List of usage examples for org.bouncycastle.asn1 ASN1ObjectIdentifier getId
public String getId()
From source file:au.com.nullpointer.gp.der.CardData.java
License:Open Source License
public CardData(byte[] encoded) throws DecodingException { try {// ww w . ja v a 2 s .co m DERApplicationSpecific cardRecData = (DERApplicationSpecific) ASN1Sequence.fromByteArray(encoded); if (cardRecData.getApplicationTag() != TAG_CARD_RECOGNITION_DATA) { throw new DecodingException(TAG_CARD_RECOGNITION_DATA, cardRecData.getApplicationTag()); } cardRecData.getDERObject(); ASN1StreamParser parse = new ASN1StreamParser(cardRecData.getContents()); DEREncodable der = null; while ((der = parse.readObject()) != null) { if (der instanceof ASN1ObjectIdentifier) { if (!GP_OID.branch("1").equals(der)) { throw new DecodingException("Not GlobalPlatform card recognition data: " + der); } } if (der instanceof DERApplicationSpecific) { DERApplicationSpecific as = (DERApplicationSpecific) der; int tag = as.getApplicationTag(); ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) ASN1Object.fromByteArray(as.getContents()); switch (tag) { case 0: gpVersion = oid.getId().replace(GP_OID.branch("2").toString() + ".", ""); break; case 3: break; case 4: String[] vals = oid.getId().replace(GP_OID.branch("4").toString() + ".", "").split("\\."); scpVersion = Integer.parseInt(vals[0]); scpIValue = Integer.parseInt(vals[1]); break; case 5: cardConfig = oid.getId(); break; case 6: chip = oid.getId(); break; default: throw new DecodingException("Unknow card recognition data tag: " + tag); } } } } catch (IOException e) { throw new DecodingException("Unable to decode card recognition data", e); } }
From source file:be.apsu.extremon.probes.tsp.TSPProbe.java
License:Open Source License
private void getAllowedSignatureOIDs(String[] names) { oidsAllowed = new HashSet<String>(); oidToName = new HashMap<String, String>(); for (Class<?> clazz : new Class[] { X9ObjectIdentifiers.class, OIWObjectIdentifiers.class, PKCSObjectIdentifiers.class, TeleTrusTObjectIdentifiers.class, X509ObjectIdentifiers.class, CMSSignedDataGenerator.class, CryptoProObjectIdentifiers.class }) { for (Field field : clazz.getFields()) { if (field.getType().equals(ASN1ObjectIdentifier.class) && field.getName().toLowerCase().contains("with")) { try { ASN1ObjectIdentifier identifier = (ASN1ObjectIdentifier) field.get(null); String nameFound = field.getName().toLowerCase().replace("_", ""); oidToName.put(identifier.getId(), nameFound); for (String name : names) { String nameAllowed = name.toLowerCase().replace("_", ""); if (nameAllowed.equals(nameFound)) { oidsAllowed.add(identifier.getId()); }//from ww w.jav a 2s. c om } } catch (IllegalArgumentException e) { // if interface changed, simply don't use } catch (IllegalAccessException e) { // if private, simply don't use } } } } }
From source file:be.fedict.trust.constraints.CertificatePoliciesCertificateConstraint.java
License:Open Source License
@Override public void check(X509Certificate certificate) throws TrustLinkerResultException, Exception { byte[] extensionValue = certificate.getExtensionValue(Extension.certificatePolicies.getId()); if (null == extensionValue) { throw new TrustLinkerResultException(TrustLinkerResultReason.CONSTRAINT_VIOLATION, "missing certificate policies X509 extension"); }/*from w w w.j a va2 s . c o m*/ DEROctetString oct = (DEROctetString) (new ASN1InputStream(new ByteArrayInputStream(extensionValue)) .readObject()); ASN1Sequence certPolicies = (ASN1Sequence) new ASN1InputStream(oct.getOctets()).readObject(); Enumeration<?> certPoliciesEnum = certPolicies.getObjects(); while (certPoliciesEnum.hasMoreElements()) { PolicyInformation policyInfo = PolicyInformation.getInstance(certPoliciesEnum.nextElement()); ASN1ObjectIdentifier policyOid = policyInfo.getPolicyIdentifier(); String policyId = policyOid.getId(); LOG.debug("present policy OID: " + policyId); if (this.certificatePolicies.contains(policyId)) { LOG.debug("matching certificate policy OID: " + policyId); return; } } throw new TrustLinkerResultException(TrustLinkerResultReason.CONSTRAINT_VIOLATION, "required policy OID not present"); }
From source file:be.fedict.trust.constraints.QCStatementsCertificateConstraint.java
License:Open Source License
@Override public void check(X509Certificate certificate) throws TrustLinkerResultException, Exception { byte[] extensionValue = certificate.getExtensionValue(Extension.qCStatements.getId()); if (null == extensionValue) { throw new TrustLinkerResultException(TrustLinkerResultReason.CONSTRAINT_VIOLATION, "missing QCStatements extension"); }/*from w w w. j ava 2 s .co m*/ DEROctetString oct = (DEROctetString) (new ASN1InputStream(new ByteArrayInputStream(extensionValue)) .readObject()); ASN1Sequence qcStatements = (ASN1Sequence) new ASN1InputStream(oct.getOctets()).readObject(); Enumeration<?> qcStatementEnum = qcStatements.getObjects(); boolean qcCompliance = false; boolean qcSSCD = false; while (qcStatementEnum.hasMoreElements()) { QCStatement qcStatement = QCStatement.getInstance(qcStatementEnum.nextElement()); ASN1ObjectIdentifier statementId = qcStatement.getStatementId(); LOG.debug("statement Id: " + statementId.getId()); if (QCStatement.id_etsi_qcs_QcCompliance.equals(statementId)) { qcCompliance = true; } if (QCStatement.id_etsi_qcs_QcSSCD.equals(statementId)) { qcSSCD = true; } } if (null != this.qcComplianceFilter) { if (qcCompliance != this.qcComplianceFilter) { LOG.error("qcCompliance QCStatements error"); throw new TrustLinkerResultException(TrustLinkerResultReason.CONSTRAINT_VIOLATION, "QCStatements not matching"); } } if (null != this.qcSSCDFilter) { if (qcSSCD != this.qcSSCDFilter) { LOG.error("qcSSCD QCStatements error"); throw new TrustLinkerResultException(TrustLinkerResultReason.CONSTRAINT_VIOLATION, "QCStatements not matching"); } } }
From source file:bluecrystal.bcdeps.helper.DerEncoder.java
License:Open Source License
public static Map<String, String> createSanMap(byte[] extensionValue, int index) { Map<String, String> ret = new HashMap<String, String>(); try {/*from www.j av a 2 s . c o m*/ if (extensionValue == null) { return null; } ASN1InputStream oAsnInStream = new ASN1InputStream(new ByteArrayInputStream(extensionValue)); ASN1Primitive derObjCP = oAsnInStream.readObject(); DLSequence derSeq = (DLSequence) derObjCP; // int seqLen = derSeq.size(); ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) derSeq.getObjectAt(0); String sanOid = oid.getId(); DERTaggedObject derTO = (DERTaggedObject) derSeq.getObjectAt(1); // int tag = derTO.getTagNo(); ASN1Primitive derObjA = derTO.getObject(); DERTaggedObject derTO2 = (DERTaggedObject) derObjA; // int tag2 = derTO2.getTagNo(); ASN1Primitive derObjB = derTO2.getObject(); String contentStr = ""; if (derObjB instanceof DEROctetString) { DEROctetString derOCStr = (DEROctetString) derObjB; contentStr = new String(derOCStr.getOctets(), "UTF8"); } else if (derObjB instanceof DERPrintableString) { DERPrintableString derOCStr = (DERPrintableString) derObjB; contentStr = new String(derOCStr.getOctets(), "UTF8"); } else { System.err.println("FORMAT OF SAN: UNRECOGNIZED -> " + derObjB.getClass().getCanonicalName()); } LOG.debug(sanOid + " -> " + contentStr); String value = ""; String name = ""; if (sanOid.compareTo(PF_PF_ID) == 0 || sanOid.compareTo(PJ_PF_ID) == 0) { value = contentStr.substring(BIRTH_DATE_INI, BIRTH_DATE_LEN); if (isValidValue(value)) { name = String.format(CertConstants.BIRTH_DATE_D, index); ret.put(name, value); } value = contentStr.substring(CPF_INI, CPF_LEN); if (isValidValue(value)) { name = String.format(CertConstants.CPF_D, index); ret.put(name, value); } value = contentStr.substring(PIS_INI, PIS_LEN); if (isValidValue(value)) { name = String.format(CertConstants.PIS_D, index); ret.put(name, value); } value = contentStr.substring(RG_INI, RG_LEN); if (isValidValue(value)) { name = String.format(CertConstants.RG_D, index); ret.put(name, value); } int rgOrgUfLen = RG_ORG_UF_LEN > contentStr.length() ? contentStr.length() : RG_ORG_UF_LEN; if (rgOrgUfLen > RG_ORG_UF_INI) { value = contentStr.substring(RG_ORG_UF_INI, rgOrgUfLen); String rgOrg = value.substring(0, value.length() - 2); String rgUf = value.substring(value.length() - 2, value.length()); if (isValidValue(rgOrg)) { name = String.format(CertConstants.RG_ORG_D, index); ret.put(name, rgOrg); } if (isValidValue(rgUf)) { name = String.format(CertConstants.RG_UF_D, index); ret.put(name, rgUf); } } } else if (sanOid.compareTo(PERSON_NAME_OID) == 0) { value = contentStr; if (isValidValue(value)) { name = String.format(CertConstants.PERSON_NAME_D, index); ret.put(name, value); } } else if (sanOid.compareTo(CNPJ_OID) == 0) { name = String.format(CERT_TYPE_FMT, index); ret.put(name, ICP_BRASIL_PJ); value = contentStr; if (isValidValue(value)) { name = String.format(CertConstants.CNPJ_D, index); ret.put(name, value); } } else if (sanOid.compareTo(ELEITOR_OID) == 0) { name = String.format(CERT_TYPE_FMT, index); ret.put(name, ICP_BRASIL_PF); value = contentStr.substring(ELEITOR_INI, ELEITOR_LEN); if (isValidValue(value)) { name = String.format(CertConstants.ELEITOR_D, index); ret.put(name, value); } int zonaLen = ZONA_LEN > contentStr.length() ? contentStr.length() : ZONA_LEN; if (zonaLen > ZONA_LEN) { value = contentStr.substring(ZONA_INI, zonaLen); if (isValidValue(value)) { name = String.format(CertConstants.ZONA_D, index); ret.put(name, value); } } int secaoLen = SECAO_LEN > contentStr.length() ? contentStr.length() : SECAO_LEN; if (secaoLen > SECAO_LEN) { value = contentStr.substring(SECAO_INI, SECAO_LEN); if (isValidValue(value)) { name = String.format(CertConstants.SECAO_D, index); ret.put(name, value); } } } else if (sanOid.compareTo(PF_PF_INSS_OID) == 0 || sanOid.compareTo(PJ_PF_INSS_OID) == 0) { value = contentStr.substring(INSS_INI, INSS_LEN); if (isValidValue(value)) { name = String.format(CertConstants.INSS_D, index); ret.put(name, value); } } else if (sanOid.compareTo(OAB_OID) == 0) { value = contentStr.substring(OAB_REG_INI, OAB_REG_LEN); if (isValidValue(value)) { name = String.format(CertConstants.OAB_REG_D, index); ret.put(name, value); } value = contentStr.substring(OAB_UF_INI, OAB_UF_LEN); if (isValidValue(value)) { name = String.format(CertConstants.OAB_UF_D, index); ret.put(name, value); } } else if (sanOid.startsWith(PROFESSIONAL_OID)) { value = contentStr; if (isValidValue(value)) { name = String.format(CertConstants.PROFESSIONAL_D, index); ret.put(name, value); } } else if (sanOid.startsWith(UPN)) { value = contentStr; if (isValidValue(value)) { name = String.format(CertConstants.UPN_D, index); ret.put(name, value); } } else { System.err.println("SAN:OTHER NAME NOT RECOGNIZED"); } } catch (Exception e) { e.printStackTrace(); } return ret; }
From source file:bluecrystal.bcdeps.helper.DerEncoder.java
License:Open Source License
public static Map<String, String> getAIAComplete(byte[] ext) throws UnsupportedEncodingException { Map<String, String> ret = new HashMap<String, String>(); try {/*from ww w. j a v a2 s . c o m*/ if (ext == null) return null; ASN1InputStream oAsnInStream = new ASN1InputStream(new ByteArrayInputStream(ext)); ASN1Primitive derObjAIA = oAsnInStream.readObject(); DEROctetString dosAia = (DEROctetString) derObjAIA; byte[] aiaExtOctets = dosAia.getOctets(); // ------------ level 2 ASN1InputStream oAsnInStream2 = new ASN1InputStream(new ByteArrayInputStream(aiaExtOctets)); ASN1Primitive derObj2 = oAsnInStream2.readObject(); DLSequence aiaDLSeq = (DLSequence) derObj2; ASN1Encodable[] aiaAsArray = aiaDLSeq.toArray(); for (ASN1Encodable next : aiaAsArray) { DLSequence aiaDLSeq2 = (DLSequence) next; ASN1Encodable[] aiaAsArray2 = aiaDLSeq2.toArray(); // oid = 0 / content = 1 ASN1Encodable aiaOidEnc = aiaAsArray2[0]; ASN1ObjectIdentifier aiaOid = (ASN1ObjectIdentifier) aiaOidEnc; String idStr = aiaOid.getId(); // if (idStr.compareTo("1.3.6.1.5.5.7.48.2") == 0) { ASN1Encodable aiaContent = aiaAsArray2[1]; DERTaggedObject aiaDTO = (DERTaggedObject) aiaContent; ASN1Primitive aiaObj = aiaDTO.getObject(); DEROctetString aiaDOS = (DEROctetString) aiaObj; byte[] aiaOC = aiaDOS.getOctets(); ret.put(idStr, new String(aiaOC)); // break; // } } } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } return ret; }
From source file:ca.trustpoint.m2m.M2mCertificateFactory.java
License:Apache License
/** * Parses the given ASN.1 sequence and return the corresponding {@link M2mCertificate * M2MCertificate} object.//from w ww.j a v a 2 s. co m * * @param seq ASN.1 sequence containing TBS data. * @param cert A M2MCertificate object. * @throw InvalidKeyException if public key is invalid. * @throw IOException if parsing error. * @throw URISyntaxException if URI field is invalid. */ private void parseTbsCertificate(ASN1Sequence seq, M2mCertificate cert) throws InvalidKeyException, IOException, URISyntaxException { if (seq.size() < 2) { throw new IOException("no enough data for TBS certificate in sequence"); } // Set tbsCertificate for (int i = 0; i < seq.size(); i++) { ASN1TaggedObject obj = (ASN1TaggedObject) seq.getObjectAt(i); TbsCertificateFields tag = TbsCertificateFields.getInstance(obj.getTagNo()); switch (tag) { case SERIAL_NUMBER: ASN1OctetString serialNumber = ASN1OctetString.getInstance(obj, false); cert.setSerialNumber(serialNumber.getOctets()); break; case CA_ALGORITHM: ASN1ObjectIdentifier cAAlgorithm = ASN1ObjectIdentifier.getInstance(obj, false); if (cert.getCaKeyDefinition() == null) { cert.setCaKeyDefinition(new KeyAlgorithmDefinition()); } cert.getCaKeyDefinition().setAlgorithm(parseKeyAlgorithmDefinitionAlgorithm(cAAlgorithm)); break; case CA_ALGORITHM_PARAMETERS: ASN1OctetString cAAlgParams = ASN1OctetString.getInstance(obj, false); if (cert.getCaKeyDefinition() == null) { cert.setCaKeyDefinition(new KeyAlgorithmDefinition()); } cert.getCaKeyDefinition().setParameters(cAAlgParams.getOctets()); break; case ISSUER: ASN1Sequence issuerSeq = ASN1Sequence.getInstance(obj, false); cert.setIssuer(parseEntityName(issuerSeq)); break; case VALID_FROM: ASN1OctetString validFrom = ASN1OctetString.getInstance(obj, false); BigInteger dateTimeBInt = new BigInteger(validFrom.getOctets()); // date in sequence is second, converts to millisecond for constructing Date long dateTime = dateTimeBInt.longValue() * 1000; cert.setValidFrom(new Date(dateTime)); break; case VALID_DURATION: ASN1OctetString validDuration = ASN1OctetString.getInstance(obj, false); BigInteger duration = new BigInteger(validDuration.getOctets()); cert.setValidDuration(new Integer(duration.intValue())); break; case SUBJECT: ASN1Sequence subjectSeq = ASN1Sequence.getInstance(obj, false); cert.setSubject(parseEntityName(subjectSeq)); break; case PUBLIC_KEY_ALGORITHM: ASN1ObjectIdentifier pKAlgorithm = ASN1ObjectIdentifier.getInstance(obj, false); if (cert.getPublicKeyDefinition() == null) { cert.setPublicKeyDefinition(new KeyAlgorithmDefinition()); } cert.getPublicKeyDefinition().setAlgorithm(parseKeyAlgorithmDefinitionAlgorithm(pKAlgorithm)); break; case PUBLIC_KEY_ALGORITHM_PARAMETERS: ASN1OctetString pKAlgParams = ASN1OctetString.getInstance(obj, false); if (cert.getPublicKeyDefinition() == null) { cert.setPublicKeyDefinition(new KeyAlgorithmDefinition()); } cert.getPublicKeyDefinition().setParameters(pKAlgParams.getOctets()); break; case PUBLIC_KEY: ASN1OctetString pubKey = ASN1OctetString.getInstance(obj, false); byte[] rawPublicKey = pubKey.getOctets(); cert.setIsPublicKeyCompressed(KeyConversionUtils.isCompressedEcPoint(rawPublicKey)); PublicKey publicKey = KeyConversionUtils.convertRawBytestoEcPublicKey(rawPublicKey); cert.setPublicKey(publicKey); break; case AUTHORITY_KEY_ID: ASN1Sequence authKeyIdSeq = ASN1Sequence.getInstance(obj, false); cert.setAuthorityKeyIdentifier(parseAuthorityKeyIdentifier(authKeyIdSeq)); break; case SUBJECT_KEY_ID: ASN1OctetString subjKeyId = ASN1OctetString.getInstance(obj, false); cert.setSubjectKeyIdentifier(subjKeyId.getOctets()); break; case KEY_USAGE: ASN1OctetString keyUsageObj = ASN1OctetString.getInstance(obj, false); KeyUsage keyUsage = new KeyUsage(keyUsageObj.getEncoded()); cert.setKeyUsage(keyUsage); break; case BASIC_CONSTRAINTS: ASN1Integer basicConstraints = ASN1Integer.getInstance(obj, false); cert.setBasicConstraints(basicConstraints.getValue().intValue()); break; case CERTIFICATE_POLICY: ASN1ObjectIdentifier certPolicy = ASN1ObjectIdentifier.getInstance(obj, false); cert.setCertificatePolicy(certPolicy.getId()); break; case SUBJECT_ALTERNATE_NAME: ASN1TaggedObject subjectAltNameObj = ASN1TaggedObject.getInstance(obj, true); cert.setSubjectAlternativeName(parseGeneralName(subjectAltNameObj)); break; case ISSUER_ALTERNATE_NAME: ASN1TaggedObject issuerAltNameObj = ASN1TaggedObject.getInstance(obj, true); cert.setIssuerAlternativeName(parseGeneralName(issuerAltNameObj)); break; case EXTENDED_KEY_USAGE: ASN1ObjectIdentifier extendedKeyUsage = ASN1ObjectIdentifier.getInstance(obj, false); cert.setExtendedKeyUsage(extendedKeyUsage.getId()); break; case AUTHENTICATION_INFO_ACCESS_OCSP: DERIA5String authInfoAccessOCSPObj = DERIA5String.getInstance(obj, false); URI authInfoAccessOCSP = new URI(authInfoAccessOCSPObj.getString()); cert.setAuthenticationInfoAccessOcsp(authInfoAccessOCSP); break; case CRL_DISTRIBUTION_POINT_URI: DERIA5String cRLDistribPointURIObj = DERIA5String.getInstance(obj, false); URI cRLDistribPointURI = new URI(cRLDistribPointURIObj.getString()); cert.setCrlDistributionPointUri(cRLDistribPointURI); break; case EXTENSIONS: ASN1Sequence x509extensionsSeq = ASN1Sequence.getInstance(obj, false); parseX509extensions(x509extensionsSeq, cert); break; default: throw new IOException("unknow TBS certificate field number: " + tag.getTagNumber()); } } }
From source file:ca.trustpoint.m2m.M2mCertificateFactory.java
License:Apache License
/** * Parses ASN.1 object identifier to construct a {@link SignatureAlgorithmOids} object. * * @param oid ASN.1 object identifier./* w w w .j av a2 s . co m*/ * @return An instance of {@link SignatureAlgorithmOids} constructed from oid. */ private SignatureAlgorithmOids parseKeyAlgorithmDefinitionAlgorithm(ASN1ObjectIdentifier oid) { SignatureAlgorithmOids algorithm = null; if (oid == null || oid.getId() == null || oid.getId().equals("")) { return null; } try { // try M2MSignatureAlgorithmOids first algorithm = M2mSignatureAlgorithmOids.getInstance(oid.getId()); } catch (IllegalArgumentException e) { // try NfcSignatureAlgorithmOids now. Throws IllegalArgumentException if unknown OID algorithm = NfcSignatureAlgorithmOids.getInstance(oid.getId()); } return algorithm; }
From source file:ca.trustpoint.m2m.M2mCertificateFactory.java
License:Apache License
/** * Parses ASN.1 tagged object to construct a {@link GeneralName} object. * * @param obj An ASN.1 tagged object./* w ww .java 2 s . c o m*/ * @return An instance of {@link GeneralName} constructed from obj. * @throw IOException if parsing error or data invalid. */ private GeneralName parseGeneralName(ASN1TaggedObject obj) throws IOException { GeneralName name = new GeneralName(); GeneralNameAttributeId id = GeneralNameAttributeId.getInstance(obj.getTagNo()); switch (id) { case Rfc822Name: DERIA5String rfc822NameObj = DERIA5String.getInstance(obj, false); name.setAttributeId(GeneralNameAttributeId.Rfc822Name); name.setValue(rfc822NameObj.getString()); break; case DnsName: DERIA5String dNSNameObj = DERIA5String.getInstance(obj, false); name.setAttributeId(GeneralNameAttributeId.DnsName); name.setValue(dNSNameObj.getString()); break; case DirectoryName: ASN1Sequence directoryNameSeq = ASN1Sequence.getInstance(obj, false); name.setEntity(parseEntityName(directoryNameSeq)); break; case Uri: DERIA5String uriObj = DERIA5String.getInstance(obj, false); name.setAttributeId(GeneralNameAttributeId.Uri); name.setValue(uriObj.getString()); break; case IpAddress: ASN1OctetString iPAddressObj = ASN1OctetString.getInstance(obj, false); String iPAddress = InetAddress.getByAddress(iPAddressObj.getOctets()).getHostAddress(); name.setAttributeId(GeneralNameAttributeId.IpAddress); name.setValue(iPAddress); break; case RegisteredId: ASN1ObjectIdentifier registeredIDObj = ASN1ObjectIdentifier.getInstance(obj, false); name.setAttributeId(GeneralNameAttributeId.RegisteredId); name.setValue(registeredIDObj.getId()); break; default: throw new IOException("unknown GeneralName ID: " + id.getIndexId()); } if (!name.isValid()) { throw new IOException("invalid GeneralName instance parsed from ASN.1 tagged object"); } return name; }
From source file:ca.trustpoint.m2m.M2mCertificateFactory.java
License:Apache License
/** * Parses ASN.1 sequence to set up X.509 extentions of a {@link M2mCertificate} object. * * @param seq An ASN.1 sequence containing X.509 extentions. * @param cert A {@link M2mCertificate} object to be filled. * @throw IOException if parsing error or data invalid. *//*w ww .j a va 2 s. c om*/ private void parseX509extensions(ASN1Sequence seq, M2mCertificate cert) throws IOException { if (seq.size() < 1) { throw new IOException("not X.509 extension data in sequence"); } for (int i = 0; i < seq.size(); i++) { ASN1Sequence extSeq = (ASN1Sequence) seq.getObjectAt(i); if (extSeq.size() < 2) { throw new IOException("no enough data fields for X.509 extension in sequence"); } else if (extSeq.size() > 3) { throw new IOException("too many data fields for X.509 extension in sequence"); } String oid = null; boolean isCritical = false; byte[] value = null; for (int j = 0; j < extSeq.size(); j++) { ASN1TaggedObject obj = (ASN1TaggedObject) extSeq.getObjectAt(j); switch (obj.getTagNo()) { case 0: // oid ASN1ObjectIdentifier oidObj = ASN1ObjectIdentifier.getInstance(obj, false); oid = oidObj.getId(); break; case 1: // isCritical ASN1Boolean isCriticalObj = ASN1Boolean.getInstance(obj, false); isCritical = isCriticalObj.isTrue(); break; case 2: // value ASN1OctetString valueObj = ASN1OctetString.getInstance(obj, false); value = valueObj.getOctets(); break; default: throw new IOException("unknown x509extension ID: " + obj.getTagNo()); } } cert.addExtension(oid, isCritical, value); } }