List of usage examples for org.bouncycastle.jce.provider X509CRLEntryObject X509CRLEntryObject
public X509CRLEntryObject(TBSCertList.CRLEntry c)
From source file:org.candlepin.util.X509CRLEntryStream.java
License:Open Source License
public X509CRLEntryObject next() { try {// w w w . j a v a 2 s . com // Strip the tag for the revokedCertificate entry int tag = readTag(crlStream, count); int tagNo = readTagNumber(crlStream, tag, count); if (tagNo == OBJECT_IDENTIFIER) { // If our tag is an OID, it means we're in an empty CRL with no // extensions. We could potentially detect this by looking at the upcoming // tag in hasNext(), but that screws up the stream for X509CRLStreamWriter because // it leaves the stream in the middle of a TLV. throw new IllegalStateException( "v1 CRLs with zero entries are unsupported." + " Please use a v2 CRL."); } int entryLength = readLength(crlStream, count); byte[] entry = new byte[entryLength]; readFullyAndTrack(crlStream, entry, count); ByteArrayOutputStream reconstructed = new ByteArrayOutputStream(); // An ASN1 SEQUENCE tag is 0x30 reconstructed.write(0x30); writeLength(reconstructed, entryLength); reconstructed.write(entry); /* NB: This BouncyCastle method is a bit slow. If we just read the serial number * alone out of the sequence, we can loop through 2 million entries in 500 ms. * Using this method takes around 2300 ms. But we need the entire * X509CRLEntryObject for the X509CRLStreamWriter, so we're kind of stuck * with it. */ DERSequence obj = (DERSequence) DERSequence.fromByteArray(reconstructed.toByteArray()); reconstructed.close(); CRLEntry crlEntry = new CRLEntry(obj); return new X509CRLEntryObject(crlEntry); } catch (IOException e) { throw new RuntimeException(e); } }