Class PKCS10CertificateSigningRequest

  • All Implemented Interfaces:
    java.io.Serializable

    @NotMutable
    @ThreadSafety(level=COMPLETELY_THREADSAFE)
    public final class PKCS10CertificateSigningRequest
    extends java.lang.Object
    implements java.io.Serializable
    This class provides support for decoding a PKCS #10 certificate signing request (aka certification request or CSR) as defined in RFC 2986. The certificate signing request is encoded using the ASN.1 Distinguished Encoding Rules (DER), which is a subset of BER, and is supported by the code in the com.unboundid.asn1 package. The ASN.1 specification is as follows:
       CertificationRequest ::= SEQUENCE {
            certificationRequestInfo CertificationRequestInfo,
            signatureAlgorithm AlgorithmIdentifier,
            signature          BIT STRING
       }
    
       CertificationRequestInfo ::= SEQUENCE {
            version       INTEGER { v1(0) } (v1,...),
            subject       Name,
            subjectPKInfo SubjectPublicKeyInfo,
            attributes    [0] Attributes
       }
    
       SubjectPublicKeyInfo ::= SEQUENCE {
            algorithm        AlgorithmIdentifier,
            subjectPublicKey BIT STRING
       }
    
       PKInfoAlgorithms ALGORITHM ::= {
            ...  -- add any locally defined algorithms here -- }
    
       Attributes ::= SET OF Attribute
    
       CRIAttributes  ATTRIBUTE  ::= {
            ... -- add any locally defined attributes here -- }
    
       Attribute ::= SEQUENCE {
            type   OBJECT IDENTIFIER,
            values SET SIZE(1..MAX)
       }
    
       AlgorithmIdentifier ::= SEQUENCE {
            algorithm          OBJECT IDENTIFIER,
            parameters         ANY OPTIONAL
       }
    
       SignatureAlgorithms ALGORITHM ::= {
            ... -- add any locally defined algorithms here -- }
     
    See Also:
    Serialized Form
    • Constructor Detail

      • PKCS10CertificateSigningRequest

        public PKCS10CertificateSigningRequest​(byte[] encodedRequest)
                                        throws CertException
        Decodes the contents of the provided byte array as a PKCS #10 certificate signing request.
        Parameters:
        encodedRequest - The byte array containing the encoded PKCS #10 certificate signing request. This must not be null.
        Throws:
        CertException - If the contents of the provided byte array could not be decoded as a valid PKCS #10 certificate signing request.
    • Method Detail

      • generateCertificateSigningRequest

        public static PKCS10CertificateSigningRequest generateCertificateSigningRequest​(SignatureAlgorithmIdentifier signatureAlgorithm,
                                                                                        java.security.KeyPair keyPair,
                                                                                        DN subjectDN,
                                                                                        X509CertificateExtension... extensions)
                                                                                 throws CertException
        Generates a PKCS #10 certificate signing request with the provided information.
        Parameters:
        signatureAlgorithm - The algorithm to use to generate the signature. This must not be null.
        keyPair - The key pair to use for the certificate signing request. This must not be null.
        subjectDN - The subject DN for the certificate signing request. This must not be null.
        extensions - The set of extensions to include in the certificate signing request. This may be null or empty if the request should not include any custom extensions.
        Returns:
        The generated PKCS #10 certificate signing request.
        Throws:
        CertException - If a problem is encountered while creating the certificate signing request.
      • getPKCS10CertificateSigningRequestBytes

        public byte[] getPKCS10CertificateSigningRequestBytes()
        Retrieves the bytes that comprise the encoded representation of this PKCS #10 certificate signing request.
        Returns:
        The bytes that comprise the encoded representation of this PKCS #10 certificate signing request.
      • getSignatureAlgorithmOID

        public OID getSignatureAlgorithmOID()
        Retrieves the certificate signing request signature algorithm OID.
        Returns:
        The certificate signing request signature algorithm OID.
      • getSignatureAlgorithmName

        public java.lang.String getSignatureAlgorithmName()
        Retrieves the certificate signing request signature algorithm name, if available.
        Returns:
        The certificate signing request signature algorithm name, or null if the signature algorithm OID does not correspond to any known algorithm name.
      • getSignatureAlgorithmNameOrOID

        public java.lang.String getSignatureAlgorithmNameOrOID()
        Retrieves the signature algorithm name if it is available, or the string representation of the signature algorithm OID if not.
        Returns:
        The signature algorithm name or OID.
      • getSignatureAlgorithmParameters

        public ASN1Element getSignatureAlgorithmParameters()
        Retrieves the encoded signature algorithm parameters, if present.
        Returns:
        The encoded signature algorithm parameters, or null if there are no signature algorithm parameters.
      • getSubjectDN

        public DN getSubjectDN()
        Retrieves the certificate signing request subject DN.
        Returns:
        The certificate signing request subject DN.
      • getPublicKeyAlgorithmOID

        public OID getPublicKeyAlgorithmOID()
        Retrieves the certificate signing request public key algorithm OID.
        Returns:
        The certificate signing request public key algorithm OID.
      • getPublicKeyAlgorithmName

        public java.lang.String getPublicKeyAlgorithmName()
        Retrieves the certificate signing request public key algorithm name, if available.
        Returns:
        The certificate signing request public key algorithm name, or null if the public key algorithm OID does not correspond to any known algorithm name.
      • getPublicKeyAlgorithmNameOrOID

        public java.lang.String getPublicKeyAlgorithmNameOrOID()
        Retrieves the public key algorithm name if it is available, or the string representation of the public key algorithm OID if not.
        Returns:
        The signature algorithm name or OID.
      • getPublicKeyAlgorithmParameters

        public ASN1Element getPublicKeyAlgorithmParameters()
        Retrieves the encoded public key algorithm parameters, if present.
        Returns:
        The encoded public key algorithm parameters, or null if there are no public key algorithm parameters.
      • getEncodedPublicKey

        public ASN1BitString getEncodedPublicKey()
        Retrieves the encoded public key as a bit string.
        Returns:
        The encoded public key as a bit string.
      • getDecodedPublicKey

        public DecodedPublicKey getDecodedPublicKey()
        Retrieves a decoded representation of the public key, if available.
        Returns:
        A decoded representation of the public key, or null if the public key could not be decoded.
      • getRequestAttributes

        public java.util.List<ObjectPair<OID,​ASN1Set>> getRequestAttributes()
        Retrieves the encoded request attributes included in the certificate signing request.
        Returns:
        The encoded request attributes included in the certificate signing request.
      • getExtensions

        public java.util.List<X509CertificateExtensiongetExtensions()
        Retrieves the list of certificate extensions included in the certificate signing request.
        Returns:
        The list of certificate extensions included in the certificate signing request.
      • getSignatureValue

        public ASN1BitString getSignatureValue()
        Retrieves the signature value for the certificate signing request.
        Returns:
        The signature value for the certificate signing request.
      • verifySignature

        public void verifySignature()
                             throws CertException
        Verifies the signature for this certificate signing request.
        Throws:
        CertException - If the certificate signing request's signature could not be verified.
      • toString

        public java.lang.String toString()
        Retrieves a string representation of the decoded X.509 certificate.
        Overrides:
        toString in class java.lang.Object
        Returns:
        A string representation of the decoded X.509 certificate.
      • toString

        public void toString​(java.lang.StringBuilder buffer)
        Appends a string representation of the decoded X.509 certificate to the provided buffer.
        Parameters:
        buffer - The buffer to which the information should be appended.
      • toPEM

        public java.util.List<java.lang.String> toPEM()
        Retrieves a list of the lines that comprise a PEM representation of this PKCS #10 certificate signing request.
        Returns:
        A list of the lines that comprise a PEM representation of this PKCS #10 certificate signing request.
      • toPEMString

        public java.lang.String toPEMString()
        Retrieves a multi-line string containing a PEM representation of this PKCS #10 certificate signing request.
        Returns:
        A multi-line string containing a PEM representation of this PKCS #10 certificate signing request.