reset signed-request -> sub-sequent req.verify will work correctly

Author: kares

src/main/java/org/jruby/ext/openssl/impl/PKCS10Request.java

@@ -47,7 +47,9 @@
 
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1Set;
+import org.bouncycastle.asn1.DERBitString;
 import org.bouncycastle.asn1.DLSequence;
+import org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
 import org.bouncycastle.asn1.x500.X500Name;
 import org.bouncycastle.pkcs.PKCS10CertificationRequest;
 import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;
@@ -110,6 +112,16 @@ public PKCS10Request(ASN1Sequence sequence) {
         this(CertificationRequest.getInstance(sequence));
     }
 
+    private void resetSignedRequest() {
+        if ( signedRequest == null ) return;
+
+        CertificationRequest req = signedRequest.toASN1Structure();
+        CertificationRequestInfo reqInfo = new CertificationRequestInfo(subject, publicKeyInfo, req.getCertificationRequestInfo().getAttributes());
+        ASN1Sequence seq = (ASN1Sequence) req.toASN1Primitive();
+        req = new CertificationRequest(reqInfo, (AlgorithmIdentifier) seq.getObjectAt(1), (DERBitString) seq.getObjectAt(2));
+        signedRequest = new PKCS10CertificationRequest(req); // valid = true;
+    }
+
     // sign
 
     public PKCS10CertificationRequest sign(final PrivateKey privateKey,
@@ -178,6 +190,7 @@ public ASN1Sequence toASN1Structure() {
 
     public void setSubject(final X500Name subject) {
         this.subject = subject;
+        resetSignedRequest();
     }
 
     public X500Name getSubject() {
@@ -190,6 +203,7 @@ public void setPublicKey(final PublicKey publicKey) {
         this.publicKeyInfo = makePublicKeyInfo(publicKey);
         //if ( publicKey == null ) publicKeyAlgorithm = null;
         //else publicKeyAlgorithm = publicKey.getAlgorithm();
+        resetSignedRequest();
     }
 
     private String getPublicKeyAlgorithm() {