|
Oracle Security Developer Tools Security Engine Java API Reference 10g Release 2 (10.1.2.0.2) B15569-01 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object
oracle.security.crypto.cert.CertificateRequest
A class that encapsulates a DER-encoded PKCS #10 certificate request. The request contains the subject's name and public key, and it is signed with the subject's private key. The public key contained in the request is used to verify the signature. The signature on the request is verified automatically when the request is read. Note that the subject's private key is used only to produce a signature when the request is output, and is not actually stored with the request.
X.509 v3 xtensions may be added to the certificate request via the Extension Request attribute defined in PKCS #9. For example, the subject's email address may be added as a Subject Alternative Name using:
CertificateRequest cr = new CertificateRequest( ... ); cr.addExtension(new SubjectAltNameExtension( new GeneralName(GeneralName.Type.RFC822_NAME, "tech@phaos.com"), false));
Any attribute (e.g., those defined in PKCS #9) may be included in the certificate request using the addAttribute(ASN1ObjectID, ASN1Object)
method. The above example of X.509 extensions is eqivalent to:
X509ExtensionSet extSet = new X509ExtensionSet(); ext.addExtension(new SubjectAltNameExtension( new GeneralName(GeneralName.Type.RFC822_NAME, "tech@phaos.com"), false)); cr.addAttribute(PKIX.extensionRequest, extSet);
Warning: The serialization capability of this class should only be used for short-term storage and RMI between applications running the same version of this product. It should not be relied on for long-term perisistence, as future versions of this class may use an incompatible serialization format. For now, applications requiring long-term persistence should use the ASN.1 encodings provided by the input(InputStream)
and output(OutputStream)
methods directly, instead of serialization.
X509.X509(CertificateRequest, X509, PrivateKey, BigInteger, int)
Constructor Summary | |
CertificateRequest() Creates a new, uninitialized, certificate request. |
|
CertificateRequest(byte[] data) Initialize this certificate request by reading from the specified byte array. |
|
CertificateRequest(java.io.InputStream is) Initialize this certificate request by reading from the specified input stream. |
|
CertificateRequest(X500Name subject, KeyPair kp) Generate a certificate request in the correct format. |
|
CertificateRequest(X500Name subject, KeyPair kp, boolean useWrongFormat) Generate a certificate request. |
Method Summary | |
Attribute |
addAttribute(ASN1ObjectID type, ASN1Object value) Add an attribute to this certificate request. |
Attribute |
addAttribute(Attribute attr) Add an attribute to this certificate request. |
X509Extension |
addExtension(X509Extension ext) Add an X.509 v3 extension to this certificate request, using a PKIX.extensionRequest attribute. |
Attribute |
getAttribute(ASN1ObjectID type) |
AttributeSet |
getAttributes() |
X509ExtensionSet |
getExtensions() Equivalent to getAttribute(PKIX.extensionRequest) . |
PublicKey |
getPublicKey() Returns the subject public key. |
byte[] |
getSigBytes() Returns the signature bytes, signing the certificate first if needed. |
X500Name |
getSubject() Returns the subject name. |
boolean |
getUseWrongFormat() Returns true if using the "wrong" format, otherwise returns false. |
void |
input(java.io.InputStream is) Input a certificate request from a stream and verify the signature. |
int |
length() The length of the certificate request. |
void |
output(java.io.OutputStream os) Outputs this certificate request to the given output stream. |
X509ExtensionSet |
setExtensions(X509ExtensionSet extSet) Equivalent to addAttribute(PKIX.extensionRequest, extSet) . |
void |
setPrivateKey(PrivateKey privKey) Sets the subject's private key. |
void |
setPrivateKey(PrivateKey privKey, AlgorithmIdentifier sigAlgID) Sets the subject's private key and the signing algorithm to use. |
void |
setPublicKey(PublicKey pk) Sets the subject public key to the given value. |
void |
setSigAlgID(AlgorithmIdentifier sigAlgID) |
void |
setSubject(X500Name subject) Sets the subject name to the given value. |
void |
setUseWrongFormat(boolean useWrongFormat) Sets whether the output format shall be altered to make it compatible with certain (nonconformant) CA's. |
void |
sign() Generate the contents of this certificate request and sign it. |
void |
sign(RandomBitsSource rbs) Generate the contents of this certificate request and sign it. |
java.lang.String |
toString() Returns a string representation of this object. |
boolean |
verifySignature() |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Constructor Detail |
public CertificateRequest()
public CertificateRequest(X500Name subject, KeyPair kp)
subject
- the subject's distinguished namekp
- the key pair for the requested certificatepublic CertificateRequest(X500Name subject, KeyPair kp, boolean useWrongFormat)
subject
- the subject's distinguished namekp
- the key pair for the requested certificateuseWrongFormat
- specify wrong format used by some CAspublic CertificateRequest(java.io.InputStream is) throws java.io.IOException
public CertificateRequest(byte[] data) throws java.io.IOException
Method Detail |
public void sign() throws SignatureException
SignatureException
- if there is an error during signingpublic void sign(RandomBitsSource rbs) throws SignatureException
rbs
- the random number generator to be used for signing, if neededSignatureException
- if there is an error during signingpublic byte[] getSigBytes() throws SignatureException
SignatureException
public void input(java.io.InputStream is) throws java.io.IOException
java.io.IOException
- if there was an I/O error, or the request was invalid (e.g., incorrect signature).public boolean verifySignature() throws AuthenticationException
AuthenticationException
public void output(java.io.OutputStream os) throws java.io.IOException
java.io.IOException
public int length()
public void setSubject(X500Name subject)
public X500Name getSubject()
public void setPublicKey(PublicKey pk)
public PublicKey getPublicKey()
public void setPrivateKey(PrivateKey privKey)
Sets the subject's private key.
The subject's private key is used only to produce a signature when the request is output; it is not part of this object's persistent state.
public void setPrivateKey(PrivateKey privKey, AlgorithmIdentifier sigAlgID)
Sets the subject's private key and the signing algorithm to use.
The subject's private key is used only to produce a signature when the request is output; it is not part of this object's persistent state.
public void setSigAlgID(AlgorithmIdentifier sigAlgID)
public Attribute addAttribute(ASN1ObjectID type, ASN1Object value)
type
- The OID identifying the attribute.value
- The value of the attribute.null
if none was defined.public Attribute addAttribute(Attribute attr)
attr
- The attribute to add.null
if none was defined.public Attribute getAttribute(ASN1ObjectID type)
public AttributeSet getAttributes()
public X509Extension addExtension(X509Extension ext)
PKIX.extensionRequest
attribute.ext
- The extension to add.null
if none was defined.public X509ExtensionSet setExtensions(X509ExtensionSet extSet)
addAttribute(PKIX.extensionRequest, extSet)
.public X509ExtensionSet getExtensions()
getAttribute(PKIX.extensionRequest)
.public void setUseWrongFormat(boolean useWrongFormat)
Sets whether the output format shall be altered to make it compatible with certain (nonconformant) CA's.
The value of this flag is not part of the persistent state of this object.
getUseWrongFormat()
public boolean getUseWrongFormat()
setUseWrongFormat(boolean)
public java.lang.String toString()
|
Oracle Security Developer Tools Security Engine Java API Reference 10g Release 2 (10.1.2.0.2) B15569-01 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |