Package org.italiangrid.voms.asn1

Class VOMSACGenerator

java.lang.Object
org.italiangrid.voms.asn1.VOMSACGenerator
All Implemented Interfaces:
VOMSConstants
public class VOMSACGenerator extends Object implements VOMSConstants
A generator for VOMS Attribute Certificates (ACs).

This class provides methods for creating VOMS ACs with customizable properties, including optional extensions and fake signature bits for testing purposes.

It uses BouncyCastle for cryptographic operations and supports various extensions required for VOMS attribute certificates.

  • Field Details

    • defaultGenerationProperties

      public static final EnumSet<VOMSACGenerator.ACGenerationProperties> defaultGenerationProperties
      Default generation properties (none enabled).

    • FAKE_EXT_OID

      public static final org.bouncycastle.asn1.ASN1ObjectIdentifier FAKE_EXT_OID
      Fake extension OID used in testing.

    • aaCredential

      private eu.emi.security.authn.x509.X509Credential aaCredential

    • signer

      private org.bouncycastle.operator.ContentSigner signer

  • Constructor Details

    • VOMSACGenerator

      public VOMSACGenerator(eu.emi.security.authn.x509.X509Credential aaCredential)
      Constructs a VOMSACGenerator with the given credential.
      Parameters:
      aaCredential - the attribute authority credential

  • Method Details

    • getSigner

      private org.bouncycastle.operator.ContentSigner getSigner(EnumSet<VOMSACGenerator.ACGenerationProperties> properties)
      Retrieves the appropriate ContentSigner based on the provided properties.
      Parameters:
      properties - the properties influencing AC generation
      Returns:
      a ContentSigner instance
      Throws:
      VOMSError - if an error occurs during signer creation

    • buildVOURI

      private String buildVOURI(String voName, String host, int port)
      Builds a VOMS URI.
      Parameters:
      voName - the VO name
      host - the host name
      port - the port number
      Returns:
      a formatted VOMS URI

    • buildACCertsExtensionContent

      private org.bouncycastle.asn1.ASN1Encodable buildACCertsExtensionContent(EnumSet<VOMSACGenerator.ACGenerationProperties> properties)

    • buildAuthorityKeyIdentifier

      private org.bouncycastle.asn1.x509.AuthorityKeyIdentifier buildAuthorityKeyIdentifier() throws CertificateEncodingException, NoSuchAlgorithmException
      Throws:
      CertificateEncodingException
      NoSuchAlgorithmException

    • buildFQANsAttributeContent

      private org.bouncycastle.asn1.ASN1Encodable buildFQANsAttributeContent(List<String> fqans, org.bouncycastle.asn1.x509.GeneralName policyAuthorityInfo)

    • buildGAExtensionContent

      private org.bouncycastle.asn1.ASN1Encodable buildGAExtensionContent(EnumSet<VOMSACGenerator.ACGenerationProperties> properties, List<VOMSGenericAttribute> gas, org.bouncycastle.asn1.x509.GeneralName policyAuthorityInfo)

    • buildHolder

      private org.bouncycastle.cert.AttributeCertificateHolder buildHolder(X509Certificate holderCert) throws CertificateEncodingException
      Throws:
      CertificateEncodingException

    • buildIssuer

      private org.bouncycastle.cert.AttributeCertificateIssuer buildIssuer() throws CertificateEncodingException
      Throws:
      CertificateEncodingException

    • buildPolicyAuthorityInfo

      private org.bouncycastle.asn1.x509.GeneralName buildPolicyAuthorityInfo(String voName, String host, int port)

    • buildTagSequence

      private org.bouncycastle.asn1.DERSequence buildTagSequence(VOMSGenericAttribute ga)

    • buildTargetsExtensionContent

      private org.bouncycastle.asn1.ASN1Encodable buildTargetsExtensionContent(EnumSet<VOMSACGenerator.ACGenerationProperties> properties, List<String> targets)

    • generateVOMSAttributeCertificate

      public org.bouncycastle.cert.X509AttributeCertificateHolder generateVOMSAttributeCertificate(List<String> fqans, List<VOMSGenericAttribute> gas, List<String> targets, X509Certificate holderCert, BigInteger serialNumber, Date notBefore, Date notAfter, String voName, String host, int port) throws VOMSError
      Generates a VOMS attribute certificate with the given properties.
      Parameters:
      fqans - the list of Fully Qualified Attribute Names (FQANs)
      gas - the list of generic attributes
      targets - the list of target restrictions
      holderCert - the X.509 certificate of the holder
      serialNumber - the serial number of the AC
      notBefore - the start of the AC validity period
      notAfter - the end of the AC validity period
      voName - the VO name
      host - the VOMS server hostname
      port - the VOMS server port
      Returns:
      the generated X.509 attribute certificate
      Throws:
      VOMSError - if certificate generation fails

    • generateVOMSAttributeCertificate

      public org.bouncycastle.cert.X509AttributeCertificateHolder generateVOMSAttributeCertificate(EnumSet<VOMSACGenerator.ACGenerationProperties> generationProperties, List<String> fqans, List<VOMSGenericAttribute> gas, List<String> targets, X509Certificate holderCert, BigInteger serialNumber, Date notBefore, Date notAfter, String voName, String host, int port) throws VOMSError
      Generates a VOMS attribute certificate with the specified properties.
      Parameters:
      generationProperties - the properties influencing AC generation
      fqans - the list of Fully Qualified Attribute Names (FQANs)
      gas - the list of generic attributes
      targets - the list of target restrictions
      holderCert - the X.509 certificate of the holder
      serialNumber - the serial number of the AC
      notBefore - the start of the AC validity period
      notAfter - the end of the AC validity period
      voName - the VO name
      host - the VOMS server hostname
      port - the VOMS server port
      Returns:
      the generated X.509 attribute certificate
      Throws:
      VOMSError - if certificate generation fails

    • generateVOMSExtension

      public eu.emi.security.authn.x509.proxy.CertificateExtension generateVOMSExtension(List<org.bouncycastle.cert.X509AttributeCertificateHolder> acs)
      Generates a VOMS certificate extension.
      Parameters:
      acs - the list of X.509 attribute certificates
      Returns:
      the generated certificate extension

    • getCertAsDEREncodable

      private org.bouncycastle.asn1.ASN1Encodable getCertAsDEREncodable(X509Certificate cert)

    • getDEROctetString

      private org.bouncycastle.asn1.DEROctetString getDEROctetString(String s)