public byte[] generateCSR (X500Name subject, PublicKey publicKey, String signatureAlgorithm) throws Exception{ //Create the unsigned CSR CertificationRequestInfo info = new CertificationRequestInfo( x500name, SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()),new DERSet()); //The CSR bytes to be signed byte dataToSign[] = info.getEncoded(ASN1Encoding.DER); //Send the CSR to the card byte signedData[] = signOnJavaCard (dataToSign,signatureAlgorithm); //Build the signed CSR AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(signatureAlgorithm); PKCS10CertificationRequest csr = new PKCS10CertificationRequest( new CertificationRequest(info, sigAlgId, new DERBitString(signedData))); byte signedCSR = csr.getEncoded(); //Verify signature validity ContentVerifierProvider verifier = new JcaContentVerifierProviderBuilder().setProvider(new BouncyCastleProvider()).build(publicKey); boolean valid = csr.isSignatureValid(verifier); return signedCSR; }