From d342a45d98c4795b3a3fe1aaef5236ad4a782b55 Mon Sep 17 00:00:00 2001
From: Yuuta Liang <yuutaw@students.cs.ubc.ca>
Date: Thu, 12 Oct 2023 12:10:33 +0800
Subject: Implement data structures from X.680, X.501, X.509, and PKCS#10, with
 X.690 encoding / decoding support

The implementation took four days, and it is still a little bit rough. Updated version should arrive soon.

Signed-off-by: Yuuta Liang <yuutaw@students.cs.ubc.ca>
---
 src/main/model/csr/CertificationRequest.java | 110 +++++++++++++++++++++++++++
 1 file changed, 110 insertions(+)
 create mode 100644 src/main/model/csr/CertificationRequest.java

(limited to 'src/main/model/csr/CertificationRequest.java')

diff --git a/src/main/model/csr/CertificationRequest.java b/src/main/model/csr/CertificationRequest.java
new file mode 100644
index 0000000..c08997c
--- /dev/null
+++ b/src/main/model/csr/CertificationRequest.java
@@ -0,0 +1,110 @@
+package model.csr;
+
+import model.asn1.ASN1Object;
+import model.asn1.BitString;
+import model.asn1.Tag;
+import model.asn1.exceptions.ParseException;
+import model.asn1.parsing.BytesReader;
+import model.pki.AlgorithmIdentifier;
+
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.stream.Stream;
+
+/**
+ * Represents a PKCS#10 CSR.
+ * <pre>
+ *    CertificationRequest ::= SEQUENCE {
+ *         certificationRequestInfo CertificationRequestInfo,
+ *         signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }},
+ *         signature          BIT STRING
+ *    }
+ * </pre>
+ *
+ * A CSR is used to request a certificate from a CA, using a public key. The client encodes a CSR with
+ * its subject name, public key, and attributes, and sign that with their private key. The private key
+ * must match the public key encoded in the CSR. This is to prove to the CA that the client has the private
+ * key of the requested public key.
+ * After the CA receives the CSR, they can create a new certificate, with or without the requested subject
+ * and attributes. That is, the requested attributes only have informational purposes, and it is the CA that
+ * determines whether to use them.
+ * The data in the CSR are encoded in {@link CertificationRequestInfo}. This object contains the data an
+ * the signature.
+ */
+public class CertificationRequest extends ASN1Object {
+    /**
+     * All info of that CSR, excluding the signature.
+     * It will be signed, and the signature is in <pre>signature</pre>.
+     */
+    private final CertificationRequestInfo certificationRequestInfo;
+
+    /**
+     * The algorithm used for <pre>signature</pre>.
+     */
+    private final AlgorithmIdentifier signatureAlgorithm;
+
+    /**
+     * The signature.
+     */
+    private final BitString signature;
+
+    /**
+     * EFFECTS: Initialize the object with the given tag and parentTag, and info, signatureAlgorithm, and signature.
+     * REQUIRES: The signature must match the public key specified in info. The algorithm must match the signature. The
+     * fields must have correct tags as described in the class specification.
+     */
+    public CertificationRequest(Tag tag, Tag parentTag,
+                                final CertificationRequestInfo certificationRequestInfo,
+                                final AlgorithmIdentifier signatureAlgorithm,
+                                final BitString signature) {
+        super(tag, parentTag);
+        this.certificationRequestInfo = certificationRequestInfo;
+        this.signatureAlgorithm = signatureAlgorithm;
+        this.signature = signature;
+    }
+
+    /**
+     * EFFECTS: Parse input DER CSR, without verifying the signature.
+     *   Throws {@link ParseException} if the input is invalid:
+     *    - Any fields missing (info, algorithm, signature)
+     *    - Any fields having an incorrect tag (as seen in the ASN.1 definition)
+     *    - Any fields with encoding instructions that violate implicit / explicit encoding rules
+     *    - Other issues found during parsing the object, like early EOF (see {@link ASN1Object})
+     * MODIFIES: this, encoded
+     */
+    public CertificationRequest(BytesReader encoded, boolean hasParentTag) throws ParseException {
+        super(encoded, hasParentTag);
+        this.certificationRequestInfo = new CertificationRequestInfo(encoded, false);
+        this.certificationRequestInfo.getTag().enforce(TAG_SEQUENCE);
+
+        this.signatureAlgorithm = new AlgorithmIdentifier(encoded, false);
+        this.signatureAlgorithm.getTag().enforce(TAG_SEQUENCE);
+
+        this.signature = new BitString(encoded, false);
+        this.signature.getTag().enforce(BitString.TAG);
+    }
+
+    /**
+     * EFFECT: Encode that sequence into an ordered array of bytes, following the class specification.
+     */
+    @Override
+    public Byte[] encodeValueDER() {
+        return Stream.of(Arrays.asList(certificationRequestInfo.encodeDER()),
+                Arrays.asList(signatureAlgorithm.encodeDER()),
+                Arrays.asList(signature.encodeDER()))
+                .flatMap(Collection::stream)
+                .toArray(Byte[]::new);
+    }
+
+    public CertificationRequestInfo getCertificationRequestInfo() {
+        return certificationRequestInfo;
+    }
+
+    public AlgorithmIdentifier getSignatureAlgorithm() {
+        return signatureAlgorithm;
+    }
+
+    public BitString getSignature() {
+        return signature;
+    }
+}
-- 
cgit v1.2.3