Package org.globus.gsi.bc
Class BouncyCastleUtil
java.lang.Object
org.globus.gsi.bc.BouncyCastleUtil
A collection of various utility functions.
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic org.bouncycastle.asn1.ASN1Primitive
duplicate
(org.bouncycastle.asn1.ASN1Primitive obj) Replicates a givenDERObject
.static GSIConstants.CertificateType
Returns certificate type of the given certificate.static GSIConstants.CertificateType
getCertificateType
(X509Certificate cert, CertStore trustedCerts) Returns the certificate type of the given certificate.static GSIConstants.CertificateType
getCertificateType
(X509Certificate cert, TrustedCertificates trustedCerts) Deprecated.static GSIConstants.CertificateType
getCertificateType
(org.bouncycastle.asn1.x509.TBSCertificateStructure crt, TrustedCertificates trustedCerts) static org.bouncycastle.asn1.ASN1Primitive
getExtensionObject
(org.bouncycastle.asn1.x509.X509Extension ext) Extracts the value of a certificate extension.static byte[]
getExtensionValue
(byte[] certExtValue) Retrieves the actual value of the X.509 extension.static byte[]
getExtensionValue
(X509Certificate cert, String oid) Returns the actual value of the extension.static String
getIdentity
(X509Certificate cert) Returns the subject DN of the given certificate in the Globus format.static String
getIdentity
(X509Certificate[] chain) Finds the identity certificate in the given chain and returns the subject DN of that certificate in the Globus format.static X509Certificate
getIdentityCertificate
(X509Certificate[] chain) Finds the identity certificate in the given chain.static String
static boolean[]
getKeyUsage
(org.bouncycastle.asn1.x509.X509Extension ext) Gets a boolean array representing bits of the KeyUsage extension.static ProxyCertInfo
getProxyCertInfo
(org.bouncycastle.asn1.x509.TBSCertificateStructure crt) static ProxyCertInfo
getProxyCertInfo
(org.bouncycastle.asn1.x509.X509Extension ext) Creates aProxyCertInfo
object from given extension.static int
static int
getProxyPathConstraint
(org.bouncycastle.asn1.x509.TBSCertificateStructure crt) static org.bouncycastle.asn1.x509.TBSCertificateStructure
Extracts the TBS certificate from the given certificate.static org.bouncycastle.asn1.ASN1Primitive
toASN1Primitive
(byte[] data) Converts the DER-encoded byte array into aDERObject
.static byte[]
toByteArray
(org.bouncycastle.asn1.ASN1Primitive obj) Converts givenDERObject
into a DER-encoded byte array.
-
Constructor Details
-
BouncyCastleUtil
public BouncyCastleUtil()
-
-
Method Details
-
toByteArray
Converts givenDERObject
into a DER-encoded byte array.- Parameters:
obj
- DERObject to convert.- Returns:
- the DER-encoded byte array
- Throws:
IOException
- if conversion fails
-
toASN1Primitive
Converts the DER-encoded byte array into aDERObject
.- Parameters:
data
- the DER-encoded byte array to convert.- Returns:
- the DERObject.
- Throws:
IOException
- if conversion fails
-
duplicate
public static org.bouncycastle.asn1.ASN1Primitive duplicate(org.bouncycastle.asn1.ASN1Primitive obj) throws IOException Replicates a givenDERObject
.- Parameters:
obj
- the DERObject to replicate.- Returns:
- a copy of the DERObject.
- Throws:
IOException
- if replication fails
-
getTBSCertificateStructure
public static org.bouncycastle.asn1.x509.TBSCertificateStructure getTBSCertificateStructure(X509Certificate cert) throws CertificateEncodingException, IOException Extracts the TBS certificate from the given certificate.- Parameters:
cert
- the X.509 certificate to extract the TBS certificate from.- Returns:
- the TBS certificate
- Throws:
IOException
- if extraction fails.CertificateEncodingException
- if extraction fails.
-
getExtensionObject
public static org.bouncycastle.asn1.ASN1Primitive getExtensionObject(org.bouncycastle.asn1.x509.X509Extension ext) throws IOException Extracts the value of a certificate extension.- Parameters:
ext
- the certificate extension to extract the value from.- Throws:
IOException
- if extraction fails.
-
getCertificateType
public static GSIConstants.CertificateType getCertificateType(X509Certificate cert, TrustedCertificates trustedCerts) throws CertificateException Deprecated.Returns certificate type of the given certificate. Please seegetCertificateType
for details for determining the certificate type.- Parameters:
cert
- the certificate to get the type of.trustedCerts
- the trusted certificates to double check theGSIConstants.EEC
certificate against.- Returns:
- the certificate type as determined by
getCertificateType
. - Throws:
CertificateException
- if something goes wrong.
-
getCertificateType
public static GSIConstants.CertificateType getCertificateType(X509Certificate cert, CertStore trustedCerts) throws CertificateException Returns the certificate type of the given certificate. Please seegetCertificateType
for details for determining the certificate type.- Parameters:
cert
- the certificate to get the type of.trustedCerts
- the trusted certificates to double check theGSIConstants.EEC
certificate against.- Returns:
- the certificate type as determined by
getCertificateType
. - Throws:
CertificateException
- if something goes wrong.
-
getCertificateType
public static GSIConstants.CertificateType getCertificateType(X509Certificate cert) throws CertificateException Returns certificate type of the given certificate. Please seegetCertificateType
for details for determining the certificate type.- Parameters:
cert
- the certificate to get the type of.- Returns:
- the certificate type as determined by
getCertificateType
. - Throws:
CertificateException
- if something goes wrong.
-
getCertificateType
public static GSIConstants.CertificateType getCertificateType(org.bouncycastle.asn1.x509.TBSCertificateStructure crt, TrustedCertificates trustedCerts) throws CertificateException, IOException - Throws:
CertificateException
IOException
-
getKeyUsage
public static boolean[] getKeyUsage(org.bouncycastle.asn1.x509.X509Extension ext) throws IOException Gets a boolean array representing bits of the KeyUsage extension.- Throws:
IOException
- if failed to extract the KeyUsage extension value.- See Also:
-
getProxyCertInfo
public static ProxyCertInfo getProxyCertInfo(org.bouncycastle.asn1.x509.X509Extension ext) throws IOException Creates aProxyCertInfo
object from given extension.- Parameters:
ext
- the extension.- Returns:
- the
ProxyCertInfo
object. - Throws:
IOException
- if something fails.
-
getIdentity
Returns the subject DN of the given certificate in the Globus format.- Parameters:
cert
- the certificate to get the subject of. The certificate must be ofX509CertificateObject
type.- Returns:
- the subject DN of the certificate in the Globus format.
-
getIdentityPrefix
-
getIdentity
Finds the identity certificate in the given chain and returns the subject DN of that certificate in the Globus format.- Parameters:
chain
- the certificate chain to find the identity certificate in. The certificates must be ofX509CertificateObject
type.- Returns:
- the subject DN of the identity certificate in the Globus format.
- Throws:
CertificateException
- if something goes wrong.
-
getIdentityCertificate
public static X509Certificate getIdentityCertificate(X509Certificate[] chain) throws CertificateException Finds the identity certificate in the given chain. The identity certificate is the first certificate in the chain that is not an impersonation proxy (full or limited)- Parameters:
chain
- the certificate chain to find the identity certificate in.- Returns:
- the identity certificate.
- Throws:
CertificateException
- if something goes wrong.
-
getExtensionValue
Retrieves the actual value of the X.509 extension.- Parameters:
certExtValue
- the DER-encoded OCTET string value of the extension.- Returns:
- the decoded/actual value of the extension (the octets).
- Throws:
IOException
-
getExtensionValue
Returns the actual value of the extension.- Parameters:
cert
- the certificate that contains the extensions to retrieve.oid
- the oid of the extension to retrieve.- Returns:
- the actual value of the extension (not octet string encoded)
- Throws:
IOException
- if decoding the extension fails.
-
getProxyPathConstraint
public static int getProxyPathConstraint(X509Certificate cert) throws IOException, CertificateEncodingException -
getProxyPathConstraint
public static int getProxyPathConstraint(org.bouncycastle.asn1.x509.TBSCertificateStructure crt) throws IOException - Throws:
IOException
-
getProxyCertInfo
public static ProxyCertInfo getProxyCertInfo(org.bouncycastle.asn1.x509.TBSCertificateStructure crt) throws IOException - Throws:
IOException
-