Class VOMSACGenerator

java.lang.Object
org.italiangrid.voms.asn1.VOMSACGenerator
All Implemented Interfaces:
VOMSConstants

public class VOMSACGenerator extends Object implements VOMSConstants
A generator for VOMS Attribute Certificates (ACs).

This class provides methods for creating VOMS ACs with customizable properties, including optional extensions and fake signature bits for testing purposes.

It uses BouncyCastle for cryptographic operations and supports various extensions required for VOMS attribute certificates.

  • Field Details

    • defaultGenerationProperties

      public static final EnumSet<VOMSACGenerator.ACGenerationProperties> defaultGenerationProperties
      Default generation properties (none enabled).
    • FAKE_EXT_OID

      public static final org.bouncycastle.asn1.ASN1ObjectIdentifier FAKE_EXT_OID
      Fake extension OID used in testing.
  • Constructor Details

    • VOMSACGenerator

      public VOMSACGenerator(eu.emi.security.authn.x509.X509Credential aaCredential)
      Constructs a VOMSACGenerator with the given credential.
      Parameters:
      aaCredential - the attribute authority credential
  • Method Details

    • generateVOMSAttributeCertificate

      public org.bouncycastle.cert.X509AttributeCertificateHolder generateVOMSAttributeCertificate(List<String> fqans, List<VOMSGenericAttribute> gas, List<String> targets, X509Certificate holderCert, BigInteger serialNumber, Date notBefore, Date notAfter, String voName, String host, int port) throws VOMSError
      Generates a VOMS attribute certificate with the given properties.
      Parameters:
      fqans - the list of Fully Qualified Attribute Names (FQANs)
      gas - the list of generic attributes
      targets - the list of target restrictions
      holderCert - the X.509 certificate of the holder
      serialNumber - the serial number of the AC
      notBefore - the start of the AC validity period
      notAfter - the end of the AC validity period
      voName - the VO name
      host - the VOMS server hostname
      port - the VOMS server port
      Returns:
      the generated X.509 attribute certificate
      Throws:
      VOMSError - if certificate generation fails
    • generateVOMSAttributeCertificate

      public org.bouncycastle.cert.X509AttributeCertificateHolder generateVOMSAttributeCertificate(EnumSet<VOMSACGenerator.ACGenerationProperties> generationProperties, List<String> fqans, List<VOMSGenericAttribute> gas, List<String> targets, X509Certificate holderCert, BigInteger serialNumber, Date notBefore, Date notAfter, String voName, String host, int port) throws VOMSError
      Generates a VOMS attribute certificate with the specified properties.
      Parameters:
      generationProperties - the properties influencing AC generation
      fqans - the list of Fully Qualified Attribute Names (FQANs)
      gas - the list of generic attributes
      targets - the list of target restrictions
      holderCert - the X.509 certificate of the holder
      serialNumber - the serial number of the AC
      notBefore - the start of the AC validity period
      notAfter - the end of the AC validity period
      voName - the VO name
      host - the VOMS server hostname
      port - the VOMS server port
      Returns:
      the generated X.509 attribute certificate
      Throws:
      VOMSError - if certificate generation fails
    • generateVOMSExtension

      public eu.emi.security.authn.x509.proxy.CertificateExtension generateVOMSExtension(List<org.bouncycastle.cert.X509AttributeCertificateHolder> acs)
      Generates a VOMS certificate extension.
      Parameters:
      acs - the list of X.509 attribute certificates
      Returns:
      the generated certificate extension