Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  package org.bouncycastle.jce;
  
 import java.util.Set;
 
 
A class for verifying and creating PKCS10 Certification requests.
 CertificationRequest ::= SEQUENCE {
   certificationRequestInfo  CertificationRequestInfo,
   signatureAlgorithm        AlgorithmIdentifier{{ SignatureAlgorithms }},
   signature                 BIT STRING
 }

 CertificationRequestInfo ::= SEQUENCE {
   version             INTEGER { v1(0) } (v1,...),
   subject             Name,
   subjectPKInfo   SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
   attributes          [0] Attributes{{ CRIAttributes }}
  }

  Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }}

  Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {
    type    ATTRIBUTE.&id({IOSet}),
    values  SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{\@type})
  }
 

Deprecated:
use classes in org.bouncycastle.pkcs.
 
     extends CertificationRequest
 {
     private static Hashtable            algorithms = new Hashtable();
     private static Hashtable            params = new Hashtable();
     private static Hashtable            keyAlgorithms = new Hashtable();
     private static Hashtable            oids = new Hashtable();
     private static Set                  noParams = new HashSet();
 
     static
     {
         .put("MD2WITHRSAENCRYPTION"new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"));
         .put("MD2WITHRSA"new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"));
         .put("MD5WITHRSAENCRYPTION"new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"));
         .put("MD5WITHRSA"new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"));
         .put("RSAWITHMD5"new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"));
         .put("SHA1WITHRSAENCRYPTION"new ASN1ObjectIdentifier("1.2.840.113549.1.1.5"));
         .put("SHA1WITHRSA"new ASN1ObjectIdentifier("1.2.840.113549.1.1.5"));
         .put("SHA224WITHRSAENCRYPTION".);
         .put("SHA224WITHRSA".);
         .put("SHA256WITHRSAENCRYPTION".);
         .put("SHA256WITHRSA".);
         .put("SHA384WITHRSAENCRYPTION".);
         .put("SHA384WITHRSA".);
         .put("SHA512WITHRSAENCRYPTION".);
         .put("SHA512WITHRSA".);
         .put("SHA1WITHRSAANDMGF1".);
        .put("SHA224WITHRSAANDMGF1".);
        .put("SHA256WITHRSAANDMGF1".);
        .put("SHA384WITHRSAANDMGF1".);
        .put("SHA512WITHRSAANDMGF1".);
        .put("RSAWITHSHA1"new ASN1ObjectIdentifier("1.2.840.113549.1.1.5"));
        .put("RIPEMD128WITHRSAENCRYPTION".);
        .put("RIPEMD160WITHRSAENCRYPTION".);
        .put("RIPEMD256WITHRSAENCRYPTION".);
        .put("SHA1WITHDSA"new ASN1ObjectIdentifier("1.2.840.10040.4.3"));
        .put("DSAWITHSHA1"new ASN1ObjectIdentifier("1.2.840.10040.4.3"));
        .put("SHA224WITHDSA".);
        .put("SHA256WITHDSA".);
        .put("SHA384WITHDSA".);
        .put("SHA512WITHDSA".);
        .put("SHA1WITHECDSA".);
        .put("SHA224WITHECDSA".);
        .put("SHA256WITHECDSA".);
        .put("SHA384WITHECDSA".);
        .put("SHA512WITHECDSA".);
        .put("ECDSAWITHSHA1".);
        .put("GOST3411WITHECGOST3410-2001".);
        .put("GOST3411WITHGOST3410-2001".);
        //
        // reverse mappings
        //
        .put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
        .put(."SHA224WITHRSA");
        .put(."SHA256WITHRSA");
        .put(."SHA384WITHRSA");
        .put(."SHA512WITHRSA");
        .put(."GOST3411WITHGOST3410");
        .put(."GOST3411WITHECGOST3410");
        
        .put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA");
        .put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA");
        .put(new ASN1ObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA");
        .put(."SHA1WITHECDSA");
        .put(."SHA224WITHECDSA");
        .put(."SHA256WITHECDSA");
        .put(."SHA384WITHECDSA");
        .put(."SHA512WITHECDSA");
        .put(."SHA1WITHRSA");
        .put(."SHA1WITHDSA");
        .put(."SHA224WITHDSA");
        .put(."SHA256WITHDSA");
        
        //
        // key types
        //
        
        //
        // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field. 
        // The parameters field SHALL be NULL for RSA based signature algorithms.
        //
        //
        // RFC 4491
        //
        //
        // explicit params
        //
        .put("SHA1WITHRSAANDMGF1"creatPSSParams(sha1AlgId, 20));
        .put("SHA224WITHRSAANDMGF1"creatPSSParams(sha224AlgId, 28));
        .put("SHA256WITHRSAANDMGF1"creatPSSParams(sha256AlgId, 32));
        .put("SHA384WITHRSAANDMGF1"creatPSSParams(sha384AlgId, 48));
        .put("SHA512WITHRSAANDMGF1"creatPSSParams(sha512AlgId, 64));
    }
    private static RSASSAPSSparams creatPSSParams(AlgorithmIdentifier hashAlgIdint saltSize)
    {
        return new RSASSAPSSparams(
            hashAlgId,
            new AlgorithmIdentifier(.hashAlgId),
            new ASN1Integer(saltSize),
            new ASN1Integer(1));
    }
    private static ASN1Sequence toDERSequence(
        byte[]  bytes)
    {
        try
        {
            ASN1InputStream         dIn = new ASN1InputStream(bytes);
            return (ASN1Sequence)dIn.readObject();
        }
        catch (Exception e)
        {
            throw new IllegalArgumentException("badly encoded request");
        }
    }

    
construct a PKCS10 certification request from a DER encoded byte stream.
        byte[]  bytes)
    {
        super(toDERSequence(bytes));
    }
        ASN1Sequence  sequence)
    {
        super(sequence);
    }

    
create a PKCS10 certfication request using the BC provider.
        String              signatureAlgorithm,
        X509Name            subject,
        PublicKey           key,
        ASN1Set             attributes,
        PrivateKey          signingKey)
                InvalidKeyExceptionSignatureException
    {
        this(signatureAlgorithmsubjectkeyattributessigningKey.);
    }
    private static X509Name convertName(
        X500Principal    name)
    {
        try
        {
            return new X509Principal(name.getEncoded());
        }
        catch (IOException e)
        {
            throw new IllegalArgumentException("can't convert name");
        }
    }
    
    
create a PKCS10 certfication request using the BC provider.
        String              signatureAlgorithm,
        X500Principal       subject,
        PublicKey           key,
        ASN1Set             attributes,
        PrivateKey          signingKey)
                InvalidKeyExceptionSignatureException
    {
        this(signatureAlgorithmconvertName(subject), keyattributessigningKey.);
    }
    
    
create a PKCS10 certfication request using the named provider.
        String              signatureAlgorithm,
        X500Principal       subject,
        PublicKey           key,
        ASN1Set             attributes,
        PrivateKey          signingKey,
        String              provider)
                InvalidKeyExceptionSignatureException
    {
        this(signatureAlgorithmconvertName(subject), keyattributessigningKeyprovider);
    }
    
    
create a PKCS10 certfication request using the named provider.
        String              signatureAlgorithm,
        X509Name            subject,
        PublicKey           key,
        ASN1Set             attributes,
        PrivateKey          signingKey,
        String              provider)
                InvalidKeyExceptionSignatureException
    {
        String algorithmName = Strings.toUpperCase(signatureAlgorithm);
        ASN1ObjectIdentifier sigOID = (ASN1ObjectIdentifier).get(algorithmName);
        if (sigOID == null)
        {
            try
            {
                sigOID = new ASN1ObjectIdentifier(algorithmName);
            }
            catch (Exception e)
            {
                throw new IllegalArgumentException("Unknown signature type requested");
            }
        }
        if (subject == null)
        {
            throw new IllegalArgumentException("subject must not be null");
        }
        if (key == null)
        {
            throw new IllegalArgumentException("public key must not be null");
        }
        if (.contains(sigOID))
        {
            this. = new AlgorithmIdentifier(sigOID);
        }
        else if (.containsKey(algorithmName))
        {
            this. = new AlgorithmIdentifier(sigOID, (ASN1Encodable).get(algorithmName));
        }
        else
        {
            this. = new AlgorithmIdentifier(sigOID.);
        }
        try
        {
            ASN1Sequence seq = (ASN1Sequence)ASN1Primitive.fromByteArray(key.getEncoded());
            this. = new CertificationRequestInfo(subjectnew SubjectPublicKeyInfo(seq), attributes);
        }
        catch (IOException e)
        {
            throw new IllegalArgumentException("can't encode public key");
        }
        Signature sig;
        if (provider == null)
        {
            sig = Signature.getInstance(signatureAlgorithm);
        }
        else
        {
            sig = Signature.getInstance(signatureAlgorithmprovider);
        }
        sig.initSign(signingKey);
        try
        {
            sig.update(.getEncoded(.));
        }
        catch (Exception e)
        {
            throw new IllegalArgumentException("exception encoding TBS cert request - " + e);
        }
        this. = new DERBitString(sig.sign());
    }

    
return the public key associated with the certification request - the public key is created using the BC provider.
    public PublicKey getPublicKey()
    {
    }
    public PublicKey getPublicKey(
        String  provider)
                InvalidKeyException
    {
        SubjectPublicKeyInfo    subjectPKInfo = .getSubjectPublicKeyInfo();
        
        try
        {
            X509EncodedKeySpec      xspec = new X509EncodedKeySpec(new DERBitString(subjectPKInfo).getBytes());
            AlgorithmIdentifier     keyAlg = subjectPKInfo.getAlgorithm();
            try
            {
                if (provider == null)
                {
                    return KeyFactory.getInstance(keyAlg.getAlgorithm().getId()).generatePublic(xspec);
                }
                else
                {
                    return KeyFactory.getInstance(keyAlg.getAlgorithm().getId(), provider).generatePublic(xspec);
                }
            }
            catch (NoSuchAlgorithmException e)
            {
                //
                // try an alternate
                //
                if (.get(keyAlg.getObjectId()) != null)
                {
                    String  keyAlgorithm = (String).get(keyAlg.getObjectId());
                    
                    if (provider == null)
                    {
                        return KeyFactory.getInstance(keyAlgorithm).generatePublic(xspec);
                    }
                    else
                    {
                        return KeyFactory.getInstance(keyAlgorithmprovider).generatePublic(xspec);
                    }
                }
                
                throw e;
            }
        }
        catch (InvalidKeySpecException e)
        {
            throw new InvalidKeyException("error decoding public key");
        }
        catch (IOException e)
        {
            throw new InvalidKeyException("error decoding public key");
        }
    }

    
verify the request using the BC provider.
    public boolean verify()
                InvalidKeyExceptionSignatureException
    {
        return verify(.);
    }

    
verify the request using the passed in provider.
    public boolean verify(
        String provider)
                InvalidKeyExceptionSignatureException
    {
        return verify(this.getPublicKey(provider), provider);
    }

    
verify the request using the passed in public key and the provider..
    public boolean verify(
        PublicKey pubKey,
        String provider)
                InvalidKeyExceptionSignatureException
    {
        Signature   sig;
        try
        {
            if (provider == null)
            {
                sig = Signature.getInstance(getSignatureName());
            }
            else
            {
                sig = Signature.getInstance(getSignatureName(), provider);
            }
        }
        catch (NoSuchAlgorithmException e)
        {
            //
            // try an alternate
            //
            if (.get(.getObjectId()) != null)
            {
                String  signatureAlgorithm = (String).get(.getObjectId());
                if (provider == null)
                {
                    sig = Signature.getInstance(signatureAlgorithm);
                }
                else
                {
                    sig = Signature.getInstance(signatureAlgorithmprovider);
                }
            }
            else
            {
                throw e;
            }
        }
        
        sig.initVerify(pubKey);
        try
        {
            sig.update(.getEncoded(.));
        }
        catch (Exception e)
        {
            throw new SignatureException("exception encoding TBS cert request - " + e);
        }
        return sig.verify(.getBytes());
    }

    
return a DER encoded byte array representing this object
    public byte[] getEncoded()
    {
        try
        {
            return this.getEncoded(.);
        }
        catch (IOException e)
        {
            throw new RuntimeException(e.toString());
        }
    }
    private void setSignatureParameters(
        Signature signature,
        ASN1Encodable params)
    {
        if (params != null && !..equals(params))
        {
            AlgorithmParameters sigParams = AlgorithmParameters.getInstance(signature.getAlgorithm(), signature.getProvider());
            try
            {
                sigParams.init(params.toASN1Primitive().getEncoded(.));
            }
            catch (IOException e)
            {
                throw new SignatureException("IOException decoding parameters: " + e.getMessage());
            }
            if (signature.getAlgorithm().endsWith("MGF1"))
            {
                try
                {
                    signature.setParameter(sigParams.getParameterSpec(PSSParameterSpec.class));
                }
                catch (GeneralSecurityException e)
                {
                    throw new SignatureException("Exception extracting parameters: " + e.getMessage());
                }
            }
        }
    }
    static String getSignatureName(
        AlgorithmIdentifier sigAlgId)
    {
        ASN1Encodable params = sigAlgId.getParameters();
        if (params != null && !..equals(params))
        {
            if (sigAlgId.getObjectId().equals(.))
            {
                RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params);
                return getDigestAlgName(rsaParams.getHashAlgorithm().getObjectId()) + "withRSAandMGF1";
            }
        }
        return sigAlgId.getObjectId().getId();
    }
    private static String getDigestAlgName(
        ASN1ObjectIdentifier digestAlgOID)
    {
        if (..equals(digestAlgOID))
        {
            return "MD5";
        }
        else if (..equals(digestAlgOID))
        {
            return "SHA1";
        }
        else if (..equals(digestAlgOID))
        {
            return "SHA224";
        }
        else if (..equals(digestAlgOID))
        {
            return "SHA256";
        }
        else if (..equals(digestAlgOID))
        {
            return "SHA384";
        }
        else if (..equals(digestAlgOID))
        {
            return "SHA512";
        }
        else if (..equals(digestAlgOID))
        {
            return "RIPEMD128";
        }
        else if (..equals(digestAlgOID))
        {
            return "RIPEMD160";
        }
        else if (..equals(digestAlgOID))
        {
            return "RIPEMD256";
        }
        else if (..equals(digestAlgOID))
        {
            return "GOST3411";
        }
        else
        {
            return digestAlgOID.getId();            
        }
    }
New to GrepCode? Check out our FAQ X