private void constructMetadata() throws KeyczarException {
   if (purpose == KeyPurpose.ENCRYPT && key.getType() == KeyType.DSA_PUB) {
     throw new KeyczarException(Messages.getString("Keyczartool.InvalidUseOfDsaKey"));
   }
   meta = new KeyMetadata("imported from certificate", purpose, key.getType());
   meta.addVersion(new KeyVersion(1, KeyStatus.PRIMARY, true /* exportable */));
 }
 private void ensureCertificateRead() throws KeyczarException {
   if (key == null) {
     try {
       parseCertificate();
       constructMetadata();
     } catch (CertificateException e) {
       throw new KeyczarException(Messages.getString("KeyczarTool.InvalidCertificate"));
     }
   }
 }
  private void parseCertificate() throws CertificateException, KeyczarException {
    Certificate certificate =
        CertificateFactory.getInstance("X.509").generateCertificate(certificateStream);
    PublicKey publicKey = certificate.getPublicKey();

    if (publicKey instanceof RSAPublicKey) {
      key = readRsaX509Certificate(publicKey, padding);
    } else if (publicKey instanceof DSAPublicKey) {
      if (padding != null) {
        throw new KeyczarException(Messages.getString("InvalidPadding", padding.name()));
      }
      key = readDsaX509Certificate(publicKey);
    } else {
      throw new KeyczarException(
          "Unrecognized key type " + publicKey.getAlgorithm() + " in certificate");
    }
  }