Class ProxyGeneratorHelper


  • public class ProxyGeneratorHelper
    extends java.lang.Object
    Actual implementation of the Proxy generation. The object is for one use only, i.e. it should not be reused to generate first certificate. It is strongly suggested to use ProxyGenerator.
    • Field Detail

      • proxyPublicKeyInfo

        private org.bouncycastle.asn1.x509.SubjectPublicKeyInfo proxyPublicKeyInfo
      • proxyPrivateKey

        private transient java.security.PrivateKey proxyPrivateKey
      • proxy

        private java.security.cert.X509Certificate proxy
    • Constructor Detail

      • ProxyGeneratorHelper

        public ProxyGeneratorHelper()
    • Method Detail

      • generate

        public ProxyCertificate generate​(ProxyCertificateOptions param,
                                         java.security.PrivateKey privateKey)
                                  throws java.security.InvalidKeyException,
                                         java.security.SignatureException,
                                         java.security.NoSuchAlgorithmException,
                                         java.security.cert.CertificateParsingException,
                                         java.io.IOException
        Generate the proxy certificate object from the local certificate.
        Parameters:
        param - proxy parameters
        privateKey - key to sign the proxy
        Returns:
        a newly created proxy certificate, wrapped together with a private key if it was also generated.
        Throws:
        java.security.InvalidKeyException - invalid key exception
        java.security.SignatureException - signature exception
        java.security.NoSuchAlgorithmException - no such algorithm exception
        java.security.cert.CertificateParsingException - certificate parsing exception
        java.io.IOException - IO exception
      • generate

        public java.security.cert.X509Certificate[] generate​(ProxyRequestOptions param,
                                                             java.security.PrivateKey privateKey)
                                                      throws java.security.InvalidKeyException,
                                                             java.security.SignatureException,
                                                             java.security.NoSuchAlgorithmException,
                                                             java.security.cert.CertificateParsingException,
                                                             java.io.IOException
        Generate the proxy certificate object from the received Certificate Signing Request.
        Parameters:
        param - proxy parameters
        privateKey - key to sign the proxy
        Returns:
        chain with the new proxy on the first position
        Throws:
        java.security.InvalidKeyException - invalid key exception
        java.security.SignatureException - signature exception
        java.security.NoSuchAlgorithmException - no such algorithm exception
        java.security.cert.CertificateParsingException - certificate encoding exception
        java.io.IOException - IO exception
      • generateCommon

        private ProxyCertificate generateCommon​(BaseProxyCertificateOptions param,
                                                java.security.PrivateKey privateKey)
                                         throws java.security.InvalidKeyException,
                                                java.security.SignatureException,
                                                java.security.NoSuchAlgorithmException,
                                                java.security.cert.CertificateParsingException,
                                                java.io.IOException
        Throws:
        java.security.InvalidKeyException
        java.security.SignatureException
        java.security.NoSuchAlgorithmException
        java.security.cert.CertificateParsingException
        java.io.IOException
      • establishKeys

        private void establishKeys​(ProxyCertificateOptions param)
                            throws java.security.InvalidKeyException
        Throws:
        java.security.InvalidKeyException
      • setupCertBuilder

        private void setupCertBuilder​(BaseProxyCertificateOptions param)
                               throws java.security.InvalidKeyException
        Throws:
        java.security.InvalidKeyException
      • getChainKeyUsage

        public static java.lang.Integer getChainKeyUsage​(java.security.cert.X509Certificate[] chain)
        If the input chain has no KeyUsage extension null is returned. If at least one certificate in the chain has the Key Usage extension then a KeyUsage is returned which contains bitwise AND of KeyUsage flags from all certificates. The CA certificates are ignored in the computation.
        Parameters:
        chain - certificate chain
        Returns:
        chain key usage
      • addExtensions

        private void addExtensions​(BaseProxyCertificateOptions param)
                            throws java.io.IOException
        Throws:
        java.io.IOException
      • buildCertificate

        private void buildCertificate​(java.security.cert.X509Certificate issuingCert,
                                      java.security.PrivateKey privateKey)
                               throws java.security.cert.CertificateParsingException,
                                      java.security.InvalidKeyException,
                                      java.security.NoSuchProviderException,
                                      java.security.NoSuchAlgorithmException,
                                      java.security.SignatureException,
                                      java.io.IOException
        Throws:
        java.security.cert.CertificateParsingException
        java.security.InvalidKeyException
        java.security.NoSuchProviderException
        java.security.NoSuchAlgorithmException
        java.security.SignatureException
        java.io.IOException
      • wrapResult

        private ProxyCertificate wrapResult​(java.security.cert.X509Certificate[] originalChain)
                                     throws java.security.InvalidKeyException
        Throws:
        java.security.InvalidKeyException
      • establishSerial

        public static java.math.BigInteger establishSerial​(BaseProxyCertificateOptions param)
        For LEGACY proxies returns the serial from the issuing certificate. For the Draft/rfc proxies returns the manually set serial, or generateas a random one if not set.
        Parameters:
        param - proxy certificate options
        Returns:
        serial number
      • generateDN

        public static org.bouncycastle.asn1.x500.X500Name generateDN​(javax.security.auth.x500.X500Principal parentSubject,
                                                                     ProxyType type,
                                                                     boolean limited,
                                                                     java.math.BigInteger serial)
        Generate a correct DN for the proxy, depending on its type.
        Parameters:
        parentSubject - parent subject
        type - proxy type
        limited - true if limited proxy
        serial - serial number
        Returns:
        generated proxy DN
      • generateKeyPair

        public static java.security.KeyPair generateKeyPair​(int len)