package org.bouncycastle.pkcs;
import java.io.IOException;
import java.io.OutputStream;
import java.util.ArrayList;
import java.util.List;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.pkcs.Attribute;
import org.bouncycastle.asn1.pkcs.CertificationRequest;
import org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.operator.ContentVerifier;
import org.bouncycastle.operator.ContentVerifierProvider;
Holding class for a PKCS#10 certification request.
/**
* Holding class for a PKCS#10 certification request.
*/
public class PKCS10CertificationRequest
{
private static Attribute[] EMPTY_ARRAY = new Attribute[0];
private CertificationRequest certificationRequest;
private static CertificationRequest parseBytes(byte[] encoding)
throws IOException
{
try
{
return CertificationRequest.getInstance(ASN1Primitive.fromByteArray(encoding));
}
catch (ClassCastException e)
{
throw new PKCSIOException("malformed data: " + e.getMessage(), e);
}
catch (IllegalArgumentException e)
{
throw new PKCSIOException("malformed data: " + e.getMessage(), e);
}
}
Create a PKCS10CertificationRequestHolder from an underlying ASN.1 structure.
Params: - certificationRequest – the underlying ASN.1 structure representing a request.
/**
* Create a PKCS10CertificationRequestHolder from an underlying ASN.1 structure.
*
* @param certificationRequest the underlying ASN.1 structure representing a request.
*/
public PKCS10CertificationRequest(CertificationRequest certificationRequest)
{
this.certificationRequest = certificationRequest;
}
Create a PKCS10CertificationRequestHolder from the passed in bytes.
Params: - encoded – BER/DER encoding of the CertificationRequest structure.
Throws: - IOException – in the event of corrupted data, or an incorrect structure.
/**
* Create a PKCS10CertificationRequestHolder from the passed in bytes.
*
* @param encoded BER/DER encoding of the CertificationRequest structure.
* @throws IOException in the event of corrupted data, or an incorrect structure.
*/
public PKCS10CertificationRequest(byte[] encoded)
throws IOException
{
this(parseBytes(encoded));
}
Return the underlying ASN.1 structure for this request.
Returns: a CertificateRequest object.
/**
* Return the underlying ASN.1 structure for this request.
*
* @return a CertificateRequest object.
*/
public CertificationRequest toASN1Structure()
{
return certificationRequest;
}
Return the subject on this request.
Returns: the X500Name representing the request's subject.
/**
* Return the subject on this request.
*
* @return the X500Name representing the request's subject.
*/
public X500Name getSubject()
{
return X500Name.getInstance(certificationRequest.getCertificationRequestInfo().getSubject());
}
Return the details of the signature algorithm used to create this request.
Returns: the AlgorithmIdentifier describing the signature algorithm used to create this request.
/**
* Return the details of the signature algorithm used to create this request.
*
* @return the AlgorithmIdentifier describing the signature algorithm used to create this request.
*/
public AlgorithmIdentifier getSignatureAlgorithm()
{
return certificationRequest.getSignatureAlgorithm();
}
Return the bytes making up the signature associated with this request.
Returns: the request signature bytes.
/**
* Return the bytes making up the signature associated with this request.
*
* @return the request signature bytes.
*/
public byte[] getSignature()
{
return certificationRequest.getSignature().getOctets();
}
Return the SubjectPublicKeyInfo describing the public key this request is carrying.
Returns: the public key ASN.1 structure contained in the request.
/**
* Return the SubjectPublicKeyInfo describing the public key this request is carrying.
*
* @return the public key ASN.1 structure contained in the request.
*/
public SubjectPublicKeyInfo getSubjectPublicKeyInfo()
{
return certificationRequest.getCertificationRequestInfo().getSubjectPublicKeyInfo();
}
Return the attributes, if any associated with this request.
Returns: an array of Attribute, zero length if none present.
/**
* Return the attributes, if any associated with this request.
*
* @return an array of Attribute, zero length if none present.
*/
public Attribute[] getAttributes()
{
ASN1Set attrSet = certificationRequest.getCertificationRequestInfo().getAttributes();
if (attrSet == null)
{
return EMPTY_ARRAY;
}
Attribute[] attrs = new Attribute[attrSet.size()];
for (int i = 0; i != attrSet.size(); i++)
{
attrs[i] = Attribute.getInstance(attrSet.getObjectAt(i));
}
return attrs;
}
Return an array of attributes matching the passed in type OID.
Params: - type – the type of the attribute being looked for.
Returns: an array of Attribute of the requested type, zero length if none present.
/**
* Return an array of attributes matching the passed in type OID.
*
* @param type the type of the attribute being looked for.
* @return an array of Attribute of the requested type, zero length if none present.
*/
public Attribute[] getAttributes(ASN1ObjectIdentifier type)
{
ASN1Set attrSet = certificationRequest.getCertificationRequestInfo().getAttributes();
if (attrSet == null)
{
return EMPTY_ARRAY;
}
List list = new ArrayList();
for (int i = 0; i != attrSet.size(); i++)
{
Attribute attr = Attribute.getInstance(attrSet.getObjectAt(i));
if (attr.getAttrType().equals(type))
{
list.add(attr);
}
}
if (list.size() == 0)
{
return EMPTY_ARRAY;
}
return (Attribute[])list.toArray(new Attribute[list.size()]);
}
public byte[] getEncoded()
throws IOException
{
return certificationRequest.getEncoded();
}
Validate the signature on the PKCS10 certification request in this holder.
Params: - verifierProvider – a ContentVerifierProvider that can generate a verifier for the signature.
Throws: - PKCSException – if the signature cannot be processed or is inappropriate.
Returns: true if the signature is valid, false otherwise.
/**
* Validate the signature on the PKCS10 certification request in this holder.
*
* @param verifierProvider a ContentVerifierProvider that can generate a verifier for the signature.
* @return true if the signature is valid, false otherwise.
* @throws PKCSException if the signature cannot be processed or is inappropriate.
*/
public boolean isSignatureValid(ContentVerifierProvider verifierProvider)
throws PKCSException
{
CertificationRequestInfo requestInfo = certificationRequest.getCertificationRequestInfo();
ContentVerifier verifier;
try
{
verifier = verifierProvider.get(certificationRequest.getSignatureAlgorithm());
OutputStream sOut = verifier.getOutputStream();
sOut.write(requestInfo.getEncoded(ASN1Encoding.DER));
sOut.close();
}
catch (Exception e)
{
throw new PKCSException("unable to process signature: " + e.getMessage(), e);
}
return verifier.verify(this.getSignature());
}
public boolean equals(Object o)
{
if (o == this)
{
return true;
}
if (!(o instanceof PKCS10CertificationRequest))
{
return false;
}
PKCS10CertificationRequest other = (PKCS10CertificationRequest)o;
return this.toASN1Structure().equals(other.toASN1Structure());
}
public int hashCode()
{
return this.toASN1Structure().hashCode();
}
}