protected void getClientPublicKey(byte[] clpubkey) throws Exception {
    DERObject obj = BouncyCastleUtil.toDERObject(clpubkey);
    byte[] pubkey = BouncyCastleUtil.toByteArray(obj);
    ByteArrayInputStream in = new ByteArrayInputStream(pubkey);
    X509Certificate cert = CertUtil.loadCertificate(in);

    SCUtil.pathValidation(cert, trustedCerts);
    logger.finest("path validated !!!");

    clPubkey = cert.getPublicKey();
  }
 /**
  * Returns the identity certificate of this credential. The identity certificate is the first
  * certificate in the chain that is not an impersonation proxy certificate.
  *
  * @return <code>X509Certificate</code> the identity cert. Null, if unable to get the identity
  *     certificate (an error occurred)
  */
 public X509Certificate getIdentityCertificate() {
   try {
     return BouncyCastleUtil.getIdentityCertificate(this.certChain);
   } catch (CertificateException e) {
     logger.debug("Error getting certificate identity.", e);
     return null;
   }
 }
 /**
  * Returns the certificate type of the first certificate in the chain. Returns -1 if unable to
  * determine the certificate type (an error occurred)
  *
  * @see BouncyCastleUtil#getCertificateType(X509Certificate)
  * @return the type of first certificate in the chain. -1 if unable to determine the certificate
  *     type.
  */
 public GSIConstants.CertificateType getProxyType() {
   try {
     return BouncyCastleUtil.getCertificateType(this.certChain[0]);
   } catch (CertificateException e) {
     logger.error("Error getting certificate type.", e);
     return GSIConstants.CertificateType.UNDEFINED;
   }
 }
  /**
   * Returns the actual value of the extension.
   *
   * @param cert the certificate that contains the extensions to retrieve.
   * @param oid the oid of the extension to retrieve.
   * @return the actual value of the extension (not octet string encoded)
   * @exception IOException if decoding the extension fails.
   */
  public static byte[] getExtensionValue(X509Certificate cert, String oid) throws IOException {
    if (cert == null) {
      throw new IllegalArgumentException(i18n.getMessage("certNull"));
    }
    if (oid == null) {
      throw new IllegalArgumentException(i18n.getMessage("oidNull"));
    }

    byte[] value = cert.getExtensionValue(oid);
    if (value == null) {
      return null;
    }

    return BouncyCastleUtil.getExtensionValue(value);
  }
  /**
   * Returns the path length constraint. The shortest length in the chain of certificates is
   * returned as the credential's path length.
   *
   * @return The path length constraint of the credential. -1 is any error occurs.
   */
  public int getPathConstraint() {

    int pathLength = Integer.MAX_VALUE;
    try {
      for (int i = 0; i < this.certChain.length; i++) {
        int length = BouncyCastleUtil.getProxyPathConstraint(this.certChain[i]);
        // if length is one, then no proxy cert extension exists, so
        // path length is -1
        if (length == -1) {
          length = Integer.MAX_VALUE;
        }
        if (length < pathLength) {
          pathLength = length;
        }
      }
    } catch (Exception e) {
      logger.warn("Error retrieving path length.", e);
      pathLength = -1;
    }
    return pathLength;
  }