package org.bouncycastle.pkcs;

import java.io.IOException;
import java.io.OutputStream;
import java.util.ArrayList;
import java.util.List;

import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.pkcs.Attribute;
import org.bouncycastle.asn1.pkcs.CertificationRequest;
import org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.operator.ContentVerifier;
import org.bouncycastle.operator.ContentVerifierProvider;

Holding class for a PKCS#10 certification request.
/** * Holding class for a PKCS#10 certification request. */
public class PKCS10CertificationRequest { private static Attribute[] EMPTY_ARRAY = new Attribute[0]; private CertificationRequest certificationRequest; private static CertificationRequest parseBytes(byte[] encoding) throws IOException { try { return CertificationRequest.getInstance(ASN1Primitive.fromByteArray(encoding)); } catch (ClassCastException e) { throw new PKCSIOException("malformed data: " + e.getMessage(), e); } catch (IllegalArgumentException e) { throw new PKCSIOException("malformed data: " + e.getMessage(), e); } }
Create a PKCS10CertificationRequestHolder from an underlying ASN.1 structure.
Params:
  • certificationRequest – the underlying ASN.1 structure representing a request.
/** * Create a PKCS10CertificationRequestHolder from an underlying ASN.1 structure. * * @param certificationRequest the underlying ASN.1 structure representing a request. */
public PKCS10CertificationRequest(CertificationRequest certificationRequest) { this.certificationRequest = certificationRequest; }
Create a PKCS10CertificationRequestHolder from the passed in bytes.
Params:
  • encoded – BER/DER encoding of the CertificationRequest structure.
Throws:
  • IOException – in the event of corrupted data, or an incorrect structure.
/** * Create a PKCS10CertificationRequestHolder from the passed in bytes. * * @param encoded BER/DER encoding of the CertificationRequest structure. * @throws IOException in the event of corrupted data, or an incorrect structure. */
public PKCS10CertificationRequest(byte[] encoded) throws IOException { this(parseBytes(encoded)); }
Return the underlying ASN.1 structure for this request.
Returns:a CertificateRequest object.
/** * Return the underlying ASN.1 structure for this request. * * @return a CertificateRequest object. */
public CertificationRequest toASN1Structure() { return certificationRequest; }
Return the subject on this request.
Returns:the X500Name representing the request's subject.
/** * Return the subject on this request. * * @return the X500Name representing the request's subject. */
public X500Name getSubject() { return X500Name.getInstance(certificationRequest.getCertificationRequestInfo().getSubject()); }
Return the details of the signature algorithm used to create this request.
Returns:the AlgorithmIdentifier describing the signature algorithm used to create this request.
/** * Return the details of the signature algorithm used to create this request. * * @return the AlgorithmIdentifier describing the signature algorithm used to create this request. */
public AlgorithmIdentifier getSignatureAlgorithm() { return certificationRequest.getSignatureAlgorithm(); }
Return the bytes making up the signature associated with this request.
Returns:the request signature bytes.
/** * Return the bytes making up the signature associated with this request. * * @return the request signature bytes. */
public byte[] getSignature() { return certificationRequest.getSignature().getOctets(); }
Return the SubjectPublicKeyInfo describing the public key this request is carrying.
Returns:the public key ASN.1 structure contained in the request.
/** * Return the SubjectPublicKeyInfo describing the public key this request is carrying. * * @return the public key ASN.1 structure contained in the request. */
public SubjectPublicKeyInfo getSubjectPublicKeyInfo() { return certificationRequest.getCertificationRequestInfo().getSubjectPublicKeyInfo(); }
Return the attributes, if any associated with this request.
Returns:an array of Attribute, zero length if none present.
/** * Return the attributes, if any associated with this request. * * @return an array of Attribute, zero length if none present. */
public Attribute[] getAttributes() { ASN1Set attrSet = certificationRequest.getCertificationRequestInfo().getAttributes(); if (attrSet == null) { return EMPTY_ARRAY; } Attribute[] attrs = new Attribute[attrSet.size()]; for (int i = 0; i != attrSet.size(); i++) { attrs[i] = Attribute.getInstance(attrSet.getObjectAt(i)); } return attrs; }
Return an array of attributes matching the passed in type OID.
Params:
  • type – the type of the attribute being looked for.
Returns:an array of Attribute of the requested type, zero length if none present.
/** * Return an array of attributes matching the passed in type OID. * * @param type the type of the attribute being looked for. * @return an array of Attribute of the requested type, zero length if none present. */
public Attribute[] getAttributes(ASN1ObjectIdentifier type) { ASN1Set attrSet = certificationRequest.getCertificationRequestInfo().getAttributes(); if (attrSet == null) { return EMPTY_ARRAY; } List list = new ArrayList(); for (int i = 0; i != attrSet.size(); i++) { Attribute attr = Attribute.getInstance(attrSet.getObjectAt(i)); if (attr.getAttrType().equals(type)) { list.add(attr); } } if (list.size() == 0) { return EMPTY_ARRAY; } return (Attribute[])list.toArray(new Attribute[list.size()]); } public byte[] getEncoded() throws IOException { return certificationRequest.getEncoded(); }
Validate the signature on the PKCS10 certification request in this holder.
Params:
  • verifierProvider – a ContentVerifierProvider that can generate a verifier for the signature.
Throws:
  • PKCSException – if the signature cannot be processed or is inappropriate.
Returns:true if the signature is valid, false otherwise.
/** * Validate the signature on the PKCS10 certification request in this holder. * * @param verifierProvider a ContentVerifierProvider that can generate a verifier for the signature. * @return true if the signature is valid, false otherwise. * @throws PKCSException if the signature cannot be processed or is inappropriate. */
public boolean isSignatureValid(ContentVerifierProvider verifierProvider) throws PKCSException { CertificationRequestInfo requestInfo = certificationRequest.getCertificationRequestInfo(); ContentVerifier verifier; try { verifier = verifierProvider.get(certificationRequest.getSignatureAlgorithm()); OutputStream sOut = verifier.getOutputStream(); sOut.write(requestInfo.getEncoded(ASN1Encoding.DER)); sOut.close(); } catch (Exception e) { throw new PKCSException("unable to process signature: " + e.getMessage(), e); } return verifier.verify(this.getSignature()); } public boolean equals(Object o) { if (o == this) { return true; } if (!(o instanceof PKCS10CertificationRequest)) { return false; } PKCS10CertificationRequest other = (PKCS10CertificationRequest)o; return this.toASN1Structure().equals(other.toASN1Structure()); } public int hashCode() { return this.toASN1Structure().hashCode(); } }