org.globus.gsi
Class GlobusCredential

java.lang.Object
  extended by org.globus.gsi.GlobusCredential
All Implemented Interfaces:
Serializable

public class GlobusCredential
extends Object
implements Serializable

Provides a Java object representation of Globus credential which can include the proxy file or host certificates.

See Also:
Serialized Form

Constructor Summary
GlobusCredential(InputStream input)
          Creates a GlobusCredential from an input stream.
GlobusCredential(PrivateKey key, X509Certificate[] certs)
          Creates a GlobusCredential from a private key and a certificate chain.
GlobusCredential(String proxyFile)
          Creates a GlobusCredential from a proxy file.
GlobusCredential(String certFile, String unencryptedKeyFile)
          Creates a GlobusCredential from certificate file and a unencrypted key file.
 
Method Summary
 X509Certificate[] getCertificateChain()
          Returns the certificate chain of this credential.
 int getCertNum()
          Returns the number of certificates in the credential without the self-signed certificates.
static GlobusCredential getDefaultCredential()
          Returns the default credential.
 String getIdentity()
          Returns the identity of this credential.
 X509Certificate getIdentityCertificate()
          Returns the identity certificate of this credential.
 String getIssuer()
          Returns the issuer DN of the first certificate in the chain.
 int getPathConstraint()
          Returns the path length constraint.
 PrivateKey getPrivateKey()
          Returns the private key of this credential.
 int getProxyType()
          Returns the certificate type of the first certificate in the chain.
 int getStrength()
          Returns strength of the private/public key in bits.
 String getSubject()
          Returns the subject DN of the first certificate in the chain.
 long getTimeLeft()
          Returns time left of this credential.
protected  void load(InputStream input)
           
 void save(OutputStream out)
          Saves the credential into a specified output stream.
static void setDefaultCredential(GlobusCredential cred)
          Sets default credential.
 String toString()
           
 void verify()
          Verifies the validity of the credential.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

GlobusCredential

public GlobusCredential(PrivateKey key,
                        X509Certificate[] certs)
Creates a GlobusCredential from a private key and a certificate chain.

Parameters:
key - the private key
certs - the certificate chain

GlobusCredential

public GlobusCredential(String proxyFile)
                 throws GlobusCredentialException
Creates a GlobusCredential from a proxy file.

Parameters:
proxyFile - the file to load the credential from.
Throws:
GlobusCredentialException - if the credential failed to load.

GlobusCredential

public GlobusCredential(String certFile,
                        String unencryptedKeyFile)
                 throws GlobusCredentialException
Creates a GlobusCredential from certificate file and a unencrypted key file.

Parameters:
certFile - the file containing the certificate
unencryptedKeyFile - the file containing the private key. The key must be unencrypted.
Throws:
GlobusCredentialException - if something goes wrong.

GlobusCredential

public GlobusCredential(InputStream input)
                 throws GlobusCredentialException
Creates a GlobusCredential from an input stream.

Parameters:
input - the stream to load the credential from.
Throws:
GlobusCredentialException - if the credential failed to load.
Method Detail

load

protected void load(InputStream input)
             throws GlobusCredentialException
Throws:
GlobusCredentialException

save

public void save(OutputStream out)
          throws IOException
Saves the credential into a specified output stream. The self-signed certificates in the certificate chain will not be saved. The output stream should always be closed after calling this function.

Parameters:
out - the output stream to write the credential to.
Throws:
IOException - if any error occurred during saving.

verify

public void verify()
            throws GlobusCredentialException
Verifies the validity of the credential. Each certificate in the chain is check for expiration date.

Throws:
GlobusCredentialException - if one of the certificates in the chain expired or some other error.

getIdentityCertificate

public X509Certificate getIdentityCertificate()
Returns the identity certificate of this credential. The identity certificate is the first certificate in the chain that is not an impersonation proxy certificate.

Returns:
X509Certificate the identity cert. Null, if unable to get the identity certificate (an error occurred)

getPathConstraint

public int getPathConstraint()
Returns the path length constraint. The shortest length in the chain of certificates is returned as the credential's path length.

Returns:
The path length constraint of the credential. -1 is any error occurs.

getIdentity

public String getIdentity()
Returns the identity of this credential.

Returns:
The identity cert in Globus format (e.g. /C=US/..). Null, if unable to get the identity (an error occurred)
See Also:
getIdentityCertificate()

getPrivateKey

public PrivateKey getPrivateKey()
Returns the private key of this credential.

Returns:
PrivateKey the private key

getCertificateChain

public X509Certificate[] getCertificateChain()
Returns the certificate chain of this credential.

Returns:
X509Certificate [] the certificate chain

getCertNum

public int getCertNum()
Returns the number of certificates in the credential without the self-signed certificates.

Returns:
number of certificates without counting self-signed certificates

getStrength

public int getStrength()
Returns strength of the private/public key in bits.

Returns:
strength of the key in bits. Returns -1 if unable to determine it.

getSubject

public String getSubject()
Returns the subject DN of the first certificate in the chain.

Returns:
subject DN.

getIssuer

public String getIssuer()
Returns the issuer DN of the first certificate in the chain.

Returns:
issuer DN.

getProxyType

public int getProxyType()
Returns the certificate type of the first certificate in the chain. Returns -1 if unable to determine the certificate type (an error occurred)

Returns:
the type of first certificate in the chain. -1 if unable to determine the certificate type.
See Also:
BouncyCastleUtil.getCertificateType(X509Certificate)

getTimeLeft

public long getTimeLeft()
Returns time left of this credential. The time left of the credential is based on the certificate with the shortest validity time.

Returns:
time left in seconds. Returns 0 if the certificate has expired.

getDefaultCredential

public static GlobusCredential getDefaultCredential()
                                             throws GlobusCredentialException
Returns the default credential. The default credential is usually the user proxy certificate.
The credential will be loaded on the initial call. It must not be expired. All subsequent calls to this function return cached credential object. Once the credential is cached, and the underlying file changes, the credential will be reloaded.

Returns:
the default credential.
Throws:
GlobusCredentialException - if the credential expired or some other error with the credential.

setDefaultCredential

public static void setDefaultCredential(GlobusCredential cred)
Sets default credential.

Parameters:
cred - the credential to set a default.

toString

public String toString()
Overrides:
toString in class Object