Package com.unboundid.util.ssl.cert

Class PKCS10CertificateSigningRequest

  • All Implemented Interfaces:
    java.io.Serializable
    @NotMutable
@ThreadSafety(level=COMPLETELY_THREADSAFE)
public final class PKCS10CertificateSigningRequest
extends java.lang.Object
implements java.io.Serializable
    This class provides support for decoding a PKCS #10 certificate signing request (aka certification request or CSR) as defined in RFC 2986. The certificate signing request is encoded using the ASN.1 Distinguished Encoding Rules (DER), which is a subset of BER, and is supported by the code in the com.unboundid.asn1 package. The ASN.1 specification is as follows: 
       CertificationRequest ::= SEQUENCE {
        certificationRequestInfo CertificationRequestInfo,
        signatureAlgorithm AlgorithmIdentifier,
        signature          BIT STRING
   }

   CertificationRequestInfo ::= SEQUENCE {
        version       INTEGER { v1(0) } (v1,...),
        subject       Name,
        subjectPKInfo SubjectPublicKeyInfo,
        attributes    [0] Attributes
   }

   SubjectPublicKeyInfo ::= SEQUENCE {
        algorithm        AlgorithmIdentifier,
        subjectPublicKey BIT STRING
   }

   PKInfoAlgorithms ALGORITHM ::= {
        ...  -- add any locally defined algorithms here -- }

   Attributes ::= SET OF Attribute

   CRIAttributes  ATTRIBUTE  ::= {
        ... -- add any locally defined attributes here -- }

   Attribute ::= SEQUENCE {
        type   OBJECT IDENTIFIER,
        values SET SIZE(1..MAX)
   }

   AlgorithmIdentifier ::= SEQUENCE {
        algorithm          OBJECT IDENTIFIER,
        parameters         ANY OPTIONAL
   }

   SignatureAlgorithms ALGORITHM ::= {
        ... -- add any locally defined algorithms here -- }
    See Also:
    Serialized Form

    • Constructor Detail

      • PKCS10CertificateSigningRequest

        public PKCS10CertificateSigningRequest​(byte[] encodedRequest)
                                throws CertException
        Decodes the contents of the provided byte array as a PKCS #10 certificate signing request.
        Parameters:
        encodedRequest - The byte array containing the encoded PKCS #10 certificate signing request. This must not be null.
        Throws:
        CertException - If the contents of the provided byte array could not be decoded as a valid PKCS #10 certificate signing request.

    • Method Detail

      • generateCertificateSigningRequest

        public static PKCS10CertificateSigningRequest generateCertificateSigningRequest​(SignatureAlgorithmIdentifier signatureAlgorithm,
                                                                                java.security.KeyPair keyPair,
                                                                                DN subjectDN,
                                                                                X509CertificateExtension... extensions)
                                                                         throws CertException
        Generates a PKCS #10 certificate signing request with the provided information.
        Parameters:
        signatureAlgorithm - The algorithm to use to generate the signature. This must not be null.
        keyPair - The key pair to use for the certificate signing request. This must not be null.
        subjectDN - The subject DN for the certificate signing request. This must not be null.
        extensions - The set of extensions to include in the certificate signing request. This may be null or empty if the request should not include any custom extensions.
        Returns:
        The generated PKCS #10 certificate signing request.
        Throws:
        CertException - If a problem is encountered while creating the certificate signing request.

      • getPKCS10CertificateSigningRequestBytes

        public byte[] getPKCS10CertificateSigningRequestBytes()
        Retrieves the bytes that comprise the encoded representation of this PKCS #10 certificate signing request.
        Returns:
        The bytes that comprise the encoded representation of this PKCS #10 certificate signing request.

      • getSignatureAlgorithmOID

        public OID getSignatureAlgorithmOID()
        Retrieves the certificate signing request signature algorithm OID.
        Returns:
        The certificate signing request signature algorithm OID.

      • getSignatureAlgorithmName

        public java.lang.String getSignatureAlgorithmName()
        Retrieves the certificate signing request signature algorithm name, if available.
        Returns:
        The certificate signing request signature algorithm name, or null if the signature algorithm OID does not correspond to any known algorithm name.

      • getSignatureAlgorithmNameOrOID

        public java.lang.String getSignatureAlgorithmNameOrOID()
        Retrieves the signature algorithm name if it is available, or the string representation of the signature algorithm OID if not.
        Returns:
        The signature algorithm name or OID.

      • getSignatureAlgorithmParameters

        public ASN1Element getSignatureAlgorithmParameters()
        Retrieves the encoded signature algorithm parameters, if present.
        Returns:
        The encoded signature algorithm parameters, or null if there are no signature algorithm parameters.

      • getSubjectDN

        public DN getSubjectDN()
        Retrieves the certificate signing request subject DN.
        Returns:
        The certificate signing request subject DN.

      • getPublicKeyAlgorithmOID

        public OID getPublicKeyAlgorithmOID()
        Retrieves the certificate signing request public key algorithm OID.
        Returns:
        The certificate signing request public key algorithm OID.

      • getPublicKeyAlgorithmName

        public java.lang.String getPublicKeyAlgorithmName()
        Retrieves the certificate signing request public key algorithm name, if available.
        Returns:
        The certificate signing request public key algorithm name, or null if the public key algorithm OID does not correspond to any known algorithm name.

      • getPublicKeyAlgorithmNameOrOID

        public java.lang.String getPublicKeyAlgorithmNameOrOID()
        Retrieves the public key algorithm name if it is available, or the string representation of the public key algorithm OID if not.
        Returns:
        The signature algorithm name or OID.

      • getPublicKeyAlgorithmParameters

        public ASN1Element getPublicKeyAlgorithmParameters()
        Retrieves the encoded public key algorithm parameters, if present.
        Returns:
        The encoded public key algorithm parameters, or null if there are no public key algorithm parameters.

      • getEncodedPublicKey

        public ASN1BitString getEncodedPublicKey()
        Retrieves the encoded public key as a bit string.
        Returns:
        The encoded public key as a bit string.

      • getDecodedPublicKey

        public DecodedPublicKey getDecodedPublicKey()
        Retrieves a decoded representation of the public key, if available.
        Returns:
        A decoded representation of the public key, or null if the public key could not be decoded.

      • getRequestAttributes

        public java.util.List<ObjectPair<OID,​ASN1Set>> getRequestAttributes()
        Retrieves the encoded request attributes included in the certificate signing request.
        Returns:
        The encoded request attributes included in the certificate signing request.

      • getExtensions

        public java.util.List<X509CertificateExtensiongetExtensions()
        Retrieves the list of certificate extensions included in the certificate signing request.
        Returns:
        The list of certificate extensions included in the certificate signing request.

      • getSignatureValue

        public ASN1BitString getSignatureValue()
        Retrieves the signature value for the certificate signing request.
        Returns:
        The signature value for the certificate signing request.

      • verifySignature

        public void verifySignature()
                     throws CertException
        Verifies the signature for this certificate signing request.
        Throws:
        CertException - If the certificate signing request's signature could not be verified.

      • toString

        public java.lang.String toString()
        Retrieves a string representation of the decoded X.509 certificate.
        Overrides:
        toString in class java.lang.Object
        Returns:
        A string representation of the decoded X.509 certificate.

      • toString

        public void toString​(java.lang.StringBuilder buffer)
        Appends a string representation of the decoded X.509 certificate to the provided buffer.
        Parameters:
        buffer - The buffer to which the information should be appended.

      • toPEM

        public java.util.List<java.lang.String> toPEM()
        Retrieves a list of the lines that comprise a PEM representation of this PKCS #10 certificate signing request.
        Returns:
        A list of the lines that comprise a PEM representation of this PKCS #10 certificate signing request.

      • toPEMString

        public java.lang.String toPEMString()
        Retrieves a multi-line string containing a PEM representation of this PKCS #10 certificate signing request.
        Returns:
        A multi-line string containing a PEM representation of this PKCS #10 certificate signing request.