Package org.italiangrid.voms.asn1
Class VOMSACGenerator
- java.lang.Object
-
- org.italiangrid.voms.asn1.VOMSACGenerator
-
- All Implemented Interfaces:
VOMSConstants
public class VOMSACGenerator extends java.lang.Object implements VOMSConstants
A generator for VOMS Attribute Certificates (ACs).This class provides methods for creating VOMS ACs with customizable properties, including optional extensions and fake signature bits for testing purposes.
It uses BouncyCastle for cryptographic operations and supports various extensions required for VOMS attribute certificates.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
VOMSACGenerator.ACGenerationProperties
Enumeration defining various properties that can influence the generation of VOMS Attribute Certificates.(package private) static class
VOMSACGenerator.RandomContentSigner
A ContentSigner implementation that generates random signature bits.
-
Field Summary
Fields Modifier and Type Field Description private eu.emi.security.authn.x509.X509Credential
aaCredential
static java.util.EnumSet<VOMSACGenerator.ACGenerationProperties>
defaultGenerationProperties
Default generation properties (none enabled).static org.bouncycastle.asn1.ASN1ObjectIdentifier
FAKE_EXT_OID
Fake extension OID used in testing.private org.bouncycastle.operator.ContentSigner
signer
-
Fields inherited from interface org.italiangrid.voms.asn1.VOMSConstants
VOMS_CERTS_OID, VOMS_EXTENSION_OID, VOMS_FQANS_OID, VOMS_GENERIC_ATTRS_OID, VOMS_HANDLED_EXTENSIONS
-
-
Constructor Summary
Constructors Constructor Description VOMSACGenerator(eu.emi.security.authn.x509.X509Credential aaCredential)
Constructs a VOMSACGenerator with the given credential.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description private org.bouncycastle.asn1.ASN1Encodable
buildACCertsExtensionContent(java.util.EnumSet<VOMSACGenerator.ACGenerationProperties> properties)
private org.bouncycastle.asn1.x509.AuthorityKeyIdentifier
buildAuthorityKeyIdentifier()
private org.bouncycastle.asn1.ASN1Encodable
buildFQANsAttributeContent(java.util.List<java.lang.String> fqans, org.bouncycastle.asn1.x509.GeneralName policyAuthorityInfo)
private org.bouncycastle.asn1.ASN1Encodable
buildGAExtensionContent(java.util.EnumSet<VOMSACGenerator.ACGenerationProperties> properties, java.util.List<VOMSGenericAttribute> gas, org.bouncycastle.asn1.x509.GeneralName policyAuthorityInfo)
private org.bouncycastle.cert.AttributeCertificateHolder
buildHolder(java.security.cert.X509Certificate holderCert)
private org.bouncycastle.cert.AttributeCertificateIssuer
buildIssuer()
private org.bouncycastle.asn1.x509.GeneralName
buildPolicyAuthorityInfo(java.lang.String voName, java.lang.String host, int port)
private org.bouncycastle.asn1.DERSequence
buildTagSequence(VOMSGenericAttribute ga)
private org.bouncycastle.asn1.ASN1Encodable
buildTargetsExtensionContent(java.util.EnumSet<VOMSACGenerator.ACGenerationProperties> properties, java.util.List<java.lang.String> targets)
private java.lang.String
buildVOURI(java.lang.String voName, java.lang.String host, int port)
Builds a VOMS URI.org.bouncycastle.cert.X509AttributeCertificateHolder
generateVOMSAttributeCertificate(java.util.EnumSet<VOMSACGenerator.ACGenerationProperties> generationProperties, java.util.List<java.lang.String> fqans, java.util.List<VOMSGenericAttribute> gas, java.util.List<java.lang.String> targets, java.security.cert.X509Certificate holderCert, java.math.BigInteger serialNumber, java.util.Date notBefore, java.util.Date notAfter, java.lang.String voName, java.lang.String host, int port)
Generates a VOMS attribute certificate with the specified properties.org.bouncycastle.cert.X509AttributeCertificateHolder
generateVOMSAttributeCertificate(java.util.List<java.lang.String> fqans, java.util.List<VOMSGenericAttribute> gas, java.util.List<java.lang.String> targets, java.security.cert.X509Certificate holderCert, java.math.BigInteger serialNumber, java.util.Date notBefore, java.util.Date notAfter, java.lang.String voName, java.lang.String host, int port)
Generates a VOMS attribute certificate with the given properties.eu.emi.security.authn.x509.proxy.CertificateExtension
generateVOMSExtension(java.util.List<org.bouncycastle.cert.X509AttributeCertificateHolder> acs)
Generates a VOMS certificate extension.private org.bouncycastle.asn1.ASN1Encodable
getCertAsDEREncodable(java.security.cert.X509Certificate cert)
private org.bouncycastle.asn1.DEROctetString
getDEROctetString(java.lang.String s)
private org.bouncycastle.operator.ContentSigner
getSigner(java.util.EnumSet<VOMSACGenerator.ACGenerationProperties> properties)
Retrieves the appropriate ContentSigner based on the provided properties.
-
-
-
Field Detail
-
defaultGenerationProperties
public static final java.util.EnumSet<VOMSACGenerator.ACGenerationProperties> defaultGenerationProperties
Default generation properties (none enabled).
-
FAKE_EXT_OID
public static final org.bouncycastle.asn1.ASN1ObjectIdentifier FAKE_EXT_OID
Fake extension OID used in testing.
-
aaCredential
private eu.emi.security.authn.x509.X509Credential aaCredential
-
signer
private org.bouncycastle.operator.ContentSigner signer
-
-
Method Detail
-
getSigner
private org.bouncycastle.operator.ContentSigner getSigner(java.util.EnumSet<VOMSACGenerator.ACGenerationProperties> properties)
Retrieves the appropriate ContentSigner based on the provided properties.- Parameters:
properties
- the properties influencing AC generation- Returns:
- a ContentSigner instance
- Throws:
VOMSError
- if an error occurs during signer creation
-
buildVOURI
private java.lang.String buildVOURI(java.lang.String voName, java.lang.String host, int port)
Builds a VOMS URI.- Parameters:
voName
- the VO namehost
- the host nameport
- the port number- Returns:
- a formatted VOMS URI
-
buildACCertsExtensionContent
private org.bouncycastle.asn1.ASN1Encodable buildACCertsExtensionContent(java.util.EnumSet<VOMSACGenerator.ACGenerationProperties> properties)
-
buildAuthorityKeyIdentifier
private org.bouncycastle.asn1.x509.AuthorityKeyIdentifier buildAuthorityKeyIdentifier() throws java.security.cert.CertificateEncodingException, java.security.NoSuchAlgorithmException
- Throws:
java.security.cert.CertificateEncodingException
java.security.NoSuchAlgorithmException
-
buildFQANsAttributeContent
private org.bouncycastle.asn1.ASN1Encodable buildFQANsAttributeContent(java.util.List<java.lang.String> fqans, org.bouncycastle.asn1.x509.GeneralName policyAuthorityInfo)
-
buildGAExtensionContent
private org.bouncycastle.asn1.ASN1Encodable buildGAExtensionContent(java.util.EnumSet<VOMSACGenerator.ACGenerationProperties> properties, java.util.List<VOMSGenericAttribute> gas, org.bouncycastle.asn1.x509.GeneralName policyAuthorityInfo)
-
buildHolder
private org.bouncycastle.cert.AttributeCertificateHolder buildHolder(java.security.cert.X509Certificate holderCert) throws java.security.cert.CertificateEncodingException
- Throws:
java.security.cert.CertificateEncodingException
-
buildIssuer
private org.bouncycastle.cert.AttributeCertificateIssuer buildIssuer() throws java.security.cert.CertificateEncodingException
- Throws:
java.security.cert.CertificateEncodingException
-
buildPolicyAuthorityInfo
private org.bouncycastle.asn1.x509.GeneralName buildPolicyAuthorityInfo(java.lang.String voName, java.lang.String host, int port)
-
buildTagSequence
private org.bouncycastle.asn1.DERSequence buildTagSequence(VOMSGenericAttribute ga)
-
buildTargetsExtensionContent
private org.bouncycastle.asn1.ASN1Encodable buildTargetsExtensionContent(java.util.EnumSet<VOMSACGenerator.ACGenerationProperties> properties, java.util.List<java.lang.String> targets)
-
generateVOMSAttributeCertificate
public org.bouncycastle.cert.X509AttributeCertificateHolder generateVOMSAttributeCertificate(java.util.List<java.lang.String> fqans, java.util.List<VOMSGenericAttribute> gas, java.util.List<java.lang.String> targets, java.security.cert.X509Certificate holderCert, java.math.BigInteger serialNumber, java.util.Date notBefore, java.util.Date notAfter, java.lang.String voName, java.lang.String host, int port) throws VOMSError
Generates a VOMS attribute certificate with the given properties.- Parameters:
fqans
- the list of Fully Qualified Attribute Names (FQANs)gas
- the list of generic attributestargets
- the list of target restrictionsholderCert
- the X.509 certificate of the holderserialNumber
- the serial number of the ACnotBefore
- the start of the AC validity periodnotAfter
- the end of the AC validity periodvoName
- the VO namehost
- the VOMS server hostnameport
- the VOMS server port- Returns:
- the generated X.509 attribute certificate
- Throws:
VOMSError
- if certificate generation fails
-
generateVOMSAttributeCertificate
public org.bouncycastle.cert.X509AttributeCertificateHolder generateVOMSAttributeCertificate(java.util.EnumSet<VOMSACGenerator.ACGenerationProperties> generationProperties, java.util.List<java.lang.String> fqans, java.util.List<VOMSGenericAttribute> gas, java.util.List<java.lang.String> targets, java.security.cert.X509Certificate holderCert, java.math.BigInteger serialNumber, java.util.Date notBefore, java.util.Date notAfter, java.lang.String voName, java.lang.String host, int port) throws VOMSError
Generates a VOMS attribute certificate with the specified properties.- Parameters:
generationProperties
- the properties influencing AC generationfqans
- the list of Fully Qualified Attribute Names (FQANs)gas
- the list of generic attributestargets
- the list of target restrictionsholderCert
- the X.509 certificate of the holderserialNumber
- the serial number of the ACnotBefore
- the start of the AC validity periodnotAfter
- the end of the AC validity periodvoName
- the VO namehost
- the VOMS server hostnameport
- the VOMS server port- Returns:
- the generated X.509 attribute certificate
- Throws:
VOMSError
- if certificate generation fails
-
generateVOMSExtension
public eu.emi.security.authn.x509.proxy.CertificateExtension generateVOMSExtension(java.util.List<org.bouncycastle.cert.X509AttributeCertificateHolder> acs)
Generates a VOMS certificate extension.- Parameters:
acs
- the list of X.509 attribute certificates- Returns:
- the generated certificate extension
-
getCertAsDEREncodable
private org.bouncycastle.asn1.ASN1Encodable getCertAsDEREncodable(java.security.cert.X509Certificate cert)
-
getDEROctetString
private org.bouncycastle.asn1.DEROctetString getDEROctetString(java.lang.String s)
-
-