org.edg.security.delegation
Class DelegationUtil

java.lang.Object
  |
  +--org.edg.security.delegation.DelegationUtil

public class DelegationUtil
extends java.lang.Object

Utility methods used by the delegation system.


Field Summary
static java.lang.String DEFAULT_DELEGATIONID
           
static int KEYPAIR_KEYSIZE
           
static long PROXY_VALIDITY_TIME
           
 
Constructor Summary
DelegationUtil()
           
 
Method Summary
static java.lang.String chainToPem(java.security.cert.X509Certificate[] chain)
          Method encodes the certificate chain given as a parameter to PEM-String.
static DelegationRequestItem createCred(java.lang.String delegId)
          Method creates a DelegationRequestItem with a given delegation id.
static DelegationRequestItem createCred(java.lang.String delegId, java.security.cert.X509Certificate[] chain)
          Method creates a DelegationRequestItem with a given delegation id and client cert chain.
static java.lang.String createRequest(DelegationRequestItem dri)
          Creates a PEM-String from a given DelegationRequestItem.
static DelegationStorageItem createStorageItem(DelegationRequestItem dri, java.security.cert.X509Certificate[] dcc)
          Creates DelegationStorageItem from the request & delegated cert chain
static java.security.cert.X509Certificate[] generateProxy(java.lang.String certReq, java.lang.String delegationId, long proxyValidityTime, java.security.cert.X509Certificate[] chain, java.security.PrivateKey privateKey)
          Generates a new proxy from the public key in the certReq and add it to the certicate chain.
static java.security.cert.X509Certificate[] pemToChain(java.lang.String pem)
           
static java.security.cert.X509Certificate signCert(java.security.PublicKey publicKey, java.lang.String subjectDN, java.lang.String issuerDN, long validityTime, java.math.BigInteger serial, java.security.PrivateKey privateKey)
          Signs the request given in the parameters with the credentials and data found from the parameters too.
static java.security.cert.X509Certificate signCert(java.lang.String certReqString, java.lang.String subjectDN, java.lang.String issuerDN, long validityTime, java.math.BigInteger serial, java.security.PrivateKey privateKey)
          Signs the request given in the parameters with the credentials and data found from the parameters too.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

KEYPAIR_KEYSIZE

public static final int KEYPAIR_KEYSIZE
See Also:
Constant Field Values

PROXY_VALIDITY_TIME

public static final long PROXY_VALIDITY_TIME
See Also:
Constant Field Values

DEFAULT_DELEGATIONID

public static final java.lang.String DEFAULT_DELEGATIONID
See Also:
Constant Field Values
Constructor Detail

DelegationUtil

public DelegationUtil()
Method Detail

chainToPem

public static java.lang.String chainToPem(java.security.cert.X509Certificate[] chain)
Method encodes the certificate chain given as a parameter to PEM-String.

Parameters:
chain - the certificate chain to be encoded
Returns:
PEM-encoded chain

pemToChain

public static java.security.cert.X509Certificate[] pemToChain(java.lang.String pem)

createCred

public static DelegationRequestItem createCred(java.lang.String delegId)
Method creates a DelegationRequestItem with a given delegation id.

Parameters:
delegId - delegation id for the request
Returns:
request item

createCred

public static DelegationRequestItem createCred(java.lang.String delegId,
                                               java.security.cert.X509Certificate[] chain)
Method creates a DelegationRequestItem with a given delegation id and client cert chain.

Parameters:
delegId - delegation id for the request
chain - the client cert chain for the request
Returns:
request item

createRequest

public static java.lang.String createRequest(DelegationRequestItem dri)
Creates a PEM-String from a given DelegationRequestItem.

Parameters:
dri - the request item
Returns:
Base64-encoded CertificationRequest

signCert

public static java.security.cert.X509Certificate signCert(java.lang.String certReqString,
                                                          java.lang.String subjectDN,
                                                          java.lang.String issuerDN,
                                                          long validityTime,
                                                          java.math.BigInteger serial,
                                                          java.security.PrivateKey privateKey)
Signs the request given in the parameters with the credentials and data found from the parameters too.

Parameters:
subjectDN - Subject DN for the new certificate.
issuerDN - Issuer DN for the new certificate.
validityTime - How long (from this point) the cert is valid.
serial - Serial number for the new certificate.
privateKey - Private key used for signing the new certificate.
Returns:
the new X.509v3 certificate

signCert

public static java.security.cert.X509Certificate signCert(java.security.PublicKey publicKey,
                                                          java.lang.String subjectDN,
                                                          java.lang.String issuerDN,
                                                          long validityTime,
                                                          java.math.BigInteger serial,
                                                          java.security.PrivateKey privateKey)
Signs the request given in the parameters with the credentials and data found from the parameters too.

Parameters:
publicKey - the public key for the new certificate
subjectDN - Subject DN for the new certificate.
issuerDN - Issuer DN for the new certificate.
validityTime - How long the certificate is valid (from now on).
serial - Serial number for the new certificate.
privateKey - Private key used for signing the new certiifcate.
Returns:
the new X.509v3 certificate.

generateProxy

public static java.security.cert.X509Certificate[] generateProxy(java.lang.String certReq,
                                                                 java.lang.String delegationId,
                                                                 long proxyValidityTime,
                                                                 java.security.cert.X509Certificate[] chain,
                                                                 java.security.PrivateKey privateKey)
Generates a new proxy from the public key in the certReq and add it to the certicate chain.

Parameters:
certReq - contains the public key to sign
delegationId - delegation id to be added to the subject
proxyValidityTime - validity time from now on in milliseconds
chain - the certificate chain to which the proxy will be added
privateKey - key for signing the proxy

createStorageItem

public static DelegationStorageItem createStorageItem(DelegationRequestItem dri,
                                                      java.security.cert.X509Certificate[] dcc)
Creates DelegationStorageItem from the request & delegated cert chain

Parameters:
dri - the request item
dcc - delegated cert chain
Returns:
the storage item