Search in sources :

Example 1 with ProxyCertInfo

use of org.globus.gsi.proxy.ext.ProxyCertInfo in project OA4MP by ncsa.

the class JGlobusUtil method createProxyCertificate.

public static X509Certificate createProxyCertificate(X509Certificate baseCert, PrivateKey generatedPrivateKey, PublicKey publicKey, int certLifetimeInSeconds) {
    // Sign a cert req from OAuth client using a cert obtained from MyProxy server
    Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
    ProxyPolicy policy = new ProxyPolicy(ProxyPolicy.LIMITED);
    ProxyCertInfo proxyCertInfo = new ProxyCertInfo(policy);
    X509ExtensionSet extSet = new X509ExtensionSet();
    extSet.add(new ProxyCertInfoExtension(proxyCertInfo));
    BouncyCastleCertProcessingFactory factory = BouncyCastleCertProcessingFactory.getDefault();
    try {
        // add the cert afterwards so there is no issue with modifying the list early.
        X509Certificate x = factory.createProxyCertificate(baseCert, generatedPrivateKey, publicKey, certLifetimeInSeconds, GSI_4_LIMITED_PROXY, extSet, null);
        return x;
    } catch (GeneralSecurityException e) {
        String errMsg = "3.c. Error: signing a limited proxy credential: " + e.getMessage();
        // throw it.
        throw new GeneralException(errMsg, e);
    }
}
Also used : X509ExtensionSet(org.globus.gsi.X509ExtensionSet) GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException) GeneralSecurityException(java.security.GeneralSecurityException) ProxyPolicy(org.globus.gsi.proxy.ext.ProxyPolicy) ProxyCertInfoExtension(org.globus.gsi.proxy.ext.ProxyCertInfoExtension) BouncyCastleCertProcessingFactory(org.globus.gsi.bc.BouncyCastleCertProcessingFactory) ProxyCertInfo(org.globus.gsi.proxy.ext.ProxyCertInfo) X509Certificate(java.security.cert.X509Certificate)

Aggregations

GeneralException (edu.uiuc.ncsa.security.core.exceptions.GeneralException)1 GeneralSecurityException (java.security.GeneralSecurityException)1 X509Certificate (java.security.cert.X509Certificate)1 X509ExtensionSet (org.globus.gsi.X509ExtensionSet)1 BouncyCastleCertProcessingFactory (org.globus.gsi.bc.BouncyCastleCertProcessingFactory)1 ProxyCertInfo (org.globus.gsi.proxy.ext.ProxyCertInfo)1 ProxyCertInfoExtension (org.globus.gsi.proxy.ext.ProxyCertInfoExtension)1 ProxyPolicy (org.globus.gsi.proxy.ext.ProxyPolicy)1