PKCS10CertificationRequest certRequest = createPKCS10CertificationRequest(subject, "SHA1withRSA", keyPair); JcaPKCS10CertificationRequest jcaCertRequest = new JcaPKCS10CertificationRequest(certRequest.getEncoded()).setProvider("BC");
/** * return a DER encoded byte array representing this object */ public byte[] getEncoded() { try { return this.getEncoded(ASN1Encoding.DER); } catch (IOException e) { throw new RuntimeException(e.toString()); } }
//Generate KeyPair KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); keyGen.initialize(KEY_SIZE, new SecureRandom()); KeyPair keyPair = keyGen.generateKeyPair(); //Generate CSR in PKCS#10 format encoded in DER PKCS10CertificationRequest csr = CsrHelper.generateCSR(keyPair, commonname); byte CSRder[] = csr.getEncoded();
/** * return a DER encoded byte array representing this object */ public byte[] getEncoded() { try { return this.getEncoded(ASN1Encoding.DER); } catch (IOException e) { throw new RuntimeException(e.toString()); } }
public byte[] generateCSR (X500Name subject, PublicKey publicKey, String signatureAlgorithm) throws Exception{ //Create the unsigned CSR CertificationRequestInfo info = new CertificationRequestInfo( x500name, SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()),new DERSet()); //The CSR bytes to be signed byte dataToSign[] = info.getEncoded(ASN1Encoding.DER); //Send the CSR to the card byte signedData[] = signOnJavaCard (dataToSign,signatureAlgorithm); //Build the signed CSR AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(signatureAlgorithm); PKCS10CertificationRequest csr = new PKCS10CertificationRequest( new CertificationRequest(info, sigAlgId, new DERBitString(signedData))); byte signedCSR = csr.getEncoded(); //Verify signature validity ContentVerifierProvider verifier = new JcaContentVerifierProviderBuilder().setProvider(new BouncyCastleProvider()).build(publicKey); boolean valid = csr.isSignatureValid(verifier); return signedCSR; }