Csr.java

package io.fathom.cloud.secrets.services.ca;

import java.io.IOException;
import java.io.StringWriter;
import java.security.KeyPair;

import javax.security.auth.x500.X500Principal;

import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemObjectGenerator;
import org.bouncycastle.util.io.pem.PemWriter;

import com.fathomdb.crypto.bouncycastle.BouncyCastleHelpers;

public class Csr {
    final PKCS10CertificationRequest csr;

    private Csr(PKCS10CertificationRequest csr) {
        super();
        this.csr = csr;
    }

    public static Csr buildCsr(KeyPair keyPair, X500Principal subjectName) {
        X500Name subject = BouncyCastleHelpers.toX500Name(subjectName);
        SubjectPublicKeyInfo publicKeyInfo = BouncyCastleHelpers.toSubjectPublicKeyInfo(keyPair.getPublic());
        PKCS10CertificationRequestBuilder csrBuilder = new PKCS10CertificationRequestBuilder(subject, publicKeyInfo);

        AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA");
        AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);

        BcRSAContentSignerBuilder sigBuild = new BcRSAContentSignerBuilder(sigAlgId, digAlgId);
        ContentSigner signer;
        try {
            signer = sigBuild.build(BouncyCastleHelpers.toAsymmetricKeyParameter(keyPair.getPrivate()));
        } catch (OperatorCreationException e) {
            throw new IllegalArgumentException("Error building content signer", e);
        }

        PKCS10CertificationRequest csrHolder = csrBuilder.build(signer);

        return new Csr(csrHolder);
    }

    public static Csr parse(String encoded) {
        CsrParser parser = new CsrParser();
        PKCS10CertificationRequest csr = parser.parse(encoded);
        if (csr == null) {
            throw new IllegalArgumentException("Cannot parse CSR");
        }

        return new Csr(csr);
    }

    public String getSubject() {
        return csr.getSubject().toString();
    }

    public String getEncoded() {
        StringWriter stringWriter = new StringWriter();

        try {
            PemWriter writer = new PemWriter(stringWriter);
            PemObjectGenerator pemObject = new PemObject("CERTIFICATE REQUEST", csr.getEncoded());
            writer.writeObject(pemObject);
            writer.close();
        } catch (IOException e) {
            throw new IllegalArgumentException("Error generating PEM", e);
        }

        return stringWriter.toString();
    }

}