	getExtensionValue(X509Certificate cert, String oid)	Returns the actual value of the extension.
static String	getIdentity(X509Certificate cert)	Returns the subject DN of the given certificate in the Globus format.
static String	getIdentity(X509Certificate[] chain)	Finds the identity certificate in the given chain and returns the subject DN of that certificate in the Globus format.
static X509Certificate	getIdentityCertificate(X509Certificate[] chain)	Finds the identity certificate in the given chain.
static String	getIdentityPrefix(X509Certificate cert)
static boolean[]	getKeyUsage(org.bouncycastle.asn1.x509.X509Extension ext)	Gets a boolean array representing bits of the KeyUsage extension.
static ProxyCertInfo	getProxyCertInfo(org.bouncycastle.asn1.x509.TBSCertificateStructure crt)
static ProxyCertInfo	getProxyCertInfo(org.bouncycastle.asn1.x509.X509Extension ext)	Creates a ProxyCertInfo object from given extension.
static int	getProxyPathConstraint(X509Certificate cert)
static int	getProxyPathConstraint(org.bouncycastle.asn1.x509.TBSCertificateStructure crt)
static org.bouncycastle.asn1.x509.TBSCertificateStructure	getTBSCertificateStructure(X509Certificate cert)	Extracts the TBS certificate from the given certificate.
static org.bouncycastle.asn1.ASN1Primitive	toASN1Primitive(byte[] data)	Converts the DER-encoded byte array into a DERObject.
static byte[]	toByteArray(org.bouncycastle.asn1.ASN1Primitive obj)	Converts given DERObject into a DER-encoded byte array.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

BouncyCastleUtil

public BouncyCastleUtil()

Method Detail

toByteArray

public static byte[] toByteArray(org.bouncycastle.asn1.ASN1Primitive obj)
                          throws IOException

Converts given DERObject into a DER-encoded byte array.

Parameters:

obj - DERObject to convert.

Returns:

the DER-encoded byte array

Throws:

IOException - if conversion fails

toASN1Primitive

public static org.bouncycastle.asn1.ASN1Primitive toASN1Primitive(byte[] data)
                                                           throws IOException

Converts the DER-encoded byte array into a DERObject.

Parameters:

data - the DER-encoded byte array to convert.

Returns:

the DERObject.

Throws:

IOException - if conversion fails

duplicate

public static org.bouncycastle.asn1.ASN1Primitive duplicate(org.bouncycastle.asn1.ASN1Primitive obj)
                                                     throws IOException

Replicates a given DERObject.

Parameters:

obj - the DERObject to replicate.

Returns:

a copy of the DERObject.

Throws:

IOException - if replication fails

getTBSCertificateStructure

public static org.bouncycastle.asn1.x509.TBSCertificateStructure getTBSCertificateStructure(X509Certificate cert)
                                                                                     throws CertificateEncodingException,
                                                                                            IOException

Extracts the TBS certificate from the given certificate.

Parameters:

cert - the X.509 certificate to extract the TBS certificate from.

Returns:

the TBS certificate

Throws:

IOException - if extraction fails.

CertificateEncodingException - if extraction fails.

getExtensionObject

public static org.bouncycastle.asn1.ASN1Primitive getExtensionObject(org.bouncycastle.asn1.x509.X509Extension ext)
                                                              throws IOException

Extracts the value of a certificate extension.

Parameters:

ext - the certificate extension to extract the value from.

Throws:

IOException - if extraction fails.

getCertificateType

public static GSIConstants.CertificateType getCertificateType(X509Certificate cert,
                                                              TrustedCertificates trustedCerts)
                                                       throws CertificateException

Deprecated.

Returns certificate type of the given certificate. Please see getCertificateType for details for determining the certificate type.

Parameters:

cert - the certificate to get the type of.

trustedCerts - the trusted certificates to double check the GSIConstants.EEC certificate against.

Returns:

the certificate type as determined by getCertificateType.

Throws:

CertificateException - if something goes wrong.

getCertificateType

public static GSIConstants.CertificateType getCertificateType(X509Certificate cert,
                                                              CertStore trustedCerts)
                                                       throws CertificateException

Returns the certificate type of the given certificate. Please see getCertificateType for details for determining the certificate type.

Parameters:

cert - the certificate to get the type of.

trustedCerts - the trusted certificates to double check the GSIConstants.EEC certificate against.

Returns:

the certificate type as determined by getCertificateType.

Throws:

CertificateException - if something goes wrong.

getCertificateType

public static GSIConstants.CertificateType getCertificateType(X509Certificate cert)
                                                       throws CertificateException

Returns certificate type of the given certificate. Please see getCertificateType for details for determining the certificate type.

Parameters:

cert - the certificate to get the type of.

Returns:

the certificate type as determined by getCertificateType.

Throws:

CertificateException - if something goes wrong.

getCertificateType

public static GSIConstants.CertificateType getCertificateType(org.bouncycastle.asn1.x509.TBSCertificateStructure crt,
                                                              TrustedCertificates trustedCerts)
                                                       throws CertificateException,
                                                              IOException

Throws:

CertificateException

IOException

getKeyUsage

public static boolean[] getKeyUsage(org.bouncycastle.asn1.x509.X509Extension ext)
                             throws IOException

Gets a boolean array representing bits of the KeyUsage extension.

Throws:

IOException - if failed to extract the KeyUsage extension value.

See Also:

X509Certificate.getKeyUsage()

getProxyCertInfo

public static ProxyCertInfo getProxyCertInfo(org.bouncycastle.asn1.x509.X509Extension ext)
                                      throws IOException

Creates a ProxyCertInfo object from given extension.

Parameters:

ext - the extension.

Returns:

the ProxyCertInfo object.

Throws:

IOException - if something fails.

getIdentity

public static String getIdentity(X509Certificate cert)

Returns the subject DN of the given certificate in the Globus format.

Parameters:

cert - the certificate to get the subject of. The certificate must be of X509CertificateObject type.

Returns:

the subject DN of the certificate in the Globus format.

getIdentityPrefix

public static String getIdentityPrefix(X509Certificate cert)

getIdentity

public static String getIdentity(X509Certificate[] chain)
                          throws CertificateException

Finds the identity certificate in the given chain and returns the subject DN of that certificate in the Globus format.

Parameters:

chain - the certificate chain to find the identity certificate in. The certificates must be of X509CertificateObject type.

Returns:

the subject DN of the identity certificate in the Globus format.

Throws:

CertificateException - if something goes wrong.

getIdentityCertificate

public static X509Certificate getIdentityCertificate(X509Certificate[] chain)
                                              throws CertificateException

Finds the identity certificate in the given chain. The identity certificate is the first certificate in the chain that is not an impersonation proxy (full or limited)

Parameters:

chain - the certificate chain to find the identity certificate in.

Returns:

the identity certificate.

Throws:

CertificateException - if something goes wrong.

getExtensionValue

public static byte[] getExtensionValue(byte[] certExtValue)
                                throws IOException

Retrieves the actual value of the X.509 extension.

Parameters:

certExtValue - the DER-encoded OCTET string value of the extension.

Returns:

the decoded/actual value of the extension (the octets).

Throws:

IOException

getExtensionValue

public static byte[] getExtensionValue(X509Certificate cert,
                                       String oid)
                                throws IOException

Returns the actual value of the extension.

Parameters:

cert - the certificate that contains the extensions to retrieve.

oid - the oid of the extension to retrieve.

Returns:

the actual value of the extension (not octet string encoded)

Throws:

IOException - if decoding the extension fails.

getProxyPathConstraint

public static int getProxyPathConstraint(X509Certificate cert)
                                  throws IOException,
                                         CertificateEncodingException

Throws:

IOException

CertificateEncodingException

getProxyPathConstraint

public static int getProxyPathConstraint(org.bouncycastle.asn1.x509.TBSCertificateStructure crt)
                                  throws IOException

Throws:

IOException

getProxyCertInfo

public static ProxyCertInfo getProxyCertInfo(org.bouncycastle.asn1.x509.TBSCertificateStructure crt)
                                      throws IOException

Throws:

IOException