public class CertUtil
extends java.lang.Object
Modifier and Type | Class and Description |
---|---|
static class |
CertUtil.GroupChain
A chain of subgroups, whose head is the super-most group.
|
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
GROUP_OID
OID for the group membership attribute for X.509 V2 Attribute Certificates
|
static java.lang.String |
MEMBER_CERT_TYPE_PREFIX
Prefix of handle value types indicating group membership; append the group handle
|
static java.lang.String |
SUBGROUP_CERT_TYPE_PREFIX
Prefix of handle value types indicating subgrouping; append the supergroup handle
|
Constructor and Description |
---|
CertUtil() |
Modifier and Type | Method and Description |
---|---|
static java.util.List<CertUtil.GroupChain> |
allGroups(net.handle.hdllib.HandleResolver resolver,
java.lang.String memberHandle)
Return all groups to which memberHandle belongs, together with their subgroup chains.
|
static java.util.List<CertUtil.GroupChain> |
allGroups(net.handle.hdllib.HandleResolver resolver,
java.lang.String memberHandle,
java.util.List<java.lang.String> initialGroups)
Return all groups to which memberHandle belongs via one of the initialGroups, together with their subgroup chains.
|
static boolean |
checkGroupChain(net.handle.hdllib.HandleResolver resolver,
java.lang.String memberHandle,
CertUtil.GroupChain groups)
Check whether memberHandle is a member of the groups in the subgroup chain groups, and that all certificates are signed and valid.
|
static boolean |
checkGroupMembershipCertificate(byte[] encodedCert,
java.lang.String memberHandle,
java.lang.String groupHandle,
java.util.List<java.security.PublicKey> pubKeys)
Check to see if an encoded Attribute Certificate asserts that memberHandle is a member of groupHandle, and is signed by one of the input public keys
|
static java.security.cert.X509Certificate |
createClientCert(net.handle.hdllib.Resolver resolver,
java.lang.String individualID,
java.security.PrivateKey privKey,
java.security.PublicKey pubKey,
int validDays)
Generate an X509 certificate that can be used to
|
static byte[] |
createGroupMembershipCertificate(java.math.BigInteger serialNumber,
java.lang.String memberHandle,
java.lang.String groupHandle,
java.util.Date notBefore,
java.util.Date notAfter,
java.security.PublicKey pubKey,
java.security.PrivateKey privKey)
Create a group membership certificate and sign it with the input private key.
|
static void |
main(java.lang.String[] args) |
static boolean |
matchHandle(java.security.Principal[] principals,
java.lang.String handle)
Check to see if any of the input principals is an X509 name whose UID matches the handle
|
static org.bouncycastle.jce.X509Principal |
principalForHandle(java.lang.String handle)
Convert a handle into an X509 principal (using the UID attribute)
|
static java.security.PublicKey[] |
resolvePublicKeys(net.handle.hdllib.HandleResolver resolver,
java.lang.String clientID)
Securely resolve a public key for the given handle
|
public static final java.lang.String GROUP_OID
public static final java.lang.String MEMBER_CERT_TYPE_PREFIX
public static final java.lang.String SUBGROUP_CERT_TYPE_PREFIX
public static org.bouncycastle.jce.X509Principal principalForHandle(java.lang.String handle)
public static boolean matchHandle(java.security.Principal[] principals, java.lang.String handle)
public static boolean checkGroupMembershipCertificate(byte[] encodedCert, java.lang.String memberHandle, java.lang.String groupHandle, java.util.List<java.security.PublicKey> pubKeys)
public static byte[] createGroupMembershipCertificate(java.math.BigInteger serialNumber, java.lang.String memberHandle, java.lang.String groupHandle, java.util.Date notBefore, java.util.Date notAfter, java.security.PublicKey pubKey, java.security.PrivateKey privKey) throws java.security.InvalidKeyException, java.security.cert.CertificateEncodingException, java.security.SignatureException
java.security.InvalidKeyException
java.security.cert.CertificateEncodingException
java.security.SignatureException
public static java.security.cert.X509Certificate createClientCert(net.handle.hdllib.Resolver resolver, java.lang.String individualID, java.security.PrivateKey privKey, java.security.PublicKey pubKey, int validDays) throws java.lang.Exception
java.lang.Exception
public static java.security.PublicKey[] resolvePublicKeys(net.handle.hdllib.HandleResolver resolver, java.lang.String clientID)
public static java.util.List<CertUtil.GroupChain> allGroups(net.handle.hdllib.HandleResolver resolver, java.lang.String memberHandle)
public static java.util.List<CertUtil.GroupChain> allGroups(net.handle.hdllib.HandleResolver resolver, java.lang.String memberHandle, java.util.List<java.lang.String> initialGroups)
public static boolean checkGroupChain(net.handle.hdllib.HandleResolver resolver, java.lang.String memberHandle, CertUtil.GroupChain groups) throws net.handle.hdllib.HandleException
net.handle.hdllib.HandleException
public static void main(java.lang.String[] args) throws java.lang.Exception
java.lang.Exception