anon.crypto
Class PKCS10CertificationRequest

java.lang.Object
  anon.crypto.PKCS10CertificationRequest

public final class PKCS10CertificationRequest
extends java.lang.Object

A class for creating and verifying PKCS10 Certification requests. They are used to request certification for an X509 certificate from a certificate authority.

  CertificationRequest ::= SEQUENCE {
          certificationRequestInfo CertificationRequestInfo,
          signatureAlgorithm SignatureAlgorithmIdentifier,
          signature Signature }

  SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
  Signature ::= BIT STRING


  CertificationRequestInfo ::= SEQUENCE {
         version Version,
         subject Name,
         subjectPublicKeyInfo SubjectPublicKeyInfo,
         attributes [0] IMPLICIT Attributes }

  Version ::= INTEGER
  Attributes ::= SET OF Attribute


  Attribute ::= SEQUENCE {
    type    ATTRIBUTE.&id,
    values  SET SIZE(1..MAX) OF ATTRIBUTE.&Type
  }
 

Author:

Rolf Wendolsky

See Also:

http://www.faqs.org/rfcs/rfc2314.html

Field Summary

private static java.lang.String	BASE64_ALTERNATIVE_TAG
private static java.lang.String	BASE64_TAG
static java.lang.String	FILE_EXTENSION The file extension that should be used if a request is written to a file.
private CertificationRequest	m_certificationRequest
private java.lang.String	m_md5Fingerprint
private java.lang.String	m_sha1Fingerprint

Constructor Summary

PKCS10CertificationRequest(byte[] a_bytes)
Creates a PKCS10 Certification Request from an array of bytes.

PKCS10CertificationRequest(java.io.InputStream a_inputStream)
Creates a PKCS10 Certification Request from input stream.

PKCS10CertificationRequest(PKCS12 a_privateCertificate)
Creates a new PKCS10 Certification Request from a private certificate.

PKCS10CertificationRequest(X509DistinguishedName a_subject, AsymmetricCryptoKeyPair a_keyPair, X509Extensions a_extensions)
Creates a new PKCS10 Certification Request.

Method Summary

private void	createFingerprints()
JAPCertificate	createX509Certificate(PKCS12 a_signerCertificate, Validity a_validity, X509Extensions a_extensions, java.math.BigInteger a_serialNumber) Creates a new X509 certificate from this certification request.
private byte[]	getEncoded() Returns a DER encoded byte array representing this request.
X509Extensions	getExtensions() Returns the extensions contained in this request.
java.lang.String	getMD5Fingerprint() Gets a human readable MD5 fingerprint for this request.
IMyPublicKey	getPublicKey() Returns the public key used in this request.
java.lang.String	getSHA1Fingerprint() Gets a human readable SHA1 fingerprint for this request.
X509DistinguishedName	getX509DistinguishedName() Get the X509 name that has been provided for this certification request.
byte[]	toByteArray(boolean a_Base64Encoded) Converts the request to a DER encoded byte array.
void	toOutputStream(java.io.OutputStream a_out, boolean a_Base64Encoded) Writes the request to an output stream.
boolean	verify() Verifies the signature of this request with the public key included.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

FILE_EXTENSION

public static final java.lang.String FILE_EXTENSION

The file extension that should be used if a request is written to a file.

See Also:

Constant Field Values

BASE64_TAG

private static final java.lang.String BASE64_TAG

See Also:

Constant Field Values

BASE64_ALTERNATIVE_TAG

private static final java.lang.String BASE64_ALTERNATIVE_TAG

See Also:

Constant Field Values

m_certificationRequest

private CertificationRequest m_certificationRequest

m_sha1Fingerprint

private java.lang.String m_sha1Fingerprint

m_md5Fingerprint

private java.lang.String m_md5Fingerprint

Constructor Detail

PKCS10CertificationRequest

public PKCS10CertificationRequest(java.io.InputStream a_inputStream)
                           throws java.io.IOException

Creates a PKCS10 Certification Request from input stream.

Parameters:

a_inputStream - an input stream representing a PKCS10 Certification Request

Throws:

java.io.IOException - if an I/O error occurs

PKCS10CertificationRequest

public PKCS10CertificationRequest(byte[] a_bytes)

Creates a PKCS10 Certification Request from an array of bytes.

Parameters:

a_bytes - an array of bytes representing a PKCS10 Certification Request

PKCS10CertificationRequest

public PKCS10CertificationRequest(X509DistinguishedName a_subject,
                                  AsymmetricCryptoKeyPair a_keyPair,
                                  X509Extensions a_extensions)

Creates a new PKCS10 Certification Request.

Parameters:

a_subject - an X509 distinguished name

a_keyPair - a cryptographic key pair used to sign the request

a_extensions - a set of attributes for this request

PKCS10CertificationRequest

public PKCS10CertificationRequest(PKCS12 a_privateCertificate)

Creates a new PKCS10 Certification Request from a private certificate.

Parameters:

a_privateCertificate - a private certificate

Method Detail

toOutputStream

public void toOutputStream(java.io.OutputStream a_out,
                           boolean a_Base64Encoded)
                    throws java.io.IOException

Writes the request to an output stream. The data is DER encoded and may be additionally Bas64 encoded. The Base64 encoding is needed to be compatible the OpenSSL PEM format.

Parameters:

a_out - OutputStream

a_Base64Encoded - boolean

Throws:

java.io.IOException

toByteArray

public byte[] toByteArray(boolean a_Base64Encoded)

Converts the request to a DER encoded byte array. The data may additionally be Base64 encoded. The Base64 encoding is needed to be compatible the OpenSSL PEM format.

Parameters:

a_Base64Encoded - if the data should additionally be Base64 encoded.

Returns:

the request as a byte array

verify

public boolean verify()

Verifies the signature of this request with the public key included.

Returns:

true if the signature of this request is valid; false otherwise

createX509Certificate

public JAPCertificate createX509Certificate(PKCS12 a_signerCertificate,
                                            Validity a_validity,
                                            X509Extensions a_extensions,
                                            java.math.BigInteger a_serialNumber)

Creates a new X509 certificate from this certification request. This method is usually used by a cerificate authority.

Parameters:

a_signerCertificate - PKCS12

a_validity - the validity of the certificate

a_extensions - some X509 extensions (may be null); you may take the extensions from this request after checking plausibility

a_serialNumber - the serial number for this certificate (may be null); usually a new serial number is created for each certificate created by the CA

Returns:

a new X509 certificate

getPublicKey

public IMyPublicKey getPublicKey()

Returns the public key used in this request.

Returns:

the public key used in this request

getSHA1Fingerprint

public java.lang.String getSHA1Fingerprint()

Gets a human readable SHA1 fingerprint for this request. This fingerprint may be compared by a user with an other request's fingerprint to proof their equality.

Returns:

a human readable SHA1 fingerprint for this request

getMD5Fingerprint

public java.lang.String getMD5Fingerprint()

Gets a human readable MD5 fingerprint for this request. This fingerprint may be compared by a user with an other request's fingerprint to proof their equality.

Returns:

a human readable MD5 fingerprint for this request

getX509DistinguishedName

public X509DistinguishedName getX509DistinguishedName()

Get the X509 name that has been provided for this certification request.

Returns:

the X509 name that has been provided for this certification request

getExtensions

public X509Extensions getExtensions()

Returns the extensions contained in this request.

Returns:

the extensions contained in this request

createFingerprints

private void createFingerprints()

getEncoded

private byte[] getEncoded()

Returns a DER encoded byte array representing this request.

Returns:

a DER encoded byte array representing this request