/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* A PKCS #10 certificate request is created and sent to a Certificate
* Authority, which then creates an X.509 certificate and returns it to
* the entity that requested it. A certificate request basically consists
* of the subject's X.500 name, public key, and optionally some attributes,
* signed using the corresponding private key.
*
* The ASN.1 syntax for a Certification Request is:
* <pre>
* CertificationRequest ::= SEQUENCE {
* certificationRequestInfo CertificationRequestInfo,
* signatureAlgorithm SignatureAlgorithmIdentifier,
* signature Signature
* }
*
* SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
* Signature ::= BIT STRING
*
* CertificationRequestInfo ::= SEQUENCE {
* version Version,
* subject Name,
* subjectPublicKeyInfo SubjectPublicKeyInfo,
* attributes [0] IMPLICIT Attributes
* }
* Attributes ::= SET OF Attribute
* </pre>
*
* @author David Brownell
* @author Amit Kapoor
* @author Hemma Prafullchandra
*/
public class PKCS10 {
/**
* Constructs an unsigned PKCS #10 certificate request. Before this
* request may be used, it must be encoded and signed. Then it
* must be retrieved in some conventional format (e.g. string).
*
* @param publicKey the public key that should be placed
* into the certificate generated by the CA.
*/
attributeSet = new PKCS10Attributes();
}
/**
* Constructs an unsigned PKCS #10 certificate request. Before this
* request may be used, it must be encoded and signed. Then it
* must be retrieved in some conventional format (e.g. string).
*
* @param publicKey the public key that should be placed
* into the certificate generated by the CA.
* @param attributes additonal set of PKCS10 attributes requested
* for in the certificate.
*/
}
/**
* Parses an encoded, signed PKCS #10 certificate request, verifying
* the request's signature as it does so. This constructor would
* typically be used by a Certificate Authority, from which a new
* certificate would then be constructed.
*
* @param data the DER-encoded PKCS #10 request.
* @exception IOException for low level errors reading the data
* @exception SignatureException when the signature is invalid
* @exception NoSuchAlgorithmException when the signature
* algorithm is not supported in this environment
*/
byte[] sigData;
//
// Outer sequence: request, signature algorithm, signature.
// Parse, and prepare to verify later.
//
throw new IllegalArgumentException("not a PKCS #10 request");
//
// Inner sequence: version, name, key, attributes
//
throw new IllegalArgumentException("not PKCS #10 v1");
// Cope with a somewhat common illegal PKCS #10 format
else
attributeSet = new PKCS10Attributes();
throw new IllegalArgumentException("illegal PKCS #10 data");
//
// OK, we parsed it all ... validate the signature using the
// key and signature algorithm we found.
//
try {
throw new SignatureException("Invalid PKCS #10 signature");
} catch (InvalidKeyException e) {
throw new SignatureException("invalid key");
}
}
/**
* Create the signed certificate request. This will later be
* retrieved in either string or binary format.
*
* @param subject identifies the signer (by X.500 name).
* @param signature private key and signing algorithm to use.
* @exception IOException on errors.
* @exception CertificateException on certificate handling errors.
* @exception SignatureException on signature handling errors.
*/
byte[] certificateRequestInfo;
byte[] sig;
throw new SignatureException("request is already signed");
/*
* Encode cert request info, wrap in a sequence for signing
*/
scratch = new DerOutputStream();
out = new DerOutputStream();
/*
* Sign it ...
*/
/*
* Build guts of SIGNED macro
*/
try {
} catch (NoSuchAlgorithmException nsae) {
throw new SignatureException(nsae);
}
/*
* Wrap those guts in a sequence
*/
out = new DerOutputStream();
}
/**
* Returns the subject's name.
*/
/**
* Returns the subject's public key.
*/
{ return subjectPublicKeyInfo; }
/**
* Returns the additional attributes requested.
*/
{ return attributeSet; }
/**
* Returns the encoded and signed certificate request as a
* DER-encoded byte array.
*
* @return the certificate request, or null if encodeAndSign()
* has not yet been called.
*/
public byte[] getEncoded() {
else
return null;
}
/**
* Prints an E-Mailable version of the certificate request on the print
* stream passed. The format is a common base64 encoded one, supported
* by most Certificate Authorities because Netscape web servers have
* used this for some time. Some certificate authorities expect some
* more information, in particular contact information for the web
* server administrator.
*
* @param out the print stream where the certificate request
* will be printed.
* @exception IOException when an output operation failed
* @exception SignatureException when the certificate request was
* not yet signed.
*/
throws IOException, SignatureException {
throw new SignatureException("Cert request was not signed");
}
/**
* Provides a short description of this request.
*/
return "[PKCS #10 certificate request:\n"
+ "\n]";
}
/**
* Compares this object for equality with the specified
* object. If the <code>other</code> object is an
* <code>instanceof</code> <code>PKCS10</code>, then
* its encoded form is retrieved and compared with the
* encoded form of this certificate request.
*
* @param other the object to test for equality with this object.
* @return true iff the encoded forms of the two certificate
* requests match, false otherwise.
*/
if (this == other)
return true;
return false;
return false;
if (otherEncoded == null)
return false;
}
/**
* Returns a hashcode value for this certificate request from its
* encoded form.
*
* @return the hashcode value.
*/
public int hashCode() {
int retval = 0;
return(retval);
}
}