protected void getClientPublicKey(byte[] clpubkey) throws Exception {
DERObject obj = BouncyCastleUtil.toDERObject(clpubkey);
byte[] pubkey = BouncyCastleUtil.toByteArray(obj);
ByteArrayInputStream in = new ByteArrayInputStream(pubkey);
X509Certificate cert = CertUtil.loadCertificate(in);
SCUtil.pathValidation(cert, trustedCerts);
logger.finest("path validated !!!");
clPubkey = cert.getPublicKey();
}
/**
* Returns the identity certificate of this credential. The identity certificate is the first
* certificate in the chain that is not an impersonation proxy certificate.
*
* @return <code>X509Certificate</code> the identity cert. Null, if unable to get the identity
* certificate (an error occurred)
*/
public X509Certificate getIdentityCertificate() {
try {
return BouncyCastleUtil.getIdentityCertificate(this.certChain);
} catch (CertificateException e) {
logger.debug("Error getting certificate identity.", e);
return null;
}
}
/**
* Returns the certificate type of the first certificate in the chain. Returns -1 if unable to
* determine the certificate type (an error occurred)
*
* @see BouncyCastleUtil#getCertificateType(X509Certificate)
* @return the type of first certificate in the chain. -1 if unable to determine the certificate
* type.
*/
public GSIConstants.CertificateType getProxyType() {
try {
return BouncyCastleUtil.getCertificateType(this.certChain[0]);
} catch (CertificateException e) {
logger.error("Error getting certificate type.", e);
return GSIConstants.CertificateType.UNDEFINED;
}
}
/**
* Returns the actual value of the extension.
*
* @param cert the certificate that contains the extensions to retrieve.
* @param oid the oid of the extension to retrieve.
* @return the actual value of the extension (not octet string encoded)
* @exception IOException if decoding the extension fails.
*/
public static byte[] getExtensionValue(X509Certificate cert, String oid) throws IOException {
if (cert == null) {
throw new IllegalArgumentException(i18n.getMessage("certNull"));
}
if (oid == null) {
throw new IllegalArgumentException(i18n.getMessage("oidNull"));
}
byte[] value = cert.getExtensionValue(oid);
if (value == null) {
return null;
}
return BouncyCastleUtil.getExtensionValue(value);
}
/**
* Returns the path length constraint. The shortest length in the chain of certificates is
* returned as the credential's path length.
*
* @return The path length constraint of the credential. -1 is any error occurs.
*/
public int getPathConstraint() {
int pathLength = Integer.MAX_VALUE;
try {
for (int i = 0; i < this.certChain.length; i++) {
int length = BouncyCastleUtil.getProxyPathConstraint(this.certChain[i]);
// if length is one, then no proxy cert extension exists, so
// path length is -1
if (length == -1) {
length = Integer.MAX_VALUE;
}
if (length < pathLength) {
pathLength = length;
}
}
} catch (Exception e) {
logger.warn("Error retrieving path length.", e);
pathLength = -1;
}
return pathLength;
}
