public byte[] generateCSR (X500Name subject, PublicKey publicKey, String signatureAlgorithm) throws Exception{ //Create the unsigned CSR CertificationRequestInfo info = new CertificationRequestInfo( x500name, SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()),new DERSet()); //The CSR bytes to be signed byte dataToSign[] = info.getEncoded(ASN1Encoding.DER); //Send the CSR to the card byte signedData[] = signOnJavaCard (dataToSign,signatureAlgorithm); //Build the signed CSR AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(signatureAlgorithm); PKCS10CertificationRequest csr = new PKCS10CertificationRequest( new CertificationRequest(info, sigAlgId, new DERBitString(signedData))); byte signedCSR = csr.getEncoded(); //Verify signature validity ContentVerifierProvider verifier = new JcaContentVerifierProviderBuilder().setProvider(new BouncyCastleProvider()).build(publicKey); boolean valid = csr.isSignatureValid(verifier); return signedCSR; }
sig.update(reqInfo.getEncoded(ASN1Encoding.DER));
sig.update(reqInfo.getEncoded(ASN1Encoding.DER));
/** * Validate the signature on the PKCS10 certification request in this holder. * * @param verifierProvider a ContentVerifierProvider that can generate a verifier for the signature. * @return true if the signature is valid, false otherwise. * @throws PKCSException if the signature cannot be processed or is inappropriate. */ public boolean isSignatureValid(ContentVerifierProvider verifierProvider) throws PKCSException { CertificationRequestInfo requestInfo = certificationRequest.getCertificationRequestInfo(); ContentVerifier verifier; try { verifier = verifierProvider.get(certificationRequest.getSignatureAlgorithm()); OutputStream sOut = verifier.getOutputStream(); sOut.write(requestInfo.getEncoded(ASN1Encoding.DER)); sOut.close(); } catch (Exception e) { throw new PKCSException("unable to process signature: " + e.getMessage(), e); } return verifier.verify(this.getSignature()); }
/** * Validate the signature on the PKCS10 certification request in this holder. * * @param verifierProvider a ContentVerifierProvider that can generate a verifier for the signature. * @return true if the signature is valid, false otherwise. * @throws PKCSException if the signature cannot be processed or is inappropriate. */ public boolean isSignatureValid(ContentVerifierProvider verifierProvider) throws PKCSException { CertificationRequestInfo requestInfo = certificationRequest.getCertificationRequestInfo(); ContentVerifier verifier; try { verifier = verifierProvider.get(certificationRequest.getSignatureAlgorithm()); OutputStream sOut = verifier.getOutputStream(); sOut.write(requestInfo.getEncoded(ASN1Encoding.DER)); sOut.close(); } catch (Exception e) { throw new PKCSException("unable to process signature: " + e.getMessage(), e); } return verifier.verify(this.getSignature()); }
sig.update(reqInfo.getEncoded(ASN1Encoding.DER));
sig.update(reqInfo.getEncoded(ASN1Encoding.DER));
sOut.write(info.getEncoded(ASN1Encoding.DER));
sOut.write(info.getEncoded(ASN1Encoding.DER));