All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder Maven / Gradle / Ivy

package org.bouncycastle.pkcs;

import java.io.IOException;
import java.io.OutputStream;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.pkcs.Attribute;
import org.bouncycastle.asn1.pkcs.CertificationRequest;
import org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.operator.ContentSigner;

/**
 * A class for creating PKCS#10 Certification requests.
 *  
 * CertificationRequest ::= SEQUENCE {
 *   certificationRequestInfo  CertificationRequestInfo,
 *   signatureAlgorithm        AlgorithmIdentifier{{ SignatureAlgorithms }},
 *   signature                 BIT STRING
 * }
 *
 * CertificationRequestInfo ::= SEQUENCE {
 *   version             INTEGER { v1(0) } (v1,[]),
 *   subject             Name,
 *   subjectPKInfo   SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
 *   attributes          [0] Attributes{{ CRIAttributes }}
 *  }
 *
 *  Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }}
 *
 *  Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {
 *    type    ATTRIBUTE.&id({IOSet}),
 *    values  SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{\@type})
 *  }
 * 
*/ public class PKCS10CertificationRequestBuilder { private SubjectPublicKeyInfo publicKeyInfo; private X500Name subject; private List attributes = new ArrayList(); private boolean leaveOffEmpty = false; public PKCS10CertificationRequestBuilder(PKCS10CertificationRequestBuilder original) { this.publicKeyInfo = original.publicKeyInfo; this.subject = original.subject; this.leaveOffEmpty = original.leaveOffEmpty; this.attributes = new ArrayList(original.attributes); } /** * Basic constructor. * * @param subject the X.500 Name defining the certificate subject this request is for. * @param publicKeyInfo the info structure for the public key to be associated with this subject. */ public PKCS10CertificationRequestBuilder(X500Name subject, SubjectPublicKeyInfo publicKeyInfo) { this.subject = subject; this.publicKeyInfo = publicKeyInfo; } /** * Set an attribute to the certification request we are building. * Removed existing attributes with the same attrType. * * @param attrType the OID giving the type of the attribute. * @param attrValue the ASN.1 structure that forms the value of the attribute. * @return this builder object. */ public PKCS10CertificationRequestBuilder setAttribute(ASN1ObjectIdentifier attrType, ASN1Encodable attrValue) { // Remove existing copies of the attribute. for (Iterator it = attributes.iterator(); it.hasNext(); ) { if (((Attribute)it.next()).getAttrType().equals(attrType)) { throw new IllegalStateException("Attribute " + attrType.toString() + " is already set"); } } addAttribute(attrType, attrValue); return this; } /** * Add an attribute with multiple values to the certification request we are building. * Removed existing attributes with the same attrType. * * @param attrType the OID giving the type of the attribute. * @param attrValue the ASN.1 structure that forms the value of the attribute. * @return this builder object. */ public PKCS10CertificationRequestBuilder setAttribute(ASN1ObjectIdentifier attrType, ASN1Encodable[] attrValue) { // Remove existing copies of the attribute. for (Iterator it = attributes.iterator(); it.hasNext(); ) { if (((Attribute)it.next()).getAttrType().equals(attrType)) { throw new IllegalStateException("Attribute " + attrType.toString() + " is already set"); } } addAttribute(attrType, attrValue); return this; } /** * Add an attribute to the certification request we are building. * * @param attrType the OID giving the type of the attribute. * @param attrValue the ASN.1 structure that forms the value of the attribute. * @return this builder object. */ public PKCS10CertificationRequestBuilder addAttribute(ASN1ObjectIdentifier attrType, ASN1Encodable attrValue) { attributes.add(new Attribute(attrType, new DERSet(attrValue))); return this; } /** * Add an attribute with multiple values to the certification request we are building. * * @param attrType the OID giving the type of the attribute. * @param attrValues an array of ASN.1 structures that form the value of the attribute. * @return this builder object. */ public PKCS10CertificationRequestBuilder addAttribute(ASN1ObjectIdentifier attrType, ASN1Encodable[] attrValues) { attributes.add(new Attribute(attrType, new DERSet(attrValues))); return this; } /** * The attributes field in PKCS10 should encoded to an empty tagged set if there are * no attributes. Some CAs will reject requests with the attribute field present. * * @param leaveOffEmpty true if empty attributes should be left out of the encoding false otherwise. * @return this builder object. */ public PKCS10CertificationRequestBuilder setLeaveOffEmptyAttributes(boolean leaveOffEmpty) { this.leaveOffEmpty = leaveOffEmpty; return this; } /** * Generate an PKCS#10 request based on the past in signer. * * @param signer the content signer to be used to generate the signature validating the certificate. * @return a holder containing the resulting PKCS#10 certification request. */ public PKCS10CertificationRequest build( ContentSigner signer) { CertificationRequestInfo info; if (attributes.isEmpty()) { if (leaveOffEmpty) { info = new CertificationRequestInfo(subject, publicKeyInfo, null); } else { info = new CertificationRequestInfo(subject, publicKeyInfo, new DERSet()); } } else { ASN1EncodableVector v = new ASN1EncodableVector(); for (Iterator it = attributes.iterator(); it.hasNext(); ) { v.add(Attribute.getInstance(it.next())); } info = new CertificationRequestInfo(subject, publicKeyInfo, new DERSet(v)); } try { OutputStream sOut = signer.getOutputStream(); sOut.write(info.getEncoded(ASN1Encoding.DER)); sOut.close(); return new PKCS10CertificationRequest(new CertificationRequest(info, signer.getAlgorithmIdentifier(), new DERBitString(signer.getSignature()))); } catch (IOException e) { throw new IllegalStateException("cannot produce certification request signature"); } } }



© 2015 - 2024 Weber Informatics LLC | Privacy Policy