protected void processCertificateVerify(
      ServerHandshakeState state, byte[] body, TlsHandshakeHash prepareFinishHash)
      throws IOException {
    ByteArrayInputStream buf = new ByteArrayInputStream(body);

    DigitallySigned clientCertificateVerify = DigitallySigned.parse(state.serverContext, buf);

    TlsProtocol.assertEmpty(buf);

    // Verify the CertificateVerify message contains a correct signature.
    try {
      // TODO For TLS 1.2, this needs to be the hash specified in the DigitallySigned
      byte[] certificateVerifyHash =
          TlsProtocol.getCurrentPRFHash(state.serverContext, prepareFinishHash, null);

      org.bouncycastle.asn1.x509.Certificate x509Cert = state.clientCertificate.getCertificateAt(0);
      SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo();
      AsymmetricKeyParameter publicKey = PublicKeyFactory.createKey(keyInfo);

      TlsSigner tlsSigner = TlsUtils.createTlsSigner(state.clientCertificateType);
      tlsSigner.init(state.serverContext);
      tlsSigner.verifyRawSignature(
          clientCertificateVerify.getAlgorithm(),
          clientCertificateVerify.getSignature(),
          publicKey,
          certificateVerifyHash);
    } catch (Exception e) {
      throw new TlsFatalAlert(AlertDescription.decrypt_error);
    }
  }
  public CryptEngineImpl(Context ctx) throws Exception {

    // Получаем действующее хранилище
    IKeyStorage storage = KeyStorageFactory.getKeyStorage(ctx);

    Log.v("TFORWARD.CryptEngineImpl", "Decoding public key...");
    byte[] publicKey = Base64.decode(storage.getKey(IKeyStorage.PUBLIC_KEY_TYPE), Base64.DEFAULT);

    Log.v("TFORWARD.CryptEngineImpl", "Decoding ASN1 Structure");
    ASN1InputStream asnStream = new ASN1InputStream(publicKey);

    ASN1Sequence sequence = null;
    try {
      Log.v("TFORWARD.CryptEngineImpl", "Reading ASN1 Sequence");
      sequence = (ASN1Sequence) asnStream.readObject();
    } finally {
      asnStream.close();
    }

    Log.v("TFORWARD.CryptEngineImpl", "Creating certificate. " + sequence.size());
    Certificate certificate = Certificate.getInstance(sequence);
    SubjectPublicKeyInfo publicKeyInfo = certificate.getSubjectPublicKeyInfo();

    RSAPublicKey publicKeyStructure = RSAPublicKey.getInstance(publicKeyInfo.parsePublicKey());
    BigInteger mod = publicKeyStructure.getModulus();
    BigInteger pubExp = publicKeyStructure.getPublicExponent();

    publicRsaKey = new RSAKeyParameters(false, mod, pubExp);

    // ------------------------ PRIVATE KEY --------------------------------
    byte[] privateKeyData =
        Base64.decode(storage.getKey(IKeyStorage.SECRET_KEY_TYPE), Base64.DEFAULT);
    asnStream = new ASN1InputStream(privateKeyData);

    ASN1Sequence asnSequence = null;
    try {
      asnSequence = (ASN1Sequence) asnStream.readObject();
    } finally {
      asnStream.close();
    }

    RSAPrivateKey privateKey = RSAPrivateKey.getInstance(asnSequence);
    privateRsaKey =
        new RSAPrivateCrtKeyParameters(
            privateKey.getModulus(),
            privateKey.getPublicExponent(),
            privateKey.getPrivateExponent(),
            privateKey.getPrime1(),
            privateKey.getPrime2(),
            privateKey.getExponent1(),
            privateKey.getExponent2(),
            privateKey.getCoefficient());

    RSAEngine engine = new RSAEngine();
    digest = new MD5Digest();
    cipher = new PKCS1Encoding(engine);
  }
示例#3
0
 public void notifyClientCertificate(org.bouncycastle.crypto.tls.Certificate clientCertificate)
     throws IOException {
   Certificate[] chain = clientCertificate.getCertificateList();
   System.out.println("TLS server received client certificate chain of length " + chain.length);
   for (int i = 0; i != chain.length; i++) {
     Certificate entry = chain[i];
     // TODO Create fingerprint based on certificate signature algorithm digest
     System.out.println(
         "    fingerprint:SHA-256 "
             + TlsTestUtils.fingerprint(entry)
             + " ("
             + entry.getSubject()
             + ")");
   }
 }
示例#4
0
  private java.security.cert.Certificate readPEMCertificate(InputStream in)
      throws IOException, CertificateParsingException {
    ASN1Sequence seq = PEM_CERT_PARSER.readPEMObject(in);

    if (seq != null) {
      return new X509CertificateObject(Certificate.getInstance(seq));
    }

    return null;
  }
示例#5
0
  private void checkConnectionClient(TlsClient client, int cipherSuite, byte[] encCert)
      throws Exception {
    client.notifySelectedCipherSuite(cipherSuite);

    TlsKeyExchange keyExchange = client.getKeyExchange();

    keyExchange.processServerCertificate(
        new Certificate(
            new org.bouncycastle.asn1.x509.Certificate[] {
              org.bouncycastle.asn1.x509.Certificate.getInstance(encCert)
            }));
  }
示例#6
0
  private java.security.cert.Certificate getCertificate() throws CertificateParsingException {
    if (sData != null) {
      while (sDataObjectCount < sData.size()) {
        Object obj = sData.getObjectAt(sDataObjectCount++);

        if (obj instanceof ASN1Sequence) {
          return new X509CertificateObject(Certificate.getInstance(obj));
        }
      }
    }

    return null;
  }
  private X509Certificate generateJcaObject(TBSCertificate tbsCert, byte[] signature)
      throws CertificateEncodingException {
    ASN1EncodableVector v = new ASN1EncodableVector();

    v.add(tbsCert);
    v.add(sigAlgId);
    v.add(new DERBitString(signature));

    try {
      return new X509CertificateObject(Certificate.getInstance(new DERSequence(v)));
    } catch (CertificateParsingException e) {
      throw new ExtCertificateEncodingException("exception producing certificate object", e);
    }
  }
示例#8
0
  public X509IssuerInfo(
      final List<String> caIssuerURLs,
      final List<String> ocspURLs,
      final List<String> crlURLs,
      final List<String> deltaCrlURLs,
      final byte[] certBytes)
      throws CertificateException {
    ParamChecker.assertNotNull("certBytes", certBytes);

    if (CollectionUtil.isEmpty(caIssuerURLs)) {
      this.caIssuerURLs = null;
    } else {
      Set<String> set = new HashSet<>();
      set.addAll(caIssuerURLs);
      this.caIssuerURLs = Collections.unmodifiableSet(set);
    }

    if (CollectionUtil.isEmpty(ocspURLs)) {
      this.ocspURLs = null;
    } else {
      Set<String> set = new HashSet<>();
      set.addAll(ocspURLs);
      this.ocspURLs = Collections.unmodifiableSet(set);
    }

    if (CollectionUtil.isEmpty(crlURLs)) {
      this.crlURLs = null;
    } else {
      Set<String> set = new HashSet<>();
      set.addAll(crlURLs);
      this.crlURLs = Collections.unmodifiableSet(set);
    }

    if (CollectionUtil.isEmpty(deltaCrlURLs)) {
      this.deltaCrlURLs = null;
    } else {
      Set<String> set = new HashSet<>();
      set.addAll(deltaCrlURLs);
      this.deltaCrlURLs = Collections.unmodifiableSet(set);
    }

    try {
      this.cert = X509Util.parseCert(certBytes);
    } catch (IOException e) {
      throw new CertificateException(e.getMessage(), e);
    }
    this.bcCert = Certificate.getInstance(certBytes);
    this.ski = X509Util.extractSKI(cert);
  }
示例#9
0
  /**
   * Checks whether the given certificate is on this CRL.
   *
   * @param cert the certificate to check for.
   * @return true if the given certificate is on this CRL, false otherwise.
   */
  public boolean isRevoked(Certificate cert) {
    if (!cert.getType().equals("X.509")) {
      throw new RuntimeException("X.509 CRL used with non X.509 Cert");
    }

    TBSCertList.CRLEntry[] certs = c.getRevokedCertificates();

    X500Name caName = c.getIssuer();

    if (certs != null) {
      BigInteger serial = ((X509Certificate) cert).getSerialNumber();

      for (int i = 0; i < certs.length; i++) {
        if (isIndirect && certs[i].hasExtensions()) {
          Extension currentCaName =
              certs[i].getExtensions().getExtension(Extension.certificateIssuer);

          if (currentCaName != null) {
            caName =
                X500Name.getInstance(
                    GeneralNames.getInstance(currentCaName.getParsedValue())
                        .getNames()[0]
                        .getName());
          }
        }

        if (certs[i].getUserCertificate().getValue().equals(serial)) {
          X500Name issuer;

          try {
            issuer =
                org.bouncycastle.asn1.x509.Certificate.getInstance(cert.getEncoded()).getIssuer();
          } catch (CertificateEncodingException e) {
            throw new RuntimeException("Cannot process certificate");
          }

          if (!caName.equals(issuer)) {
            return false;
          }

          return true;
        }
      }
    }

    return false;
  }
示例#10
0
  private java.security.cert.Certificate readDERCertificate(ASN1InputStream dIn)
      throws IOException, CertificateParsingException {
    ASN1Sequence seq = (ASN1Sequence) dIn.readObject();

    if (seq.size() > 1 && seq.getObjectAt(0) instanceof ASN1ObjectIdentifier) {
      if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData)) {
        sData =
            SignedData.getInstance(
                    ASN1Sequence.getInstance((ASN1TaggedObject) seq.getObjectAt(1), true))
                .getCertificates();

        return getCertificate();
      }
    }

    return new X509CertificateObject(Certificate.getInstance(seq));
  }
示例#11
0
  /**
   * Constructor with an indication of the timestamp type. The default constructor for {@code
   * TimestampToken}.
   *
   * @param timeStamp {@code TimeStampToken}
   * @param type {@code TimestampType}
   * @param certPool {@code CertificatePool} which is used to identify the signing certificate of
   *     the timestamp
   */
  public TimestampToken(
      final TimeStampToken timeStamp, final TimestampType type, final CertificatePool certPool) {

    this.timeStamp = timeStamp;
    this.timeStampType = type;
    this.extraInfo = new TokenValidationExtraInfo();
    wrappedSource = new CAdESCertificateSource(timeStamp, certPool);
    final Collection<CertificateToken> certs = wrappedSource.getCertificates();
    for (final CertificateToken certificateToken : certs) {

      final byte[] encoded = certificateToken.getEncoded();
      final Certificate certificate = Certificate.getInstance(encoded);
      final X509CertificateHolder x509CertificateHolder = new X509CertificateHolder(certificate);
      if (timeStamp.getSID().match(x509CertificateHolder)) {

        boolean valid = isSignedBy(certificateToken);
        if (valid) {
          break;
        }
      }
    }
  }
示例#12
0
  @Override
  protected Object _doExecute() throws Exception {
    P10RequestGenerator p10Gen = new P10RequestGenerator();

    hashAlgo = hashAlgo.trim().toUpperCase();
    if (hashAlgo.indexOf('-') != -1) {
      hashAlgo = hashAlgo.replaceAll("-", "");
    }

    if (needExtensionTypes == null) {
      needExtensionTypes = new LinkedList<>();
    }

    // SubjectAltNames
    List<Extension> extensions = new LinkedList<>();
    if (isNotEmpty(subjectAltNames)) {
      extensions.add(P10RequestGenerator.createExtensionSubjectAltName(subjectAltNames, false));
      needExtensionTypes.add(Extension.subjectAlternativeName.getId());
    }

    // SubjectInfoAccess
    if (isNotEmpty(subjectInfoAccesses)) {
      extensions.add(
          P10RequestGenerator.createExtensionSubjectInfoAccess(subjectInfoAccesses, false));
      needExtensionTypes.add(Extension.subjectInfoAccess.getId());
    }

    // Keyusage
    if (isNotEmpty(keyusages)) {
      Set<KeyUsage> usages = new HashSet<>();
      for (String usage : keyusages) {
        usages.add(KeyUsage.getKeyUsage(usage));
      }
      org.bouncycastle.asn1.x509.KeyUsage extValue = X509Util.createKeyUsage(usages);
      ASN1ObjectIdentifier extType = Extension.keyUsage;
      extensions.add(new Extension(extType, false, extValue.getEncoded()));
      needExtensionTypes.add(extType.getId());
    }

    // ExtendedKeyusage
    if (isNotEmpty(extkeyusages)) {
      Set<ASN1ObjectIdentifier> oids =
          new HashSet<>(SecurityUtil.textToASN1ObjectIdentifers(extkeyusages));
      ExtendedKeyUsage extValue = X509Util.createExtendedUsage(oids);
      ASN1ObjectIdentifier extType = Extension.extendedKeyUsage;
      extensions.add(new Extension(extType, false, extValue.getEncoded()));
      needExtensionTypes.add(extType.getId());
    }

    // QcEuLimitValue
    if (isNotEmpty(qcEuLimits)) {
      ASN1EncodableVector v = new ASN1EncodableVector();
      for (String m : qcEuLimits) {
        StringTokenizer st = new StringTokenizer(m, ":");
        try {
          String currencyS = st.nextToken();
          String amountS = st.nextToken();
          String exponentS = st.nextToken();

          Iso4217CurrencyCode currency;
          try {
            int intValue = Integer.parseInt(currencyS);
            currency = new Iso4217CurrencyCode(intValue);
          } catch (NumberFormatException e) {
            currency = new Iso4217CurrencyCode(currencyS);
          }

          int amount = Integer.parseInt(amountS);
          int exponent = Integer.parseInt(exponentS);

          MonetaryValue monterayValue = new MonetaryValue(currency, amount, exponent);
          QCStatement statment =
              new QCStatement(ObjectIdentifiers.id_etsi_qcs_QcLimitValue, monterayValue);
          v.add(statment);
        } catch (Exception e) {
          throw new Exception("invalid qc-eu-limit '" + m + "'");
        }
      }

      ASN1ObjectIdentifier extType = Extension.qCStatements;
      ASN1Sequence extValue = new DERSequence(v);
      extensions.add(new Extension(extType, false, extValue.getEncoded()));
      needExtensionTypes.add(extType.getId());
    }

    // biometricInfo
    if (biometricType != null && biometricHashAlgo != null && biometricFile != null) {
      TypeOfBiometricData _biometricType;
      if (StringUtil.isNumber(biometricType)) {
        _biometricType = new TypeOfBiometricData(Integer.parseInt(biometricType));
      } else {
        _biometricType = new TypeOfBiometricData(new ASN1ObjectIdentifier(biometricType));
      }

      ASN1ObjectIdentifier _biometricHashAlgo = AlgorithmUtil.getHashAlg(biometricHashAlgo);
      byte[] biometricBytes = IoUtil.read(biometricFile);
      MessageDigest md = MessageDigest.getInstance(_biometricHashAlgo.getId());
      md.reset();
      byte[] _biometricDataHash = md.digest(biometricBytes);

      DERIA5String _sourceDataUri = null;
      if (biometricUri != null) {
        _sourceDataUri = new DERIA5String(biometricUri);
      }
      BiometricData biometricData =
          new BiometricData(
              _biometricType,
              new AlgorithmIdentifier(_biometricHashAlgo),
              new DEROctetString(_biometricDataHash),
              _sourceDataUri);

      ASN1EncodableVector v = new ASN1EncodableVector();
      v.add(biometricData);

      ASN1ObjectIdentifier extType = Extension.biometricInfo;
      ASN1Sequence extValue = new DERSequence(v);
      extensions.add(new Extension(extType, false, extValue.getEncoded()));
      needExtensionTypes.add(extType.getId());
    } else if (biometricType == null && biometricHashAlgo == null && biometricFile == null) {
      // Do nothing
    } else {
      throw new Exception(
          "either all of biometric triples (type, hash algo, file)"
              + " must be set or none of them should be set");
    }

    if (isNotEmpty(needExtensionTypes) || isNotEmpty(wantExtensionTypes)) {
      ExtensionExistence ee =
          new ExtensionExistence(
              SecurityUtil.textToASN1ObjectIdentifers(needExtensionTypes),
              SecurityUtil.textToASN1ObjectIdentifers(wantExtensionTypes));
      extensions.add(
          new Extension(
              ObjectIdentifiers.id_xipki_ext_cmpRequestExtensions,
              false,
              ee.toASN1Primitive().getEncoded()));
    }

    ConcurrentContentSigner identifiedSigner =
        getSigner(hashAlgo, new SignatureAlgoControl(rsaMgf1, dsaPlain));
    Certificate cert = Certificate.getInstance(identifiedSigner.getCertificate().getEncoded());

    X500Name subjectDN;
    if (subject != null) {
      subjectDN = getSubject(subject);
    } else {
      subjectDN = cert.getSubject();
    }

    SubjectPublicKeyInfo subjectPublicKeyInfo = cert.getSubjectPublicKeyInfo();

    ContentSigner signer = identifiedSigner.borrowContentSigner();

    PKCS10CertificationRequest p10Req;
    try {
      p10Req = p10Gen.generateRequest(signer, subjectPublicKeyInfo, subjectDN, extensions);
    } finally {
      identifiedSigner.returnContentSigner(signer);
    }

    File file = new File(outputFilename);
    saveVerbose("saved PKCS#10 request to file", file, p10Req.getEncoded());
    return null;
  }
  private int do_import_cert(
      final PreparedStatement ps_cert,
      final PreparedStatement ps_certhash,
      final PreparedStatement ps_rawcert,
      final String certsZipFile,
      final int minId,
      final File processLogFile,
      final ProcessLog processLog,
      final int numProcessedInLastProcess)
      throws Exception {
    ZipFile zipFile = new ZipFile(new File(certsZipFile));
    ZipEntry certsXmlEntry = zipFile.getEntry("certs.xml");

    OcspCertsReader certs;
    try {
      certs = new OcspCertsReader(zipFile.getInputStream(certsXmlEntry));
    } catch (Exception e) {
      try {
        zipFile.close();
      } catch (Exception e2) {
      }
      throw e;
    }

    disableAutoCommit();

    try {
      int numEntriesInBatch = 0;
      int lastSuccessfulCertId = 0;

      while (certs.hasNext()) {
        if (stopMe.get()) {
          throw new InterruptedException("interrupted by the user");
        }

        OcspCertType cert = (OcspCertType) certs.next();

        int id = cert.getId();
        if (id < minId) {
          continue;
        }

        numEntriesInBatch++;

        String filename = cert.getFile();

        // rawcert
        ZipEntry certZipEnty = zipFile.getEntry(filename);
        // rawcert
        byte[] encodedCert = IoUtil.read(zipFile.getInputStream(certZipEnty));

        TBSCertificate c;
        try {
          Certificate cc = Certificate.getInstance(encodedCert);
          c = cc.getTBSCertificate();
        } catch (Exception e) {
          LOG.error("could not parse certificate in file {}", filename);
          LOG.debug("could not parse certificate in file " + filename, e);
          if (e instanceof CertificateException) {
            throw (CertificateException) e;
          } else {
            throw new CertificateException(e.getMessage(), e);
          }
        }

        // cert
        try {
          int idx = 1;
          ps_cert.setInt(idx++, id);
          ps_cert.setInt(idx++, cert.getIid());
          ps_cert.setLong(idx++, c.getSerialNumber().getPositiveValue().longValue());
          ps_cert.setLong(idx++, cert.getUpdate());
          ps_cert.setLong(idx++, c.getStartDate().getDate().getTime() / 1000);
          ps_cert.setLong(idx++, c.getEndDate().getDate().getTime() / 1000);
          setBoolean(ps_cert, idx++, cert.getRev().booleanValue());
          setInt(ps_cert, idx++, cert.getRr());
          setLong(ps_cert, idx++, cert.getRt());
          setLong(ps_cert, idx++, cert.getRit());
          ps_cert.setString(idx++, cert.getProfile());
          ps_cert.addBatch();
        } catch (SQLException e) {
          throw translate(SQL_ADD_CERT, e);
        }

        // certhash
        try {
          int idx = 1;
          ps_certhash.setInt(idx++, cert.getId());
          ps_certhash.setString(idx++, sha1(encodedCert));
          ps_certhash.setString(idx++, sha224(encodedCert));
          ps_certhash.setString(idx++, sha256(encodedCert));
          ps_certhash.setString(idx++, sha384(encodedCert));
          ps_certhash.setString(idx++, sha512(encodedCert));
          ps_certhash.addBatch();
        } catch (SQLException e) {
          throw translate(SQL_ADD_CHASH, e);
        }

        // rawcert
        try {
          int idx = 1;
          ps_rawcert.setInt(idx++, cert.getId());
          ps_rawcert.setString(idx++, X509Util.cutX500Name(c.getSubject(), maxX500nameLen));
          ps_rawcert.setString(idx++, Base64.toBase64String(encodedCert));
          ps_rawcert.addBatch();
        } catch (SQLException e) {
          throw translate(SQL_ADD_CRAW, e);
        }

        boolean isLastBlock = !certs.hasNext();

        if (numEntriesInBatch > 0
            && (numEntriesInBatch % this.numCertsPerCommit == 0 || isLastBlock)) {
          if (evaulateOnly) {
            ps_cert.clearBatch();
            ps_certhash.clearBatch();
            ps_rawcert.clearBatch();
          } else {
            String sql = null;
            try {
              sql = SQL_ADD_CERT;
              ps_cert.executeBatch();

              sql = SQL_ADD_CHASH;
              ps_certhash.executeBatch();

              sql = SQL_ADD_CRAW;
              ps_rawcert.executeBatch();

              sql = null;
              commit("(commit import cert to OCSP)");
            } catch (Throwable t) {
              rollback();
              deleteCertGreatherThan(lastSuccessfulCertId, LOG);
              if (t instanceof SQLException) {
                throw translate(sql, (SQLException) t);
              } else if (t instanceof Exception) {
                throw (Exception) t;
              } else {
                throw new Exception(t);
              }
            }
          }

          lastSuccessfulCertId = id;
          processLog.addNumProcessed(numEntriesInBatch);
          numEntriesInBatch = 0;
          echoToFile(
              (numProcessedInLastProcess + processLog.getNumProcessed())
                  + ":"
                  + lastSuccessfulCertId,
              processLogFile);
          processLog.printStatus();
        }
      } // end for

      return lastSuccessfulCertId;
    } finally {
      try {
        recoverAutoCommit();
      } catch (DataAccessException e) {
      }
      zipFile.close();
    }
  } // method do_import_cert
  private void import_issuer(final Issuers issuers)
      throws DataAccessException, CertificateException, IOException {
    System.out.println("importing table ISSUER");
    PreparedStatement ps = prepareStatement(SQL_ADD_ISSUER);

    try {
      for (IssuerType issuer : issuers.getIssuer()) {
        try {
          String certFilename = issuer.getCertFile();
          String b64Cert = new String(IoUtil.read(new File(baseDir, certFilename)));
          byte[] encodedCert = Base64.decode(b64Cert);

          Certificate c;
          byte[] encodedName;
          try {
            c = Certificate.getInstance(encodedCert);
            encodedName = c.getSubject().getEncoded("DER");
          } catch (Exception e) {
            LOG.error("could not parse certificate of issuer {}", issuer.getId());
            LOG.debug("could not parse certificate of issuer " + issuer.getId(), e);
            if (e instanceof CertificateException) {
              throw (CertificateException) e;
            } else {
              throw new CertificateException(e.getMessage(), e);
            }
          }
          byte[] encodedKey = c.getSubjectPublicKeyInfo().getPublicKeyData().getBytes();

          int idx = 1;
          ps.setInt(idx++, issuer.getId());
          ps.setString(idx++, X509Util.cutX500Name(c.getSubject(), maxX500nameLen));
          ps.setLong(idx++, c.getTBSCertificate().getStartDate().getDate().getTime() / 1000);
          ps.setLong(idx++, c.getTBSCertificate().getEndDate().getDate().getTime() / 1000);
          ps.setString(idx++, sha1(encodedName));
          ps.setString(idx++, sha1(encodedKey));
          ps.setString(idx++, sha224(encodedName));
          ps.setString(idx++, sha224(encodedKey));
          ps.setString(idx++, sha256(encodedName));
          ps.setString(idx++, sha256(encodedKey));
          ps.setString(idx++, sha384(encodedName));
          ps.setString(idx++, sha384(encodedKey));
          ps.setString(idx++, sha512(encodedName));
          ps.setString(idx++, sha512(encodedKey));
          ps.setString(idx++, sha1(encodedCert));
          ps.setString(idx++, b64Cert);
          setBoolean(ps, idx++, issuer.isRevoked());
          setInt(ps, idx++, issuer.getRevReason());
          setLong(ps, idx++, issuer.getRevTime());
          setLong(ps, idx++, issuer.getRevInvTime());

          ps.execute();
        } catch (SQLException e) {
          System.err.println("error while importing issuer with id=" + issuer.getId());
          throw translate(SQL_ADD_ISSUER, e);
        } catch (CertificateException e) {
          System.err.println("error while importing issuer with id=" + issuer.getId());
          throw e;
        }
      }
    } finally {
      releaseResources(ps, null);
    }
    System.out.println(" imported table ISSUER");
  } // method import_issuer
 public static CertificateModel fromASN1(ASN1InputStream stream) throws IOException {
   return CertificateModelFactory.from(
       new X509CertificateHolder(Certificate.getInstance(stream.readObject())));
 }
 public PKCS12SafeBagBuilder(Certificate certificate) throws IOException {
   this.bagType = PKCSObjectIdentifiers.certBag;
   this.bagValue =
       new CertBag(
           PKCSObjectIdentifiers.x509Certificate, new DEROctetString(certificate.getEncoded()));
 }