use of org.globus.gsi.bc.BouncyCastleCertProcessingFactory in project OA4MP by ncsa.
the class JGlobusUtil method createProxyCertificate.
public static X509Certificate createProxyCertificate(X509Certificate baseCert, PrivateKey generatedPrivateKey, PublicKey publicKey, int certLifetimeInSeconds) {
// Sign a cert req from OAuth client using a cert obtained from MyProxy server
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
ProxyPolicy policy = new ProxyPolicy(ProxyPolicy.LIMITED);
ProxyCertInfo proxyCertInfo = new ProxyCertInfo(policy);
X509ExtensionSet extSet = new X509ExtensionSet();
extSet.add(new ProxyCertInfoExtension(proxyCertInfo));
BouncyCastleCertProcessingFactory factory = BouncyCastleCertProcessingFactory.getDefault();
try {
// add the cert afterwards so there is no issue with modifying the list early.
X509Certificate x = factory.createProxyCertificate(baseCert, generatedPrivateKey, publicKey, certLifetimeInSeconds, GSI_4_LIMITED_PROXY, extSet, null);
return x;
} catch (GeneralSecurityException e) {
String errMsg = "3.c. Error: signing a limited proxy credential: " + e.getMessage();
// throw it.
throw new GeneralException(errMsg, e);
}
}
Aggregations