150 if (!serial.equals(BigInteger.ZERO))
151 throw new IllegalArgumentException("not PKCS #10 v1");
152
153 subject = new X500Name(seq[0].data);
154 subjectPublicKeyInfo = X509Key.parse(seq[0].data.getDerValue());
155
156 // Cope with a somewhat common illegal PKCS #10 format
157 if (seq[0].data.available() != 0)
158 attributeSet = new PKCS10Attributes(seq[0].data);
159 else
160 attributeSet = new PKCS10Attributes();
161
162 if (seq[0].data.available() != 0)
163 throw new IllegalArgumentException("illegal PKCS #10 data");
164
165 //
166 // OK, we parsed it all ... validate the signature using the
167 // key and signature algorithm we found.
168 //
169 try {
170 sig = Signature.getInstance(id.getName());
171 sig.initVerify(subjectPublicKeyInfo);
172 sig.update(data);
173 if (!sig.verify(sigData))
174 throw new SignatureException("Invalid PKCS #10 signature");
175 } catch (InvalidKeyException e) {
176 throw new SignatureException("invalid key");
177 }
178 }
179
180 /**
181 * Create the signed certificate request. This will later be
182 * retrieved in either string or binary format.
183 *
184 * @param subject identifies the signer (by X.500 name).
185 * @param signature private key and signing algorithm to use.
186 * @exception IOException on errors.
187 * @exception CertificateException on certificate handling errors.
188 * @exception SignatureException on signature handling errors.
189 */
190 public void encodeAndSign(X500Name subject, Signature signature)
201 /*
202 * Encode cert request info, wrap in a sequence for signing
203 */
204 scratch = new DerOutputStream();
205 scratch.putInteger(BigInteger.ZERO); // PKCS #10 v1.0
206 subject.encode(scratch); // X.500 name
207 scratch.write(subjectPublicKeyInfo.getEncoded()); // public key
208 attributeSet.encode(scratch);
209
210 out = new DerOutputStream();
211 out.write(DerValue.tag_Sequence, scratch); // wrap it!
212 certificateRequestInfo = out.toByteArray();
213 scratch = out;
214
215 /*
216 * Sign it ...
217 */
218 signature.update(certificateRequestInfo, 0,
219 certificateRequestInfo.length);
220 sig = signature.sign();
221
222 /*
223 * Build guts of SIGNED macro
224 */
225 AlgorithmId algId = null;
226 try {
227 algId = AlgorithmId.get(signature.getAlgorithm());
228 } catch (NoSuchAlgorithmException nsae) {
229 throw new SignatureException(nsae);
230 }
231 algId.encode(scratch); // sig algorithm
232 scratch.putBitString(sig); // sig
233
234 /*
235 * Wrap those guts in a sequence
236 */
237 out = new DerOutputStream();
238 out.write(DerValue.tag_Sequence, scratch);
239 encoded = out.toByteArray();
240 }
241
242 /**
243 * Returns the subject's name.
244 */
245 public X500Name getSubjectName() { return subject; }
246
247 /**
248 * Returns the subject's public key.
249 */
250 public PublicKey getSubjectPublicKeyInfo()
251 { return subjectPublicKeyInfo; }
252
253 /**
254 * Returns the additional attributes requested.
255 */
256 public PKCS10Attributes getAttributes()
257 { return attributeSet; }
258
259 /**
260 * Returns the encoded and signed certificate request as a
261 * DER-encoded byte array.
262 *
263 * @return the certificate request, or null if encodeAndSign()
264 * has not yet been called.
265 */
266 public byte[] getEncoded() {
267 if (encoded != null)
268 return encoded.clone();
269 else
270 return null;
271 }
272
273 /**
331
332 return java.util.Arrays.equals(encoded, otherEncoded);
333 }
334
335 /**
336 * Returns a hashcode value for this certificate request from its
337 * encoded form.
338 *
339 * @return the hashcode value.
340 */
341 public int hashCode() {
342 int retval = 0;
343 if (encoded != null)
344 for (int i = 1; i < encoded.length; i++)
345 retval += encoded[i] * i;
346 return(retval);
347 }
348
349 private X500Name subject;
350 private PublicKey subjectPublicKeyInfo;
351 private PKCS10Attributes attributeSet;
352 private byte[] encoded; // signed
353 }
|
150 if (!serial.equals(BigInteger.ZERO))
151 throw new IllegalArgumentException("not PKCS #10 v1");
152
153 subject = new X500Name(seq[0].data);
154 subjectPublicKeyInfo = X509Key.parse(seq[0].data.getDerValue());
155
156 // Cope with a somewhat common illegal PKCS #10 format
157 if (seq[0].data.available() != 0)
158 attributeSet = new PKCS10Attributes(seq[0].data);
159 else
160 attributeSet = new PKCS10Attributes();
161
162 if (seq[0].data.available() != 0)
163 throw new IllegalArgumentException("illegal PKCS #10 data");
164
165 //
166 // OK, we parsed it all ... validate the signature using the
167 // key and signature algorithm we found.
168 //
169 try {
170 sigAlg = id.getName();
171 sig = Signature.getInstance(sigAlg);
172 sig.initVerify(subjectPublicKeyInfo);
173 sig.update(data);
174 if (!sig.verify(sigData))
175 throw new SignatureException("Invalid PKCS #10 signature");
176 } catch (InvalidKeyException e) {
177 throw new SignatureException("invalid key");
178 }
179 }
180
181 /**
182 * Create the signed certificate request. This will later be
183 * retrieved in either string or binary format.
184 *
185 * @param subject identifies the signer (by X.500 name).
186 * @param signature private key and signing algorithm to use.
187 * @exception IOException on errors.
188 * @exception CertificateException on certificate handling errors.
189 * @exception SignatureException on signature handling errors.
190 */
191 public void encodeAndSign(X500Name subject, Signature signature)
202 /*
203 * Encode cert request info, wrap in a sequence for signing
204 */
205 scratch = new DerOutputStream();
206 scratch.putInteger(BigInteger.ZERO); // PKCS #10 v1.0
207 subject.encode(scratch); // X.500 name
208 scratch.write(subjectPublicKeyInfo.getEncoded()); // public key
209 attributeSet.encode(scratch);
210
211 out = new DerOutputStream();
212 out.write(DerValue.tag_Sequence, scratch); // wrap it!
213 certificateRequestInfo = out.toByteArray();
214 scratch = out;
215
216 /*
217 * Sign it ...
218 */
219 signature.update(certificateRequestInfo, 0,
220 certificateRequestInfo.length);
221 sig = signature.sign();
222 sigAlg = signature.getAlgorithm();
223
224 /*
225 * Build guts of SIGNED macro
226 */
227 AlgorithmId algId = null;
228 try {
229 algId = AlgorithmId.get(signature.getAlgorithm());
230 } catch (NoSuchAlgorithmException nsae) {
231 throw new SignatureException(nsae);
232 }
233 algId.encode(scratch); // sig algorithm
234 scratch.putBitString(sig); // sig
235
236 /*
237 * Wrap those guts in a sequence
238 */
239 out = new DerOutputStream();
240 out.write(DerValue.tag_Sequence, scratch);
241 encoded = out.toByteArray();
242 }
243
244 /**
245 * Returns the subject's name.
246 */
247 public X500Name getSubjectName() { return subject; }
248
249 /**
250 * Returns the subject's public key.
251 */
252 public PublicKey getSubjectPublicKeyInfo()
253 { return subjectPublicKeyInfo; }
254
255 /**
256 * Returns the signature algorithm.
257 */
258 public String getSigAlg() { return sigAlg; }
259
260 /**
261 * Returns the additional attributes requested.
262 */
263 public PKCS10Attributes getAttributes()
264 { return attributeSet; }
265
266 /**
267 * Returns the encoded and signed certificate request as a
268 * DER-encoded byte array.
269 *
270 * @return the certificate request, or null if encodeAndSign()
271 * has not yet been called.
272 */
273 public byte[] getEncoded() {
274 if (encoded != null)
275 return encoded.clone();
276 else
277 return null;
278 }
279
280 /**
338
339 return java.util.Arrays.equals(encoded, otherEncoded);
340 }
341
342 /**
343 * Returns a hashcode value for this certificate request from its
344 * encoded form.
345 *
346 * @return the hashcode value.
347 */
348 public int hashCode() {
349 int retval = 0;
350 if (encoded != null)
351 for (int i = 1; i < encoded.length; i++)
352 retval += encoded[i] * i;
353 return(retval);
354 }
355
356 private X500Name subject;
357 private PublicKey subjectPublicKeyInfo;
358 private String sigAlg;
359 private PKCS10Attributes attributeSet;
360 private byte[] encoded; // signed
361 }
|