Package org.globus.gsi
Class X509Credential
- java.lang.Object
-
- org.globus.gsi.X509Credential
-
- All Implemented Interfaces:
java.io.Serializable
public class X509Credential extends java.lang.Object implements java.io.Serializable
FILL METhis class equivalent was called GlobusCredential in CoG -maybe a better name?
- See Also:
- Serialized Form
-
-
Field Summary
Fields Modifier and Type Field Description static int
BUFFER_SIZE
private java.security.cert.X509Certificate[]
certChain
private static java.io.File
credentialFile
private static long
credentialLastModified
private static boolean
credentialSet
private static X509Credential
defaultCred
private static org.apache.commons.logging.Log
logger
private OpenSSLKey
opensslKey
private static long
serialVersionUID
-
Constructor Summary
Constructors Constructor Description X509Credential(java.io.InputStream input)
X509Credential(java.io.InputStream certInputStream, java.io.InputStream keyInputStream)
X509Credential(java.lang.String proxyFile)
X509Credential(java.lang.String certFile, java.lang.String keyFile)
X509Credential(java.security.PrivateKey initKey, java.security.cert.X509Certificate[] initCertChain)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
equals(java.lang.Object object)
java.security.cert.X509Certificate[]
getCertificateChain()
int
getCertNum()
Returns the number of certificates in the credential without the self-signed certificates.private static byte[]
getDecodedPEMObject(java.io.BufferedReader reader)
Reads Base64 encoded data from the stream and returns its decoded value.static X509Credential
getDefaultCredential()
Returns the default credential.java.lang.String
getIdentity()
Returns the identity of this credential.java.security.cert.X509Certificate
getIdentityCertificate()
Returns the identity certificate of this credential.java.lang.String
getIssuer()
Returns the issuer DN of the first certificate in the chain.java.util.Date
getNotBefore()
int
getPathConstraint()
Returns the path length constraint.java.security.PrivateKey
getPrivateKey()
java.security.PrivateKey
getPrivateKey(java.lang.String password)
GSIConstants.CertificateType
getProxyType()
Returns the certificate type of the first certificate in the chain.int
getStrength()
Returns strength of the private/public key in bits.int
getStrength(java.lang.String password)
Returns strength of the private/public key in bits.java.lang.String
getSubject()
Returns the subject DN of the first certificate in the chain.long
getTimeLeft()
Returns time left of this credential.int
hashCode()
boolean
isEncryptedKey()
protected void
load(java.io.InputStream input)
protected void
loadCertificate(java.io.InputStream input)
protected void
loadKey(java.io.InputStream input)
private static void
reloadDefaultCredential()
void
save(java.io.OutputStream out)
void
saveCertificateChain(java.io.OutputStream out)
void
saveKey(java.io.OutputStream out)
static void
setDefaultCredential(X509Credential cred)
Sets default credential.java.lang.String
toString()
private void
validateCredential()
void
verify()
Verifies the validity of the credentials.void
writeToFile(java.io.File file)
void
writeToFile(java.io.File certFile, java.io.File keyFile)
-
-
-
Field Detail
-
serialVersionUID
private static final long serialVersionUID
- See Also:
- Constant Field Values
-
BUFFER_SIZE
public static final int BUFFER_SIZE
- See Also:
- Constant Field Values
-
logger
private static org.apache.commons.logging.Log logger
-
opensslKey
private OpenSSLKey opensslKey
-
certChain
private java.security.cert.X509Certificate[] certChain
-
defaultCred
private static X509Credential defaultCred
-
credentialLastModified
private static long credentialLastModified
-
credentialSet
private static boolean credentialSet
-
credentialFile
private static java.io.File credentialFile
-
-
Constructor Detail
-
X509Credential
public X509Credential(java.security.PrivateKey initKey, java.security.cert.X509Certificate[] initCertChain)
-
X509Credential
public X509Credential(java.io.InputStream certInputStream, java.io.InputStream keyInputStream) throws CredentialException
- Throws:
CredentialException
-
X509Credential
public X509Credential(java.lang.String certFile, java.lang.String keyFile) throws CredentialException, java.io.IOException
- Throws:
CredentialException
java.io.IOException
-
X509Credential
public X509Credential(java.lang.String proxyFile) throws CredentialException
- Throws:
CredentialException
-
X509Credential
public X509Credential(java.io.InputStream input) throws CredentialException
- Throws:
CredentialException
-
-
Method Detail
-
getCertificateChain
public java.security.cert.X509Certificate[] getCertificateChain()
-
getPrivateKey
public java.security.PrivateKey getPrivateKey() throws CredentialException
- Throws:
CredentialException
-
getPrivateKey
public java.security.PrivateKey getPrivateKey(java.lang.String password) throws CredentialException
- Throws:
CredentialException
-
isEncryptedKey
public boolean isEncryptedKey()
-
getDecodedPEMObject
private static byte[] getDecodedPEMObject(java.io.BufferedReader reader) throws java.io.IOException
Reads Base64 encoded data from the stream and returns its decoded value. The reading continues until the "END" string is found in the data. Otherwise, returns null.- Throws:
java.io.IOException
-
saveKey
public void saveKey(java.io.OutputStream out) throws java.io.IOException
- Throws:
java.io.IOException
-
saveCertificateChain
public void saveCertificateChain(java.io.OutputStream out) throws java.io.IOException, java.security.cert.CertificateEncodingException
- Throws:
java.io.IOException
java.security.cert.CertificateEncodingException
-
save
public void save(java.io.OutputStream out) throws java.io.IOException, java.security.cert.CertificateEncodingException
- Throws:
java.io.IOException
java.security.cert.CertificateEncodingException
-
writeToFile
public void writeToFile(java.io.File file) throws java.io.IOException, java.security.cert.CertificateEncodingException
- Throws:
java.io.IOException
java.security.cert.CertificateEncodingException
-
writeToFile
public void writeToFile(java.io.File certFile, java.io.File keyFile) throws java.io.IOException, java.security.cert.CertificateEncodingException
- Throws:
java.io.IOException
java.security.cert.CertificateEncodingException
-
getNotBefore
public java.util.Date getNotBefore()
-
getCertNum
public int getCertNum()
Returns the number of certificates in the credential without the self-signed certificates.- Returns:
- number of certificates without counting self-signed certificates
-
getStrength
public int getStrength() throws CredentialException
Returns strength of the private/public key in bits.- Returns:
- strength of the key in bits. Returns -1 if unable to determine it.
- Throws:
CredentialException
-
getStrength
public int getStrength(java.lang.String password) throws CredentialException
Returns strength of the private/public key in bits.- Returns:
- strength of the key in bits. Returns -1 if unable to determine it.
- Throws:
CredentialException
-
getSubject
public java.lang.String getSubject()
Returns the subject DN of the first certificate in the chain.- Returns:
- subject DN.
-
getIssuer
public java.lang.String getIssuer()
Returns the issuer DN of the first certificate in the chain.- Returns:
- issuer DN.
-
getProxyType
public GSIConstants.CertificateType getProxyType()
Returns the certificate type of the first certificate in the chain. Returns -1 if unable to determine the certificate type (an error occurred)- Returns:
- the type of first certificate in the chain. -1 if unable to determine the certificate type.
- See Also:
BouncyCastleUtil.getCertificateType(X509Certificate)
-
getTimeLeft
public long getTimeLeft()
Returns time left of this credential. The time left of the credential is based on the certificate with the shortest validity time.- Returns:
- time left in seconds. Returns 0 if the certificate has expired.
-
getIdentity
public java.lang.String getIdentity()
Returns the identity of this credential.- Returns:
- The identity cert in Globus format (e.g. /C=US/..). Null, if unable to get the identity (an error occurred)
- See Also:
getIdentityCertificate()
-
getIdentityCertificate
public java.security.cert.X509Certificate getIdentityCertificate()
Returns the identity certificate of this credential. The identity certificate is the first certificate in the chain that is not an impersonation proxy certificate.- Returns:
X509Certificate
the identity cert. Null, if unable to get the identity certificate (an error occurred)
-
getPathConstraint
public int getPathConstraint()
Returns the path length constraint. The shortest length in the chain of certificates is returned as the credential's path length.- Returns:
- The path length constraint of the credential. -1 is any error occurs.
-
verify
public void verify() throws CredentialException
Verifies the validity of the credentials. All certificate path validation is performed using trusted certificates in default locations.- Throws:
CredentialException
- if one of the certificates in the chain expired or if path validiation fails.
-
getDefaultCredential
public static X509Credential getDefaultCredential() throws CredentialException
Returns the default credential. The default credential is usually the user proxy certificate.
The credential will be loaded on the initial call. It must not be expired. All subsequent calls to this function return cached credential object. Once the credential is cached, and the underlying file changes, the credential will be reloaded.- Returns:
- the default credential.
- Throws:
CredentialException
- if the credential expired or some other error with the credential.
-
reloadDefaultCredential
private static void reloadDefaultCredential() throws CredentialException
- Throws:
CredentialException
-
setDefaultCredential
public static void setDefaultCredential(X509Credential cred)
Sets default credential.- Parameters:
cred
- the credential to set a default.
-
toString
public java.lang.String toString()
- Overrides:
toString
in classjava.lang.Object
-
load
protected void load(java.io.InputStream input) throws CredentialException
- Throws:
CredentialException
-
loadCertificate
protected void loadCertificate(java.io.InputStream input) throws CredentialException
- Throws:
CredentialException
-
loadKey
protected void loadKey(java.io.InputStream input) throws CredentialException
- Throws:
CredentialException
-
validateCredential
private void validateCredential() throws CredentialException
- Throws:
CredentialException
-
equals
public boolean equals(java.lang.Object object)
- Overrides:
equals
in classjava.lang.Object
-
hashCode
public int hashCode()
- Overrides:
hashCode
in classjava.lang.Object
-
-