Package org.bouncycastle.pkcs

Class PKCS10CertificationRequestBuilder

java.lang.Object
org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder
Direct Known Subclasses:
BcPKCS10CertificationRequestBuilder, JcaPKCS10CertificationRequestBuilder
public class PKCS10CertificationRequestBuilder extends Object
A class for creating PKCS#10 Certification requests. 
 CertificationRequest ::= SEQUENCE {
   certificationRequestInfo  CertificationRequestInfo,
   signatureAlgorithm        AlgorithmIdentifier{{ SignatureAlgorithms }},
   signature                 BIT STRING
 }

 CertificationRequestInfo ::= SEQUENCE {
   version             INTEGER { v1(0) } (v1,...),
   subject             Name,
   subjectPKInfo   SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
   attributes          [0] Attributes{{ CRIAttributes }}
  }

  Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }}

  Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {
    type    ATTRIBUTE.&id({IOSet}),
    values  SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{\@type})
  }

  • Constructor Details

    • PKCS10CertificationRequestBuilder

      public PKCS10CertificationRequestBuilder(PKCS10CertificationRequestBuilder original)

    • PKCS10CertificationRequestBuilder

      public PKCS10CertificationRequestBuilder(org.bouncycastle.asn1.x500.X500Name subject, org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo)
      Basic constructor.
      Parameters:
      subject - the X.500 Name defining the certificate subject this request is for.
      publicKeyInfo - the info structure for the public key to be associated with this subject.

  • Method Details

    • setAttribute

      public PKCS10CertificationRequestBuilder setAttribute(org.bouncycastle.asn1.ASN1ObjectIdentifier attrType, org.bouncycastle.asn1.ASN1Encodable attrValue)
      Set an attribute to the certification request we are building. Removed existing attributes with the same attrType.
      Parameters:
      attrType - the OID giving the type of the attribute.
      attrValue - the ASN.1 structure that forms the value of the attribute.
      Returns:
      this builder object.

    • setAttribute

      public PKCS10CertificationRequestBuilder setAttribute(org.bouncycastle.asn1.ASN1ObjectIdentifier attrType, org.bouncycastle.asn1.ASN1Encodable[] attrValue)
      Add an attribute with multiple values to the certification request we are building. Removed existing attributes with the same attrType.
      Parameters:
      attrType - the OID giving the type of the attribute.
      attrValue - the ASN.1 structure that forms the value of the attribute.
      Returns:
      this builder object.

    • addAttribute

      public PKCS10CertificationRequestBuilder addAttribute(org.bouncycastle.asn1.ASN1ObjectIdentifier attrType, org.bouncycastle.asn1.ASN1Encodable attrValue)
      Add an attribute to the certification request we are building.
      Parameters:
      attrType - the OID giving the type of the attribute.
      attrValue - the ASN.1 structure that forms the value of the attribute.
      Returns:
      this builder object.

    • addAttribute

      public PKCS10CertificationRequestBuilder addAttribute(org.bouncycastle.asn1.ASN1ObjectIdentifier attrType, org.bouncycastle.asn1.ASN1Encodable[] attrValues)
      Add an attribute with multiple values to the certification request we are building.
      Parameters:
      attrType - the OID giving the type of the attribute.
      attrValues - an array of ASN.1 structures that form the value of the attribute.
      Returns:
      this builder object.

    • setLeaveOffEmptyAttributes

      public PKCS10CertificationRequestBuilder setLeaveOffEmptyAttributes(boolean leaveOffEmpty)
      The attributes field in PKCS10 should encoded to an empty tagged set if there are no attributes. Some CAs will reject requests with the attribute field present.
      Parameters:
      leaveOffEmpty - true if empty attributes should be left out of the encoding false otherwise.
      Returns:
      this builder object.

    • build

      public PKCS10CertificationRequest build(ContentSigner signer)
      Generate an PKCS#10 request based on the past in signer.
      Parameters:
      signer - the content signer to be used to generate the signature validating the certification request.
      Returns:
      a holder containing the resulting PKCS#10 certification request.

    • build

      public PKCS10CertificationRequest build(ContentSigner signer, org.bouncycastle.asn1.x509.SubjectPublicKeyInfo altPublicKey, ContentSigner altSigner)
      Generate a PKCS10 certificate request, based on the current issuer and subject using the passed in signer and containing altSignatureAlgorithm. altSubjectPublicKeyInfo, and altSignatureValue attributes based on the passed altSigner.
      Parameters:
      signer - the content signer to be used to generate the signature validating the certification request.
      altPublicKey - the public key to verify the altSignatureValue generated as part of this build.
      altSigner - the content signer used to create the altSignatureAlgorithm and altSignatureValue extension.
      Returns:
      a holder containing the resulting signed certificate.