Class PKCS10
java.lang.Object
org.mozilla.jss.netscape.security.pkcs.PKCS10
PKCS #10 certificate requests are created and sent to Certificate
Authorities, which then create X.509 certificates and return them to
the entity which created the certificate request. These cert requests
basically consist of the subject's X.500 name and public key, signed
using the corresponding private key.
The ASN.1 syntax for a Certification Request is:
CertificationRequest ::= SEQUENCE { certificationRequestInfo CertificationRequestInfo, signatureAlgorithm SignatureAlgorithmIdentifier, signature Signature } SignatureAlgorithmIdentifier ::= AlgorithmIdentifier Signature ::= BIT STRING CertificationRequestInfo ::= SEQUENCE { version Version, subject Name, subjectPublicKeyInfo SubjectPublicKeyInfo, attributes [0] IMPLICIT Attributes } Attributes ::= SET OF Attribute
- Version:
- 1.28
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate PKCS10Attributes
private byte[]
private byte[]
static org.slf4j.Logger
private X500Name
private X509Key
-
Constructor Summary
ConstructorsConstructorDescriptionPKCS10
(byte[] data) PKCS10
(byte[] data, boolean sigver) Parses an encoded, signed PKCS #10 certificate request, verifying the request's signature as it does so.Constructs an unsigned PKCS #10 certificate request.PKCS10
(X509Key publicKey, PKCS10Attributes attributes) Constructs an unsigned PKCS #10 certificate request. -
Method Summary
Modifier and TypeMethodDescriptionvoid
encodeAndSign
(X500Signer requester) Create the signed certificate request.Returns the additional attributes requested.byte[]
Retrieve the PKCS10 CertificateRequestInfo as a byte arrayReturns the subject's name.Returns the subject's public key.void
print
(PrintStream out) Prints an E-Mailable version of the certificate request on the print stream passed.byte[]
Returns the encoded and signed certificate request as a DER-encoded byte array.toString()
Provides a short description of this request.
-
Field Details
-
logger
public static org.slf4j.Logger logger -
subject
-
subjectPublicKeyInfo
-
attributeSet
-
certificateRequest
private byte[] certificateRequest -
certRequestInfo
private byte[] certRequestInfo
-
-
Constructor Details
-
PKCS10
Constructs an unsigned PKCS #10 certificate request. Before this request may be used, it must be encoded and signed. Then it must be retrieved in some conventional format (e.g. string).- Parameters:
publicKey
- the public key that should be placed into the certificate generated by the CA.
-
PKCS10
Constructs an unsigned PKCS #10 certificate request. Before this request may be used, it must be encoded and signed. Then it must be retrieved in some conventional format (e.g. string).- Parameters:
publicKey
- the public key that should be placed into the certificate generated by the CA.attributes
- additonal set of PKCS10 attributes requested for in the certificate.
-
PKCS10
public PKCS10(byte[] data, boolean sigver) throws IOException, SignatureException, NoSuchAlgorithmException, NoSuchProviderException Parses an encoded, signed PKCS #10 certificate request, verifying the request's signature as it does so. This constructor would typically be used by a Certificate Authority, from which a new certificate would then be constructed.- Parameters:
data
- the DER-encoded PKCS #10 request.sigver
- boolean specifies signature verification enabled or not- Throws:
IOException
- for low level errors reading the dataSignatureException
- when the signature is invalidNoSuchAlgorithmException
- when the signature algorithm is not supported in this environmentNoSuchProviderException
-
PKCS10
public PKCS10(byte[] data) throws IOException, SignatureException, NoSuchAlgorithmException, NoSuchProviderException
-
-
Method Details
-
encodeAndSign
public void encodeAndSign(X500Signer requester) throws CertificateException, IOException, SignatureException Create the signed certificate request. This will later be retrieved in either string or binary format.- Parameters:
requester
- identifies the signer (by X.500 name) and provides the private key used to sign.- Throws:
IOException
- on errors.CertificateException
- on certificate handling errors.SignatureException
- on signature handling errors.
-
getSubjectName
Returns the subject's name. -
getSubjectPublicKeyInfo
Returns the subject's public key. -
getAttributes
Returns the additional attributes requested. -
toByteArray
public byte[] toByteArray()Returns the encoded and signed certificate request as a DER-encoded byte array.- Returns:
- the certificate request, or null if encodeAndSign() has not yet been called.
-
print
Prints an E-Mailable version of the certificate request on the print stream passed. The format is a common base64 encoded one, supported by most Certificate Authorities because Netscape web servers have used this for some time. Some certificate authorities expect some more information, in particular contact information for the web server administrator.- Parameters:
out
- the print stream where the certificate request will be printed.- Throws:
IOException
- when an output operation failedSignatureException
- when the certificate request was not yet signed.
-
toString
Provides a short description of this request. -
getCertRequestInfo
public byte[] getCertRequestInfo()Retrieve the PKCS10 CertificateRequestInfo as a byte array
-