CertPaths.java example

Explorer

dcache-master
- archetypes
  - dcache-nearline-plugin-archetype
    - src
      - main
        resources
        archetype-resources
        src
        main
        java
        PluginNearlineStorage.java
        PluginNearlineStorageProvider.java
- modules

package org.dcache.gplazma.util;

import com.google.common.base.Preconditions;
import eu.emi.security.authn.x509.proxy.ProxyUtils;
import org.globus.gsi.gssapi.jaas.GlobusPrincipal;

import java.security.cert.CertPath;
import java.security.cert.X509Certificate;
import java.util.List;

import org.dcache.util.CertificateFactories;

import static eu.emi.security.authn.x509.impl.OpensslNameUtils.convertFromRfc2253;
import static eu.emi.security.authn.x509.proxy.ProxyUtils.getOriginalUserDN;

public class CertPaths
{
    private CertPaths()
    {
    }

    public static boolean isX509CertPath(Object credential)
    {
        return credential instanceof CertPath && ((CertPath) credential).getType().equals(CertificateFactories.X_509);
    }

    public static X509Certificate[] getX509Certificates(CertPath certPath)
    {
        Preconditions.checkArgument(certPath.getType().equals(CertificateFactories.X_509));
        List<X509Certificate> certificates = (List<X509Certificate>) certPath.getCertificates();
        return certificates.toArray(new X509Certificate[certificates.size()]);
    }

    public static GlobusPrincipal getOriginalUserDnAsGlobusPrincipal(CertPath credential)
    {
        X509Certificate[] chain = getX509Certificates(credential);
        String globusDn = convertFromRfc2253(getOriginalUserDN(chain).getName(), true);
        return new GlobusPrincipal(globusDn);
    }

    public static X509Certificate getEndEntityCertificate(CertPath credential)
    {
        X509Certificate[] chain = getX509Certificates(credential);
        return ProxyUtils.getEndUserCertificate(chain);
    }
}