/**
   * Verifies the signature on this CertificationRequest, using the given public key and
   * CryptoToken. Does not indicate the CertificationRequest is valid at any specific time.
   */
  public void verify(PublicKey key, CryptoToken token)
      throws NoSuchAlgorithmException, CertificateException, TokenException, SignatureException,
          InvalidKeyException {
    Signature sig = token.getSignatureContext(SignatureAlgorithm.fromOID(algId.getOID()));

    sig.initVerify(key);
    sig.update(infoEncoding);
    if (!sig.verify(signature)) {
      throw new CertificateException("Signature is invalid");
    }
  }
  /**
   * Creates and signs an X.509 CertificationRequest.
   *
   * @param info A CertificationRequestInfo (TBSCertificationRequest), which specifies the actual
   *     information of the CertificationRequest.
   * @param privKey The private key with which to sign the certificat.
   * @param signingAlg The algorithm to use to sign the CertificationRequest. It must match the
   *     algorithm specified in the CertificationRequestInfo.
   * @exception IOException If an error occurred while encoding the CertificationRequest.
   * @exception CryptoManager.NotInitializedException Because this operation involves cryptography
   *     (signing), CryptoManager must be initialized before calling it.
   * @exception TokenException If an error occurs on a PKCS #11 token.
   * @exception NoSuchAlgorithmException If the OID for the signing algorithm cannot be located.
   * @exception CertificateException If the signing algorithm specified as a parameter does not
   *     match the one in the CertificationRequest info.
   * @exception InvalidKeyException If the key does not match the signing algorithm.
   * @exception SignatureException If an error occurs while signing the CertificationRequest.
   */
  public CertificationRequest(
      CertificationRequestInfo info,
      java.security.PrivateKey privKey,
      SignatureAlgorithm signingAlg)
      throws IOException, CryptoManager.NotInitializedException, TokenException,
          NoSuchAlgorithmException, CertificateException, InvalidKeyException, SignatureException {
    // make sure key is a Ninja private key
    if (!(privKey instanceof PrivateKey)) {
      throw new InvalidKeyException("Private Key is does not belong to" + " this provider");
    }
    PrivateKey priv = (PrivateKey) privKey;

    // create algId
    if (signingAlg.getSigningAlg() == SignatureAlgorithm.RSASignature) {
      algId = new AlgorithmIdentifier(signingAlg.toOID(), null);
    } else {
      algId = new AlgorithmIdentifier(signingAlg.toOID());
    }

    // encode the cert info
    this.info = info;
    infoEncoding = ASN1Util.encode(info);

    // sign the info encoding
    CryptoManager cm = CryptoManager.getInstance();
    CryptoToken token = priv.getOwningToken();
    Signature sig = token.getSignatureContext(signingAlg);
    sig.initSign(priv);
    sig.update(infoEncoding);
    signature = sig.sign();

    // bundle everything into a SEQUENCE
    sequence = new SEQUENCE();
    sequence.addElement(info);
    sequence.addElement(algId);
    sequence.addElement(new BIT_STRING(signature, 0));
  }