sun.security.util.DerInputStream Java Examples

private static PrivateKey toPrivateKey(String key)
        throws NoSuchAlgorithmException, InvalidKeySpecException, IOException {
    KeyFactory keyFactory = KeyFactory.getInstance("RSA");

    String content = key.replaceAll("\\n", "").replace(RsaPrivateKeyStart, "").replace(RsaPrivateKeyEnd, "");
    byte[] bytes = Base64.getDecoder().decode(content);

    DerInputStream derReader = new DerInputStream(bytes);
    DerValue[] seq = derReader.getSequence(0);

    // skip version seq[0];
    BigInteger modulus = seq[1].getBigInteger();
    BigInteger publicExp = seq[2].getBigInteger();
    BigInteger privateExp = seq[3].getBigInteger();
    BigInteger prime1 = seq[4].getBigInteger();
    BigInteger prime2 = seq[5].getBigInteger();
    BigInteger exp1 = seq[6].getBigInteger();
    BigInteger exp2 = seq[7].getBigInteger();
    BigInteger crtCoef = seq[8].getBigInteger();

    RSAPrivateCrtKeySpec keySpec =
            new RSAPrivateCrtKeySpec(modulus, publicExp, privateExp, prime1, prime2, exp1, exp2, crtCoef);

    return keyFactory.generatePrivate(keySpec);
}
 

/**
 * Parse (unmarshal) a kerberostime from a DER input stream.  This form
 * parsing might be used when expanding a value which is part of
 * a constructed sequence and uses explicitly tagged type.
 *
 * @exception Asn1Exception on error.
 * @param data the Der input stream value, which contains
 *             one or more marshaled value.
 * @param explicitTag tag number.
 * @param optional indicates if this data field is optional
 * @return an instance of KerberosTime.
 *
 */
public static KerberosTime parse(
        DerInputStream data, byte explicitTag, boolean optional)
        throws Asn1Exception, IOException {
    if ((optional) && (((byte)data.peekByte() & (byte)0x1F)!= explicitTag))
        return null;
    DerValue der = data.getDerValue();
    if (explicitTag != (der.getTag() & (byte)0x1F))  {
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    }
    else {
        DerValue subDer = der.getData().getDerValue();
        Date temp = subDer.getGeneralizedTime();
        return new KerberosTime(temp.getTime(), 0);
    }
}
 

/**
 * Parse (unmarshal) a kerberostime from a DER input stream.  This form
 * parsing might be used when expanding a value which is part of
 * a constructed sequence and uses explicitly tagged type.
 *
 * @exception Asn1Exception on error.
 * @param data the Der input stream value, which contains
 *             one or more marshaled value.
 * @param explicitTag tag number.
 * @param optional indicates if this data field is optional
 * @return an instance of KerberosTime.
 *
 */
public static KerberosTime parse(
        DerInputStream data, byte explicitTag, boolean optional)
        throws Asn1Exception, IOException {
    if ((optional) && (((byte)data.peekByte() & (byte)0x1F)!= explicitTag))
        return null;
    DerValue der = data.getDerValue();
    if (explicitTag != (der.getTag() & (byte)0x1F))  {
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    }
    else {
        DerValue subDer = der.getData().getDerValue();
        Date temp = subDer.getGeneralizedTime();
        return new KerberosTime(temp.getTime(), 0);
    }
}
 

static void checkData(X509CRLImpl c, byte[] data, BigInteger[] expected)
        throws Exception {
    if (c.getRevokedCertificates().size() != expected.length) {
        throw new Exception("Wrong count in CRL object, now " +
                c.getRevokedCertificates().size());
    }
    DerValue d1 = new DerValue(data);
    // revokedCertificates at 5th place of TBSCertList
    DerValue[] d2 = new DerInputStream(
            d1.data.getSequence(0)[4].toByteArray())
            .getSequence(0);
    if (d2.length != expected.length) {
        throw new Exception("Wrong count in raw data, now " + d2.length);
    }
    for (int i=0; i<d2.length; i++) {
        // Serial is first in revokedCertificates entry
        BigInteger bi = d2[i].data.getBigInteger();
        if (!bi.equals(expected[i])) {
            throw new Exception("Entry at #" + i + " is " + bi
                    + ", should be " + expected[i]);
        }
    }
}
 

public static void createPath(String[] certs) throws Exception {

        X509Certificate anchorCert = getCertFromFile(certs[0]);
        byte [] nameConstraints = anchorCert.getExtensionValue("2.5.29.30");
        if (nameConstraints != null) {
            DerInputStream in = new DerInputStream(nameConstraints);
            nameConstraints = in.getOctetString();
        }
        TrustAnchor anchor = new TrustAnchor(anchorCert, nameConstraints);
        List list = new ArrayList();
        for (int i = 1; i < certs.length; i++) {
            list.add(0, getCertFromFile(certs[i]));
        }
        CertificateFactory cf = CertificateFactory.getInstance("X509");
        path = cf.generateCertPath(list);

        anchors = Collections.singleton(anchor);
        params = new PKIXParameters(anchors);
        params.setRevocationEnabled(false);
    }
 

private void testPrivateKeyValid() throws IOException, CertificateException {
    System.out.println("X.509 Certificate Match on privateKeyValid");
    // bad match
    X509CertSelector selector = new X509CertSelector();
    Calendar cal = Calendar.getInstance();
    cal.set(1968, 12, 31);
    selector.setPrivateKeyValid(cal.getTime());
    checkMatch(selector, cert, false);

    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.16"));
    byte[] encoded = in.getOctetString();
    PrivateKeyUsageExtension ext = new PrivateKeyUsageExtension(false, encoded);
    Date validDate = (Date) ext.get(PrivateKeyUsageExtension.NOT_BEFORE);
    selector.setPrivateKeyValid(validDate);
    checkMatch(selector, cert, true);

}
 

static void checkData(X509CRLImpl c, byte[] data, BigInteger[] expected)
        throws Exception {
    if (c.getRevokedCertificates().size() != expected.length) {
        throw new Exception("Wrong count in CRL object, now " +
                c.getRevokedCertificates().size());
    }
    DerValue d1 = new DerValue(data);
    // revokedCertificates at 5th place of TBSCertList
    DerValue[] d2 = new DerInputStream(
            d1.data.getSequence(0)[4].toByteArray())
            .getSequence(0);
    if (d2.length != expected.length) {
        throw new Exception("Wrong count in raw data, now " + d2.length);
    }
    for (int i=0; i<d2.length; i++) {
        // Serial is first in revokedCertificates entry
        BigInteger bi = d2[i].data.getBigInteger();
        if (!bi.equals(expected[i])) {
            throw new Exception("Entry at #" + i + " is " + bi
                    + ", should be " + expected[i]);
        }
    }
}
 

public static void createPath(String[] certs) throws Exception {

        X509Certificate anchorCert = getCertFromFile(certs[0]);
        byte [] nameConstraints = anchorCert.getExtensionValue("2.5.29.30");
        if (nameConstraints != null) {
            DerInputStream in = new DerInputStream(nameConstraints);
            nameConstraints = in.getOctetString();
        }
        TrustAnchor anchor = new TrustAnchor(anchorCert, nameConstraints);
        List list = new ArrayList();
        for (int i = 1; i < certs.length; i++) {
            list.add(0, getCertFromFile(certs[i]));
        }
        CertificateFactory cf = CertificateFactory.getInstance("X509");
        path = cf.generateCertPath(list);

        anchors = Collections.singleton(anchor);
        params = new PKIXParameters(anchors);
        params.setRevocationEnabled(false);
    }
 

@SuppressWarnings("fallthrough")
private static void checkPKCS8Encoding(byte[] encodedKey)
    throws IOException {
    DerInputStream in = new DerInputStream(encodedKey);
    DerValue[] values = in.getSequence(3);

    switch (values.length) {
    case 4:
        checkTag(values[3], DerValue.TAG_CONTEXT, "attributes");
        /* fall through */
    case 3:
        checkTag(values[0], DerValue.tag_Integer, "version");
        DerInputStream algid = values[1].toDerInputStream();
        algid.getOID();
        if (algid.available() != 0) {
            algid.getDerValue();
        }
        checkTag(values[2], DerValue.tag_OctetString, "privateKey");
        break;
    default:
        throw new IOException("invalid key encoding");
    }
}
 

public static void createPath(String[] certs) throws Exception {

        X509Certificate anchorCert = getCertFromFile(certs[0]);
        byte [] nameConstraints = anchorCert.getExtensionValue("2.5.29.30");
        if (nameConstraints != null) {
            DerInputStream in = new DerInputStream(nameConstraints);
            nameConstraints = in.getOctetString();
        }
        TrustAnchor anchor = new TrustAnchor(anchorCert, nameConstraints);
        List list = new ArrayList();
        for (int i = 1; i < certs.length; i++) {
            list.add(0, getCertFromFile(certs[i]));
        }
        CertificateFactory cf = CertificateFactory.getInstance("X509");
        path = cf.generateCertPath(list);

        anchors = Collections.singleton(anchor);
        params = new PKIXParameters(anchors);
        params.setRevocationEnabled(false);
    }
 

private void testPolicy() throws IOException {
    System.out.println("X.509 Certificate Match on certificatePolicies");
    // test encoding of CertificatePoliciesExtension because we wrote the
    // code
    // bad match
    X509CertSelector selector = new X509CertSelector();
    Set<String> s = new HashSet<>();
    s.add(new String("1.2.5.7.68"));
    selector.setPolicy(s);
    checkMatch(selector, cert, false);

    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.32"));
    CertificatePoliciesExtension ext = new CertificatePoliciesExtension(false, in.getOctetString());
    List<PolicyInformation> policies = ext.get(CertificatePoliciesExtension.POLICIES);
    // match on the first policy id
    PolicyInformation policyInfo = (PolicyInformation) policies.get(0);
    s.clear();
    s.add(policyInfo.getPolicyIdentifier().getIdentifier().toString());
    selector.setPolicy(s);
    checkMatch(selector, cert, true);
}
 

/**
 * Parse (unmarshal) a kerberostime from a DER input stream.  This form
 * parsing might be used when expanding a value which is part of
 * a constructed sequence and uses explicitly tagged type.
 *
 * @exception Asn1Exception on error.
 * @param data the Der input stream value, which contains
 *             one or more marshaled value.
 * @param explicitTag tag number.
 * @param optional indicates if this data field is optional
 * @return an instance of KerberosTime.
 *
 */
public static KerberosTime parse(
        DerInputStream data, byte explicitTag, boolean optional)
        throws Asn1Exception, IOException {
    if ((optional) && (((byte)data.peekByte() & (byte)0x1F)!= explicitTag))
        return null;
    DerValue der = data.getDerValue();
    if (explicitTag != (der.getTag() & (byte)0x1F))  {
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    }
    else {
        DerValue subDer = der.getData().getDerValue();
        Date temp = subDer.getGeneralizedTime();
        return new KerberosTime(temp.getTime(), 0);
    }
}
 

public static void createPath(String[] certs) throws Exception {

        X509Certificate anchorCert = getCertFromFile(certs[0]);
        byte [] nameConstraints = anchorCert.getExtensionValue("2.5.29.30");
        if (nameConstraints != null) {
            DerInputStream in = new DerInputStream(nameConstraints);
            nameConstraints = in.getOctetString();
        }
        TrustAnchor anchor = new TrustAnchor(anchorCert, nameConstraints);
        List list = new ArrayList();
        for (int i = 1; i < certs.length; i++) {
            list.add(0, getCertFromFile(certs[i]));
        }
        CertificateFactory cf = CertificateFactory.getInstance("X509");
        path = cf.generateCertPath(list);

        anchors = Collections.singleton(anchor);
        params = new PKIXParameters(anchors);
        params.setRevocationEnabled(false);
    }
 

private void testSubjectAltName() throws IOException {
    System.out.println("X.509 Certificate Match on subjectAltName");
    // bad match
    X509CertSelector selector = new X509CertSelector();
    GeneralNameInterface dnsName = new DNSName("foo.com");
    DerOutputStream tmp = new DerOutputStream();
    dnsName.encode(tmp);
    selector.addSubjectAlternativeName(2, tmp.toByteArray());
    checkMatch(selector, cert, false);

    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.17"));
    byte[] encoded = in.getOctetString();
    SubjectAlternativeNameExtension ext = new SubjectAlternativeNameExtension(false, encoded);
    GeneralNames names = (GeneralNames) ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
    GeneralName name = (GeneralName) names.get(0);
    selector.setSubjectAlternativeNames(null);
    DerOutputStream tmp2 = new DerOutputStream();
    name.getName().encode(tmp2);
    selector.addSubjectAlternativeName(name.getType(), tmp2.toByteArray());
    checkMatch(selector, cert, true);

    // good match 2 (matches at least one)
    selector.setMatchAllSubjectAltNames(false);
    selector.addSubjectAlternativeName(2, "foo.com");
    checkMatch(selector, cert, true);
}
 

private boolean matchSubjectKeyID(X509Certificate xcert) {
    if (subjectKeyID == null) {
        return true;
    }
    try {
        byte[] extVal = xcert.getExtensionValue("2.5.29.14");
        if (extVal == null) {
            if (debug != null) {
                debug.println("X509CertSelector.match: "
                    + "no subject key ID extension");
            }
            return false;
        }
        DerInputStream in = new DerInputStream(extVal);
        byte[] certSubjectKeyID = in.getOctetString();
        if (certSubjectKeyID == null ||
                !Arrays.equals(subjectKeyID, certSubjectKeyID)) {
            if (debug != null) {
                debug.println("X509CertSelector.match: "
                    + "subject key IDs don't match");
            }
            return false;
        }
    } catch (IOException ex) {
        if (debug != null) {
            debug.println("X509CertSelector.match: "
                + "exception in subject key ID check");
        }
        return false;
    }
    return true;
}
 

private void testSubjectKeyIdentifier() throws IOException {
    System.out.println("X.509 Certificate Match on subjectKeyIdentifier");
    // bad match
    X509CertSelector selector = new X509CertSelector();
    byte[] b = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
    selector.setSubjectKeyIdentifier(b);
    checkMatch(selector, cert, false);

    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.14"));
    byte[] encoded = in.getOctetString();
    selector.setSubjectKeyIdentifier(encoded);
    checkMatch(selector, cert, true);
}
 

private boolean matchSubjectKeyID(X509Certificate xcert) {
    if (ski == null) {
        return true;
    }
    try {
        byte[] extVal = xcert.getExtensionValue("2.5.29.14");
        if (extVal == null) {
            if (debug != null && Debug.isVerbose()) {
                debug.println("AdaptableX509CertSelector.match: "
                    + "no subject key ID extension. Subject: "
                    + xcert.getSubjectX500Principal());
            }
            return true;
        }
        DerInputStream in = new DerInputStream(extVal);
        byte[] certSubjectKeyID = in.getOctetString();
        if (certSubjectKeyID == null ||
                !Arrays.equals(ski, certSubjectKeyID)) {
            if (debug != null && Debug.isVerbose()) {
                debug.println("AdaptableX509CertSelector.match: "
                    + "subject key IDs don't match. "
                    + "Expected: " + Arrays.toString(ski) + " "
                    + "Cert's: " + Arrays.toString(certSubjectKeyID));
            }
            return false;
        }
    } catch (IOException ex) {
        if (debug != null && Debug.isVerbose()) {
            debug.println("AdaptableX509CertSelector.match: "
                + "exception in subject key ID check");
        }
        return false;
    }
    return true;
}
 

private static X509CertSelector generateSelector(String name)
            throws Exception {
    X509CertSelector selector = new X509CertSelector();

    // generate certificate from certificate string
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    ByteArrayInputStream is = null;
    if (name.equals("subca")) {
        is = new ByteArrayInputStream(subCaCertStr.getBytes());
    } else if (name.equals("subci")) {
        is = new ByteArrayInputStream(subCrlIssuerCertStr.getBytes());
    } else {
        is = new ByteArrayInputStream(targetCertStr.getBytes());
    }

    X509Certificate target = (X509Certificate)cf.generateCertificate(is);
    byte[] extVal = target.getExtensionValue("2.5.29.14");
    if (extVal != null) {
        DerInputStream in = new DerInputStream(extVal);
        byte[] subjectKID = in.getOctetString();
        selector.setSubjectKeyIdentifier(subjectKID);
    } else {
        // unlikely to happen.
        throw new Exception("unexpected certificate: no SKID extension");
    }

    return selector;
}
 

private boolean matchAuthorityKeyID(X509Certificate xcert) {
    if (authorityKeyID == null) {
        return true;
    }
    try {
        byte[] extVal = xcert.getExtensionValue("2.5.29.35");
        if (extVal == null) {
            if (debug != null) {
                debug.println("X509CertSelector.match: "
                    + "no authority key ID extension");
            }
            return false;
        }
        DerInputStream in = new DerInputStream(extVal);
        byte[] certAuthKeyID = in.getOctetString();
        if (certAuthKeyID == null ||
                !Arrays.equals(authorityKeyID, certAuthKeyID)) {
            if (debug != null) {
                debug.println("X509CertSelector.match: "
                    + "authority key IDs don't match");
            }
            return false;
        }
    } catch (IOException ex) {
        if (debug != null) {
            debug.println("X509CertSelector.match: "
                + "exception in authority key ID check");
        }
        return false;
    }
    return true;
}
 

/**
 * Parses a PKCS#12 MAC data.
 */
MacData(DerInputStream derin)
    throws IOException, ParsingException
{
    DerValue[] macData = derin.getSequence(2);

    // Parse the digest info
    DerInputStream digestIn = new DerInputStream(macData[0].toByteArray());
    DerValue[] digestInfo = digestIn.getSequence(2);

    // Parse the DigestAlgorithmIdentifier.
    AlgorithmId digestAlgorithmId = AlgorithmId.parse(digestInfo[0]);
    this.digestAlgorithmName = digestAlgorithmId.getName();
    this.digestAlgorithmParams = digestAlgorithmId.getParameters();
    // Get the digest.
    this.digest = digestInfo[1].getOctetString();

    // Get the salt.
    this.macSalt = macData[1].getOctetString();

    // Iterations is optional. The default value is 1.
    if (macData.length > 2) {
        this.iterations = macData[2].getInteger();
    } else {
        this.iterations = 1;
    }
}
 

protected void parseKeyBits() throws InvalidKeyException {
    try {
        DerInputStream in = new DerInputStream(getKey().toByteArray());
        y = in.getBigInteger();
    } catch (IOException e) {
        throw new InvalidKeyException("Invalid key: y value\n" +
                                      e.getMessage());
    }
}
 

/**
 * Parses a PKCS#12 MAC data.
 */
MacData(DerInputStream derin)
    throws IOException, ParsingException
{
    DerValue[] macData = derin.getSequence(2);

    // Parse the digest info
    DerInputStream digestIn = new DerInputStream(macData[0].toByteArray());
    DerValue[] digestInfo = digestIn.getSequence(2);

    // Parse the DigestAlgorithmIdentifier.
    AlgorithmId digestAlgorithmId = AlgorithmId.parse(digestInfo[0]);
    this.digestAlgorithmName = digestAlgorithmId.getName();
    this.digestAlgorithmParams = digestAlgorithmId.getParameters();
    // Get the digest.
    this.digest = digestInfo[1].getOctetString();

    // Get the salt.
    this.macSalt = macData[1].getOctetString();

    // Iterations is optional. The default value is 1.
    if (macData.length > 2) {
        this.iterations = macData[2].getInteger();
    } else {
        this.iterations = 1;
    }
}
 

private static X509CertSelector generateSelector(String name)
            throws Exception {
    X509CertSelector selector = new X509CertSelector();

    // generate certificate from certificate string
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    ByteArrayInputStream is = null;
    if (name.equals("subca")) {
        is = new ByteArrayInputStream(subCaCertStr.getBytes());
    } else if (name.equals("subci")) {
        is = new ByteArrayInputStream(subCrlIssuerCertStr.getBytes());
    } else {
        is = new ByteArrayInputStream(targetCertStr.getBytes());
    }

    X509Certificate target = (X509Certificate)cf.generateCertificate(is);
    byte[] extVal = target.getExtensionValue("2.5.29.14");
    if (extVal != null) {
        DerInputStream in = new DerInputStream(extVal);
        byte[] subjectKID = in.getOctetString();
        selector.setSubjectKeyIdentifier(subjectKID);
    } else {
        // unlikely to happen.
        throw new Exception("unexpected certificate: no SKID extension");
    }

    return selector;
}
 

private boolean matchSubjectKeyID(X509Certificate xcert) {
    if (subjectKeyID == null) {
        return true;
    }
    try {
        byte[] extVal = xcert.getExtensionValue("2.5.29.14");
        if (extVal == null) {
            if (debug != null) {
                debug.println("X509CertSelector.match: "
                    + "no subject key ID extension");
            }
            return false;
        }
        DerInputStream in = new DerInputStream(extVal);
        byte[] certSubjectKeyID = in.getOctetString();
        if (certSubjectKeyID == null ||
                !Arrays.equals(subjectKeyID, certSubjectKeyID)) {
            if (debug != null) {
                debug.println("X509CertSelector.match: subject key IDs " +
                    "don't match\nX509CertSelector.match: subjectKeyID: " +
                    Arrays.toString(subjectKeyID) +
                    "\nX509CertSelector.match: certSubjectKeyID: " +
                    Arrays.toString(certSubjectKeyID));
            }
            return false;
        }
    } catch (IOException ex) {
        if (debug != null) {
            debug.println("X509CertSelector.match: "
                + "exception in subject key ID check");
        }
        return false;
    }
    return true;
}
 

private boolean matchAuthorityKeyID(X509Certificate xcert) {
    if (authorityKeyID == null) {
        return true;
    }
    try {
        byte[] extVal = xcert.getExtensionValue("2.5.29.35");
        if (extVal == null) {
            if (debug != null) {
                debug.println("X509CertSelector.match: "
                    + "no authority key ID extension");
            }
            return false;
        }
        DerInputStream in = new DerInputStream(extVal);
        byte[] certAuthKeyID = in.getOctetString();
        if (certAuthKeyID == null ||
                !Arrays.equals(authorityKeyID, certAuthKeyID)) {
            if (debug != null) {
                debug.println("X509CertSelector.match: "
                    + "authority key IDs don't match");
            }
            return false;
        }
    } catch (IOException ex) {
        if (debug != null) {
            debug.println("X509CertSelector.match: "
                + "exception in authority key ID check");
        }
        return false;
    }
    return true;
}
 

private AlgorithmParameters parseAlgParameters(ObjectIdentifier algorithm,
    DerInputStream in) throws IOException
{
    AlgorithmParameters algParams = null;
    try {
        DerValue params;
        if (in.available() == 0) {
            params = null;
        } else {
            params = in.getDerValue();
            if (params.tag == DerValue.tag_Null) {
               params = null;
            }
        }
        if (params != null) {
            if (algorithm.equals((Object)pbes2_OID)) {
                algParams = AlgorithmParameters.getInstance("PBES2");
            } else {
                algParams = AlgorithmParameters.getInstance("PBE");
            }
            algParams.init(params.toByteArray());
        }
    } catch (Exception e) {
       throw new IOException("parseAlgParameters failed: " +
                             e.getMessage(), e);
    }
    return algParams;
}
 

private boolean matchAuthorityKeyID(X509Certificate xcert) {
    if (authorityKeyID == null) {
        return true;
    }
    try {
        byte[] extVal = xcert.getExtensionValue("2.5.29.35");
        if (extVal == null) {
            if (debug != null) {
                debug.println("X509CertSelector.match: "
                    + "no authority key ID extension");
            }
            return false;
        }
        DerInputStream in = new DerInputStream(extVal);
        byte[] certAuthKeyID = in.getOctetString();
        if (certAuthKeyID == null ||
                !Arrays.equals(authorityKeyID, certAuthKeyID)) {
            if (debug != null) {
                debug.println("X509CertSelector.match: "
                    + "authority key IDs don't match");
            }
            return false;
        }
    } catch (IOException ex) {
        if (debug != null) {
            debug.println("X509CertSelector.match: "
                + "exception in authority key ID check");
        }
        return false;
    }
    return true;
}
 

private static X509CertSelector generateSelector(String name)
            throws Exception {
    X509CertSelector selector = new X509CertSelector();

    // generate certificate from certificate string
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    ByteArrayInputStream is = null;
    if (name.equals("subca")) {
        is = new ByteArrayInputStream(subCaCertStr.getBytes());
    } else if (name.equals("subci")) {
        is = new ByteArrayInputStream(subCrlIssuerCertStr.getBytes());
    } else {
        is = new ByteArrayInputStream(targetCertStr.getBytes());
    }

    X509Certificate target = (X509Certificate)cf.generateCertificate(is);
    byte[] extVal = target.getExtensionValue("2.5.29.14");
    if (extVal != null) {
        DerInputStream in = new DerInputStream(extVal);
        byte[] subjectKID = in.getOctetString();
        selector.setSubjectKeyIdentifier(subjectKID);
    } else {
        // unlikely to happen.
        throw new Exception("unexpected certificate: no SKID extension");
    }

    return selector;
}
 

protected void parseKeyBits() throws InvalidKeyException {
    try {
        DerInputStream in = new DerInputStream(key);
        x = in.getBigInteger();
    } catch (IOException e) {
        InvalidKeyException ike = new InvalidKeyException(e.getMessage());
        ike.initCause(e);
        throw ike;
    }
}
 

private static X509CertSelector generateSelector(String name)
            throws Exception {
    X509CertSelector selector = new X509CertSelector();

    // generate certificate from certificate string
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    ByteArrayInputStream is = null;
    if (name.equals("subca")) {
        is = new ByteArrayInputStream(subCaCertStr.getBytes());
    } else if (name.equals("subci")) {
        is = new ByteArrayInputStream(subCrlIssuerCertStr.getBytes());
    } else {
        is = new ByteArrayInputStream(targetCertStr.getBytes());
    }

    X509Certificate target = (X509Certificate)cf.generateCertificate(is);
    byte[] extVal = target.getExtensionValue("2.5.29.14");
    if (extVal != null) {
        DerInputStream in = new DerInputStream(extVal);
        byte[] subjectKID = in.getOctetString();
        selector.setSubjectKeyIdentifier(subjectKID);
    } else {
        // unlikely to happen.
        throw new Exception("unexpected certificate: no SKID extension");
    }

    return selector;
}