org.bouncycastle.asn1.x509.Certificate Java Examples

@Test
public void parseCrl2() throws Exception {
  File crlFile = new File("src/test/resources/crls/crl-2/ca1-crl.crl");
  Certificate issuerSigner = parseCert("src/test/resources/crls/crl-2/ca1-cert.crt");

  CrlStreamParser parser = new CrlStreamParser(crlFile);
  Assert.assertEquals("version", 1, parser.getVersion());
  Assert.assertEquals("CRL number", BigInteger.valueOf(5), parser.getCrlNumber());

  Assert.assertTrue("signature", parser.verifySignature(issuerSigner.getSubjectPublicKeyInfo()));

  int numRevokedCerts = 0;

  try (RevokedCertsIterator iterator = parser.revokedCertificates()) {
    while (iterator.hasNext()) {
      iterator.next();
      numRevokedCerts++;
    }
  }

  Assert.assertEquals("#revokedCertificates", 6, numRevokedCerts);
}
 

@Test
public void szcaCertTest() throws Exception {
    String skPath = "/szca/sk-test";
    String certPath = "/szca/signcert.pem";
    String testData = "this is test data";
    String privateKeyPath = CertTest.class.getResource(skPath).getPath();
    String signCertPath = CertTest.class.getResource(certPath).getPath();
    byte[] sk = CryptoUtil.getPrivateKey(privateKeyPath);
    byte[] certBytes = FileUtils.readFileBytes(signCertPath);
    Certificate signCert = Certificate.getInstance(
            new PemReader(new InputStreamReader(new ByteArrayInputStream(certBytes))).readPemObject().getContent());
    byte[] pk = signCert.getSubjectPublicKeyInfo().getPublicKeyData().getBytes();
    byte[] sign = sm2.sign(sk, testData.getBytes());
    boolean result = sm2.verify(pk, sign, testData.getBytes());
    assertEquals(true, result);
}
 

@Test
public void certTest() throws IOException {
    String privateKey = "MIGTAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBHkwdwIBAQQgTchUuHEAckzfS16v\n" +
            "8hz4Rt9G+41OifbzAr9jM+JGxiygCgYIKoEcz1UBgi2hRANCAASDw0oz+lq1H8QM\n" +
            "8YaZSikOsCdbLR+sUd+hpzvDF1wmS3zVNqtKnTRzD3bVgR4AFljtBVmbXNmJdrno\n" +
            "C8r6EmyE";
    byte[] sk = org.bouncycastle.util.encoders.Base64.decode(privateKey);

    System.out.println("私钥长度" + sk.length);
    System.out.println(Hex.toHexString(sk));
    String cert_path = MspValidateTest.class.getResource("/szca/testsm2.pem").getPath();
    byte[] idBytes = FileUtils.readFileBytes(cert_path);
    Certificate certificate = Certificate.getInstance(new PemReader(new InputStreamReader(new ByteArrayInputStream(idBytes))).readPemObject().getContent());
    byte[] publickey = certificate.getSubjectPublicKeyInfo().getPublicKeyData().getBytes();

    System.out.println(certificate.getSubject());
    System.out.println("公钥：" + Hex.toHexString(publickey));
    System.out.println("公钥长度：" + publickey.length);
}
 

private Certificate[] cmpCaCerts() throws Exception {
  ProtectedPKIMessageBuilder builder = new ProtectedPKIMessageBuilder(
      PKIHeader.CMP_2000, requestorSubject, responderSubject);
  builder.setMessageTime(new Date());
  builder.setTransactionID(randomTransactionId());
  builder.setSenderNonce(randomSenderNonce());

  ASN1EncodableVector vec = new ASN1EncodableVector();
  vec.add(new ASN1Integer(CMP_ACTION_CACERTCHAIN));

  InfoTypeAndValue itv = new InfoTypeAndValue(id_xipki_cmp_cacertchain, new DERSequence(vec));
  PKIBody body = new PKIBody(PKIBody.TYPE_GEN_MSG, new GenMsgContent(itv));
  builder.setBody(body);

  ProtectedPKIMessage request = build(builder);
  PKIMessage response = transmit(request, null);
  ASN1Encodable asn1Value = extractGeneralRepContent(response, id_xipki_cmp_cacertchain.getId());
  ASN1Sequence seq = ASN1Sequence.getInstance(asn1Value);

  final int size = seq.size();
  Certificate[] caCerts = new Certificate[size];
  for (int i = 0; i < size; i++) {
    caCerts[i] = CMPCertificate.getInstance(seq.getObjectAt(i)).getX509v3PKCert();
  }
  return caCerts;
}
 

public void init() throws Exception {
  TlsInit.init();

  if (caCert != null) {
    return;
  }

  Certificate[] certchain = cmpCaCerts();
  this.caCertchain = new ArrayList<>(certchain.length);
  for (Certificate m : certchain) {
    this.caCertchain.add(
        SdkUtil.parseCert((m.getEncoded())));
  }

  this.caCert = this.caCertchain.get(0);
  this.caSubject = certchain[0].getSubject();
  this.caSubjectKeyIdentifier = SdkUtil.extractSki(this.caCert);
}
 

public static Certificate loadCertificateSM2(String certPath) throws JulongChainException {
    File certDir = new File(certPath);
    File[] files = certDir.listFiles();
    if (!certDir.isDirectory() || files == null) {
        log.error("invalid directory for certPath " + certPath);
        return null;
    }
    for (File file : files) {
        if (!file.getName().endsWith(".pem")) {
            continue;
        }
        try {
            InputStreamReader reader = new InputStreamReader(new FileInputStream(file));
            PemReader pemReader = new PemReader(reader);
            PemObject pemObject = pemReader.readPemObject();
            reader.close();
            byte[] certBytes = pemObject.getContent();
            return Certificate.getInstance(certBytes);
        } catch (Exception e) {
            throw new JulongChainException("An error occurred :" + e.getMessage());
        }
    }
    throw new JulongChainException("no pem file found");
}
 

@Test
public void parseCrlWithNoExtension() throws Exception {
  File crlFile = new File("src/test/resources/crls/crl-6/no-extensions.crl");
  Certificate issuerSigner = parseCert("src/test/resources/crls/crl-6/ca.crt");

  CrlStreamParser parser = new CrlStreamParser(crlFile);
  Assert.assertEquals("version", 1, parser.getVersion());
  Assert.assertEquals("CRL number", null, parser.getCrlNumber());

  Assert.assertTrue("signature", parser.verifySignature(issuerSigner.getSubjectPublicKeyInfo()));

  int numRevokedCerts = 0;

  try (RevokedCertsIterator iterator = parser.revokedCertificates()) {
    while (iterator.hasNext()) {
      iterator.next();
      numRevokedCerts++;
    }
  }

  Assert.assertEquals("#revokedCertificates", 0, numRevokedCerts);
}
 

@Test
public void parseCrlWithNoCrlNumber() throws Exception {
  File crlFile = new File("src/test/resources/crls/crl-5/no-crlnumber.crl");
  Certificate issuerSigner = parseCert("src/test/resources/crls/crl-5/ca.crt");

  CrlStreamParser parser = new CrlStreamParser(crlFile);
  Assert.assertEquals("version", 1, parser.getVersion());
  Assert.assertEquals("CRL number", null, parser.getCrlNumber());

  Assert.assertTrue("signature", parser.verifySignature(issuerSigner.getSubjectPublicKeyInfo()));

  int numRevokedCerts = 0;

  try (RevokedCertsIterator iterator = parser.revokedCertificates()) {
    while (iterator.hasNext()) {
      iterator.next();
      numRevokedCerts++;
    }
  }

  Assert.assertEquals("#revokedCertificates", 0, numRevokedCerts);
}
 

/**
 * Creates a OCSP Request
 *
 * @param pairIssuerSubject a pair of issuer and subject certificates
 * @return OCSPReq object
 */
private OCSPReq createRequest(
    SFPair<Certificate, Certificate> pairIssuerSubject) throws IOException
{
  Certificate issuer = pairIssuerSubject.left;
  Certificate subject = pairIssuerSubject.right;
  OCSPReqBuilder gen = new OCSPReqBuilder();
  try
  {
    DigestCalculator digest = new SHA1DigestCalculator();
    X509CertificateHolder certHolder = new X509CertificateHolder(issuer.getEncoded());
    CertificateID certId = new CertificateID(
        digest, certHolder, subject.getSerialNumber().getValue());
    gen.addRequest(certId);
    return gen.build();
  }
  catch (OCSPException ex)
  {
    throw new IOException("Failed to build a OCSPReq.", ex);
  }
}
 

@Override
protected List<Identifier> getEncapsulatedCertificateIdentifiers(CAdESAttribute unsignedAttribute) {
	List<Identifier> certificateIdentifiers = new ArrayList<>();
	ASN1Sequence seq = (ASN1Sequence) unsignedAttribute.getASN1Object();
	for (int ii = 0; ii < seq.size(); ii++) {
		try {
			final Certificate cs = Certificate.getInstance(seq.getObjectAt(ii));
			CertificateToken certificateToken = DSSUtils.loadCertificate(cs.getEncoded());
			certificateIdentifiers.add(certificateToken.getDSSId());
		} catch (Exception e) {
			String errorMessage = "Unable to parse an encapsulated certificate : {}";
			if (LOG.isDebugEnabled()) {
				LOG.warn(errorMessage, e.getMessage(), e);
			} else {
				LOG.warn(errorMessage, e.getMessage());
			}
		}
	}
	return certificateIdentifiers;
}
 

private void extractCertificateValues() {
	AttributeTable unsignedAttributes = currentSignerInformation.getUnsignedAttributes();
	if (unsignedAttributes != null) {
		Attribute attribute = unsignedAttributes.get(id_aa_ets_certValues);
		if (attribute != null) {
			final ASN1Sequence seq = (ASN1Sequence) attribute.getAttrValues().getObjectAt(0);
			for (int ii = 0; ii < seq.size(); ii++) {
				try {
					final Certificate cs = Certificate.getInstance(seq.getObjectAt(ii));
					addCertificate(DSSUtils.loadCertificate(cs.getEncoded()), CertificateOrigin.CERTIFICATE_VALUES);
				} catch (Exception e) {
					LOG.warn("Unable to parse encapsulated certificate : {}", e.getMessage());
				}
			}
		}
	}
}
 

@Test
public void parseCrlWithNoRevokedCerts() throws Exception {
  File crlFile = new File("src/test/resources/crls/crl-4/no-revoked-certs.crl");
  Certificate issuerSigner = parseCert("src/test/resources/crls/crl-4/ca.crt");

  CrlStreamParser parser = new CrlStreamParser(crlFile);
  Assert.assertEquals("version", 1, parser.getVersion());
  Assert.assertEquals("CRL number", BigInteger.valueOf(6), parser.getCrlNumber());

  Assert.assertTrue("signature", parser.verifySignature(issuerSigner.getSubjectPublicKeyInfo()));

  int numRevokedCerts = 0;

  try (RevokedCertsIterator iterator = parser.revokedCertificates()) {
    while (iterator.hasNext()) {
      iterator.next();
      numRevokedCerts++;
    }
  }

  Assert.assertEquals("#revokedCertificates", 0, numRevokedCerts);
}
 

@Test
public void parseCrlWithInvalidityDate() throws Exception {
  File crlFile = new File("src/test/resources/crls/crl-3/subcawithcrl1.crl");
  Certificate issuerSigner = parseCert("src/test/resources/crls/crl-3/ca.crt");

  CrlStreamParser parser = new CrlStreamParser(crlFile);
  Assert.assertEquals("version", 1, parser.getVersion());
  Assert.assertEquals("CRL number", BigInteger.valueOf(5), parser.getCrlNumber());

  Assert.assertTrue("signature", parser.verifySignature(issuerSigner.getSubjectPublicKeyInfo()));

  int numRevokedCerts = 0;

  try (RevokedCertsIterator iterator = parser.revokedCertificates()) {
    while (iterator.hasNext()) {
      iterator.next();
      numRevokedCerts++;
    }
  }

  Assert.assertEquals("#revokedCertificates", 2, numRevokedCerts);
}
 

private void checkBcSignature(PublicKey key, Signature signature)
    throws CertificateException, NoSuchAlgorithmException,
        SignatureException, InvalidKeyException {
  Certificate c = bcInstance.toASN1Structure();
  if (!c.getSignatureAlgorithm().equals(c.getTBSCertificate().getSignature())) {
    throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
  }

  signature.initVerify(key);
  try {
    signature.update(c.getTBSCertificate().getEncoded());
  } catch (IOException ex) {
    throw new CertificateException("error encoding TBSCertificate");
  }

  if (!signature.verify(c.getSignature().getBytes())) {
    throw new SignatureException("certificate does not verify with supplied key");
  }
}
 

private void parseCtLogInCert(String certFile) throws Exception {
  byte[] certBytes = IoUtil.read(getClass().getResourceAsStream(certFile));
  certBytes = X509Util.toDerEncoded(certBytes);
  Certificate cert = Certificate.getInstance(certBytes);
  Extension extn = cert.getTBSCertificate().getExtensions().getExtension(
                      ObjectIdentifiers.Extn.id_SCTs);
  byte[] encodedScts = DEROctetString.getInstance(extn.getParsedValue()).getOctets();
  SignedCertificateTimestampList sctList2 =
      SignedCertificateTimestampList.getInstance(encodedScts);
  SignedCertificateTimestamp sct = sctList2.getSctList().get(0);
  sct.getDigitallySigned().getEncoded();
  sctList2.getSctList().get(0).getDigitallySigned().getSignatureObject();
  byte[] encoded2 = sctList2.getEncoded();
  Assert.assertArrayEquals(encodedScts, encoded2);
}
 

@Test
public void parseCrl1() throws Exception {
  File crlFile = new File("src/test/resources/crls/crl-1/subcawithcrl1.crl");
  Certificate issuerSigner = parseCert("src/test/resources/crls/crl-1/ca.crt");

  CrlStreamParser parser = new CrlStreamParser(crlFile);
  Assert.assertEquals("version", 1, parser.getVersion());
  Assert.assertEquals("CRL number", BigInteger.valueOf(3), parser.getCrlNumber());

  Assert.assertTrue("signature", parser.verifySignature(issuerSigner.getSubjectPublicKeyInfo()));

  int numRevokedCerts = 0;

  try (RevokedCertsIterator iterator = parser.revokedCertificates()) {
    while (iterator.hasNext()) {
      iterator.next();
      numRevokedCerts++;
    }
  }

  Assert.assertEquals("#revokedCertificates", 1, numRevokedCerts);
}
 

/**
 * Gets OCSP URLs associated with the certificate.
 *
 * @param bcCert Bouncy Castle Certificate
 * @return a set of OCSP URLs
 */
private Set<String> getOcspUrls(Certificate bcCert) throws IOException
{
  TBSCertificate bcTbsCert = bcCert.getTBSCertificate();
  Extensions bcExts = bcTbsCert.getExtensions();
  if (bcExts == null)
  {
    throw new IOException("Failed to get Tbs Certificate.");
  }

  Set<String> ocsp = new HashSet<>();
  for (Enumeration<?> en = bcExts.oids(); en.hasMoreElements(); )
  {
    ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) en.nextElement();
    Extension bcExt = bcExts.getExtension(oid);
    if (Extension.authorityInfoAccess.equals(bcExt.getExtnId()))
    {
      // OCSP URLS are included in authorityInfoAccess
      DLSequence seq = (DLSequence) bcExt.getParsedValue();
      for (ASN1Encodable asn : seq)
      {
        ASN1Encodable[] pairOfAsn = ((DLSequence) asn).toArray();
        if (pairOfAsn.length == 2)
        {
          ASN1ObjectIdentifier key = (ASN1ObjectIdentifier) pairOfAsn[0];
          if (OIDocsp.equals(key))
          {
            // ensure OCSP and not CRL
            GeneralName gn = GeneralName.getInstance(pairOfAsn[1]);
            ocsp.add(gn.getName().toString());
          }
        }
      }
    }
  }
  return ocsp;
}
 

/**
 * Creates a pair of Issuer and Subject certificates
 *
 * @param bcChain a list of bouncy castle Certificate
 * @return a list of paif of Issuer and Subject certificates
 */
private List<SFPair<Certificate, Certificate>> getPairIssuerSubject(
    List<Certificate> bcChain) throws CertificateException
{
  List<SFPair<Certificate, Certificate>> pairIssuerSubject = new ArrayList<>();
  for (int i = 0, len = bcChain.size(); i < len; ++i)
  {
    Certificate bcCert = bcChain.get(i);
    if (bcCert.getIssuer().equals(bcCert.getSubject()))
    {
      continue; // skipping ROOT CA
    }
    if (i < len - 1)
    {
      pairIssuerSubject.add(SFPair.of(bcChain.get(i + 1), bcChain.get(i)));
    }
    else
    {
      // no root CA certificate is attached in the certificate chain, so
      // getting one from the root CA from JVM.
      Certificate issuer = ROOT_CA.get(bcCert.getIssuer().hashCode());
      if (issuer == null)
      {
        throw new CertificateException(
            "Failed to find the root CA.",
            new SFOCSPException(OCSPErrorCode.NO_ROOTCA_FOUND, "Failed to find the root CA."));
      }
      pairIssuerSubject.add(SFPair.of(issuer, bcChain.get(i)));
    }
  }
  return pairIssuerSubject;
}
 

/**
 * Converts X509Certificate to Bouncy Castle Certificate
 *
 * @param chain an array of X509Certificate
 * @return a list of Bouncy Castle Certificate
 */
private List<Certificate> convertToBouncyCastleCertificate(
    X509Certificate[] chain) throws CertificateEncodingException
{
  final List<Certificate> bcChain = new ArrayList<>();
  for (X509Certificate cert : chain)
  {
    bcChain.add(Certificate.getInstance(cert.getEncoded()));
  }
  return bcChain;
}
 

/**
 * Executes the revocation status checks for all chained certificates
 *
 * @param pairIssuerSubjectList a list of pair of issuer and subject certificates.
 * @throws CertificateException raises if any error occurs.
 */
private void executeRevocationStatusChecks(
    List<SFPair<Certificate, Certificate>> pairIssuerSubjectList, String peerHost)
throws CertificateException
{
  long currentTimeSecond = new Date().getTime() / 1000L;
  for (SFPair<Certificate, Certificate> pairIssuerSubject : pairIssuerSubjectList)
  {
    executeOneRevocationStatusCheck(pairIssuerSubject, currentTimeSecond, peerHost);
  }
}
 

private static Certificate parseCert(String fileName)
    throws IOException, CertificateEncodingException {
  try {
    return Certificate.getInstance(
        X509Util.toDerEncoded(Files.readAllBytes(Paths.get(fileName))));
  } catch (RuntimeException ex) {
    throw new CertificateEncodingException("error decoding certificate: " + ex.getMessage());
  }
}
 

@Test
public void base64() throws NoSuchAlgorithmException, InvalidKeySpecException, IOException, CryptoException, CspException {
    Security.addProvider(new BouncyCastleProvider());
    String sk = "MIGTAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBHkwdwIBAQQgTchUuHEAckzfS16v\n" +
            "8hz4Rt9G+41OifbzAr9jM+JGxiygCgYIKoEcz1UBgi2hRANCAASDw0oz+lq1H8QM\n" +
            "8YaZSikOsCdbLR+sUd+hpzvDF1wmS3zVNqtKnTRzD3bVgR4AFljtBVmbXNmJdrno\n" +
            "C8r6EmyE";
    KeyFactory keyf = keyf = KeyFactory.getInstance("EC");
    PKCS8EncodedKeySpec priPKCS8 = new PKCS8EncodedKeySpec(Base64.decode(sk));
    BCECPrivateKey priKey = (BCECPrivateKey) keyf.generatePrivate(priPKCS8);
    System.out.println("16进制私钥:" + priKey.getD().toString(16));

    String cert_path = MspValidateTest.class.getResource("/szca/testsm2.pem").getPath();
    byte[] idBytes = FileUtils.readFileBytes(cert_path);
    Certificate certificate = Certificate.getInstance(new PemReader(new InputStreamReader(new ByteArrayInputStream(idBytes))).readPemObject().getContent());
    byte[] pb = certificate.getTBSCertificate().getSubjectPublicKeyInfo().getPublicKeyData().getBytes();
    byte[] publickey = certificate.getSubjectPublicKeyInfo().getPublicKeyData().getBytes();

    System.out.println(certificate.getSubject());
    System.out.println("tbs 公钥" + Hex.toHexString(pb));
    System.out.println("公钥：" + Hex.toHexString(publickey));
    System.out.println("公钥长度：" + publickey.length);


    SM2 sm2 = new SM2();
    byte[] v = sm2.sign(priKey.getD().toByteArray(), "123".getBytes());
    System.out.println(sm2.verify(publickey, v, "123".getBytes()));

}
 

public IIdentity deserializeIdentityInternal(byte[] serializedIdentity) throws MspException {
    Certificate cert = Certificate.getInstance(serializedIdentity);
    byte[] pbBytes = cert.getSubjectPublicKeyInfo().getPublicKeyData().getBytes();
    IKey certPubK = null;
    try {
        certPubK = csp.keyImport(pbBytes, new SM2PublicKeyImportOpts(true));
    } catch (JulongChainException e) {
        throw new MspException(e.getMessage());
    }
    IIdentity identity = new Identity(cert, certPubK, this);
    return identity;
}
 

private CaHelper getCA(String caDir, OrgSpec spec, String name) throws JulongChainException {
    IKey privKey = CspHelper.loadPrivateKey(caDir);
    Certificate cert = CaHelper.loadCertificateSM2(caDir);
    NodeSpec ca = spec.getCa();
    return new CaHelper(
            name,
            ca.getCountry(),
            ca.getProvince(),
            ca.getLocality(),
            ca.getOrganizationalUnit(),
            ca.getStreetAddress(),
            ca.getPostalCode(),
            privKey,
            cert);
}
 

private static void x509Export(String path, Certificate cert) throws JulongChainException {
    try {
        pemExport(path, "CERTIFICATE", cert.getEncoded());
    } catch (Exception e) {
        throw new JulongChainException("An error occurred on x509Export:" + e.getMessage());
    }
}
 

/**
 * 获取唯一有效的验证证书链
 *
 * @param certificate
 * @param isIntermediateChain
 * @return
 * @throws MspException
 */
public X509Certificate[] getUniqueValidationChain(Certificate certificate, boolean isIntermediateChain) throws MspException {
    X509Certificate[] chains = new X509Certificate[rootCerts.length];
    for (int i = 0; i < rootCerts.length; i++) {
        IIdentity identity = rootCerts[i];
        if (identity instanceof Identity) {
            try {
                X509Certificate x509Certificate = CryptoUtil.getX509Certificate(((Identity) identity).getCertificate().getEncoded());
                chains[i] = x509Certificate;
            } catch (Exception e) {
                throw new MspException(e.getMessage());
            }
        }
    }
    return chains;
}
 

public static List<X509Cert> getCertsFromSignedData(SignedData signedData)
    throws CertificateException {
  Args.notNull(signedData, "signedData");
  ASN1Set set = signedData.getCertificates();
  if (set == null) {
    return Collections.emptyList();
  }

  final int n = set.size();
  if (n == 0) {
    return Collections.emptyList();
  }

  List<X509Cert> certs = new LinkedList<>();

  X509Cert eeCert = null;
  for (int i = 0; i < n; i++) {
    X509Cert cert;
    try {
      cert = new X509Cert(Certificate.getInstance(set.getObjectAt(i)));
    } catch (IllegalArgumentException ex) {
      throw new CertificateException(ex);
    }

    if (eeCert == null && cert.getBasicConstraints() == -1) {
      eeCert = cert;
    } else {
      certs.add(cert);
    }
  }

  if (eeCert != null) {
    certs.add(0, eeCert);
  }

  return certs;
}
 

public CaHelper(String name,
                String country,
                String province,
                String locality,
                String organizationalUnit,
                String streetAddress,
                String postalCode,
                IKey signer,
                Certificate signCert) {
    this.mName = name;
    this.mCountry = country;
    this.mProvince = province;
    this.mLocality = locality;
    this.mOrganizationalUnit = organizationalUnit;
    this.mStreetAddress = streetAddress;
    this.mPostalCode = postalCode;
    this.mSigner = signer;
    this.mSignCert = signCert;
}
 

/**
 * 解析x509证书
 *
 * @param idBytes
 * @return
 * @throws IOException
 * @throws MspException
 */
public Certificate getCertFromPem(byte[] idBytes) throws IOException, MspException {
    Certificate certificate = null;
    if (idBytes == null) {
        throw new MspException("GetCertFrom Pem error the idBytes is null");
    }
    certificate = Certificate.getInstance(new PemReader
            (new InputStreamReader(new ByteArrayInputStream(idBytes))).readPemObject().getContent());
    return certificate;
}
 

public OCSPRequest build(ContentSigner signer, Certificate[] chain) throws OCSPException {
  if (signer == null) {
    throw new IllegalArgumentException("no signer specified");
  }

  return generateRequest(signer, chain);
}