Examples of codec.x509.SubjectPublicKeyInfo

• org.bouncycastle.asn1.x509.SubjectPublicKeyInfo
  Subject Public Key Info according to RFC2459. Consists of an AlgorithmID and the corresponding public key

   SubjectPublicKeyInfo  ::=  SEQUENCE  { algorithm            AlgorithmIdentifier, subjectPublicKey     BIT STRING } 

  Raw public key material embedded in this structure need not be ASN.1/DER encoded. Some crypto systems such as elliptic curve systems use specific encodings of keys. For this reason, keys can be retrieved by means of two alternative ways:

  • Raw encoded keys, returned as byte arrays, and
  • Raw decoded keys, returned as ASN.1 types.

  Only ASN.1/DER is supported as decoding method. Keys encoded in another code must be decoded externally. Creation date: (18.08.99 15:23:09) @author Markus Tak @version "$Id: SubjectPublicKeyInfo.java,v 1.3 2004/08/16 08:53:58 pebingerExp $"

        BigInteger serialNumber = BigInteger.valueOf(555L);
        AlgorithmIdentifier signature = new AlgorithmIdentifier("1.2.3.44.555");
        Name issuer = new Name("O=Certificate Issuer");
        Validity validity = new Validity(new Date(100000000),
                                         new Date(200000000));
        SubjectPublicKeyInfo subjectPublicKeyInfo =
            new SubjectPublicKeyInfo(
                    new AlgorithmIdentifier("1.2.840.113549.1.1.2"),
                                            new byte[10]);
        boolean[] issuerUniqueID  = new boolean[]
                    {true, false, true, false, true, false, true, false};
        boolean[] subjectUniqueID = new boolean[]

                new Certificate(
                    new TBSCertificate(2, certSerialNumber1, signature,
                        new Name(certIssuerName),
                        new Validity(new Date(), new Date()),
                    new Name(certIssuerName),
                    new SubjectPublicKeyInfo(signature, new byte[10]),
                    null, null, null),
                signature, new byte[10]));
            X509CertImpl cert2 = new X509CertImpl(
                new Certificate(
                    new TBSCertificate(2, certSerialNumber2, signature,
                        new Name(certIssuerName),
                        new Validity(new Date(), new Date()),
                    new Name(certIssuerName),
                    new SubjectPublicKeyInfo(signature, new byte[10]),
                    null, null, null),
                signature, new byte[10]));
            X509CertImpl cert3 = new X509CertImpl(
                new Certificate(
                    new TBSCertificate(2, certSerialNumber3, signature,
                        new Name("O=Another Cert Issuer"),
                        new Validity(new Date(), new Date()),
                    new Name(certIssuerName),
                    new SubjectPublicKeyInfo(signature, new byte[10]),
                    null, null, null),
                signature, new byte[10]));
            assertNull("Certificate should not be presented in CRL "
                    + "because issuer is not the same as CRL issuer",
                    crl.getRevokedCertificate(cert1));

                new Certificate(
                    new TBSCertificate(2, certSerialNumber1, signature,
                        new Name(certIssuerName),
                        new Validity(new Date(), new Date()),
                    new Name(certIssuerName),
                    new SubjectPublicKeyInfo(signature, new byte[10]),
                    null, null, null),
                signature, new byte[10]));
            X509CertImpl cert2 = new X509CertImpl(
                new Certificate(
                    new TBSCertificate(2, certSerialNumber2, signature,
                        new Name(certIssuerName),
                        new Validity(new Date(), new Date()),
                    new Name(certIssuerName),
                    new SubjectPublicKeyInfo(signature, new byte[10]),
                    null, null, null),
                signature, new byte[10]));
            X509CertImpl cert3 = new X509CertImpl(
                new Certificate(
                    new TBSCertificate(2, certSerialNumber3, signature,
                        new Name("O=Another Cert Issuer"),
                        new Validity(new Date(), new Date()),
                    new Name(certIssuerName),
                    new SubjectPublicKeyInfo(signature, new byte[10]),
                    null, null, null),
                signature, new byte[10]));
            assertFalse("Certificate should not be presented in CRL "
                    + "because issuer is not the same as CRL issuer",
                    crl.isRevoked(cert1));

            throw (IOException) new IOException(
                    "Failed to generate a distinguished name. ").initCause(e);
        }

        // generate a SubjectPublicKeyInfo
        SubjectPublicKeyInfo subjectPublicKeyInfo = null;
        try {
            subjectPublicKeyInfo = (SubjectPublicKeyInfo) SubjectPublicKeyInfo.ASN1
                    .decode(publicKey.getEncoded());
        } catch (IOException e) {
            throw (IOException) new IOException(

            params = new X962Parameters(ecP);
        }

        ASN1OctetString    p = (ASN1OctetString)(new X9ECPoint(this.getQ()).getDERObject());

        SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.getDERObject()), p.getOctets());

        try
        {
            dOut.writeObject(info);
            dOut.close();

    public void setPublicKey(
        PublicKey       key)
    {
        try
        {
            tbsGen.setSubjectPublicKeyInfo(new SubjectPublicKeyInfo((ASN1Sequence)new DERInputStream(
                                new ByteArrayInputStream(key.getEncoded())).readObject()));
        }
        catch (Exception e)
        {
            throw new IllegalArgumentException("unable to process key - " + e.toString());

    public byte[] getEncoded()
    {
        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
        DEROutputStream         dOut = new DEROutputStream(bOut);
        SubjectPublicKeyInfo    info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull()), new RSAPublicKeyStructure(getModulus(), getPublicExponent()).getDERObject());

        try
        {
            dOut.writeObject(info);
            dOut.close();

        ByteArrayInputStream    bIn = new ByteArrayInputStream(bytes);
        DERInputStream          dIn = new DERInputStream(bIn);

        try
        {
            this.reqInfo = new CertificationRequestInfo(subject, new SubjectPublicKeyInfo((ASN1Sequence)dIn.readObject()), attributes);
        }
        catch (IOException e)
        {
            throw new IllegalArgumentException("can't encode public key");
        }

    public PublicKey getPublicKey(
        String  provider)
        throws NoSuchAlgorithmException, NoSuchProviderException,
                InvalidKeyException
    {
        SubjectPublicKeyInfo    subjectPKInfo = reqInfo.getSubjectPublicKeyInfo();

        try
        {
            X509EncodedKeySpec      xspec = new X509EncodedKeySpec(new DERBitString(subjectPKInfo).getBytes());
            AlgorithmIdentifier     keyAlg = subjectPKInfo.getAlgorithmId ();

            return KeyFactory.getInstance(keyAlg.getObjectId().getId (), provider).generatePublic(xspec);
        }
        catch (InvalidKeySpecException e)
        {

    public void setPublicKey(
        PublicKey       key)
    {
        try
        {
            tbsGen.setSubjectPublicKeyInfo(new SubjectPublicKeyInfo((ASN1Sequence)new DERInputStream(
                                new ByteArrayInputStream(key.getEncoded())).readObject()));
        }
        catch (Exception e)
        {
            throw new IllegalArgumentException("unable to process key - " + e.toString());