Examples of sun.security.pkcs.PKCS10

• sun.security.pkcs.PKCS10
  A PKCS #10 certificate request is created and sent to a Certificate Authority, which then creates an X.509 certificate and returns it to the entity that requested it. A certificate request basically consists of the subject's X.500 name, public key, and optionally some attributes, signed using the corresponding private key. The ASN.1 syntax for a Certification Request is:

   CertificationRequest ::= SEQUENCE { certificationRequestInfo CertificationRequestInfo, signatureAlgorithm       SignatureAlgorithmIdentifier, signature                Signature } SignatureAlgorithmIdentifier ::= AlgorithmIdentifier Signature ::= BIT STRING CertificationRequestInfo ::= SEQUENCE { version                 Version, subject                 Name, subjectPublicKeyInfo    SubjectPublicKeyInfo, attributes [0] IMPLICIT Attributes } Attributes ::= SET OF Attribute 

  @author David Brownell @author Amit Kapoor @author Hemma Prafullchandra

            MessageFormat form = new MessageFormat
                (rb.getString("alias has no public key (certificate)"));
            Object[] source = {alias};
            throw new Exception(form.format(source));
        }
        PKCS10 request = new PKCS10(cert.getPublicKey());

        // Construct an X500Signer object, so that we can sign the request
        if (sigAlgName == null) {
            // If no signature algorithm was specified at the command line,
            // we choose one that is compatible with the selected private key
            String keyAlgName = privKey.getAlgorithm();
            if ("DSA".equalsIgnoreCase(keyAlgName)
                   || "DSS".equalsIgnoreCase(keyAlgName)) {
                sigAlgName = "SHA1WithDSA";
            } else if ("RSA".equalsIgnoreCase(keyAlgName)) {
                sigAlgName = "SHA1WithRSA";
            } else {
                throw new Exception(rb.getString
                        ("Cannot derive signature algorithm"));
            }
        }

        Signature signature = Signature.getInstance(sigAlgName);
        signature.initSign(privKey);
        X500Name subject =
            new X500Name(((X509Certificate)cert).getSubjectDN().toString());
        X500Signer signer = new X500Signer(signature, subject);

        // Sign the request and base-64 encode it
        request.encodeAndSign(signer);
        request.print(out);
    }