Java Code Examples for sun.security.pkcs10.PKCS10#print()

The following examples show how to use sun.security.pkcs10.PKCS10#print() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: Main.java    From dragonwell8_jdk with GNU General Public License v2.0 4 votes vote down vote up 
/**
 * Creates a PKCS#10 cert signing request, corresponding to the
 * keys (and name) associated with a given alias.
 */
private void doCertReq(String alias, String sigAlgName, PrintStream out)
    throws Exception
{
    if (alias == null) {
        alias = keyAlias;
    }

    Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass);
    PrivateKey privKey = (PrivateKey)objs.fst;
    if (keyPass == null) {
        keyPass = objs.snd;
    }

    Certificate cert = keyStore.getCertificate(alias);
    if (cert == null) {
        MessageFormat form = new MessageFormat
            (rb.getString("alias.has.no.public.key.certificate."));
        Object[] source = {alias};
        throw new Exception(form.format(source));
    }
    PKCS10 request = new PKCS10(cert.getPublicKey());
    CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null);
    // Attribute name is not significant
    request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS,
            new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext));

    // Construct a Signature object, so that we can sign the request
    if (sigAlgName == null) {
        sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm());
    }

    Signature signature = Signature.getInstance(sigAlgName);
    signature.initSign(privKey);
    X500Name subject = dname == null?
            new X500Name(((X509Certificate)cert).getSubjectDN().toString()):
            new X500Name(dname);

    // Sign the request and base-64 encode it
    request.encodeAndSign(subject, signature);
    request.print(out);

    checkWeak(rb.getString("the.generated.certificate.request"), request);
}
Example 2
Source File: Main.java    From TencentKona-8 with GNU General Public License v2.0 4 votes vote down vote up 
/**
 * Creates a PKCS#10 cert signing request, corresponding to the
 * keys (and name) associated with a given alias.
 */
private void doCertReq(String alias, String sigAlgName, PrintStream out)
    throws Exception
{
    if (alias == null) {
        alias = keyAlias;
    }

    Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass);
    PrivateKey privKey = (PrivateKey)objs.fst;
    if (keyPass == null) {
        keyPass = objs.snd;
    }

    Certificate cert = keyStore.getCertificate(alias);
    if (cert == null) {
        MessageFormat form = new MessageFormat
            (rb.getString("alias.has.no.public.key.certificate."));
        Object[] source = {alias};
        throw new Exception(form.format(source));
    }
    PKCS10 request = new PKCS10(cert.getPublicKey());
    CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null);
    // Attribute name is not significant
    request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS,
            new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext));

    // Construct a Signature object, so that we can sign the request
    if (sigAlgName == null) {
        sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm());
    }

    Signature signature = Signature.getInstance(sigAlgName);
    signature.initSign(privKey);
    X500Name subject = dname == null?
            new X500Name(((X509Certificate)cert).getSubjectDN().toString()):
            new X500Name(dname);

    // Sign the request and base-64 encode it
    request.encodeAndSign(subject, signature);
    request.print(out);

    checkWeak(rb.getString("the.generated.certificate.request"), request);
}
Example 3
Source File: Main.java    From jdk8u60 with GNU General Public License v2.0 4 votes vote down vote up 
/**
 * Creates a PKCS#10 cert signing request, corresponding to the
 * keys (and name) associated with a given alias.
 */
private void doCertReq(String alias, String sigAlgName, PrintStream out)
    throws Exception
{
    if (alias == null) {
        alias = keyAlias;
    }

    Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass);
    PrivateKey privKey = (PrivateKey)objs.fst;
    if (keyPass == null) {
        keyPass = objs.snd;
    }

    Certificate cert = keyStore.getCertificate(alias);
    if (cert == null) {
        MessageFormat form = new MessageFormat
            (rb.getString("alias.has.no.public.key.certificate."));
        Object[] source = {alias};
        throw new Exception(form.format(source));
    }
    PKCS10 request = new PKCS10(cert.getPublicKey());
    CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null);
    // Attribute name is not significant
    request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS,
            new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext));

    // Construct a Signature object, so that we can sign the request
    if (sigAlgName == null) {
        sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm());
    }

    Signature signature = Signature.getInstance(sigAlgName);
    signature.initSign(privKey);
    X500Name subject = dname == null?
            new X500Name(((X509Certificate)cert).getSubjectDN().toString()):
            new X500Name(dname);

    // Sign the request and base-64 encode it
    request.encodeAndSign(subject, signature);
    request.print(out);
}
Example 4
Source File: Main.java    From openjdk-jdk8u with GNU General Public License v2.0 4 votes vote down vote up 
/**
 * Creates a PKCS#10 cert signing request, corresponding to the
 * keys (and name) associated with a given alias.
 */
private void doCertReq(String alias, String sigAlgName, PrintStream out)
    throws Exception
{
    if (alias == null) {
        alias = keyAlias;
    }

    Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass);
    PrivateKey privKey = (PrivateKey)objs.fst;
    if (keyPass == null) {
        keyPass = objs.snd;
    }

    Certificate cert = keyStore.getCertificate(alias);
    if (cert == null) {
        MessageFormat form = new MessageFormat
            (rb.getString("alias.has.no.public.key.certificate."));
        Object[] source = {alias};
        throw new Exception(form.format(source));
    }
    PKCS10 request = new PKCS10(cert.getPublicKey());
    CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null);
    // Attribute name is not significant
    request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS,
            new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext));

    // Construct a Signature object, so that we can sign the request
    if (sigAlgName == null) {
        sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm());
    }

    Signature signature = Signature.getInstance(sigAlgName);
    AlgorithmParameterSpec params = AlgorithmId
            .getDefaultAlgorithmParameterSpec(sigAlgName, privKey);
    SignatureUtil.initSignWithParam(signature, privKey, params, null);

    X500Name subject = dname == null?
            new X500Name(((X509Certificate)cert).getSubjectDN().toString()):
            new X500Name(dname);

    // Sign the request and base-64 encode it
    request.encodeAndSign(subject, signature);
    request.print(out);

    checkWeak(rb.getString("the.generated.certificate.request"), request);
}
Example 5
Source File: Main.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 4 votes vote down vote up 
/**
 * Creates a PKCS#10 cert signing request, corresponding to the
 * keys (and name) associated with a given alias.
 */
private void doCertReq(String alias, String sigAlgName, PrintStream out)
    throws Exception
{
    if (alias == null) {
        alias = keyAlias;
    }

    Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass);
    PrivateKey privKey = (PrivateKey)objs.fst;
    if (keyPass == null) {
        keyPass = objs.snd;
    }

    Certificate cert = keyStore.getCertificate(alias);
    if (cert == null) {
        MessageFormat form = new MessageFormat
            (rb.getString("alias.has.no.public.key.certificate."));
        Object[] source = {alias};
        throw new Exception(form.format(source));
    }
    PKCS10 request = new PKCS10(cert.getPublicKey());
    CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null);
    // Attribute name is not significant
    request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS,
            new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext));

    // Construct a Signature object, so that we can sign the request
    if (sigAlgName == null) {
        sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm());
    }

    Signature signature = Signature.getInstance(sigAlgName);
    signature.initSign(privKey);
    X500Name subject = dname == null?
            new X500Name(((X509Certificate)cert).getSubjectDN().toString()):
            new X500Name(dname);

    // Sign the request and base-64 encode it
    request.encodeAndSign(subject, signature);
    request.print(out);

    checkWeak(rb.getString("the.generated.certificate.request"), request);
}
Example 6
Source File: Main.java    From Bytecoder with Apache License 2.0 4 votes vote down vote up 
/**
 * Creates a PKCS#10 cert signing request, corresponding to the
 * keys (and name) associated with a given alias.
 */
private void doCertReq(String alias, String sigAlgName, PrintStream out)
    throws Exception
{
    if (alias == null) {
        alias = keyAlias;
    }

    Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass);
    PrivateKey privKey = (PrivateKey)objs.fst;
    if (keyPass == null) {
        keyPass = objs.snd;
    }

    Certificate cert = keyStore.getCertificate(alias);
    if (cert == null) {
        MessageFormat form = new MessageFormat
            (rb.getString("alias.has.no.public.key.certificate."));
        Object[] source = {alias};
        throw new Exception(form.format(source));
    }
    PKCS10 request = new PKCS10(cert.getPublicKey());
    CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null);
    // Attribute name is not significant
    request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS,
            new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext));

    // Construct a Signature object, so that we can sign the request
    if (sigAlgName == null) {
        sigAlgName = getCompatibleSigAlgName(privKey);
    }

    Signature signature = Signature.getInstance(sigAlgName);
    AlgorithmParameterSpec params = AlgorithmId
            .getDefaultAlgorithmParameterSpec(sigAlgName, privKey);
    SignatureUtil.initSignWithParam(signature, privKey, params, null);

    X500Name subject = dname == null?
            new X500Name(((X509Certificate)cert).getSubjectDN().toString()):
            new X500Name(dname);

    // Sign the request and base-64 encode it
    request.encodeAndSign(subject, signature);
    request.print(out);

    checkWeak(rb.getString("the.generated.certificate.request"), request);
}
Example 7
Source File: Main.java    From openjdk-jdk9 with GNU General Public License v2.0 4 votes vote down vote up 
/**
 * Creates a PKCS#10 cert signing request, corresponding to the
 * keys (and name) associated with a given alias.
 */
private void doCertReq(String alias, String sigAlgName, PrintStream out)
    throws Exception
{
    if (alias == null) {
        alias = keyAlias;
    }

    Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass);
    PrivateKey privKey = (PrivateKey)objs.fst;
    if (keyPass == null) {
        keyPass = objs.snd;
    }

    Certificate cert = keyStore.getCertificate(alias);
    if (cert == null) {
        MessageFormat form = new MessageFormat
            (rb.getString("alias.has.no.public.key.certificate."));
        Object[] source = {alias};
        throw new Exception(form.format(source));
    }
    PKCS10 request = new PKCS10(cert.getPublicKey());
    CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null);
    // Attribute name is not significant
    request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS,
            new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext));

    // Construct a Signature object, so that we can sign the request
    if (sigAlgName == null) {
        sigAlgName = getCompatibleSigAlgName(privKey);
    }

    Signature signature = Signature.getInstance(sigAlgName);
    signature.initSign(privKey);
    X500Name subject = dname == null?
            new X500Name(((X509Certificate)cert).getSubjectDN().toString()):
            new X500Name(dname);

    // Sign the request and base-64 encode it
    request.encodeAndSign(subject, signature);
    request.print(out);

    checkWeak(rb.getString("the.generated.certificate.request"), request);
}
Example 8
Source File: Main.java    From jdk8u-jdk with GNU General Public License v2.0 4 votes vote down vote up 
/**
 * Creates a PKCS#10 cert signing request, corresponding to the
 * keys (and name) associated with a given alias.
 */
private void doCertReq(String alias, String sigAlgName, PrintStream out)
    throws Exception
{
    if (alias == null) {
        alias = keyAlias;
    }

    Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass);
    PrivateKey privKey = (PrivateKey)objs.fst;
    if (keyPass == null) {
        keyPass = objs.snd;
    }

    Certificate cert = keyStore.getCertificate(alias);
    if (cert == null) {
        MessageFormat form = new MessageFormat
            (rb.getString("alias.has.no.public.key.certificate."));
        Object[] source = {alias};
        throw new Exception(form.format(source));
    }
    PKCS10 request = new PKCS10(cert.getPublicKey());
    CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null);
    // Attribute name is not significant
    request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS,
            new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext));

    // Construct a Signature object, so that we can sign the request
    if (sigAlgName == null) {
        sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm());
    }

    Signature signature = Signature.getInstance(sigAlgName);
    signature.initSign(privKey);
    X500Name subject = dname == null?
            new X500Name(((X509Certificate)cert).getSubjectDN().toString()):
            new X500Name(dname);

    // Sign the request and base-64 encode it
    request.encodeAndSign(subject, signature);
    request.print(out);
}
Example 9
Source File: Main.java    From hottub with GNU General Public License v2.0 4 votes vote down vote up 
/**
 * Creates a PKCS#10 cert signing request, corresponding to the
 * keys (and name) associated with a given alias.
 */
private void doCertReq(String alias, String sigAlgName, PrintStream out)
    throws Exception
{
    if (alias == null) {
        alias = keyAlias;
    }

    Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass);
    PrivateKey privKey = (PrivateKey)objs.fst;
    if (keyPass == null) {
        keyPass = objs.snd;
    }

    Certificate cert = keyStore.getCertificate(alias);
    if (cert == null) {
        MessageFormat form = new MessageFormat
            (rb.getString("alias.has.no.public.key.certificate."));
        Object[] source = {alias};
        throw new Exception(form.format(source));
    }
    PKCS10 request = new PKCS10(cert.getPublicKey());
    CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null);
    // Attribute name is not significant
    request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS,
            new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext));

    // Construct a Signature object, so that we can sign the request
    if (sigAlgName == null) {
        sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm());
    }

    Signature signature = Signature.getInstance(sigAlgName);
    signature.initSign(privKey);
    X500Name subject = dname == null?
            new X500Name(((X509Certificate)cert).getSubjectDN().toString()):
            new X500Name(dname);

    // Sign the request and base-64 encode it
    request.encodeAndSign(subject, signature);
    request.print(out);
}
Example 10
Source File: Main.java    From openjdk-8-source with GNU General Public License v2.0 4 votes vote down vote up 
/**
 * Creates a PKCS#10 cert signing request, corresponding to the
 * keys (and name) associated with a given alias.
 */
private void doCertReq(String alias, String sigAlgName, PrintStream out)
    throws Exception
{
    if (alias == null) {
        alias = keyAlias;
    }

    Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass);
    PrivateKey privKey = (PrivateKey)objs.fst;
    if (keyPass == null) {
        keyPass = objs.snd;
    }

    Certificate cert = keyStore.getCertificate(alias);
    if (cert == null) {
        MessageFormat form = new MessageFormat
            (rb.getString("alias.has.no.public.key.certificate."));
        Object[] source = {alias};
        throw new Exception(form.format(source));
    }
    PKCS10 request = new PKCS10(cert.getPublicKey());
    CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null);
    // Attribute name is not significant
    request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS,
            new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext));

    // Construct a Signature object, so that we can sign the request
    if (sigAlgName == null) {
        sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm());
    }

    Signature signature = Signature.getInstance(sigAlgName);
    signature.initSign(privKey);
    X500Name subject = dname == null?
            new X500Name(((X509Certificate)cert).getSubjectDN().toString()):
            new X500Name(dname);

    // Sign the request and base-64 encode it
    request.encodeAndSign(subject, signature);
    request.print(out);
}
Example 11
Source File: Main.java    From openjdk-8 with GNU General Public License v2.0 4 votes vote down vote up 
/**
 * Creates a PKCS#10 cert signing request, corresponding to the
 * keys (and name) associated with a given alias.
 */
private void doCertReq(String alias, String sigAlgName, PrintStream out)
    throws Exception
{
    if (alias == null) {
        alias = keyAlias;
    }

    Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass);
    PrivateKey privKey = (PrivateKey)objs.fst;
    if (keyPass == null) {
        keyPass = objs.snd;
    }

    Certificate cert = keyStore.getCertificate(alias);
    if (cert == null) {
        MessageFormat form = new MessageFormat
            (rb.getString("alias.has.no.public.key.certificate."));
        Object[] source = {alias};
        throw new Exception(form.format(source));
    }
    PKCS10 request = new PKCS10(cert.getPublicKey());
    CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null);
    // Attribute name is not significant
    request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS,
            new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext));

    // Construct a Signature object, so that we can sign the request
    if (sigAlgName == null) {
        sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm());
    }

    Signature signature = Signature.getInstance(sigAlgName);
    signature.initSign(privKey);
    X500Name subject = dname == null?
            new X500Name(((X509Certificate)cert).getSubjectDN().toString()):
            new X500Name(dname);

    // Sign the request and base-64 encode it
    request.encodeAndSign(subject, signature);
    request.print(out);
}
Example 12
Source File: Main.java    From jdk8u_jdk with GNU General Public License v2.0 4 votes vote down vote up 
/**
 * Creates a PKCS#10 cert signing request, corresponding to the
 * keys (and name) associated with a given alias.
 */
private void doCertReq(String alias, String sigAlgName, PrintStream out)
    throws Exception
{
    if (alias == null) {
        alias = keyAlias;
    }

    Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass);
    PrivateKey privKey = (PrivateKey)objs.fst;
    if (keyPass == null) {
        keyPass = objs.snd;
    }

    Certificate cert = keyStore.getCertificate(alias);
    if (cert == null) {
        MessageFormat form = new MessageFormat
            (rb.getString("alias.has.no.public.key.certificate."));
        Object[] source = {alias};
        throw new Exception(form.format(source));
    }
    PKCS10 request = new PKCS10(cert.getPublicKey());
    CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null);
    // Attribute name is not significant
    request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS,
            new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext));

    // Construct a Signature object, so that we can sign the request
    if (sigAlgName == null) {
        sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm());
    }

    Signature signature = Signature.getInstance(sigAlgName);
    AlgorithmParameterSpec params = AlgorithmId
            .getDefaultAlgorithmParameterSpec(sigAlgName, privKey);
    SignatureUtil.initSignWithParam(signature, privKey, params, null);

    X500Name subject = dname == null?
            new X500Name(((X509Certificate)cert).getSubjectDN().toString()):
            new X500Name(dname);

    // Sign the request and base-64 encode it
    request.encodeAndSign(subject, signature);
    request.print(out);

    checkWeak(rb.getString("the.generated.certificate.request"), request);
}
Example 13
Source File: Main.java    From jdk8u-jdk with GNU General Public License v2.0 4 votes vote down vote up 
/**
 * Creates a PKCS#10 cert signing request, corresponding to the
 * keys (and name) associated with a given alias.
 */
private void doCertReq(String alias, String sigAlgName, PrintStream out)
    throws Exception
{
    if (alias == null) {
        alias = keyAlias;
    }

    Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass);
    PrivateKey privKey = (PrivateKey)objs.fst;
    if (keyPass == null) {
        keyPass = objs.snd;
    }

    Certificate cert = keyStore.getCertificate(alias);
    if (cert == null) {
        MessageFormat form = new MessageFormat
            (rb.getString("alias.has.no.public.key.certificate."));
        Object[] source = {alias};
        throw new Exception(form.format(source));
    }
    PKCS10 request = new PKCS10(cert.getPublicKey());
    CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null);
    // Attribute name is not significant
    request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS,
            new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext));

    // Construct a Signature object, so that we can sign the request
    if (sigAlgName == null) {
        sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm());
    }

    Signature signature = Signature.getInstance(sigAlgName);
    signature.initSign(privKey);
    X500Name subject = dname == null?
            new X500Name(((X509Certificate)cert).getSubjectDN().toString()):
            new X500Name(dname);

    // Sign the request and base-64 encode it
    request.encodeAndSign(subject, signature);
    request.print(out);
}
Example 14
Source File: Main.java    From jdk8u-dev-jdk with GNU General Public License v2.0 4 votes vote down vote up 
/**
 * Creates a PKCS#10 cert signing request, corresponding to the
 * keys (and name) associated with a given alias.
 */
private void doCertReq(String alias, String sigAlgName, PrintStream out)
    throws Exception
{
    if (alias == null) {
        alias = keyAlias;
    }

    Pair<Key,char[]> objs = recoverKey(alias, storePass, keyPass);
    PrivateKey privKey = (PrivateKey)objs.fst;
    if (keyPass == null) {
        keyPass = objs.snd;
    }

    Certificate cert = keyStore.getCertificate(alias);
    if (cert == null) {
        MessageFormat form = new MessageFormat
            (rb.getString("alias.has.no.public.key.certificate."));
        Object[] source = {alias};
        throw new Exception(form.format(source));
    }
    PKCS10 request = new PKCS10(cert.getPublicKey());
    CertificateExtensions ext = createV3Extensions(null, null, v3ext, cert.getPublicKey(), null);
    // Attribute name is not significant
    request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS,
            new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext));

    // Construct a Signature object, so that we can sign the request
    if (sigAlgName == null) {
        sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm());
    }

    Signature signature = Signature.getInstance(sigAlgName);
    signature.initSign(privKey);
    X500Name subject = dname == null?
            new X500Name(((X509Certificate)cert).getSubjectDN().toString()):
            new X500Name(dname);

    // Sign the request and base-64 encode it
    request.encodeAndSign(subject, signature);
    request.print(out);
}