Class BouncyCastleUtil


  • public class BouncyCastleUtil
    extends java.lang.Object
    A collection of various utility functions.
    • Field Summary

      Fields 
      Modifier and Type Field Description
      private static I18n i18n  
    • Method Summary

      All Methods Static Methods Concrete Methods Deprecated Methods 
      Modifier and Type Method Description
      static org.bouncycastle.asn1.ASN1Primitive duplicate​(org.bouncycastle.asn1.ASN1Primitive obj)
      Replicates a given DERObject.
      static GSIConstants.CertificateType getCertificateType​(java.security.cert.X509Certificate cert)
      Returns certificate type of the given certificate.
      static GSIConstants.CertificateType getCertificateType​(java.security.cert.X509Certificate cert, java.security.cert.CertStore trustedCerts)
      Returns the certificate type of the given certificate.
      static GSIConstants.CertificateType getCertificateType​(java.security.cert.X509Certificate cert, TrustedCertificates trustedCerts)
      Deprecated. 
      private static GSIConstants.CertificateType getCertificateType​(org.bouncycastle.asn1.x509.TBSCertificateStructure crt)
      Returns certificate type of the given TBS certificate.
      static GSIConstants.CertificateType getCertificateType​(org.bouncycastle.asn1.x509.TBSCertificateStructure crt, TrustedCertificates trustedCerts)  
      static org.bouncycastle.asn1.ASN1Primitive getExtensionObject​(org.bouncycastle.asn1.x509.X509Extension ext)
      Extracts the value of a certificate extension.
      static byte[] getExtensionValue​(byte[] certExtValue)
      Retrieves the actual value of the X.509 extension.
      static byte[] getExtensionValue​(java.security.cert.X509Certificate cert, java.lang.String oid)
      Returns the actual value of the extension.
      static java.lang.String getIdentity​(java.security.cert.X509Certificate cert)
      Returns the subject DN of the given certificate in the Globus format.
      static java.lang.String getIdentity​(java.security.cert.X509Certificate[] chain)
      Finds the identity certificate in the given chain and returns the subject DN of that certificate in the Globus format.
      static java.security.cert.X509Certificate getIdentityCertificate​(java.security.cert.X509Certificate[] chain)
      Finds the identity certificate in the given chain.
      static java.lang.String getIdentityPrefix​(java.security.cert.X509Certificate cert)  
      static boolean[] getKeyUsage​(org.bouncycastle.asn1.x509.X509Extension ext)
      Gets a boolean array representing bits of the KeyUsage extension.
      static ProxyCertInfo getProxyCertInfo​(org.bouncycastle.asn1.x509.TBSCertificateStructure crt)  
      static ProxyCertInfo getProxyCertInfo​(org.bouncycastle.asn1.x509.X509Extension ext)
      Creates a ProxyCertInfo object from given extension.
      static int getProxyPathConstraint​(java.security.cert.X509Certificate cert)  
      static int getProxyPathConstraint​(org.bouncycastle.asn1.x509.TBSCertificateStructure crt)  
      static org.bouncycastle.asn1.x509.TBSCertificateStructure getTBSCertificateStructure​(java.security.cert.X509Certificate cert)
      Extracts the TBS certificate from the given certificate.
      static org.bouncycastle.asn1.ASN1Primitive toASN1Primitive​(byte[] data)
      Converts the DER-encoded byte array into a DERObject.
      static byte[] toByteArray​(org.bouncycastle.asn1.ASN1Primitive obj)
      Converts given DERObject into a DER-encoded byte array.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • i18n

        private static I18n i18n
    • Constructor Detail

      • BouncyCastleUtil

        public BouncyCastleUtil()
    • Method Detail

      • toByteArray

        public static byte[] toByteArray​(org.bouncycastle.asn1.ASN1Primitive obj)
                                  throws java.io.IOException
        Converts given DERObject into a DER-encoded byte array.
        Parameters:
        obj - DERObject to convert.
        Returns:
        the DER-encoded byte array
        Throws:
        java.io.IOException - if conversion fails
      • toASN1Primitive

        public static org.bouncycastle.asn1.ASN1Primitive toASN1Primitive​(byte[] data)
                                                                   throws java.io.IOException
        Converts the DER-encoded byte array into a DERObject.
        Parameters:
        data - the DER-encoded byte array to convert.
        Returns:
        the DERObject.
        Throws:
        java.io.IOException - if conversion fails
      • duplicate

        public static org.bouncycastle.asn1.ASN1Primitive duplicate​(org.bouncycastle.asn1.ASN1Primitive obj)
                                                             throws java.io.IOException
        Replicates a given DERObject.
        Parameters:
        obj - the DERObject to replicate.
        Returns:
        a copy of the DERObject.
        Throws:
        java.io.IOException - if replication fails
      • getTBSCertificateStructure

        public static org.bouncycastle.asn1.x509.TBSCertificateStructure getTBSCertificateStructure​(java.security.cert.X509Certificate cert)
                                                                                             throws java.security.cert.CertificateEncodingException,
                                                                                                    java.io.IOException
        Extracts the TBS certificate from the given certificate.
        Parameters:
        cert - the X.509 certificate to extract the TBS certificate from.
        Returns:
        the TBS certificate
        Throws:
        java.io.IOException - if extraction fails.
        java.security.cert.CertificateEncodingException - if extraction fails.
      • getExtensionObject

        public static org.bouncycastle.asn1.ASN1Primitive getExtensionObject​(org.bouncycastle.asn1.x509.X509Extension ext)
                                                                      throws java.io.IOException
        Extracts the value of a certificate extension.
        Parameters:
        ext - the certificate extension to extract the value from.
        Throws:
        java.io.IOException - if extraction fails.
      • getCertificateType

        public static GSIConstants.CertificateType getCertificateType​(java.security.cert.X509Certificate cert,
                                                                      TrustedCertificates trustedCerts)
                                                               throws java.security.cert.CertificateException
        Deprecated.
        Returns certificate type of the given certificate. Please see getCertificateType for details for determining the certificate type.
        Parameters:
        cert - the certificate to get the type of.
        trustedCerts - the trusted certificates to double check the GSIConstants.EEC certificate against.
        Returns:
        the certificate type as determined by getCertificateType.
        Throws:
        java.security.cert.CertificateException - if something goes wrong.
      • getCertificateType

        public static GSIConstants.CertificateType getCertificateType​(java.security.cert.X509Certificate cert,
                                                                      java.security.cert.CertStore trustedCerts)
                                                               throws java.security.cert.CertificateException
        Returns the certificate type of the given certificate. Please see getCertificateType for details for determining the certificate type.
        Parameters:
        cert - the certificate to get the type of.
        trustedCerts - the trusted certificates to double check the GSIConstants.EEC certificate against.
        Returns:
        the certificate type as determined by getCertificateType.
        Throws:
        java.security.cert.CertificateException - if something goes wrong.
      • getCertificateType

        public static GSIConstants.CertificateType getCertificateType​(java.security.cert.X509Certificate cert)
                                                               throws java.security.cert.CertificateException
        Returns certificate type of the given certificate. Please see getCertificateType for details for determining the certificate type.
        Parameters:
        cert - the certificate to get the type of.
        Returns:
        the certificate type as determined by getCertificateType.
        Throws:
        java.security.cert.CertificateException - if something goes wrong.
      • getCertificateType

        public static GSIConstants.CertificateType getCertificateType​(org.bouncycastle.asn1.x509.TBSCertificateStructure crt,
                                                                      TrustedCertificates trustedCerts)
                                                               throws java.security.cert.CertificateException,
                                                                      java.io.IOException
        Throws:
        java.security.cert.CertificateException
        java.io.IOException
      • getCertificateType

        private static GSIConstants.CertificateType getCertificateType​(org.bouncycastle.asn1.x509.TBSCertificateStructure crt)
                                                                throws java.security.cert.CertificateException,
                                                                       java.io.IOException
        Returns certificate type of the given TBS certificate.
        The certificate type is GSIConstants.CA only if the certificate contains a BasicConstraints extension and it is marked as CA.
        A certificate is a GSI-2 proxy when the subject DN of the certificate ends with "CN=proxy" (certificate type GSIConstants.GSI_2_PROXY) or "CN=limited proxy" (certificate type GSIConstants.LIMITED_PROXY) component and the issuer DN of the certificate matches the subject DN without the last proxy CN component.
        A certificate is a GSI-3 proxy when the subject DN of the certificate ends with a CN component, the issuer DN of the certificate matches the subject DN without the last CN component and the certificate contains ProxyCertInfo critical extension. The certificate type is GSIConstants.GSI_3_IMPERSONATION_PROXY if the policy language of the ProxyCertInfo extension is set to ProxyPolicy.IMPERSONATION OID. The certificate type is GSIConstants.GSI_3_LIMITED_PROXY if the policy language of the ProxyCertInfo extension is set to ProxyPolicy.LIMITED OID. The certificate type is GSIConstants.GSI_3_INDEPENDENT_PROXY if the policy language of the ProxyCertInfo extension is set to ProxyPolicy.INDEPENDENT OID. The certificate type is GSIConstants.GSI_3_RESTRICTED_PROXY if the policy language of the ProxyCertInfo extension is set to any other OID then the above.
        The certificate type is GSIConstants.EEC if the certificate is not a CA certificate or a GSI-2 or GSI-3 proxy.
        Parameters:
        crt - the TBS certificate to get the type of.
        Returns:
        the certificate type. The certificate type is determined by rules described above.
        Throws:
        java.io.IOException - if something goes wrong.
        java.security.cert.CertificateException - for proxy certificates, if the issuer DN of the certificate does not match the subject DN of the certificate without the last CN component. Also, for GSI-3 proxies when the ProxyCertInfo extension is not marked as critical.
      • getKeyUsage

        public static boolean[] getKeyUsage​(org.bouncycastle.asn1.x509.X509Extension ext)
                                     throws java.io.IOException
        Gets a boolean array representing bits of the KeyUsage extension.
        Throws:
        java.io.IOException - if failed to extract the KeyUsage extension value.
        See Also:
        X509Certificate.getKeyUsage()
      • getProxyCertInfo

        public static ProxyCertInfo getProxyCertInfo​(org.bouncycastle.asn1.x509.X509Extension ext)
                                              throws java.io.IOException
        Creates a ProxyCertInfo object from given extension.
        Parameters:
        ext - the extension.
        Returns:
        the ProxyCertInfo object.
        Throws:
        java.io.IOException - if something fails.
      • getIdentity

        public static java.lang.String getIdentity​(java.security.cert.X509Certificate cert)
        Returns the subject DN of the given certificate in the Globus format.
        Parameters:
        cert - the certificate to get the subject of. The certificate must be of X509CertificateObject type.
        Returns:
        the subject DN of the certificate in the Globus format.
      • getIdentityPrefix

        public static java.lang.String getIdentityPrefix​(java.security.cert.X509Certificate cert)
      • getIdentity

        public static java.lang.String getIdentity​(java.security.cert.X509Certificate[] chain)
                                            throws java.security.cert.CertificateException
        Finds the identity certificate in the given chain and returns the subject DN of that certificate in the Globus format.
        Parameters:
        chain - the certificate chain to find the identity certificate in. The certificates must be of X509CertificateObject type.
        Returns:
        the subject DN of the identity certificate in the Globus format.
        Throws:
        java.security.cert.CertificateException - if something goes wrong.
      • getIdentityCertificate

        public static java.security.cert.X509Certificate getIdentityCertificate​(java.security.cert.X509Certificate[] chain)
                                                                         throws java.security.cert.CertificateException
        Finds the identity certificate in the given chain. The identity certificate is the first certificate in the chain that is not an impersonation proxy (full or limited)
        Parameters:
        chain - the certificate chain to find the identity certificate in.
        Returns:
        the identity certificate.
        Throws:
        java.security.cert.CertificateException - if something goes wrong.
      • getExtensionValue

        public static byte[] getExtensionValue​(byte[] certExtValue)
                                        throws java.io.IOException
        Retrieves the actual value of the X.509 extension.
        Parameters:
        certExtValue - the DER-encoded OCTET string value of the extension.
        Returns:
        the decoded/actual value of the extension (the octets).
        Throws:
        java.io.IOException
      • getExtensionValue

        public static byte[] getExtensionValue​(java.security.cert.X509Certificate cert,
                                               java.lang.String oid)
                                        throws java.io.IOException
        Returns the actual value of the extension.
        Parameters:
        cert - the certificate that contains the extensions to retrieve.
        oid - the oid of the extension to retrieve.
        Returns:
        the actual value of the extension (not octet string encoded)
        Throws:
        java.io.IOException - if decoding the extension fails.
      • getProxyPathConstraint

        public static int getProxyPathConstraint​(java.security.cert.X509Certificate cert)
                                          throws java.io.IOException,
                                                 java.security.cert.CertificateEncodingException
        Throws:
        java.io.IOException
        java.security.cert.CertificateEncodingException
      • getProxyPathConstraint

        public static int getProxyPathConstraint​(org.bouncycastle.asn1.x509.TBSCertificateStructure crt)
                                          throws java.io.IOException
        Throws:
        java.io.IOException
      • getProxyCertInfo

        public static ProxyCertInfo getProxyCertInfo​(org.bouncycastle.asn1.x509.TBSCertificateStructure crt)
                                              throws java.io.IOException
        Throws:
        java.io.IOException