eu.xtreemos.xosd.security.rca.server
Class RCAServerProcessor

java.lang.Object
  extended by eu.xtreemos.xosd.security.rca.server.RCAServerProcessor

public class RCAServerProcessor
extends java.lang.Object

The class that implements the processing done by the Resourse Certification Authority server. This includes processing the certification request by checking the the public and, if it checks well, signing it with the root certificate of the global authority.

Author:
matej.artac@xlab.si

Nested Class Summary
 class RCAServerProcessor.PasswordGiver
           
 
Field Summary
protected  java.security.cert.X509Certificate cdaCert
           
protected  java.security.KeyPair cdaCertKeyPair
           
static java.lang.String[] ciperSuite
           
protected  CRCAServerConfig config
           
(package private) static org.apache.log4j.Logger logger
           
static java.lang.String signatureAlgorithm
           
protected  XosCertGenerator xosCertGenerator
           
 
Constructor Summary
RCAServerProcessor(java.lang.String keyFileName, java.lang.String certificateFilename, char[] privateKeyPassword, char[] cdaPassword)
           
 
Method Summary
protected  java.util.HashMap<java.lang.String,java.lang.String> getResourceDN(ResourceDescriptorRecord resourceDescriptor)
          Generate the distinguished name (DN) for the resource's certificates.
 RCASignedResponse requestResourceCertificates(org.bouncycastle.jce.PKCS10CertificationRequest resourceRequest, ResourceDescriptorRecord resourceDescriptor)
          Process the resource certificate request.
 RCASignedResponse requestVOResourceCertificates(java.lang.String vo, java.security.cert.X509Certificate certificate, ResourceDescriptorRecord resourceDescriptor)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

logger

static org.apache.log4j.Logger logger

config

protected CRCAServerConfig config

xosCertGenerator

protected XosCertGenerator xosCertGenerator

cdaCertKeyPair

protected java.security.KeyPair cdaCertKeyPair

cdaCert

protected java.security.cert.X509Certificate cdaCert

signatureAlgorithm

public static java.lang.String signatureAlgorithm

ciperSuite

public static java.lang.String[] ciperSuite
Constructor Detail

RCAServerProcessor

public RCAServerProcessor(java.lang.String keyFileName,
                          java.lang.String certificateFilename,
                          char[] privateKeyPassword,
                          char[] cdaPassword)
                   throws java.lang.Exception
Throws:
java.lang.Exception
Method Detail

getResourceDN

protected java.util.HashMap<java.lang.String,java.lang.String> getResourceDN(ResourceDescriptorRecord resourceDescriptor)
                                                                      throws java.lang.IllegalArgumentException
Generate the distinguished name (DN) for the resource's certificates. Currently, common name (CN) is the host's IP. The organisation (O) is a compulsory field and should be present in the RCA server's config file. The rest of the elements are optional.

Parameters:
resourceDescriptor -
Returns:
Throws:
java.lang.Exception
java.lang.IllegalArgumentException

requestResourceCertificates

public RCASignedResponse requestResourceCertificates(org.bouncycastle.jce.PKCS10CertificationRequest resourceRequest,
                                                     ResourceDescriptorRecord resourceDescriptor)
                                              throws java.lang.IllegalArgumentException,
                                                     java.security.InvalidKeyException,
                                                     java.security.SignatureException,
                                                     java.lang.Exception
Process the resource certificate request. The method takes the certificate request and the resource descriptor with the resource's attribute values, signing the identity certificate and producing a certificate containing the attributes. Depending on the configuration settings it produces either an attribute certificate or a certificate with attributes in extensions.

Parameters:
resourceRequest - The request for certificate to be signed and to base the certificate with attributes on.
resourceDescriptor - The descriptor containing the values of the resource attributes.
Returns:
A class instance that contains the signed and produced certificates.
Throws:
java.lang.IllegalArgumentException - Thrown when the certificate request is invalid.
java.security.InvalidKeyException
java.security.SignatureException
java.lang.Exception

requestVOResourceCertificates

public RCASignedResponse requestVOResourceCertificates(java.lang.String vo,
                                                       java.security.cert.X509Certificate certificate,
                                                       ResourceDescriptorRecord resourceDescriptor)
                                                throws java.lang.IllegalArgumentException,
                                                       java.security.InvalidKeyException,
                                                       java.security.SignatureException,
                                                       BadResourceException,
                                                       java.lang.IllegalArgumentException,
                                                       java.lang.Exception
Throws:
java.lang.IllegalArgumentException
java.security.InvalidKeyException
java.security.SignatureException
BadResourceException
java.lang.Exception