Package org.cryptacular.util
Class CsrUtil
java.lang.Object
org.cryptacular.util.CsrUtil
PKCS#10 certificate signing request (CSR) utilities.
- Author:
- Marvin S. Addison
-
Method Summary
Modifier and TypeMethodDescriptioncommonNames
(org.bouncycastle.asn1.pkcs.CertificationRequest csr) Gets all the common names from the subject of the certificate request.static org.bouncycastle.asn1.pkcs.CertificationRequest
decodeCsr
(byte[] csr) Decodes DER-encoded PKCS#10 certificate signing request into a structured object.static org.bouncycastle.asn1.pkcs.CertificationRequest
Decodes PEM-encoded PKCS#10 certificate signing request into a structured object.static String
encodeCsr
(org.bouncycastle.pkcs.PKCS10CertificationRequest csr) Encodes a PKCS#10 certificate signing request to PEM-encoded string format.static org.bouncycastle.pkcs.PKCS10CertificationRequest
generateCsr
(KeyPair keyPair, String subjectDN, String... subjectAltNames) Generates a CSR given a key pair, subject DN, and optional subject alternative names.static int
keyLength
(org.bouncycastle.asn1.pkcs.CertificationRequest csr) Gets the size in bits of the public key in the CSR.static org.bouncycastle.asn1.pkcs.CertificationRequest
Decodes either a PEM or DER-encoded PKCS#10 certificate signing request from a file into a structured object.static org.bouncycastle.asn1.pkcs.CertificationRequest
readCsr
(InputStream in) Decodes either a PEM or DER-encoded PKCS#10 certificate signing request from a stream into a structured object.static String
sigAlgName
(org.bouncycastle.asn1.pkcs.CertificationRequest csr) Gets the name of the signature algorithm mentioned in the CSR.subjectAltNames
(org.bouncycastle.asn1.pkcs.CertificationRequest csr) Gets all subject alternative names mentioned on the certificate request.
-
Method Details
-
encodeCsr
Encodes a PKCS#10 certificate signing request to PEM-encoded string format.- Parameters:
csr
- Certificate signing request.- Returns:
- PEM-encoded CSR.
- Throws:
EncodingException
- on errors writing PEM-encoded data.
-
decodeCsr
Decodes PEM-encoded PKCS#10 certificate signing request into a structured object.- Parameters:
csr
- PEM-encoded CSR.- Returns:
- Decoded CSR.
- Throws:
IllegalArgumentException
- if input does not appear to be PEM-encoded data.
-
decodeCsr
public static org.bouncycastle.asn1.pkcs.CertificationRequest decodeCsr(byte[] csr) Decodes DER-encoded PKCS#10 certificate signing request into a structured object.- Parameters:
csr
- Bytes of a DER-encoded CSR.- Returns:
- Decoded CSR.
-
readCsr
Decodes either a PEM or DER-encoded PKCS#10 certificate signing request from a file into a structured object.- Parameters:
file
- File containing PEM or DER-encoded data.- Returns:
- Decoded CSR.
-
readCsr
Decodes either a PEM or DER-encoded PKCS#10 certificate signing request from a stream into a structured object.- Parameters:
in
- Input stream containing PEM or DER-encoded data.- Returns:
- Decoded CSR.
-
commonNames
Gets all the common names from the subject of the certificate request.- Parameters:
csr
- Certificate request.- Returns:
- List of zero or more common names.
-
subjectAltNames
Gets all subject alternative names mentioned on the certificate request.- Parameters:
csr
- Certificate request.- Returns:
- List of subject alternative names.
-
sigAlgName
Gets the name of the signature algorithm mentioned in the CSR.- Parameters:
csr
- Certificate request.- Returns:
- Signature algorithm name, e.g. "SHA256withRSA"
-
keyLength
public static int keyLength(org.bouncycastle.asn1.pkcs.CertificationRequest csr) Gets the size in bits of the public key in the CSR.- Parameters:
csr
- Certificate request.- Returns:
- Public key size in bits.
- Throws:
IllegalArgumentException
- if CSR specifies a key algorithm other than RSA or EC.CryptoException
- on errors creating a public key from data in the CSR.
-
generateCsr
public static org.bouncycastle.pkcs.PKCS10CertificationRequest generateCsr(KeyPair keyPair, String subjectDN, String... subjectAltNames) Generates a CSR given a key pair, subject DN, and optional subject alternative names.- Parameters:
keyPair
- Key pair.subjectDN
- Subject distinguished name, e.g. "CN=host.example.org, DC=example, DC=org".subjectAltNames
- Zero or more DNS subject alternative names.- Returns:
- PKCS#10 certification request. Use
PKCS10CertificationRequest.toASN1Structure()
to get the underlyingCertificationRequest
that may be used with other helper methods. - Throws:
IllegalArgumentException
- if CSR specifies a key algorithm other than RSA or EC.CryptoException
- on errors generating the CSR from data provided.
-