Class BouncyCastleUtil

java.lang.Object
org.globus.gsi.bc.BouncyCastleUtil

public class BouncyCastleUtil extends Object
A collection of various utility functions.
  • Constructor Details

    • BouncyCastleUtil

      public BouncyCastleUtil()
  • Method Details

    • toByteArray

      public static byte[] toByteArray(org.bouncycastle.asn1.ASN1Primitive obj) throws IOException
      Converts given DERObject into a DER-encoded byte array.
      Parameters:
      obj - DERObject to convert.
      Returns:
      the DER-encoded byte array
      Throws:
      IOException - if conversion fails
    • toASN1Primitive

      public static org.bouncycastle.asn1.ASN1Primitive toASN1Primitive(byte[] data) throws IOException
      Converts the DER-encoded byte array into a DERObject.
      Parameters:
      data - the DER-encoded byte array to convert.
      Returns:
      the DERObject.
      Throws:
      IOException - if conversion fails
    • duplicate

      public static org.bouncycastle.asn1.ASN1Primitive duplicate(org.bouncycastle.asn1.ASN1Primitive obj) throws IOException
      Replicates a given DERObject.
      Parameters:
      obj - the DERObject to replicate.
      Returns:
      a copy of the DERObject.
      Throws:
      IOException - if replication fails
    • getTBSCertificateStructure

      public static org.bouncycastle.asn1.x509.TBSCertificateStructure getTBSCertificateStructure(X509Certificate cert) throws CertificateEncodingException, IOException
      Extracts the TBS certificate from the given certificate.
      Parameters:
      cert - the X.509 certificate to extract the TBS certificate from.
      Returns:
      the TBS certificate
      Throws:
      IOException - if extraction fails.
      CertificateEncodingException - if extraction fails.
    • getExtensionObject

      public static org.bouncycastle.asn1.ASN1Primitive getExtensionObject(org.bouncycastle.asn1.x509.X509Extension ext) throws IOException
      Extracts the value of a certificate extension.
      Parameters:
      ext - the certificate extension to extract the value from.
      Throws:
      IOException - if extraction fails.
    • getCertificateType

      public static GSIConstants.CertificateType getCertificateType(X509Certificate cert, TrustedCertificates trustedCerts) throws CertificateException
      Deprecated.
      Returns certificate type of the given certificate. Please see getCertificateType for details for determining the certificate type.
      Parameters:
      cert - the certificate to get the type of.
      trustedCerts - the trusted certificates to double check the GSIConstants.EEC certificate against.
      Returns:
      the certificate type as determined by getCertificateType.
      Throws:
      CertificateException - if something goes wrong.
    • getCertificateType

      public static GSIConstants.CertificateType getCertificateType(X509Certificate cert, CertStore trustedCerts) throws CertificateException
      Returns the certificate type of the given certificate. Please see getCertificateType for details for determining the certificate type.
      Parameters:
      cert - the certificate to get the type of.
      trustedCerts - the trusted certificates to double check the GSIConstants.EEC certificate against.
      Returns:
      the certificate type as determined by getCertificateType.
      Throws:
      CertificateException - if something goes wrong.
    • getCertificateType

      public static GSIConstants.CertificateType getCertificateType(X509Certificate cert) throws CertificateException
      Returns certificate type of the given certificate. Please see getCertificateType for details for determining the certificate type.
      Parameters:
      cert - the certificate to get the type of.
      Returns:
      the certificate type as determined by getCertificateType.
      Throws:
      CertificateException - if something goes wrong.
    • getCertificateType

      public static GSIConstants.CertificateType getCertificateType(org.bouncycastle.asn1.x509.TBSCertificateStructure crt, TrustedCertificates trustedCerts) throws CertificateException, IOException
      Throws:
      CertificateException
      IOException
    • getKeyUsage

      public static boolean[] getKeyUsage(org.bouncycastle.asn1.x509.X509Extension ext) throws IOException
      Gets a boolean array representing bits of the KeyUsage extension.
      Throws:
      IOException - if failed to extract the KeyUsage extension value.
      See Also:
    • getProxyCertInfo

      public static ProxyCertInfo getProxyCertInfo(org.bouncycastle.asn1.x509.X509Extension ext) throws IOException
      Creates a ProxyCertInfo object from given extension.
      Parameters:
      ext - the extension.
      Returns:
      the ProxyCertInfo object.
      Throws:
      IOException - if something fails.
    • getIdentity

      public static String getIdentity(X509Certificate cert)
      Returns the subject DN of the given certificate in the Globus format.
      Parameters:
      cert - the certificate to get the subject of. The certificate must be of X509CertificateObject type.
      Returns:
      the subject DN of the certificate in the Globus format.
    • getIdentityPrefix

      public static String getIdentityPrefix(X509Certificate cert)
    • getIdentity

      public static String getIdentity(X509Certificate[] chain) throws CertificateException
      Finds the identity certificate in the given chain and returns the subject DN of that certificate in the Globus format.
      Parameters:
      chain - the certificate chain to find the identity certificate in. The certificates must be of X509CertificateObject type.
      Returns:
      the subject DN of the identity certificate in the Globus format.
      Throws:
      CertificateException - if something goes wrong.
    • getIdentityCertificate

      public static X509Certificate getIdentityCertificate(X509Certificate[] chain) throws CertificateException
      Finds the identity certificate in the given chain. The identity certificate is the first certificate in the chain that is not an impersonation proxy (full or limited)
      Parameters:
      chain - the certificate chain to find the identity certificate in.
      Returns:
      the identity certificate.
      Throws:
      CertificateException - if something goes wrong.
    • getExtensionValue

      public static byte[] getExtensionValue(byte[] certExtValue) throws IOException
      Retrieves the actual value of the X.509 extension.
      Parameters:
      certExtValue - the DER-encoded OCTET string value of the extension.
      Returns:
      the decoded/actual value of the extension (the octets).
      Throws:
      IOException
    • getExtensionValue

      public static byte[] getExtensionValue(X509Certificate cert, String oid) throws IOException
      Returns the actual value of the extension.
      Parameters:
      cert - the certificate that contains the extensions to retrieve.
      oid - the oid of the extension to retrieve.
      Returns:
      the actual value of the extension (not octet string encoded)
      Throws:
      IOException - if decoding the extension fails.
    • getProxyPathConstraint

      public static int getProxyPathConstraint(X509Certificate cert) throws IOException, CertificateEncodingException
      Throws:
      IOException
      CertificateEncodingException
    • getProxyPathConstraint

      public static int getProxyPathConstraint(org.bouncycastle.asn1.x509.TBSCertificateStructure crt) throws IOException
      Throws:
      IOException
    • getProxyCertInfo

      public static ProxyCertInfo getProxyCertInfo(org.bouncycastle.asn1.x509.TBSCertificateStructure crt) throws IOException
      Throws:
      IOException