Possible to generate CSR using java.security without sun packages or external library?

Question

Is it possible to generate a certificate signing request using Java code without using sun.* or com.sun.* packages, and without using an external library? If I need to use a library like BouncyCastle I will look into it, but all my searching so far only shows examples which use sun packages or BouncyCastle and I'd prefer to stick to the raw API if possible.

And, what's the best approach to doing this if what I'm trying is not possible?

Answer 1

I don't think this is possible. Accepting this until someone has a better answer or it becomes possible.

FWIW, I ended up using the shell to call keytool to do this.

Answer 2

Sorry for the very late response but figured I'd try anyway. Bouncy Castle or Java libraries make your life a hell of a lot easier for this task. But if you can't use these libraries for your project then my response to you is still "yes" but you will have to become intimately familiar with ASN1 encoding. I see no reason why you cannot take an existing CSR to learn from. This site(http://lapo.it/asn1js/) helped immensely in understanding ASN1 when I had to do similar things. Once you see how the CSR is formatted, with the help of the ASN1 tool I referred to earlier, it becomes clear how to re-purpose the example CSR for your use. At a high level you would

1. read in the example file
2. parse by TLV (type-length-value) encoding
3. replace field with your desired data
4. digitally sign
5. embed the signature
6. write back content to file

The java.security.Signature object should be able to help you with the signing part.