Package com.unboundid.util.ssl.cert

Class PKCS10CertificateSigningRequest

java.lang.Object
com.unboundid.util.ssl.cert.PKCS10CertificateSigningRequest
All Implemented Interfaces:
Serializable
@NotMutable @ThreadSafety(level=COMPLETELY_THREADSAFE) public final class PKCS10CertificateSigningRequest extends Object implements Serializable
This class provides support for decoding a PKCS #10 certificate signing request (aka certification request or CSR) as defined in RFC 2986. The certificate signing request is encoded using the ASN.1 Distinguished Encoding Rules (DER), which is a subset of BER, and is supported by the code in the com.unboundid.asn1 package. The ASN.1 specification is as follows: 
   CertificationRequest ::= SEQUENCE {
        certificationRequestInfo CertificationRequestInfo,
        signatureAlgorithm AlgorithmIdentifier,
        signature          BIT STRING
   }

   CertificationRequestInfo ::= SEQUENCE {
        version       INTEGER { v1(0) } (v1,...),
        subject       Name,
        subjectPKInfo SubjectPublicKeyInfo,
        attributes    [0] Attributes
   }

   SubjectPublicKeyInfo ::= SEQUENCE {
        algorithm        AlgorithmIdentifier,
        subjectPublicKey BIT STRING
   }

   PKInfoAlgorithms ALGORITHM ::= {
        ...  -- add any locally defined algorithms here -- }

   Attributes ::= SET OF Attribute

   CRIAttributes  ATTRIBUTE  ::= {
        ... -- add any locally defined attributes here -- }

   Attribute ::= SEQUENCE {
        type   OBJECT IDENTIFIER,
        values SET SIZE(1..MAX)
   }

   AlgorithmIdentifier ::= SEQUENCE {
        algorithm          OBJECT IDENTIFIER,
        parameters         ANY OPTIONAL
   }

   SignatureAlgorithms ALGORITHM ::= {
        ... -- add any locally defined algorithms here -- }
See Also:

  • Constructor Details

    • PKCS10CertificateSigningRequest

      public PKCS10CertificateSigningRequest(@NotNull byte[] encodedRequest) throws CertException
      Decodes the contents of the provided byte array as a PKCS #10 certificate signing request.
      Parameters:
      encodedRequest - The byte array containing the encoded PKCS #10 certificate signing request. This must not be null.
      Throws:
      CertException - If the contents of the provided byte array could not be decoded as a valid PKCS #10 certificate signing request.

  • Method Details

    • generateCertificateSigningRequest

      @NotNull public static PKCS10CertificateSigningRequest generateCertificateSigningRequest(@NotNull SignatureAlgorithmIdentifier signatureAlgorithm, @NotNull KeyPair keyPair, @NotNull DN subjectDN, @Nullable X509CertificateExtension... extensions) throws CertException
      Generates a PKCS #10 certificate signing request with the provided information.
      Parameters:
      signatureAlgorithm - The algorithm to use to generate the signature. This must not be null.
      keyPair - The key pair to use for the certificate signing request. This must not be null.
      subjectDN - The subject DN for the certificate signing request. This must not be null.
      extensions - The set of extensions to include in the certificate signing request. This may be null or empty if the request should not include any custom extensions.
      Returns:
      The generated PKCS #10 certificate signing request.
      Throws:
      CertException - If a problem is encountered while creating the certificate signing request.

    • getPKCS10CertificateSigningRequestBytes

      @NotNull public byte[] getPKCS10CertificateSigningRequestBytes()
      Retrieves the bytes that comprise the encoded representation of this PKCS #10 certificate signing request.
      Returns:
      The bytes that comprise the encoded representation of this PKCS #10 certificate signing request.

    • getVersion

      @NotNull public PKCS10CertificateSigningRequestVersion getVersion()
      Retrieves the certificate signing request version.
      Returns:
      The certificate signing request version.

    • getSignatureAlgorithmOID

      @NotNull public OID getSignatureAlgorithmOID()
      Retrieves the certificate signing request signature algorithm OID.
      Returns:
      The certificate signing request signature algorithm OID.

    • getSignatureAlgorithmName

      @Nullable public String getSignatureAlgorithmName()
      Retrieves the certificate signing request signature algorithm name, if available.
      Returns:
      The certificate signing request signature algorithm name, or null if the signature algorithm OID does not correspond to any known algorithm name.

    • getSignatureAlgorithmNameOrOID

      @NotNull public String getSignatureAlgorithmNameOrOID()
      Retrieves the signature algorithm name if it is available, or the string representation of the signature algorithm OID if not.
      Returns:
      The signature algorithm name or OID.

    • getSignatureAlgorithmParameters

      @Nullable public ASN1Element getSignatureAlgorithmParameters()
      Retrieves the encoded signature algorithm parameters, if present.
      Returns:
      The encoded signature algorithm parameters, or null if there are no signature algorithm parameters.

    • getSubjectDN

      @NotNull public DN getSubjectDN()
      Retrieves the certificate signing request subject DN.
      Returns:
      The certificate signing request subject DN.

    • getPublicKeyAlgorithmOID

      @NotNull public OID getPublicKeyAlgorithmOID()
      Retrieves the certificate signing request public key algorithm OID.
      Returns:
      The certificate signing request public key algorithm OID.

    • getPublicKeyAlgorithmName

      @Nullable public String getPublicKeyAlgorithmName()
      Retrieves the certificate signing request public key algorithm name, if available.
      Returns:
      The certificate signing request public key algorithm name, or null if the public key algorithm OID does not correspond to any known algorithm name.

    • getPublicKeyAlgorithmNameOrOID

      @NotNull public String getPublicKeyAlgorithmNameOrOID()
      Retrieves the public key algorithm name if it is available, or the string representation of the public key algorithm OID if not.
      Returns:
      The signature algorithm name or OID.

    • getPublicKeyAlgorithmParameters

      @Nullable public ASN1Element getPublicKeyAlgorithmParameters()
      Retrieves the encoded public key algorithm parameters, if present.
      Returns:
      The encoded public key algorithm parameters, or null if there are no public key algorithm parameters.

    • getEncodedPublicKey

      @NotNull public ASN1BitString getEncodedPublicKey()
      Retrieves the encoded public key as a bit string.
      Returns:
      The encoded public key as a bit string.

    • getDecodedPublicKey

      @Nullable public DecodedPublicKey getDecodedPublicKey()
      Retrieves a decoded representation of the public key, if available.
      Returns:
      A decoded representation of the public key, or null if the public key could not be decoded.

    • getRequestAttributes

      @NotNull public List<ObjectPair<OID,ASN1Set>> getRequestAttributes()
      Retrieves the encoded request attributes included in the certificate signing request.
      Returns:
      The encoded request attributes included in the certificate signing request.

    • getExtensions

      @NotNull public List<X509CertificateExtension> getExtensions()
      Retrieves the list of certificate extensions included in the certificate signing request.
      Returns:
      The list of certificate extensions included in the certificate signing request.

    • getSignatureValue

      @NotNull public ASN1BitString getSignatureValue()
      Retrieves the signature value for the certificate signing request.
      Returns:
      The signature value for the certificate signing request.

    • verifySignature

      public void verifySignature() throws CertException
      Verifies the signature for this certificate signing request.
      Throws:
      CertException - If the certificate signing request's signature could not be verified.

    • toString

      @NotNull public String toString()
      Retrieves a string representation of the decoded X.509 certificate.
      Overrides:
      toString in class Object
      Returns:
      A string representation of the decoded X.509 certificate.

    • toString

      public void toString(@NotNull StringBuilder buffer)
      Appends a string representation of the decoded X.509 certificate to the provided buffer.
      Parameters:
      buffer - The buffer to which the information should be appended.

    • toPEM

      @NotNull public List<String> toPEM()
      Retrieves a list of the lines that comprise a PEM representation of this PKCS #10 certificate signing request.
      Returns:
      A list of the lines that comprise a PEM representation of this PKCS #10 certificate signing request.

    • toPEMString

      @NotNull public String toPEMString()
      Retrieves a multi-line string containing a PEM representation of this PKCS #10 certificate signing request.
      Returns:
      A multi-line string containing a PEM representation of this PKCS #10 certificate signing request.