Class PKCS10


  • public class PKCS10
    extends java.lang.Object
    PKCS #10 certificate requests are created and sent to Certificate Authorities, which then create X.509 certificates and return them to the entity which created the certificate request. These cert requests basically consist of the subject's X.500 name and public key, signed using the corresponding private key. The ASN.1 syntax for a Certification Request is:
     CertificationRequest ::= SEQUENCE {
        certificationRequestInfo CertificationRequestInfo,
        signatureAlgorithm       SignatureAlgorithmIdentifier,
        signature                Signature
      }
    
     SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
     Signature ::= BIT STRING
    
     CertificationRequestInfo ::= SEQUENCE {
        version                 Version,
        subject                 Name,
        subjectPublicKeyInfo    SubjectPublicKeyInfo,
        attributes [0] IMPLICIT Attributes
     }
     Attributes ::= SET OF Attribute
     
    • Field Summary

      Fields 
      Modifier and Type Field Description
      static org.slf4j.Logger logger  
    • Constructor Summary

      Constructors 
      Constructor Description
      PKCS10​(byte[] data)  
      PKCS10​(byte[] data, boolean sigver)
      Parses an encoded, signed PKCS #10 certificate request, verifying the request's signature as it does so.
      PKCS10​(X509Key publicKey)
      Constructs an unsigned PKCS #10 certificate request.
      PKCS10​(X509Key publicKey, PKCS10Attributes attributes)
      Constructs an unsigned PKCS #10 certificate request.
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void encodeAndSign​(X500Signer requester)
      Create the signed certificate request.
      PKCS10Attributes getAttributes()
      Returns the additional attributes requested.
      byte[] getCertRequestInfo()
      Retrieve the PKCS10 CertificateRequestInfo as a byte array
      X500Name getSubjectName()
      Returns the subject's name.
      X509Key getSubjectPublicKeyInfo()
      Returns the subject's public key.
      void print​(java.io.PrintStream out)
      Prints an E-Mailable version of the certificate request on the print stream passed.
      byte[] toByteArray()
      Returns the encoded and signed certificate request as a DER-encoded byte array.
      java.lang.String toString()
      Provides a short description of this request.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
    • Field Detail

      • logger

        public static org.slf4j.Logger logger
    • Constructor Detail

      • PKCS10

        public PKCS10​(X509Key publicKey)
        Constructs an unsigned PKCS #10 certificate request. Before this request may be used, it must be encoded and signed. Then it must be retrieved in some conventional format (e.g. string).
        Parameters:
        publicKey - the public key that should be placed into the certificate generated by the CA.
      • PKCS10

        public PKCS10​(X509Key publicKey,
                      PKCS10Attributes attributes)
        Constructs an unsigned PKCS #10 certificate request. Before this request may be used, it must be encoded and signed. Then it must be retrieved in some conventional format (e.g. string).
        Parameters:
        publicKey - the public key that should be placed into the certificate generated by the CA.
        attributes - additonal set of PKCS10 attributes requested for in the certificate.
      • PKCS10

        public PKCS10​(byte[] data,
                      boolean sigver)
               throws java.io.IOException,
                      java.security.SignatureException,
                      java.security.NoSuchAlgorithmException,
                      java.security.NoSuchProviderException
        Parses an encoded, signed PKCS #10 certificate request, verifying the request's signature as it does so. This constructor would typically be used by a Certificate Authority, from which a new certificate would then be constructed.
        Parameters:
        data - the DER-encoded PKCS #10 request.
        sigver - boolean specifies signature verification enabled or not
        Throws:
        java.io.IOException - for low level errors reading the data
        java.security.SignatureException - when the signature is invalid
        java.security.NoSuchAlgorithmException - when the signature algorithm is not supported in this environment
        java.security.NoSuchProviderException
      • PKCS10

        public PKCS10​(byte[] data)
               throws java.io.IOException,
                      java.security.SignatureException,
                      java.security.NoSuchAlgorithmException,
                      java.security.NoSuchProviderException
        Throws:
        java.io.IOException
        java.security.SignatureException
        java.security.NoSuchAlgorithmException
        java.security.NoSuchProviderException
    • Method Detail

      • encodeAndSign

        public void encodeAndSign​(X500Signer requester)
                           throws java.security.cert.CertificateException,
                                  java.io.IOException,
                                  java.security.SignatureException
        Create the signed certificate request. This will later be retrieved in either string or binary format.
        Parameters:
        requester - identifies the signer (by X.500 name) and provides the private key used to sign.
        Throws:
        java.io.IOException - on errors.
        java.security.cert.CertificateException - on certificate handling errors.
        java.security.SignatureException - on signature handling errors.
      • getSubjectName

        public X500Name getSubjectName()
        Returns the subject's name.
      • getSubjectPublicKeyInfo

        public X509Key getSubjectPublicKeyInfo()
        Returns the subject's public key.
      • getAttributes

        public PKCS10Attributes getAttributes()
        Returns the additional attributes requested.
      • toByteArray

        public byte[] toByteArray()
        Returns the encoded and signed certificate request as a DER-encoded byte array.
        Returns:
        the certificate request, or null if encodeAndSign() has not yet been called.
      • print

        public void print​(java.io.PrintStream out)
                   throws java.io.IOException,
                          java.security.SignatureException
        Prints an E-Mailable version of the certificate request on the print stream passed. The format is a common base64 encoded one, supported by most Certificate Authorities because Netscape web servers have used this for some time. Some certificate authorities expect some more information, in particular contact information for the web server administrator.
        Parameters:
        out - the print stream where the certificate request will be printed.
        Throws:
        java.io.IOException - when an output operation failed
        java.security.SignatureException - when the certificate request was not yet signed.
      • toString

        public java.lang.String toString()
        Provides a short description of this request.
        Overrides:
        toString in class java.lang.Object
      • getCertRequestInfo

        public byte[] getCertRequestInfo()
        Retrieve the PKCS10 CertificateRequestInfo as a byte array