Package org.italiangrid.voms.asn1

Class VOMSACGenerator

  • All Implemented Interfaces:
    VOMSConstants
    public class VOMSACGenerator
extends java.lang.Object
implements VOMSConstants
    A generator for VOMS Attribute Certificates (ACs).

    This class provides methods for creating VOMS ACs with customizable properties, including optional extensions and fake signature bits for testing purposes.

    It uses BouncyCastle for cryptographic operations and supports various extensions required for VOMS attribute certificates.

    • Field Detail

      • FAKE_EXT_OID

        public static final org.bouncycastle.asn1.ASN1ObjectIdentifier FAKE_EXT_OID
        Fake extension OID used in testing.

      • aaCredential

        private eu.emi.security.authn.x509.X509Credential aaCredential

      • signer

        private org.bouncycastle.operator.ContentSigner signer

    • Constructor Detail

      • VOMSACGenerator

        public VOMSACGenerator​(eu.emi.security.authn.x509.X509Credential aaCredential)
        Constructs a VOMSACGenerator with the given credential.
        Parameters:
        aaCredential - the attribute authority credential

    • Method Detail

      • getSigner

        private org.bouncycastle.operator.ContentSigner getSigner​(java.util.EnumSet<VOMSACGenerator.ACGenerationProperties> properties)
        Retrieves the appropriate ContentSigner based on the provided properties.
        Parameters:
        properties - the properties influencing AC generation
        Returns:
        a ContentSigner instance
        Throws:
        VOMSError - if an error occurs during signer creation

      • buildVOURI

        private java.lang.String buildVOURI​(java.lang.String voName,
                                    java.lang.String host,
                                    int port)
        Builds a VOMS URI.
        Parameters:
        voName - the VO name
        host - the host name
        port - the port number
        Returns:
        a formatted VOMS URI

      • buildAuthorityKeyIdentifier

        private org.bouncycastle.asn1.x509.AuthorityKeyIdentifier buildAuthorityKeyIdentifier()
                                                                               throws java.security.cert.CertificateEncodingException,
                                                                                      java.security.NoSuchAlgorithmException
        Throws:
        java.security.cert.CertificateEncodingException
        java.security.NoSuchAlgorithmException

      • buildFQANsAttributeContent

        private org.bouncycastle.asn1.ASN1Encodable buildFQANsAttributeContent​(java.util.List<java.lang.String> fqans,
                                                                       org.bouncycastle.asn1.x509.GeneralName policyAuthorityInfo)

      • buildHolder

        private org.bouncycastle.cert.AttributeCertificateHolder buildHolder​(java.security.cert.X509Certificate holderCert)
                                                              throws java.security.cert.CertificateEncodingException
        Throws:
        java.security.cert.CertificateEncodingException

      • buildIssuer

        private org.bouncycastle.cert.AttributeCertificateIssuer buildIssuer()
                                                              throws java.security.cert.CertificateEncodingException
        Throws:
        java.security.cert.CertificateEncodingException

      • buildPolicyAuthorityInfo

        private org.bouncycastle.asn1.x509.GeneralName buildPolicyAuthorityInfo​(java.lang.String voName,
                                                                        java.lang.String host,
                                                                        int port)

      • buildTagSequence

        private org.bouncycastle.asn1.DERSequence buildTagSequence​(VOMSGenericAttribute ga)

      • buildTargetsExtensionContent

        private org.bouncycastle.asn1.ASN1Encodable buildTargetsExtensionContent​(java.util.EnumSet<VOMSACGenerator.ACGenerationProperties> properties,
                                                                         java.util.List<java.lang.String> targets)

      • generateVOMSAttributeCertificate

        public org.bouncycastle.cert.X509AttributeCertificateHolder generateVOMSAttributeCertificate​(java.util.List<java.lang.String> fqans,
                                                                                             java.util.List<VOMSGenericAttribute> gas,
                                                                                             java.util.List<java.lang.String> targets,
                                                                                             java.security.cert.X509Certificate holderCert,
                                                                                             java.math.BigInteger serialNumber,
                                                                                             java.util.Date notBefore,
                                                                                             java.util.Date notAfter,
                                                                                             java.lang.String voName,
                                                                                             java.lang.String host,
                                                                                             int port)
                                                                                      throws VOMSError
        Generates a VOMS attribute certificate with the given properties.
        Parameters:
        fqans - the list of Fully Qualified Attribute Names (FQANs)
        gas - the list of generic attributes
        targets - the list of target restrictions
        holderCert - the X.509 certificate of the holder
        serialNumber - the serial number of the AC
        notBefore - the start of the AC validity period
        notAfter - the end of the AC validity period
        voName - the VO name
        host - the VOMS server hostname
        port - the VOMS server port
        Returns:
        the generated X.509 attribute certificate
        Throws:
        VOMSError - if certificate generation fails

      • generateVOMSAttributeCertificate

        public org.bouncycastle.cert.X509AttributeCertificateHolder generateVOMSAttributeCertificate​(java.util.EnumSet<VOMSACGenerator.ACGenerationProperties> generationProperties,
                                                                                             java.util.List<java.lang.String> fqans,
                                                                                             java.util.List<VOMSGenericAttribute> gas,
                                                                                             java.util.List<java.lang.String> targets,
                                                                                             java.security.cert.X509Certificate holderCert,
                                                                                             java.math.BigInteger serialNumber,
                                                                                             java.util.Date notBefore,
                                                                                             java.util.Date notAfter,
                                                                                             java.lang.String voName,
                                                                                             java.lang.String host,
                                                                                             int port)
                                                                                      throws VOMSError
        Generates a VOMS attribute certificate with the specified properties.
        Parameters:
        generationProperties - the properties influencing AC generation
        fqans - the list of Fully Qualified Attribute Names (FQANs)
        gas - the list of generic attributes
        targets - the list of target restrictions
        holderCert - the X.509 certificate of the holder
        serialNumber - the serial number of the AC
        notBefore - the start of the AC validity period
        notAfter - the end of the AC validity period
        voName - the VO name
        host - the VOMS server hostname
        port - the VOMS server port
        Returns:
        the generated X.509 attribute certificate
        Throws:
        VOMSError - if certificate generation fails

      • generateVOMSExtension

        public eu.emi.security.authn.x509.proxy.CertificateExtension generateVOMSExtension​(java.util.List<org.bouncycastle.cert.X509AttributeCertificateHolder> acs)
        Generates a VOMS certificate extension.
        Parameters:
        acs - the list of X.509 attribute certificates
        Returns:
        the generated certificate extension

      • getCertAsDEREncodable

        private org.bouncycastle.asn1.ASN1Encodable getCertAsDEREncodable​(java.security.cert.X509Certificate cert)

      • getDEROctetString

        private org.bouncycastle.asn1.DEROctetString getDEROctetString​(java.lang.String s)