/**
* Generate a certificate signing request (PKCS#10).
*
* @param info A PKCS10CertReqInfo
* @param privateKey Private key for signing the request
* @param signatureProvider Name of provider to sign with
* @param publicKey Public key to include in the request
* @param explicitEccParameters True if the EC domain parameters should be included (ie. not a
* named curve)
* @return the certificate request data
*/
public static ICertReqData genCertificateRequest(
ISignerCertReqInfo info,
final PrivateKey privateKey,
final String signatureProvider,
PublicKey publicKey,
final boolean explicitEccParameters)
throws IllegalArgumentException {
LOG.debug(">genCertificateRequest");
final Base64SignerCertReqData retval;
if (info instanceof PKCS10CertReqInfo) {
PKCS10CertReqInfo reqInfo = (PKCS10CertReqInfo) info;
PKCS10CertificationRequest pkcs10;
if (LOG.isDebugEnabled()) {
LOG.debug("signatureAlgorithm: " + reqInfo.getSignatureAlgorithm());
LOG.debug("subjectDN: " + reqInfo.getSubjectDN());
LOG.debug("explicitEccParameters: " + explicitEccParameters);
}
try {
// Handle ECDSA key with explicit parameters
if (explicitEccParameters && publicKey.getAlgorithm().contains("EC")) {
publicKey = ECKeyUtil.publicToExplicitParameters(publicKey, "BC");
}
if (LOG.isDebugEnabled()) {
LOG.debug("Public key SHA1: " + createKeyHash(publicKey));
LOG.debug("Public key SHA256: " + KeyUsageCounterHash.create(publicKey));
}
// Generate request
final JcaPKCS10CertificationRequestBuilder builder =
new JcaPKCS10CertificationRequestBuilder(
new X500Name(CertTools.stringToBCDNString(reqInfo.getSubjectDN())), publicKey);
final ContentSigner contentSigner =
new JcaContentSignerBuilder(reqInfo.getSignatureAlgorithm())
.setProvider(signatureProvider)
.build(privateKey);
pkcs10 = builder.build(contentSigner);
retval = new Base64SignerCertReqData(Base64.encode(pkcs10.getEncoded()));
} catch (IOException e) {
throw new IllegalArgumentException("Certificate request error: " + e.getMessage(), e);
} catch (OperatorCreationException e) {
throw new IllegalArgumentException("Certificate request error: " + e.getMessage(), e);
} catch (NoSuchAlgorithmException e) {
throw new IllegalArgumentException("Certificate request error: " + e.getMessage(), e);
} catch (NoSuchProviderException e) {
throw new IllegalArgumentException("Certificate request error: " + e.getMessage(), e);
}
LOG.debug("<genCertificateRequest");
return retval;
} else {
throw new IllegalArgumentException(
"Unsupported certificate request info type: " + info.getClass().getName());
}
}
public static JcaPKCS10CertificationRequest generateCertificationRequest(
String requestedDn, KeyPair keyPair, String signingAlgorithm)
throws OperatorCreationException {
JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder =
new JcaPKCS10CertificationRequestBuilder(new X500Name(requestedDn), keyPair.getPublic());
JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(signingAlgorithm);
return new JcaPKCS10CertificationRequest(
jcaPKCS10CertificationRequestBuilder.build(
jcaContentSignerBuilder.build(keyPair.getPrivate())));
}