com.ibm.security12.sun.security.pkcs
Class PKCS10

java.lang.Object
  |
  +--com.ibm.security12.sun.security.pkcs.PKCS10

public class PKCS10
extends Object

A PKCS #10 certificate request is created and sent to a Certificate Authority, which then creates an X.509 certificate and returns it to the entity that requested it. A certificate request basically consists of the subject's X.500 name, public key, and optionally some attributes, signed using the corresponding private key. The ASN.1 syntax for a Certification Request is:

 CertificationRequest ::= SEQUENCE {
    certificationRequestInfo CertificationRequestInfo,
    signatureAlgorithm       SignatureAlgorithmIdentifier,
    signature                Signature
  }

 SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
 Signature ::= BIT STRING

 CertificationRequestInfo ::= SEQUENCE {
    version                 Version,
    subject                 Name,
    subjectPublicKeyInfo    SubjectPublicKeyInfo,
    attributes [0] IMPLICIT Attributes
 }    
 Attributes ::= SET OF Attribute
 

Version:
1.32
Author:
David Brownell, Amit Kapoor, Hemma Prafullchandra

Constructor Summary
PKCS10(byte[] data)
          Parses an encoded, signed PKCS #10 certificate request, verifying the request's signature as it does so.
PKCS10(PublicKey publicKey)
          Constructs an unsigned PKCS #10 certificate request.
PKCS10(PublicKey publicKey, PKCS10Attributes attributes)
          Constructs an unsigned PKCS #10 certificate request.
 
Method Summary
 void encodeAndSign(X500Signer requester)
          Create the signed certificate request.
 boolean equals(Object other)
          Compares this object for equality with the specified object.
 PKCS10Attributes getAttributes()
          Returns the additional attributes requested.
 byte[] getEncoded()
          Returns the encoded and signed certificate request as a DER-encoded byte array.
 X500Name getSubjectName()
          Returns the subject's name.
 PublicKey getSubjectPublicKeyInfo()
          Returns the subject's public key.
 int hashCode()
          Returns a hashcode value for this certificate request from its encoded form.
 void print(PrintStream out)
          Prints an E-Mailable version of the certificate request on the print stream passed.
 String toString()
          Provides a short description of this request.
 
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
 

Constructor Detail

PKCS10

public PKCS10(PublicKey publicKey)
Constructs an unsigned PKCS #10 certificate request. Before this request may be used, it must be encoded and signed. Then it must be retrieved in some conventional format (e.g. string).
Parameters:
publicKey - the public key that should be placed into the certificate generated by the CA.

PKCS10

public PKCS10(PublicKey publicKey,
              PKCS10Attributes attributes)
Constructs an unsigned PKCS #10 certificate request. Before this request may be used, it must be encoded and signed. Then it must be retrieved in some conventional format (e.g. string).
Parameters:
publicKey - the public key that should be placed into the certificate generated by the CA.
attributes - additonal set of PKCS10 attributes requested for in the certificate.

PKCS10

public PKCS10(byte[] data)
       throws IOException,
              SignatureException,
              NoSuchAlgorithmException
Parses an encoded, signed PKCS #10 certificate request, verifying the request's signature as it does so. This constructor would typically be used by a Certificate Authority, from which a new certificate would then be constructed.
Parameters:
data - the DER-encoded PKCS #10 request.
Throws:
IOException - for low level errors reading the data
SignatureException - when the signature is invalid
NoSuchAlgorithmException - when the signature algorithm is not supported in this environment
Method Detail

encodeAndSign

public void encodeAndSign(X500Signer requester)
                   throws CertificateException,
                          IOException,
                          SignatureException
Create the signed certificate request. This will later be retrieved in either string or binary format.
Parameters:
requester - identifies the signer (by X.500 name) and provides the private key used to sign.
Throws:
IOException - on errors.
CertificateException - on certificate handling errors.
SignatureException - on signature handling errors.

getSubjectName

public X500Name getSubjectName()
Returns the subject's name.

getSubjectPublicKeyInfo

public PublicKey getSubjectPublicKeyInfo()
Returns the subject's public key.

getAttributes

public PKCS10Attributes getAttributes()
Returns the additional attributes requested.

getEncoded

public byte[] getEncoded()
Returns the encoded and signed certificate request as a DER-encoded byte array.
Returns:
the certificate request, or null if encodeAndSign() has not yet been called.

print

public void print(PrintStream out)
           throws IOException,
                  SignatureException
Prints an E-Mailable version of the certificate request on the print stream passed. The format is a common base64 encoded one, supported by most Certificate Authorities because Netscape web servers have used this for some time. Some certificate authorities expect some more information, in particular contact information for the web server administrator.
Parameters:
out - the print stream where the certificate request will be printed.
Throws:
IOException - when an output operation failed
SignatureException - when the certificate request was not yet signed.

toString

public String toString()
Provides a short description of this request.
Overrides:
toString in class Object

equals

public boolean equals(Object other)
Compares this object for equality with the specified object. If the other object is an instanceof PKCS10, then its encoded form is retrieved and compared with the encoded form of this certificate request.
Parameters:
other - the object to test for equality with this object.
Returns:
true iff the encoded forms of the two certificate requests match, false otherwise.
Overrides:
equals in class Object

hashCode

public int hashCode()
Returns a hashcode value for this certificate request from its encoded form.
Returns:
the hashcode value.
Overrides:
hashCode in class Object