Package com.unboundid.util.ssl.cert
Class PKCS10CertificateSigningRequest
- java.lang.Object
-
- com.unboundid.util.ssl.cert.PKCS10CertificateSigningRequest
-
- All Implemented Interfaces:
java.io.Serializable
@NotMutable @ThreadSafety(level=COMPLETELY_THREADSAFE) public final class PKCS10CertificateSigningRequest extends java.lang.Object implements java.io.Serializable
This class provides support for decoding a PKCS #10 certificate signing request (aka certification request or CSR) as defined in RFC 2986. The certificate signing request is encoded using the ASN.1 Distinguished Encoding Rules (DER), which is a subset of BER, and is supported by the code in thecom.unboundid.asn1
package. The ASN.1 specification is as follows:CertificationRequest ::= SEQUENCE { certificationRequestInfo CertificationRequestInfo, signatureAlgorithm AlgorithmIdentifier, signature BIT STRING } CertificationRequestInfo ::= SEQUENCE { version INTEGER { v1(0) } (v1,...), subject Name, subjectPKInfo SubjectPublicKeyInfo, attributes [0] Attributes } SubjectPublicKeyInfo ::= SEQUENCE { algorithm AlgorithmIdentifier, subjectPublicKey BIT STRING } PKInfoAlgorithms ALGORITHM ::= { ... -- add any locally defined algorithms here -- } Attributes ::= SET OF Attribute CRIAttributes ATTRIBUTE ::= { ... -- add any locally defined attributes here -- } Attribute ::= SEQUENCE { type OBJECT IDENTIFIER, values SET SIZE(1..MAX) } AlgorithmIdentifier ::= SEQUENCE { algorithm OBJECT IDENTIFIER, parameters ANY OPTIONAL } SignatureAlgorithms ALGORITHM ::= { ... -- add any locally defined algorithms here -- }
- See Also:
- Serialized Form
-
-
Constructor Summary
Constructors Constructor Description PKCS10CertificateSigningRequest(byte[] encodedRequest)
Decodes the contents of the provided byte array as a PKCS #10 certificate signing request.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static PKCS10CertificateSigningRequest
generateCertificateSigningRequest(SignatureAlgorithmIdentifier signatureAlgorithm, java.security.KeyPair keyPair, DN subjectDN, X509CertificateExtension... extensions)
Generates a PKCS #10 certificate signing request with the provided information.DecodedPublicKey
getDecodedPublicKey()
Retrieves a decoded representation of the public key, if available.ASN1BitString
getEncodedPublicKey()
Retrieves the encoded public key as a bit string.java.util.List<X509CertificateExtension>
getExtensions()
Retrieves the list of certificate extensions included in the certificate signing request.byte[]
getPKCS10CertificateSigningRequestBytes()
Retrieves the bytes that comprise the encoded representation of this PKCS #10 certificate signing request.java.lang.String
getPublicKeyAlgorithmName()
Retrieves the certificate signing request public key algorithm name, if available.java.lang.String
getPublicKeyAlgorithmNameOrOID()
Retrieves the public key algorithm name if it is available, or the string representation of the public key algorithm OID if not.OID
getPublicKeyAlgorithmOID()
Retrieves the certificate signing request public key algorithm OID.ASN1Element
getPublicKeyAlgorithmParameters()
Retrieves the encoded public key algorithm parameters, if present.java.util.List<ObjectPair<OID,ASN1Set>>
getRequestAttributes()
Retrieves the encoded request attributes included in the certificate signing request.java.lang.String
getSignatureAlgorithmName()
Retrieves the certificate signing request signature algorithm name, if available.java.lang.String
getSignatureAlgorithmNameOrOID()
Retrieves the signature algorithm name if it is available, or the string representation of the signature algorithm OID if not.OID
getSignatureAlgorithmOID()
Retrieves the certificate signing request signature algorithm OID.ASN1Element
getSignatureAlgorithmParameters()
Retrieves the encoded signature algorithm parameters, if present.ASN1BitString
getSignatureValue()
Retrieves the signature value for the certificate signing request.DN
getSubjectDN()
Retrieves the certificate signing request subject DN.PKCS10CertificateSigningRequestVersion
getVersion()
Retrieves the certificate signing request version.java.util.List<java.lang.String>
toPEM()
Retrieves a list of the lines that comprise a PEM representation of this PKCS #10 certificate signing request.java.lang.String
toPEMString()
Retrieves a multi-line string containing a PEM representation of this PKCS #10 certificate signing request.java.lang.String
toString()
Retrieves a string representation of the decoded X.509 certificate.void
toString(java.lang.StringBuilder buffer)
Appends a string representation of the decoded X.509 certificate to the provided buffer.void
verifySignature()
Verifies the signature for this certificate signing request.
-
-
-
Constructor Detail
-
PKCS10CertificateSigningRequest
public PKCS10CertificateSigningRequest(byte[] encodedRequest) throws CertException
Decodes the contents of the provided byte array as a PKCS #10 certificate signing request.- Parameters:
encodedRequest
- The byte array containing the encoded PKCS #10 certificate signing request. This must not benull
.- Throws:
CertException
- If the contents of the provided byte array could not be decoded as a valid PKCS #10 certificate signing request.
-
-
Method Detail
-
generateCertificateSigningRequest
public static PKCS10CertificateSigningRequest generateCertificateSigningRequest(SignatureAlgorithmIdentifier signatureAlgorithm, java.security.KeyPair keyPair, DN subjectDN, X509CertificateExtension... extensions) throws CertException
Generates a PKCS #10 certificate signing request with the provided information.- Parameters:
signatureAlgorithm
- The algorithm to use to generate the signature. This must not benull
.keyPair
- The key pair to use for the certificate signing request. This must not benull
.subjectDN
- The subject DN for the certificate signing request. This must not benull
.extensions
- The set of extensions to include in the certificate signing request. This may benull
or empty if the request should not include any custom extensions.- Returns:
- The generated PKCS #10 certificate signing request.
- Throws:
CertException
- If a problem is encountered while creating the certificate signing request.
-
getPKCS10CertificateSigningRequestBytes
public byte[] getPKCS10CertificateSigningRequestBytes()
Retrieves the bytes that comprise the encoded representation of this PKCS #10 certificate signing request.- Returns:
- The bytes that comprise the encoded representation of this PKCS #10 certificate signing request.
-
getVersion
public PKCS10CertificateSigningRequestVersion getVersion()
Retrieves the certificate signing request version.- Returns:
- The certificate signing request version.
-
getSignatureAlgorithmOID
public OID getSignatureAlgorithmOID()
Retrieves the certificate signing request signature algorithm OID.- Returns:
- The certificate signing request signature algorithm OID.
-
getSignatureAlgorithmName
public java.lang.String getSignatureAlgorithmName()
Retrieves the certificate signing request signature algorithm name, if available.- Returns:
- The certificate signing request signature algorithm name, or
null
if the signature algorithm OID does not correspond to any known algorithm name.
-
getSignatureAlgorithmNameOrOID
public java.lang.String getSignatureAlgorithmNameOrOID()
Retrieves the signature algorithm name if it is available, or the string representation of the signature algorithm OID if not.- Returns:
- The signature algorithm name or OID.
-
getSignatureAlgorithmParameters
public ASN1Element getSignatureAlgorithmParameters()
Retrieves the encoded signature algorithm parameters, if present.- Returns:
- The encoded signature algorithm parameters, or
null
if there are no signature algorithm parameters.
-
getSubjectDN
public DN getSubjectDN()
Retrieves the certificate signing request subject DN.- Returns:
- The certificate signing request subject DN.
-
getPublicKeyAlgorithmOID
public OID getPublicKeyAlgorithmOID()
Retrieves the certificate signing request public key algorithm OID.- Returns:
- The certificate signing request public key algorithm OID.
-
getPublicKeyAlgorithmName
public java.lang.String getPublicKeyAlgorithmName()
Retrieves the certificate signing request public key algorithm name, if available.- Returns:
- The certificate signing request public key algorithm name, or
null
if the public key algorithm OID does not correspond to any known algorithm name.
-
getPublicKeyAlgorithmNameOrOID
public java.lang.String getPublicKeyAlgorithmNameOrOID()
Retrieves the public key algorithm name if it is available, or the string representation of the public key algorithm OID if not.- Returns:
- The signature algorithm name or OID.
-
getPublicKeyAlgorithmParameters
public ASN1Element getPublicKeyAlgorithmParameters()
Retrieves the encoded public key algorithm parameters, if present.- Returns:
- The encoded public key algorithm parameters, or
null
if there are no public key algorithm parameters.
-
getEncodedPublicKey
public ASN1BitString getEncodedPublicKey()
Retrieves the encoded public key as a bit string.- Returns:
- The encoded public key as a bit string.
-
getDecodedPublicKey
public DecodedPublicKey getDecodedPublicKey()
Retrieves a decoded representation of the public key, if available.- Returns:
- A decoded representation of the public key, or
null
if the public key could not be decoded.
-
getRequestAttributes
public java.util.List<ObjectPair<OID,ASN1Set>> getRequestAttributes()
Retrieves the encoded request attributes included in the certificate signing request.- Returns:
- The encoded request attributes included in the certificate signing request.
-
getExtensions
public java.util.List<X509CertificateExtension> getExtensions()
Retrieves the list of certificate extensions included in the certificate signing request.- Returns:
- The list of certificate extensions included in the certificate signing request.
-
getSignatureValue
public ASN1BitString getSignatureValue()
Retrieves the signature value for the certificate signing request.- Returns:
- The signature value for the certificate signing request.
-
verifySignature
public void verifySignature() throws CertException
Verifies the signature for this certificate signing request.- Throws:
CertException
- If the certificate signing request's signature could not be verified.
-
toString
public java.lang.String toString()
Retrieves a string representation of the decoded X.509 certificate.- Overrides:
toString
in classjava.lang.Object
- Returns:
- A string representation of the decoded X.509 certificate.
-
toString
public void toString(java.lang.StringBuilder buffer)
Appends a string representation of the decoded X.509 certificate to the provided buffer.- Parameters:
buffer
- The buffer to which the information should be appended.
-
toPEM
public java.util.List<java.lang.String> toPEM()
Retrieves a list of the lines that comprise a PEM representation of this PKCS #10 certificate signing request.- Returns:
- A list of the lines that comprise a PEM representation of this PKCS #10 certificate signing request.
-
toPEMString
public java.lang.String toPEMString()
Retrieves a multi-line string containing a PEM representation of this PKCS #10 certificate signing request.- Returns:
- A multi-line string containing a PEM representation of this PKCS #10 certificate signing request.
-
-