Package org.globus.gsi.bc
Class BouncyCastleUtil
- java.lang.Object
-
- org.globus.gsi.bc.BouncyCastleUtil
-
public class BouncyCastleUtil extends Object
A collection of various utility functions.
-
-
Constructor Summary
Constructors Constructor Description BouncyCastleUtil()
-
Method Summary
All Methods Static Methods Concrete Methods Deprecated Methods Modifier and Type Method Description static org.bouncycastle.asn1.ASN1Primitive
duplicate(org.bouncycastle.asn1.ASN1Primitive obj)
Replicates a givenDERObject
.static GSIConstants.CertificateType
getCertificateType(X509Certificate cert)
Returns certificate type of the given certificate.static GSIConstants.CertificateType
getCertificateType(X509Certificate cert, CertStore trustedCerts)
Returns the certificate type of the given certificate.static GSIConstants.CertificateType
getCertificateType(X509Certificate cert, TrustedCertificates trustedCerts)
Deprecated.static GSIConstants.CertificateType
getCertificateType(org.bouncycastle.asn1.x509.TBSCertificateStructure crt, TrustedCertificates trustedCerts)
static org.bouncycastle.asn1.ASN1Primitive
getExtensionObject(org.bouncycastle.asn1.x509.X509Extension ext)
Extracts the value of a certificate extension.static byte[]
getExtensionValue(byte[] certExtValue)
Retrieves the actual value of the X.509 extension.static byte[]
getExtensionValue(X509Certificate cert, String oid)
Returns the actual value of the extension.static String
getIdentity(X509Certificate cert)
Returns the subject DN of the given certificate in the Globus format.static String
getIdentity(X509Certificate[] chain)
Finds the identity certificate in the given chain and returns the subject DN of that certificate in the Globus format.static X509Certificate
getIdentityCertificate(X509Certificate[] chain)
Finds the identity certificate in the given chain.static String
getIdentityPrefix(X509Certificate cert)
static boolean[]
getKeyUsage(org.bouncycastle.asn1.x509.X509Extension ext)
Gets a boolean array representing bits of the KeyUsage extension.static ProxyCertInfo
getProxyCertInfo(org.bouncycastle.asn1.x509.TBSCertificateStructure crt)
static ProxyCertInfo
getProxyCertInfo(org.bouncycastle.asn1.x509.X509Extension ext)
Creates aProxyCertInfo
object from given extension.static int
getProxyPathConstraint(X509Certificate cert)
static int
getProxyPathConstraint(org.bouncycastle.asn1.x509.TBSCertificateStructure crt)
static org.bouncycastle.asn1.x509.TBSCertificateStructure
getTBSCertificateStructure(X509Certificate cert)
Extracts the TBS certificate from the given certificate.static org.bouncycastle.asn1.ASN1Primitive
toASN1Primitive(byte[] data)
Converts the DER-encoded byte array into aDERObject
.static byte[]
toByteArray(org.bouncycastle.asn1.ASN1Primitive obj)
Converts givenDERObject
into a DER-encoded byte array.
-
-
-
Method Detail
-
toByteArray
public static byte[] toByteArray(org.bouncycastle.asn1.ASN1Primitive obj) throws IOException
Converts givenDERObject
into a DER-encoded byte array.- Parameters:
obj
- DERObject to convert.- Returns:
- the DER-encoded byte array
- Throws:
IOException
- if conversion fails
-
toASN1Primitive
public static org.bouncycastle.asn1.ASN1Primitive toASN1Primitive(byte[] data) throws IOException
Converts the DER-encoded byte array into aDERObject
.- Parameters:
data
- the DER-encoded byte array to convert.- Returns:
- the DERObject.
- Throws:
IOException
- if conversion fails
-
duplicate
public static org.bouncycastle.asn1.ASN1Primitive duplicate(org.bouncycastle.asn1.ASN1Primitive obj) throws IOException
Replicates a givenDERObject
.- Parameters:
obj
- the DERObject to replicate.- Returns:
- a copy of the DERObject.
- Throws:
IOException
- if replication fails
-
getTBSCertificateStructure
public static org.bouncycastle.asn1.x509.TBSCertificateStructure getTBSCertificateStructure(X509Certificate cert) throws CertificateEncodingException, IOException
Extracts the TBS certificate from the given certificate.- Parameters:
cert
- the X.509 certificate to extract the TBS certificate from.- Returns:
- the TBS certificate
- Throws:
IOException
- if extraction fails.CertificateEncodingException
- if extraction fails.
-
getExtensionObject
public static org.bouncycastle.asn1.ASN1Primitive getExtensionObject(org.bouncycastle.asn1.x509.X509Extension ext) throws IOException
Extracts the value of a certificate extension.- Parameters:
ext
- the certificate extension to extract the value from.- Throws:
IOException
- if extraction fails.
-
getCertificateType
public static GSIConstants.CertificateType getCertificateType(X509Certificate cert, TrustedCertificates trustedCerts) throws CertificateException
Deprecated.Returns certificate type of the given certificate. Please seegetCertificateType
for details for determining the certificate type.- Parameters:
cert
- the certificate to get the type of.trustedCerts
- the trusted certificates to double check theGSIConstants.EEC
certificate against.- Returns:
- the certificate type as determined by
getCertificateType
. - Throws:
CertificateException
- if something goes wrong.
-
getCertificateType
public static GSIConstants.CertificateType getCertificateType(X509Certificate cert, CertStore trustedCerts) throws CertificateException
Returns the certificate type of the given certificate. Please seegetCertificateType
for details for determining the certificate type.- Parameters:
cert
- the certificate to get the type of.trustedCerts
- the trusted certificates to double check theGSIConstants.EEC
certificate against.- Returns:
- the certificate type as determined by
getCertificateType
. - Throws:
CertificateException
- if something goes wrong.
-
getCertificateType
public static GSIConstants.CertificateType getCertificateType(X509Certificate cert) throws CertificateException
Returns certificate type of the given certificate. Please seegetCertificateType
for details for determining the certificate type.- Parameters:
cert
- the certificate to get the type of.- Returns:
- the certificate type as determined by
getCertificateType
. - Throws:
CertificateException
- if something goes wrong.
-
getCertificateType
public static GSIConstants.CertificateType getCertificateType(org.bouncycastle.asn1.x509.TBSCertificateStructure crt, TrustedCertificates trustedCerts) throws CertificateException, IOException
- Throws:
CertificateException
IOException
-
getKeyUsage
public static boolean[] getKeyUsage(org.bouncycastle.asn1.x509.X509Extension ext) throws IOException
Gets a boolean array representing bits of the KeyUsage extension.- Throws:
IOException
- if failed to extract the KeyUsage extension value.- See Also:
X509Certificate.getKeyUsage()
-
getProxyCertInfo
public static ProxyCertInfo getProxyCertInfo(org.bouncycastle.asn1.x509.X509Extension ext) throws IOException
Creates aProxyCertInfo
object from given extension.- Parameters:
ext
- the extension.- Returns:
- the
ProxyCertInfo
object. - Throws:
IOException
- if something fails.
-
getIdentity
public static String getIdentity(X509Certificate cert)
Returns the subject DN of the given certificate in the Globus format.- Parameters:
cert
- the certificate to get the subject of. The certificate must be ofX509CertificateObject
type.- Returns:
- the subject DN of the certificate in the Globus format.
-
getIdentityPrefix
public static String getIdentityPrefix(X509Certificate cert)
-
getIdentity
public static String getIdentity(X509Certificate[] chain) throws CertificateException
Finds the identity certificate in the given chain and returns the subject DN of that certificate in the Globus format.- Parameters:
chain
- the certificate chain to find the identity certificate in. The certificates must be ofX509CertificateObject
type.- Returns:
- the subject DN of the identity certificate in the Globus format.
- Throws:
CertificateException
- if something goes wrong.
-
getIdentityCertificate
public static X509Certificate getIdentityCertificate(X509Certificate[] chain) throws CertificateException
Finds the identity certificate in the given chain. The identity certificate is the first certificate in the chain that is not an impersonation proxy (full or limited)- Parameters:
chain
- the certificate chain to find the identity certificate in.- Returns:
- the identity certificate.
- Throws:
CertificateException
- if something goes wrong.
-
getExtensionValue
public static byte[] getExtensionValue(byte[] certExtValue) throws IOException
Retrieves the actual value of the X.509 extension.- Parameters:
certExtValue
- the DER-encoded OCTET string value of the extension.- Returns:
- the decoded/actual value of the extension (the octets).
- Throws:
IOException
-
getExtensionValue
public static byte[] getExtensionValue(X509Certificate cert, String oid) throws IOException
Returns the actual value of the extension.- Parameters:
cert
- the certificate that contains the extensions to retrieve.oid
- the oid of the extension to retrieve.- Returns:
- the actual value of the extension (not octet string encoded)
- Throws:
IOException
- if decoding the extension fails.
-
getProxyPathConstraint
public static int getProxyPathConstraint(X509Certificate cert) throws IOException, CertificateEncodingException
-
getProxyPathConstraint
public static int getProxyPathConstraint(org.bouncycastle.asn1.x509.TBSCertificateStructure crt) throws IOException
- Throws:
IOException
-
getProxyCertInfo
public static ProxyCertInfo getProxyCertInfo(org.bouncycastle.asn1.x509.TBSCertificateStructure crt) throws IOException
- Throws:
IOException
-
-