Create a CSR with extended information in Java

Even if you google it, it will not be a hit in Japanese, so there may not be much demand, but ...

Operating environment

The version of Bouncy Castle used is as follows. It's too old!

• bcpkix-jdk15on-149.jar
• bcprov-ext-jdk15on-149.jar

Creating a CSR with private key, public key, and extended information

public class CreateExtensionCsr {
    public static void main(String[] args) throws Exception {
        //Generate an RSA encryption key to securely exchange the encryption key between two points.
        KeyPairGenerator keygen = KeyPairGenerator.getInstance("RSA");
        keygen.initialize(2048);
        KeyPair keyPair = keygen.generateKeyPair();

        //Private key
        PrivateKey privateKey = keyPair.getPrivate();

        //Public key
        PublicKey publicKey = keyPair.getPublic();

        //Create a CSR
        Security.addProvider(new BouncyCastleProvider());
        PKCS10CertificationRequest certReq = generateRequest(privateKey, publicKey);
        
        //Convert to PEM format
        String csr = toPem(certReq);

        System.out.println(csr);
    }

    /**
     *Create a CSR with extended information
     */
    public static PKCS10CertificationRequest generateRequest(PrivateKey privateKey,
            PublicKey publicKey) throws Exception {
        Vector oids = new Vector();
        Vector values = new Vector();

        //Creating extended information
        oids.add(X509Extensions.SubjectKeyIdentifier);
        values.add(new X509Extension(false, new DEROctetString(new SubjectKeyIdentifierStructure(
                publicKey))));
        oids.add(X509Extensions.KeyUsage);
        values.add(new X509Extension(true, new DEROctetString(new KeyUsage(
                KeyUsage.digitalSignature))));

        //Granting extended information
        X509Extensions extensions = new X509Extensions(oids, values);
        Attribute attribute =
                new Attribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new DERSet(
                        extensions));

        //Creating a CSR
        return new PKCS10CertificationRequest("SHA256withRSA", new X500Principal(
                "C=JP"), publicKey, new DERSet(
                attribute), privateKey);
    }

    /**
     *Convert to PEM format
     */
    private static String toPem(Object obj) throws IOException {
        StringWriter sw = new StringWriter();
        PEMWriter writer = null;
        try {
            writer = new PEMWriter(sw);
            writer.writeObject(obj);
            writer.flush();
        } finally {
            if (writer != null) {
                writer.close();
            }
        }
        return sw.toString();
    }
}

Confirmation of CSR contents

$ openssl req -text -noout -in testcreate.csr
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: C=JP
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b4:ed:73:b2:3a:02:d6:e5:6c:33:29:98:0a:cc:
                    f8:74:43:e0:04:8b:98:1f:f0:4d:1c:28:6e:b4:ec:
                    <<abridgement>>
                Exponent: 65537 (0x10001)
        Attributes:
        Requested Extensions:
            X509v3 Subject Key Identifier:
                00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:0
            X509v3 Key Usage: critical
                Digital Signature
    Signature Algorithm: sha256WithRSAEncryption
         8d:b7:fd:e2:14:04:7a:85:02:f1:d5:49:c0:02:c8:f2:46:72:
         b9:b5:f5:b3:e3:cf:06:ae:44:7a:37:12:b2:3d:7b:86:d0:db:
         <<abridgement>>