org.bouncycastle.pkcs.PKCS10CertificationRequest Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of bcpkix-fips Show documentation
Show all versions of bcpkix-fips Show documentation
The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. The APIs are designed primarily to be used in conjunction with the BC FIPS provider. The APIs may also be used with other providers although if being used in a FIPS context it is the responsibility of the user to ensure that any other providers used are FIPS certified.
package org.bouncycastle.pkcs;
import java.io.IOException;
import java.io.OutputStream;
import java.util.ArrayList;
import java.util.List;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.pkcs.Attribute;
import org.bouncycastle.asn1.pkcs.CertificationRequest;
import org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.operator.ContentVerifier;
import org.bouncycastle.operator.ContentVerifierProvider;
/**
* Holding class for a PKCS#10 certification request.
*/
public class PKCS10CertificationRequest
{
private static Attribute[] EMPTY_ARRAY = new Attribute[0];
private CertificationRequest certificationRequest;
private static CertificationRequest parseBytes(byte[] encoding)
throws IOException
{
try
{
return CertificationRequest.getInstance(ASN1Primitive.fromByteArray(encoding));
}
catch (ClassCastException e)
{
throw new PKCSIOException("malformed data: " + e.getMessage(), e);
}
catch (IllegalArgumentException e)
{
throw new PKCSIOException("malformed data: " + e.getMessage(), e);
}
}
/**
* Create a PKCS10CertificationRequestHolder from an underlying ASN.1 structure.
*
* @param certificationRequest the underlying ASN.1 structure representing a request.
*/
public PKCS10CertificationRequest(CertificationRequest certificationRequest)
{
this.certificationRequest = certificationRequest;
}
/**
* Create a PKCS10CertificationRequestHolder from the passed in bytes.
*
* @param encoded BER/DER encoding of the CertificationRequest structure.
* @throws IOException in the event of corrupted data, or an incorrect structure.
*/
public PKCS10CertificationRequest(byte[] encoded)
throws IOException
{
this(parseBytes(encoded));
}
/**
* Return the underlying ASN.1 structure for this request.
*
* @return a CertificateRequest object.
*/
public CertificationRequest toASN1Structure()
{
return certificationRequest;
}
/**
* Return the subject on this request.
*
* @return the X500Name representing the request's subject.
*/
public X500Name getSubject()
{
return X500Name.getInstance(certificationRequest.getCertificationRequestInfo().getSubject());
}
/**
* Return the details of the signature algorithm used to create this request.
*
* @return the AlgorithmIdentifier describing the signature algorithm used to create this request.
*/
public AlgorithmIdentifier getSignatureAlgorithm()
{
return certificationRequest.getSignatureAlgorithm();
}
/**
* Return the bytes making up the signature associated with this request.
*
* @return the request signature bytes.
*/
public byte[] getSignature()
{
return certificationRequest.getSignature().getOctets();
}
/**
* Return the SubjectPublicKeyInfo describing the public key this request is carrying.
*
* @return the public key ASN.1 structure contained in the request.
*/
public SubjectPublicKeyInfo getSubjectPublicKeyInfo()
{
return certificationRequest.getCertificationRequestInfo().getSubjectPublicKeyInfo();
}
/**
* Return the attributes, if any associated with this request.
*
* @return an array of Attribute, zero length if none present.
*/
public Attribute[] getAttributes()
{
ASN1Set attrSet = certificationRequest.getCertificationRequestInfo().getAttributes();
if (attrSet == null)
{
return EMPTY_ARRAY;
}
Attribute[] attrs = new Attribute[attrSet.size()];
for (int i = 0; i != attrSet.size(); i++)
{
attrs[i] = Attribute.getInstance(attrSet.getObjectAt(i));
}
return attrs;
}
/**
* Return an array of attributes matching the passed in type OID.
*
* @param type the type of the attribute being looked for.
* @return an array of Attribute of the requested type, zero length if none present.
*/
public Attribute[] getAttributes(ASN1ObjectIdentifier type)
{
ASN1Set attrSet = certificationRequest.getCertificationRequestInfo().getAttributes();
if (attrSet == null)
{
return EMPTY_ARRAY;
}
List list = new ArrayList();
for (int i = 0; i != attrSet.size(); i++)
{
Attribute attr = Attribute.getInstance(attrSet.getObjectAt(i));
if (attr.getAttrType().equals(type))
{
list.add(attr);
}
}
if (list.size() == 0)
{
return EMPTY_ARRAY;
}
return (Attribute[])list.toArray(new Attribute[list.size()]);
}
public byte[] getEncoded()
throws IOException
{
return certificationRequest.getEncoded();
}
/**
* Validate the signature on the PKCS10 certification request in this holder.
*
* @param verifierProvider a ContentVerifierProvider that can generate a verifier for the signature.
* @return true if the signature is valid, false otherwise.
* @throws PKCSException if the signature cannot be processed or is inappropriate.
*/
public boolean isSignatureValid(ContentVerifierProvider verifierProvider)
throws PKCSException
{
CertificationRequestInfo requestInfo = certificationRequest.getCertificationRequestInfo();
ContentVerifier verifier;
try
{
verifier = verifierProvider.get(certificationRequest.getSignatureAlgorithm());
OutputStream sOut = verifier.getOutputStream();
sOut.write(requestInfo.getEncoded(ASN1Encoding.DER));
sOut.close();
}
catch (Exception e)
{
throw new PKCSException("unable to process signature: " + e.getMessage(), e);
}
return verifier.verify(this.getSignature());
}
public boolean equals(Object o)
{
if (o == this)
{
return true;
}
if (!(o instanceof PKCS10CertificationRequest))
{
return false;
}
PKCS10CertificationRequest other = (PKCS10CertificationRequest)o;
return this.toASN1Structure().equals(other.toASN1Structure());
}
public int hashCode()
{
return this.toASN1Structure().hashCode();
}
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy