Coverage Report - org.openpermis.cert.AttributeCertificateGenerator
 
Classes in this File Line Coverage Branch Coverage Complexity
AttributeCertificateGenerator
71%
35/49
0%
0/6
1.545
 
 1  
 /*
 2  
  * Copyright (c) 2009, Swiss Federal Department of Defence Civil Protection and Sport
 3  
  *                     (http://www.vbs.admin.ch)
 4  
  * Copyright (c) 2009, Ergon Informatik AG (http://www.ergon.ch)
 5  
  * All rights reserved.
 6  
  *
 7  
  * Licensed under the Open Permis License which accompanies this distribution,
 8  
  * and is available at http://www.openpermis.org/BSDlicenceKent.txt
 9  
  */
 10  
 
 11  
 package org.openpermis.cert;
 12  
 
 13  
 import java.io.IOException;
 14  
 import java.math.BigInteger;
 15  
 import java.security.InvalidKeyException;
 16  
 import java.security.NoSuchAlgorithmException;
 17  
 import java.security.NoSuchProviderException;
 18  
 import java.security.PrivateKey;
 19  
 import java.security.SignatureException;
 20  
 import java.security.cert.CertificateEncodingException;
 21  
 import java.security.cert.X509Certificate;
 22  
 import java.util.Date;
 23  
 
 24  
 import javax.security.auth.x500.X500Principal;
 25  
 
 26  
 import org.bouncycastle.x509.AttributeCertificateHolder;
 27  
 import org.bouncycastle.x509.AttributeCertificateIssuer;
 28  
 import org.bouncycastle.x509.X509Attribute;
 29  
 import org.bouncycastle.x509.X509V2AttributeCertificateGenerator;
 30  
 
 31  
 
 32  
 /**
 33  
  * This class represents an attribute certificate generator.
 34  
  * @since 0.3.0
 35  
  */
 36  
 public class AttributeCertificateGenerator {
 37  
         
 38  
         //---- Static
 39  
         
 40  
         /**
 41  
          * Default signature algorithm.
 42  
          * @since 0.3.0
 43  
          */
 44  
         public static final String DEFAULT_SIGNATURE_ALGORITHM = "SHA1WithRSA";
 45  
         
 46  
         //---- State
 47  
         
 48  
         private final String provider;
 49  
         
 50  
         private final String signatureAlgorithm;
 51  
         
 52  
         private X500Principal holder;
 53  
         
 54  
         private X509Certificate issuerCertificate;
 55  
         
 56  
         private PrivateKey issuerPrivateKey;
 57  
         
 58  
         private Date notBefore;
 59  
         
 60  
         private Date notAfter;
 61  
         
 62  
         private BigInteger serialNumber;
 63  
         
 64  
         private X509Attribute attributes;
 65  
                 
 66  
         //---- Constructor
 67  
         
 68  
         /**
 69  
          * Creates an {@link AttributeCertificateGenerator} with the current security provider and 
 70  
          * "SHA1WithRSAEncryption" as default signature algorithm.
 71  
          * @since 0.3.0
 72  
          */
 73  1
         public AttributeCertificateGenerator () {
 74  1
                 this.provider = null;
 75  1
                 this.signatureAlgorithm = DEFAULT_SIGNATURE_ALGORITHM;
 76  1
         }
 77  
         
 78  
         /**
 79  
          * Creates an {@link AttributeCertificateGenerator} with security provider and 
 80  
          * "SHA1WithRSAEncryption" as default signature algorithm.
 81  
          * @param provider a JCE provider.
 82  
          * @since 0.3.0
 83  
          */
 84  0
         public AttributeCertificateGenerator (String provider) {
 85  0
                 if (provider == null) {
 86  0
                         throw new IllegalArgumentException("Provider is null.");
 87  
                 }
 88  0
                 this.provider = provider;
 89  0
                 this.signatureAlgorithm = DEFAULT_SIGNATURE_ALGORITHM;
 90  0
         }
 91  
         
 92  
         /**
 93  
          * Creates an {@link AttributeCertificateGenerator} with security provider and signature 
 94  
          * algorithm.
 95  
          * @param provider a JCE provider.
 96  
          * @param signatureAlgorithm a JCE signature algorithm.
 97  
          * @since 0.3.0
 98  
          */
 99  0
         public AttributeCertificateGenerator (String provider, String signatureAlgorithm) {
 100  0
                 if (provider == null) {
 101  0
                         throw new IllegalArgumentException("Provider is null.");
 102  
                 }
 103  0
                 if (signatureAlgorithm == null) {
 104  0
                         throw new IllegalArgumentException("Signature algorithm is null.");
 105  
                 }
 106  0
                 this.provider = provider;
 107  0
                 this.signatureAlgorithm = signatureAlgorithm;
 108  0
         }
 109  
         
 110  
         //---- Methods
 111  
 
 112  
         /**
 113  
          * Resets all inputs.
 114  
          * @return this.
 115  
          * @since 0.3.0
 116  
          */
 117  
         public AttributeCertificateGenerator reset () {
 118  1
                 this.holder = null;
 119  1
                 this.issuerPrivateKey = null;
 120  1
                 this.issuerCertificate = null;
 121  1
                 this.notAfter = null;
 122  1
                 this.notBefore = null;
 123  1
                 this.serialNumber = null;
 124  1
                 this.attributes = null;
 125  1
                 return this;
 126  
         }
 127  
         
 128  
         /**
 129  
          * Sets the holder of the generated {@link AttributeCertificate}.
 130  
          * @param principal {@link X509Attribute}.
 131  
          * @return this.
 132  
          * @since 0.3.0
 133  
          */
 134  
         public AttributeCertificateGenerator withHolder (X500Principal principal) {
 135  1
                 this.holder = principal;
 136  1
                 return this;
 137  
         }
 138  
         
 139  
         /**
 140  
          * Sets the not valid after date of the generated {@link AttributeCertificate}.
 141  
          * @param date a {@link Date}.
 142  
          * @return this.
 143  
          * @since 0.3.0
 144  
          */
 145  
         public AttributeCertificateGenerator notValidAfter (Date date) {
 146  1
                 this.notAfter = date;
 147  1
                 return this;
 148  
         }
 149  
         
 150  
         /**
 151  
          * Sets the not valid before date of the generated {@link AttributeCertificate}.
 152  
          * @param date a {@link Date}.
 153  
          * @return this.
 154  
          * @since 0.3.0
 155  
          */
 156  
         public AttributeCertificateGenerator notValidBefore (Date date) {
 157  1
                 this.notBefore = date;
 158  1
                 return this;
 159  
         }
 160  
         
 161  
         /**
 162  
          * Sets the serial number of the generated {@link AttributeCertificate}.
 163  
          * @param serial a {@link BigInteger}.
 164  
          * @return this.
 165  
          * @since 0.3.0
 166  
          */
 167  
         public AttributeCertificateGenerator withSerialNumber (BigInteger serial) {
 168  1
                 this.serialNumber = serial;
 169  1
                 return this;
 170  
         }
 171  
         
 172  
         /**
 173  
          * Sets the issuer credentials needed to generate the {@link AttributeCertificate}.
 174  
          * @param key the {@link PrivateKey} of the issuer.
 175  
          * @param certificate the public key {@link X509Certificate}.
 176  
          * @return this.
 177  
          * @since 0.3.0
 178  
          */
 179  
         public AttributeCertificateGenerator withIssuer (X509Certificate certificate, PrivateKey key) {
 180  1
                 this.issuerCertificate = certificate;
 181  1
                 this.issuerPrivateKey = key;
 182  1
                 return this;
 183  
         }
 184  
         
 185  
         /**
 186  
          * Sets the attribute of the generated {@link AttributeCertificate}.
 187  
          * @param attribute the attribute to set, must not be {@code null}.
 188  
          * @return this.
 189  
          * @since 0.3.0
 190  
          */
 191  
         public AttributeCertificateGenerator withAttribute (Attribute attribute) {
 192  1
                 this.attributes = attribute.getAttribute();
 193  1
                 return this;
 194  
         }
 195  
         
 196  
         /**
 197  
          * Generates an {@link AttributeCertificate}.
 198  
          * @throws NoSuchAlgorithmException indicates that a requested algorithm is missing.
 199  
          * @throws SignatureException indicates a problem in the signature.
 200  
          * @throws NoSuchProviderException indicates that the requested provider doesn't exist.
 201  
          * @throws InvalidKeyException indicates an invalid key.
 202  
          * @throws IOException indicates a problem of reading the issuer name.
 203  
          * @since 0.3.0
 204  
          */
 205  
         public AttributeCertificate generate () 
 206  
                 throws CertificateEncodingException, 
 207  
                         InvalidKeyException, 
 208  
                         NoSuchProviderException, 
 209  
                         SignatureException, 
 210  
                         NoSuchAlgorithmException,
 211  
                         IOException
 212  
         {
 213  1
                 X509V2AttributeCertificateGenerator acGen = new X509V2AttributeCertificateGenerator();
 214  1
                 acGen.reset();
 215  1
                 acGen.setHolder(new AttributeCertificateHolder(this.holder));
 216  1
                 acGen.setIssuer(new AttributeCertificateIssuer(
 217  
                         this.issuerCertificate.getSubjectX500Principal())
 218  
                 );
 219  1
                 acGen.setSerialNumber(this.serialNumber);
 220  1
                 acGen.setNotBefore(this.notBefore);
 221  1
                 acGen.setNotAfter(this.notAfter);
 222  1
                 acGen.setSignatureAlgorithm(this.signatureAlgorithm);
 223  
 
 224  
                 // Set attributes.
 225  1
                 acGen.addAttribute(this.attributes);
 226  
 
 227  
                 // Provider may be null.
 228  1
                 return new AttributeCertificate(
 229  
                         acGen.generate(this.issuerPrivateKey, this.provider).getEncoded()
 230  
                 );
 231  
         }
 232  
         
 233  
 }