Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
AttributeCertificateGenerator |
|
| 1.5454545454545454;1.545 |
1 | /* | |
2 | * Copyright (c) 2009, Swiss Federal Department of Defence Civil Protection and Sport | |
3 | * (http://www.vbs.admin.ch) | |
4 | * Copyright (c) 2009, Ergon Informatik AG (http://www.ergon.ch) | |
5 | * All rights reserved. | |
6 | * | |
7 | * Licensed under the Open Permis License which accompanies this distribution, | |
8 | * and is available at http://www.openpermis.org/BSDlicenceKent.txt | |
9 | */ | |
10 | ||
11 | package org.openpermis.cert; | |
12 | ||
13 | import java.io.IOException; | |
14 | import java.math.BigInteger; | |
15 | import java.security.InvalidKeyException; | |
16 | import java.security.NoSuchAlgorithmException; | |
17 | import java.security.NoSuchProviderException; | |
18 | import java.security.PrivateKey; | |
19 | import java.security.SignatureException; | |
20 | import java.security.cert.CertificateEncodingException; | |
21 | import java.security.cert.X509Certificate; | |
22 | import java.util.Date; | |
23 | ||
24 | import javax.security.auth.x500.X500Principal; | |
25 | ||
26 | import org.bouncycastle.x509.AttributeCertificateHolder; | |
27 | import org.bouncycastle.x509.AttributeCertificateIssuer; | |
28 | import org.bouncycastle.x509.X509Attribute; | |
29 | import org.bouncycastle.x509.X509V2AttributeCertificateGenerator; | |
30 | ||
31 | ||
32 | /** | |
33 | * This class represents an attribute certificate generator. | |
34 | * @since 0.3.0 | |
35 | */ | |
36 | public class AttributeCertificateGenerator { | |
37 | ||
38 | //---- Static | |
39 | ||
40 | /** | |
41 | * Default signature algorithm. | |
42 | * @since 0.3.0 | |
43 | */ | |
44 | public static final String DEFAULT_SIGNATURE_ALGORITHM = "SHA1WithRSA"; | |
45 | ||
46 | //---- State | |
47 | ||
48 | private final String provider; | |
49 | ||
50 | private final String signatureAlgorithm; | |
51 | ||
52 | private X500Principal holder; | |
53 | ||
54 | private X509Certificate issuerCertificate; | |
55 | ||
56 | private PrivateKey issuerPrivateKey; | |
57 | ||
58 | private Date notBefore; | |
59 | ||
60 | private Date notAfter; | |
61 | ||
62 | private BigInteger serialNumber; | |
63 | ||
64 | private X509Attribute attributes; | |
65 | ||
66 | //---- Constructor | |
67 | ||
68 | /** | |
69 | * Creates an {@link AttributeCertificateGenerator} with the current security provider and | |
70 | * "SHA1WithRSAEncryption" as default signature algorithm. | |
71 | * @since 0.3.0 | |
72 | */ | |
73 | 1 | public AttributeCertificateGenerator () { |
74 | 1 | this.provider = null; |
75 | 1 | this.signatureAlgorithm = DEFAULT_SIGNATURE_ALGORITHM; |
76 | 1 | } |
77 | ||
78 | /** | |
79 | * Creates an {@link AttributeCertificateGenerator} with security provider and | |
80 | * "SHA1WithRSAEncryption" as default signature algorithm. | |
81 | * @param provider a JCE provider. | |
82 | * @since 0.3.0 | |
83 | */ | |
84 | 0 | public AttributeCertificateGenerator (String provider) { |
85 | 0 | if (provider == null) { |
86 | 0 | throw new IllegalArgumentException("Provider is null."); |
87 | } | |
88 | 0 | this.provider = provider; |
89 | 0 | this.signatureAlgorithm = DEFAULT_SIGNATURE_ALGORITHM; |
90 | 0 | } |
91 | ||
92 | /** | |
93 | * Creates an {@link AttributeCertificateGenerator} with security provider and signature | |
94 | * algorithm. | |
95 | * @param provider a JCE provider. | |
96 | * @param signatureAlgorithm a JCE signature algorithm. | |
97 | * @since 0.3.0 | |
98 | */ | |
99 | 0 | public AttributeCertificateGenerator (String provider, String signatureAlgorithm) { |
100 | 0 | if (provider == null) { |
101 | 0 | throw new IllegalArgumentException("Provider is null."); |
102 | } | |
103 | 0 | if (signatureAlgorithm == null) { |
104 | 0 | throw new IllegalArgumentException("Signature algorithm is null."); |
105 | } | |
106 | 0 | this.provider = provider; |
107 | 0 | this.signatureAlgorithm = signatureAlgorithm; |
108 | 0 | } |
109 | ||
110 | //---- Methods | |
111 | ||
112 | /** | |
113 | * Resets all inputs. | |
114 | * @return this. | |
115 | * @since 0.3.0 | |
116 | */ | |
117 | public AttributeCertificateGenerator reset () { | |
118 | 1 | this.holder = null; |
119 | 1 | this.issuerPrivateKey = null; |
120 | 1 | this.issuerCertificate = null; |
121 | 1 | this.notAfter = null; |
122 | 1 | this.notBefore = null; |
123 | 1 | this.serialNumber = null; |
124 | 1 | this.attributes = null; |
125 | 1 | return this; |
126 | } | |
127 | ||
128 | /** | |
129 | * Sets the holder of the generated {@link AttributeCertificate}. | |
130 | * @param principal {@link X509Attribute}. | |
131 | * @return this. | |
132 | * @since 0.3.0 | |
133 | */ | |
134 | public AttributeCertificateGenerator withHolder (X500Principal principal) { | |
135 | 1 | this.holder = principal; |
136 | 1 | return this; |
137 | } | |
138 | ||
139 | /** | |
140 | * Sets the not valid after date of the generated {@link AttributeCertificate}. | |
141 | * @param date a {@link Date}. | |
142 | * @return this. | |
143 | * @since 0.3.0 | |
144 | */ | |
145 | public AttributeCertificateGenerator notValidAfter (Date date) { | |
146 | 1 | this.notAfter = date; |
147 | 1 | return this; |
148 | } | |
149 | ||
150 | /** | |
151 | * Sets the not valid before date of the generated {@link AttributeCertificate}. | |
152 | * @param date a {@link Date}. | |
153 | * @return this. | |
154 | * @since 0.3.0 | |
155 | */ | |
156 | public AttributeCertificateGenerator notValidBefore (Date date) { | |
157 | 1 | this.notBefore = date; |
158 | 1 | return this; |
159 | } | |
160 | ||
161 | /** | |
162 | * Sets the serial number of the generated {@link AttributeCertificate}. | |
163 | * @param serial a {@link BigInteger}. | |
164 | * @return this. | |
165 | * @since 0.3.0 | |
166 | */ | |
167 | public AttributeCertificateGenerator withSerialNumber (BigInteger serial) { | |
168 | 1 | this.serialNumber = serial; |
169 | 1 | return this; |
170 | } | |
171 | ||
172 | /** | |
173 | * Sets the issuer credentials needed to generate the {@link AttributeCertificate}. | |
174 | * @param key the {@link PrivateKey} of the issuer. | |
175 | * @param certificate the public key {@link X509Certificate}. | |
176 | * @return this. | |
177 | * @since 0.3.0 | |
178 | */ | |
179 | public AttributeCertificateGenerator withIssuer (X509Certificate certificate, PrivateKey key) { | |
180 | 1 | this.issuerCertificate = certificate; |
181 | 1 | this.issuerPrivateKey = key; |
182 | 1 | return this; |
183 | } | |
184 | ||
185 | /** | |
186 | * Sets the attribute of the generated {@link AttributeCertificate}. | |
187 | * @param attribute the attribute to set, must not be {@code null}. | |
188 | * @return this. | |
189 | * @since 0.3.0 | |
190 | */ | |
191 | public AttributeCertificateGenerator withAttribute (Attribute attribute) { | |
192 | 1 | this.attributes = attribute.getAttribute(); |
193 | 1 | return this; |
194 | } | |
195 | ||
196 | /** | |
197 | * Generates an {@link AttributeCertificate}. | |
198 | * @throws NoSuchAlgorithmException indicates that a requested algorithm is missing. | |
199 | * @throws SignatureException indicates a problem in the signature. | |
200 | * @throws NoSuchProviderException indicates that the requested provider doesn't exist. | |
201 | * @throws InvalidKeyException indicates an invalid key. | |
202 | * @throws IOException indicates a problem of reading the issuer name. | |
203 | * @since 0.3.0 | |
204 | */ | |
205 | public AttributeCertificate generate () | |
206 | throws CertificateEncodingException, | |
207 | InvalidKeyException, | |
208 | NoSuchProviderException, | |
209 | SignatureException, | |
210 | NoSuchAlgorithmException, | |
211 | IOException | |
212 | { | |
213 | 1 | X509V2AttributeCertificateGenerator acGen = new X509V2AttributeCertificateGenerator(); |
214 | 1 | acGen.reset(); |
215 | 1 | acGen.setHolder(new AttributeCertificateHolder(this.holder)); |
216 | 1 | acGen.setIssuer(new AttributeCertificateIssuer( |
217 | this.issuerCertificate.getSubjectX500Principal()) | |
218 | ); | |
219 | 1 | acGen.setSerialNumber(this.serialNumber); |
220 | 1 | acGen.setNotBefore(this.notBefore); |
221 | 1 | acGen.setNotAfter(this.notAfter); |
222 | 1 | acGen.setSignatureAlgorithm(this.signatureAlgorithm); |
223 | ||
224 | // Set attributes. | |
225 | 1 | acGen.addAttribute(this.attributes); |
226 | ||
227 | // Provider may be null. | |
228 | 1 | return new AttributeCertificate( |
229 | acGen.generate(this.issuerPrivateKey, this.provider).getEncoded() | |
230 | ); | |
231 | } | |
232 | ||
233 | } |