public class CertificateRequest
extends java.lang.Object
implements oracle.security.crypto.asn1.ASN1Object, java.io.Externalizable
X.509 v3 xtensions may be added to the certificate request via the Extension Request attribute defined in PKCS #9. For example, the subject's email address may be added as a Subject Alternative Name using:
CertificateRequest cr = new CertificateRequest( ... ); cr.addExtension(new SubjectAltNameExtension( new GeneralName(GeneralName.Type.RFC822_NAME, "tech@phaos.com"), false));
Any attribute (e.g., those defined in PKCS #9) may be included in the certificate request using the addAttribute(oracle.security.crypto.asn1.ASN1ObjectID, oracle.security.crypto.asn1.ASN1Object)
method. The above example of X.509 extensions is eqivalent to:
X509ExtensionSet extSet = new X509ExtensionSet(); ext.addExtension(new SubjectAltNameExtension(new GeneralName(GeneralName.Type.RFC822_NAME, "tech@phaos.com"), false)); cr.addAttribute(PKIX.extensionRequest, extSet);
Warning: The serialization capability of this class should only be used for short-term storage and RMI between applications running the same version of this product. It should not be relied on for long-term perisistence, as future versions of this class may use an incompatible serialization format. For now, applications requiring long-term persistence should use the ASN.1 encodings provided by the input(InputStream)
and output(OutputStream)
methods directly, instead of serialization.
Constructor and Description |
---|
CertificateRequest()
Creates a new, uninitialized, certificate request.
|
CertificateRequest(byte[] data)
Initialize this certificate request by reading from the specified byte array.
|
CertificateRequest(java.io.InputStream is)
Initialize this certificate request by reading from the specified input stream.
|
CertificateRequest(X500Name subject, oracle.security.crypto.core.KeyPair kp)
|
CertificateRequest(X500Name subject, oracle.security.crypto.core.KeyPair kp, boolean useWrongFormat)
|
CertificateRequest(X500Name subject, java.security.PublicKey pubKey, java.security.PrivateKey privKey)
Generate a certificate request in the correct format.
|
CertificateRequest(X500Name subject, java.security.PublicKey pubKey, java.security.PrivateKey privKey, boolean useWrongFormat)
Generate a certificate request.
|
Modifier and Type | Method and Description |
---|---|
Attribute |
addAttribute(oracle.security.crypto.asn1.ASN1ObjectID type, oracle.security.crypto.asn1.ASN1Object value)
Add an attribute to this certificate request.
|
Attribute |
addAttribute(Attribute attr)
Add an attribute to this certificate request.
|
X509Extension |
addExtension(X509Extension ext)
Add an X.509 v3 extension to this certificate request, using a
PKIX.extensionRequest attribute. |
Attribute |
getAttribute(oracle.security.crypto.asn1.ASN1ObjectID type) |
AttributeSet |
getAttributes() |
X509ExtensionSet |
getExtensions()
Equivalent to
getAttribute(PKIX.extensionRequest) . |
oracle.security.crypto.core.PublicKey |
getPublicKey()
Returns the subject public key.
|
byte[] |
getSigBytes()
Returns the signature bytes, signing the certificate first if needed.
|
X500Name |
getSubject()
Returns the subject name.
|
boolean |
getUseWrongFormat()
Returns true if using the "wrong" format, otherwise returns false.
|
void |
input(java.io.InputStream is)
Input a certificate request from a stream and verify the signature.
|
int |
length()
The length of the certificate request.
|
void |
output(java.io.OutputStream os)
Outputs this certificate request to the given output stream.
|
void |
readExternal(java.io.ObjectInput is) |
X509ExtensionSet |
setExtensions(X509ExtensionSet extSet)
Equivalent to
addAttribute(PKIX.extensionRequest, extSet) . |
void |
setPrivateKey(oracle.security.crypto.core.PrivateKey privKey)
Deprecated.
|
void |
setPrivateKey(oracle.security.crypto.core.PrivateKey privKey, oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
Deprecated.
|
void |
setPrivateKey(java.security.PrivateKey privKey, oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
Sets the subject's private key and the signing algorithm to use.
|
void |
setPublicKey(oracle.security.crypto.core.PublicKey pk)
Deprecated.
|
void |
setPublicKey(java.security.PublicKey pk)
Sets the subject public key to the given value.
|
void |
setSigAlgID(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
Set the signing algorithm.
|
void |
setSubject(X500Name subject)
Sets the subject name to the given value.
|
void |
setUseWrongFormat(boolean useWrongFormat)
Sets whether the output format shall be altered to make it compatible with certain (nonconformant) CA's.
|
void |
sign()
Generate the contents of this certificate request and sign it.
|
void |
sign(oracle.security.crypto.core.RandomBitsSource rbs)
Deprecated.
Use
sign() instead |
java.lang.String |
toString()
Returns a string representation of this object.
|
boolean |
verifySignature() |
void |
writeExternal(java.io.ObjectOutput os) |
public CertificateRequest()
public CertificateRequest(X500Name subject, java.security.PublicKey pubKey, java.security.PrivateKey privKey)
subject
- the subject's distinguished namepubKey
- the public key pair for the requested certificateprivKey
- the private key pair for the requested certificatepublic CertificateRequest(X500Name subject, java.security.PublicKey pubKey, java.security.PrivateKey privKey, boolean useWrongFormat)
subject
- the subject's distinguished namepubKey
- the public key pair for the requested certificateprivKey
- the private key pair for the requested certificateuseWrongFormat
- specify wrong format used by some CAspublic CertificateRequest(X500Name subject, oracle.security.crypto.core.KeyPair kp)
CertificateRequest()
, then setSubject(X500Name)
, setPublicKey(java.security.PublicKey)
and setPrivateKey(java.security.PrivateKey, AlgorithmIdentifier)
subject
- the subject's distinguished namekp
- the key pair for the requested certificatepublic CertificateRequest(X500Name subject, oracle.security.crypto.core.KeyPair kp, boolean useWrongFormat)
CertificateRequest()
, then setSubject(X500Name)
, setPublicKey(java.security.PublicKey)
, setPrivateKey(java.security.PrivateKey, AlgorithmIdentifier)
and setUseWrongFormat(boolean)
subject
- the subject's distinguished namekp
- the key pair for the requested certificateuseWrongFormat
- specify wrong format used by some CAspublic CertificateRequest(java.io.InputStream is) throws java.io.IOException
java.io.IOException
public CertificateRequest(byte[] data) throws java.io.IOException
java.io.IOException
public void sign() throws oracle.security.crypto.core.SignatureException
oracle.security.crypto.core.SignatureException
- if there is an error during signingpublic void sign(oracle.security.crypto.core.RandomBitsSource rbs) throws oracle.security.crypto.core.SignatureException
sign()
insteadrbs
- the random number generator to be used for signing, if neededoracle.security.crypto.core.SignatureException
- if there is an error during signingpublic byte[] getSigBytes() throws oracle.security.crypto.core.SignatureException
oracle.security.crypto.core.SignatureException
public void input(java.io.InputStream is) throws java.io.IOException
input
in interface oracle.security.crypto.util.Streamable
java.io.IOException
- if there was an I/O error, or the request was invalid (e.g., incorrect signature).public boolean verifySignature() throws oracle.security.crypto.core.AuthenticationException
oracle.security.crypto.core.AuthenticationException
public void output(java.io.OutputStream os) throws java.io.IOException
output
in interface oracle.security.crypto.util.Streamable
java.io.IOException
public int length()
length
in interface oracle.security.crypto.util.Streamable
public void setSubject(X500Name subject)
public X500Name getSubject()
public void setPublicKey(oracle.security.crypto.core.PublicKey pk)
setPublicKey(java.security.PublicKey)
public oracle.security.crypto.core.PublicKey getPublicKey()
public void setPublicKey(java.security.PublicKey pk)
public void setPrivateKey(oracle.security.crypto.core.PrivateKey privKey)
setPrivateKey(java.security.PrivateKey, AlgorithmIdentifier)
Sets the subject's private key.
The subject's private key is used only to produce a signature when the request is output; it is not part of this object's persistent state.
public void setPrivateKey(oracle.security.crypto.core.PrivateKey privKey, oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
setPrivateKey(java.security.PrivateKey, AlgorithmIdentifier)
Sets the subject's private key and the signing algorithm to use.
The subject's private key is used only to produce a signature when the request is output; it is not part of this object's persistent state.
public void setPrivateKey(java.security.PrivateKey privKey, oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
Sets the subject's private key and the signing algorithm to use.
The subject's private key is used only to produce a signature when the request is output; it is not part of this object's persistent state.
#setSigAlgID(AlgorithmIdentifier)}
public void setSigAlgID(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
AlgID.sha_1WithRSAEncryption
AlgID.sha224WithRSAEncryption
AlgID.sha256WithRSAEncryption
AlgID.sha384WithRSAEncryption
AlgID.sha512WithRSAEncryption
AlgID.dsaWithSHA1
sigAlgID
-public Attribute addAttribute(oracle.security.crypto.asn1.ASN1ObjectID type, oracle.security.crypto.asn1.ASN1Object value)
type
- The OID identifying the attribute.value
- The value of the attribute.null
if none was defined.public Attribute addAttribute(Attribute attr)
attr
- The attribute to add.null
if none was defined.public Attribute getAttribute(oracle.security.crypto.asn1.ASN1ObjectID type)
public AttributeSet getAttributes()
public X509Extension addExtension(X509Extension ext)
PKIX.extensionRequest
attribute.ext
- The extension to add.null
if none was defined.public X509ExtensionSet setExtensions(X509ExtensionSet extSet)
addAttribute(PKIX.extensionRequest, extSet)
.public X509ExtensionSet getExtensions()
getAttribute(PKIX.extensionRequest)
.public void setUseWrongFormat(boolean useWrongFormat)
Sets whether the output format shall be altered to make it compatible with certain (nonconformant) CA's.
The value of this flag is not part of the persistent state of this object.
getUseWrongFormat()
public boolean getUseWrongFormat()
setUseWrongFormat(boolean)
public java.lang.String toString()
toString
in class java.lang.Object
public void writeExternal(java.io.ObjectOutput os) throws java.io.IOException
writeExternal
in interface java.io.Externalizable
java.io.IOException
public void readExternal(java.io.ObjectInput is) throws java.io.IOException, java.lang.ClassNotFoundException
readExternal
in interface java.io.Externalizable
java.io.IOException
java.lang.ClassNotFoundException