Skip navigation links

Oracle Fusion Middleware Security Engine Java API Reference for Oracle Security Developer Tools
11g Release 1 (11.1.1)

E10674-03


oracle.security.crypto.cert
Class CertificateRequest

java.lang.Object
  extended by oracle.security.crypto.cert.CertificateRequest

All Implemented Interfaces:
java.io.Externalizable, java.io.Serializable, oracle.security.crypto.asn1.ASN1Object, oracle.security.crypto.util.Streamable

public class CertificateRequest
extends java.lang.Object
implements oracle.security.crypto.asn1.ASN1Object, java.io.Externalizable

A class that encapsulates a DER-encoded PKCS #10 certificate request. The request contains the subject's name and public key, and it is signed with the subject's private key. The public key contained in the request is used to verify the signature. The signature on the request is verified automatically when the request is read. Note that the subject's private key is used only to produce a signature when the request is output, and is not actually stored with the request.

X.509 v3 xtensions may be added to the certificate request via the Extension Request attribute defined in PKCS #9. For example, the subject's email address may be added as a Subject Alternative Name using:

  CertificateRequest cr = new CertificateRequest( ... );
  cr.addExtension(new SubjectAltNameExtension(
  new GeneralName(GeneralName.Type.RFC822_NAME, "tech@phaos.com"), false));
 

Any attribute (e.g., those defined in PKCS #9) may be included in the certificate request using the addAttribute(oracle.security.crypto.asn1.ASN1ObjectID, oracle.security.crypto.asn1.ASN1Object) method. The above example of X.509 extensions is eqivalent to:

 X509ExtensionSet extSet = new X509ExtensionSet();
 ext.addExtension(new SubjectAltNameExtension(new GeneralName(GeneralName.Type.RFC822_NAME, "tech@phaos.com"), false));
 cr.addAttribute(PKIX.extensionRequest, extSet);
 

Warning: The serialization capability of this class should only be used for short-term storage and RMI between applications running the same version of this product. It should not be relied on for long-term perisistence, as future versions of this class may use an incompatible serialization format. For now, applications requiring long-term persistence should use the ASN.1 encodings provided by the input(InputStream) and output(OutputStream) methods directly, instead of serialization.

See Also:
X509.X509(CertificateRequest, X509, PrivateKey, BigInteger, int), Serialized Form

Constructor Summary
CertificateRequest()
          Creates a new, uninitialized, certificate request.
CertificateRequest(byte[] data)
          Initialize this certificate request by reading from the specified byte array.
CertificateRequest(java.io.InputStream is)
          Initialize this certificate request by reading from the specified input stream.
CertificateRequest(X500Name subject, oracle.security.crypto.core.KeyPair kp)
          Deprecated. Use CertificateRequest() , then setSubject(X500Name), setPublicKey(java.security.PublicKey) and setPrivateKey(java.security.PrivateKey, AlgorithmIdentifier)
CertificateRequest(X500Name subject, oracle.security.crypto.core.KeyPair kp, boolean useWrongFormat)
          Deprecated. Use CertificateRequest() , then setSubject(X500Name), setPublicKey(java.security.PublicKey) , setPrivateKey(java.security.PrivateKey, AlgorithmIdentifier) and setUseWrongFormat(boolean)

 

Method Summary
 Attribute addAttribute(oracle.security.crypto.asn1.ASN1ObjectID type, oracle.security.crypto.asn1.ASN1Object value)
          Add an attribute to this certificate request.
 Attribute addAttribute(Attribute attr)
          Add an attribute to this certificate request.
 X509Extension addExtension(X509Extension ext)
          Add an X.509 v3 extension to this certificate request, using a PKIX.extensionRequest attribute.
 Attribute getAttribute(oracle.security.crypto.asn1.ASN1ObjectID type)
           
 AttributeSet getAttributes()
           
 X509ExtensionSet getExtensions()
          Equivalent to getAttribute(PKIX.extensionRequest).
 oracle.security.crypto.core.PublicKey getPublicKey()
          Returns the subject public key.
 byte[] getSigBytes()
          Returns the signature bytes, signing the certificate first if needed.
 X500Name getSubject()
          Returns the subject name.
 boolean getUseWrongFormat()
          Returns true if using the "wrong" format, otherwise returns false.
 void input(java.io.InputStream is)
          Input a certificate request from a stream and verify the signature.
 int length()
          The length of the certificate request.
 void output(java.io.OutputStream os)
          Outputs this certificate request to the given output stream.
 void readExternal(java.io.ObjectInput is)
           
 X509ExtensionSet setExtensions(X509ExtensionSet extSet)
          Equivalent to addAttribute(PKIX.extensionRequest, extSet).
 void setPrivateKey(oracle.security.crypto.core.PrivateKey privKey)
          Deprecated. Use setPrivateKey(java.security.PrivateKey, AlgorithmIdentifier)
 void setPrivateKey(oracle.security.crypto.core.PrivateKey privKey, oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
          Deprecated. Use setPrivateKey(java.security.PrivateKey, AlgorithmIdentifier)
 void setPrivateKey(java.security.PrivateKey privKey, oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
           Sets the subject's private key and the signing algorithm to use.
 void setPublicKey(oracle.security.crypto.core.PublicKey pk)
          Deprecated. Use setPublicKey(java.security.PublicKey)
 void setPublicKey(java.security.PublicKey pk)
          Sets the subject public key to the given value.
 void setSigAlgID(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
          Set the signing algorithm.
 void setSubject(X500Name subject)
          Sets the subject name to the given value.
 void setUseWrongFormat(boolean useWrongFormat)
           Sets whether the output format shall be altered to make it compatible with certain (nonconformant) CA's.
 void sign()
          Generate the contents of this certificate request and sign it.
 void sign(oracle.security.crypto.core.RandomBitsSource rbs)
          Deprecated. Use sign() instead
 java.lang.String toString()
          Returns a string representation of this object.
 boolean verifySignature()
           
 void writeExternal(java.io.ObjectOutput os)
           

 

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

 

Constructor Detail

CertificateRequest

public CertificateRequest()
Creates a new, uninitialized, certificate request.

CertificateRequest

public CertificateRequest(X500Name subject,
                          oracle.security.crypto.core.KeyPair kp)
Deprecated. Use CertificateRequest() , then setSubject(X500Name), setPublicKey(java.security.PublicKey) and setPrivateKey(java.security.PrivateKey, AlgorithmIdentifier)
Generate a certificate request in the correct format.
Parameters:
subject - the subject's distinguished name
kp - the key pair for the requested certificate

CertificateRequest

public CertificateRequest(X500Name subject,
                          oracle.security.crypto.core.KeyPair kp,
                          boolean useWrongFormat)
Deprecated. Use CertificateRequest() , then setSubject(X500Name), setPublicKey(java.security.PublicKey) , setPrivateKey(java.security.PrivateKey, AlgorithmIdentifier) and setUseWrongFormat(boolean)
Generate a certificate request.
Parameters:
subject - the subject's distinguished name
kp - the key pair for the requested certificate
useWrongFormat - specify wrong format used by some CAs

CertificateRequest

public CertificateRequest(java.io.InputStream is)
                   throws java.io.IOException
Initialize this certificate request by reading from the specified input stream.
Throws:
java.io.IOException

CertificateRequest

public CertificateRequest(byte[] data)
                   throws java.io.IOException
Initialize this certificate request by reading from the specified byte array.
Throws:
java.io.IOException

Method Detail

sign

public void sign()
          throws oracle.security.crypto.core.SignatureException
Generate the contents of this certificate request and sign it.
Throws:
oracle.security.crypto.core.SignatureException - if there is an error during signing

sign

public void sign(oracle.security.crypto.core.RandomBitsSource rbs)
          throws oracle.security.crypto.core.SignatureException
Deprecated. Use sign() instead
Generate the contents of this certificate request and sign it.
Parameters:
rbs - the random number generator to be used for signing, if needed
Throws:
oracle.security.crypto.core.SignatureException - if there is an error during signing

getSigBytes

public byte[] getSigBytes()
                   throws oracle.security.crypto.core.SignatureException
Returns the signature bytes, signing the certificate first if needed.
Throws:
oracle.security.crypto.core.SignatureException

input

public void input(java.io.InputStream is)
           throws java.io.IOException
Input a certificate request from a stream and verify the signature.
Specified by:
input in interface oracle.security.crypto.util.Streamable
Throws:
java.io.IOException - if there was an I/O error, or the request was invalid (e.g., incorrect signature).

verifySignature

public boolean verifySignature()
                        throws oracle.security.crypto.core.AuthenticationException
Throws:
oracle.security.crypto.core.AuthenticationException

output

public void output(java.io.OutputStream os)
            throws java.io.IOException
Outputs this certificate request to the given output stream.
Specified by:
output in interface oracle.security.crypto.util.Streamable
Throws:
java.io.IOException

length

public int length()
The length of the certificate request.
Specified by:
length in interface oracle.security.crypto.util.Streamable

setSubject

public void setSubject(X500Name subject)
Sets the subject name to the given value.

getSubject

public X500Name getSubject()
Returns the subject name.

setPublicKey

public void setPublicKey(oracle.security.crypto.core.PublicKey pk)
Deprecated. Use setPublicKey(java.security.PublicKey)
Sets the subject public key to the given value.

getPublicKey

public oracle.security.crypto.core.PublicKey getPublicKey()
Returns the subject public key.

setPublicKey

public void setPublicKey(java.security.PublicKey pk)
Sets the subject public key to the given value.

setPrivateKey

public void setPrivateKey(oracle.security.crypto.core.PrivateKey privKey)
Deprecated. Use setPrivateKey(java.security.PrivateKey, AlgorithmIdentifier)

Sets the subject's private key.

The subject's private key is used only to produce a signature when the request is output; it is not part of this object's persistent state.


setPrivateKey

public void setPrivateKey(oracle.security.crypto.core.PrivateKey privKey,
                          oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
Deprecated. Use setPrivateKey(java.security.PrivateKey, AlgorithmIdentifier)

Sets the subject's private key and the signing algorithm to use.

The subject's private key is used only to produce a signature when the request is output; it is not part of this object's persistent state.


setPrivateKey

public void setPrivateKey(java.security.PrivateKey privKey,
                          oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)

Sets the subject's private key and the signing algorithm to use.

The subject's private key is used only to produce a signature when the request is output; it is not part of this object's persistent state.

See Also:
#setSigAlgID(AlgorithmIdentifier)}

setSigAlgID

public void setSigAlgID(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
Set the signing algorithm. For example AlgID.sha_1WithRSAEncryption AlgID.sha224WithRSAEncryption AlgID.sha256WithRSAEncryption AlgID.sha384WithRSAEncryption AlgID.sha512WithRSAEncryption AlgID.dsaWithSHA1
Parameters:
sigAlgID -

addAttribute

public Attribute addAttribute(oracle.security.crypto.asn1.ASN1ObjectID type,
                              oracle.security.crypto.asn1.ASN1Object value)
Add an attribute to this certificate request.
Parameters:
type - The OID identifying the attribute.
value - The value of the attribute.
Returns:
The previous value for this attribute type, or null if none was defined.

addAttribute

public Attribute addAttribute(Attribute attr)
Add an attribute to this certificate request.
Parameters:
attr - The attribute to add.
Returns:
The previous value for this attribute type, or null if none was defined.

getAttribute

public Attribute getAttribute(oracle.security.crypto.asn1.ASN1ObjectID type)

getAttributes

public AttributeSet getAttributes()

addExtension

public X509Extension addExtension(X509Extension ext)
Add an X.509 v3 extension to this certificate request, using a PKIX.extensionRequest attribute.
Parameters:
ext - The extension to add.
Returns:
The previous value for this extension, or null if none was defined.

setExtensions

public X509ExtensionSet setExtensions(X509ExtensionSet extSet)
Equivalent to addAttribute(PKIX.extensionRequest, extSet).

getExtensions

public X509ExtensionSet getExtensions()
Equivalent to getAttribute(PKIX.extensionRequest).

setUseWrongFormat

public void setUseWrongFormat(boolean useWrongFormat)

Sets whether the output format shall be altered to make it compatible with certain (nonconformant) CA's.

The value of this flag is not part of the persistent state of this object.

See Also:
getUseWrongFormat()

getUseWrongFormat

public boolean getUseWrongFormat()
Returns true if using the "wrong" format, otherwise returns false. The default is false.
See Also:
setUseWrongFormat(boolean)

toString

public java.lang.String toString()
Returns a string representation of this object.
Overrides:
toString in class java.lang.Object
Returns:
a string representation of this object

writeExternal

public void writeExternal(java.io.ObjectOutput os)
                   throws java.io.IOException
Specified by:
writeExternal in interface java.io.Externalizable
Throws:
java.io.IOException

readExternal

public void readExternal(java.io.ObjectInput is)
                  throws java.io.IOException,
                         java.lang.ClassNotFoundException
Specified by:
readExternal in interface java.io.Externalizable
Throws:
java.io.IOException
java.lang.ClassNotFoundException

Skip navigation links

Oracle Fusion Middleware Security Engine Java API Reference for Oracle Security Developer Tools
11g Release 1 (11.1.1)

E10674-03


Copyright © 2005, 2011 , Oracle. All rights reserved.