Example 71 with ASN1Sequence
use of com.android.org.bouncycastle.asn1.ASN1Sequence in project keystore-explorer by kaikramer.
the class DViewCsr method extensionsPressed.
private void extensionsPressed() {
// extract sequence with extensions from csr
Attribute[] attributes = pkcs10Csr.getAttributes(pkcs_9_at_extensionRequest);
X509ExtensionSet x509ExtensionSet = new X509ExtensionSet();
if ((attributes != null) && (attributes.length > 0)) {
ASN1Encodable[] attributeValues = attributes[0].getAttributeValues();
if (attributeValues.length > 0) {
ASN1Sequence asn1Sequence = ASN1Sequence.getInstance(attributeValues[0]);
x509ExtensionSet = new X509ExtensionSet(asn1Sequence);
}
}
DViewExtensions dViewExtensions = new DViewExtensions(this, res.getString("DViewCertificate.Extensions.Title"), x509ExtensionSet);
dViewExtensions.setLocationRelativeTo(this);
dViewExtensions.setVisible(true);
}
Also used :
X509ExtensionSet(org.kse.crypto.x509.X509ExtensionSet)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
Attribute(org.bouncycastle.asn1.pkcs.Attribute)
DViewExtensions(org.kse.gui.dialogs.extensions.DViewExtensions)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
Example 72 with ASN1Sequence
use of com.android.org.bouncycastle.asn1.ASN1Sequence in project candlepin by candlepin.
the class X509CRLStreamWriter method write.
/**
* Write a modified CRL to the given output stream. This method will add each entry provided
* via the add() method.
*
* @param out OutputStream to write to
* @throws IOException if something goes wrong
*/
public void write(OutputStream out) throws IOException {
if (!locked || !preScanned) {
throw new IllegalStateException("The instance must be preScanned and locked before writing.");
}
if (emptyCrl) {
/* An empty CRL is going to be missing the revokedCertificates sequence
* and would require a lot of special casing during the streaming process.
* Instead, it is easier to construct the CRL in the normal fashion using
* BouncyCastle. Performance should be acceptable as long as the number of
* CRL entries being added are reasonable in number. Something less than a
* thousand or so should yield adequate performance.
*/
writeToEmptyCrl(out);
return;
}
originalLength = handleHeader(out);
int tag;
int tagNo;
int length;
while (originalLength > count.get()) {
tag = readTag(crlIn, count);
tagNo = readTagNumber(crlIn, tag, count);
length = readLength(crlIn, count);
byte[] entryBytes = new byte[length];
readFullyAndTrack(crlIn, entryBytes, count);
// We only need the serial number and not the rest of the stuff in the entry
ASN1Integer serial = (ASN1Integer) new ASN1InputStream(entryBytes).readObject();
if (deletedEntriesLength == 0 || !deletedEntries.contains(serial.getValue())) {
writeTag(out, tag, tagNo, signer);
writeLength(out, length, signer);
writeValue(out, entryBytes, signer);
}
}
// Write the new entries into the new CRL
for (ASN1Sequence entry : newEntries) {
writeBytes(out, entry.getEncoded(), signer);
}
// Copy the old extensions over
if (newExtensions != null) {
out.write(newExtensions);
signer.getOutputStream().write(newExtensions, 0, newExtensions.length);
}
out.write(signingAlg.getEncoded());
try {
byte[] signature = signer.getSignature();
ASN1BitString signatureBits = new DERBitString(signature);
out.write(signatureBits.getEncoded());
} catch (DataLengthException e) {
throw new IOException("Could not sign", e);
}
}
Also used :
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
DataLengthException(org.bouncycastle.crypto.DataLengthException)
DERBitString(org.bouncycastle.asn1.DERBitString)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
IOException(java.io.IOException)
ASN1BitString(org.bouncycastle.asn1.ASN1BitString)
Example 73 with ASN1Sequence
use of com.android.org.bouncycastle.asn1.ASN1Sequence in project jruby-openssl by jruby.
the class X509CRL method sign.
@JRubyMethod
public IRubyObject sign(final ThreadContext context, final IRubyObject key, IRubyObject digest) {
final Ruby runtime = context.runtime;
final String signatureAlgorithm = getSignatureAlgorithm(runtime, (PKey) key, (Digest) digest);
final X500Name issuerName = ((X509Name) issuer).getX500Name();
final java.util.Date thisUpdate = getLastUpdate().toDate();
final X509v2CRLBuilder generator = new X509v2CRLBuilder(issuerName, thisUpdate);
final java.util.Date nextUpdate = getNextUpdate().toDate();
generator.setNextUpdate(nextUpdate);
if (revoked != null) {
for (int i = 0; i < revoked.size(); i++) {
final X509Revoked rev = (X509Revoked) revoked.entry(i);
BigInteger serial = new BigInteger(rev.callMethod(context, "serial").toString());
RubyTime t1 = (RubyTime) rev.callMethod(context, "time").callMethod(context, "getutc");
t1.setMicroseconds(0);
final Extensions revExts;
if (rev.hasExtensions()) {
final RubyArray exts = rev.extensions();
final ASN1Encodable[] array = new ASN1Encodable[exts.size()];
for (int j = 0; j < exts.size(); j++) {
final X509Extension ext = (X509Extension) exts.entry(j);
try {
array[j] = ext.toASN1Sequence();
} catch (IOException e) {
throw newCRLError(runtime, e);
}
}
revExts = Extensions.getInstance(new DERSequence(array));
} else {
revExts = null;
}
generator.addCRLEntry(serial, t1.getJavaDate(), revExts);
}
}
try {
for (int i = 0; i < extensions.size(); i++) {
X509Extension ext = (X509Extension) extensions.entry(i);
ASN1Encodable value = ext.getRealValue();
generator.addExtension(ext.getRealObjectID(), ext.isRealCritical(), value);
}
} catch (IOException e) {
throw newCRLError(runtime, e);
}
final PrivateKey privateKey = ((PKey) key).getPrivateKey();
try {
if (avoidJavaSecurity) {
// NOT IMPLEMENTED
} else {
// crl = generator.generate(((PKey) key).getPrivateKey());
}
/*
AlgorithmIdentifier keyAldID = new AlgorithmIdentifier(new ASN1ObjectIdentifier(keyAlg));
AlgorithmIdentifier digAldID = new AlgorithmIdentifier(new ASN1ObjectIdentifier(digAlg));
final BcContentSignerBuilder signerBuilder;
final AsymmetricKeyParameter signerPrivateKey;
if ( isDSA ) {
signerBuilder = new BcDSAContentSignerBuilder(keyAldID, digAldID);
DSAPrivateKey privateKey = (DSAPrivateKey) ((PKey) key).getPrivateKey();
DSAParameters params = new DSAParameters(
privateKey.getParams().getP(),
privateKey.getParams().getQ(),
privateKey.getParams().getG()
);
signerPrivateKey = new DSAPrivateKeyParameters(privateKey.getX(), params);
}
*/
ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).build(privateKey);
this.crlHolder = generator.build(signer);
this.crl = null;
} catch (IllegalStateException e) {
debugStackTrace(e);
throw newCRLError(runtime, e);
} catch (Exception e) {
debugStackTrace(e);
throw newCRLError(runtime, e.getMessage());
}
final ASN1Primitive crlVal = getCRLValue(runtime);
ASN1Sequence v1 = (ASN1Sequence) (((ASN1Sequence) crlVal).getObjectAt(0));
final ASN1EncodableVector build1 = new ASN1EncodableVector();
int copyIndex = 0;
if (v1.getObjectAt(0) instanceof ASN1Integer)
copyIndex++;
build1.add(new ASN1Integer(new BigInteger(version.toString())));
while (copyIndex < v1.size()) {
build1.add(v1.getObjectAt(copyIndex++));
}
final ASN1EncodableVector build2 = new ASN1EncodableVector();
build2.add(new DLSequence(build1));
build2.add(((ASN1Sequence) crlVal).getObjectAt(1));
build2.add(((ASN1Sequence) crlVal).getObjectAt(2));
this.crlValue = new DLSequence(build2);
changed = false;
return this;
}
Also used :
RubyTime(org.jruby.RubyTime)
PrivateKey(java.security.PrivateKey)
RubyArray(org.jruby.RubyArray)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
RubyString(org.jruby.RubyString)
X500Name(org.bouncycastle.asn1.x500.X500Name)
Extensions(org.bouncycastle.asn1.x509.Extensions)
DERSequence(org.bouncycastle.asn1.DERSequence)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
Ruby(org.jruby.Ruby)
ContentSigner(org.bouncycastle.operator.ContentSigner)
IOException(java.io.IOException)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
RaiseException(org.jruby.exceptions.RaiseException)
GeneralSecurityException(java.security.GeneralSecurityException)
CRLException(java.security.cert.CRLException)
IOException(java.io.IOException)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
DLSequence(org.bouncycastle.asn1.DLSequence)
BigInteger(java.math.BigInteger)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
JRubyMethod(org.jruby.anno.JRubyMethod)
Example 74 with ASN1Sequence
use of com.android.org.bouncycastle.asn1.ASN1Sequence in project jruby-openssl by jruby.
the class X509Cert method uniqueExtensions.
private Collection<X509Extension> uniqueExtensions() {
final Map<ASN1ObjectIdentifier, X509Extension> unique = new LinkedHashMap<ASN1ObjectIdentifier, X509Extension>();
for (X509Extension current : this.extensions) {
final ASN1ObjectIdentifier oid = current.getRealObjectID();
final X509Extension existing = unique.get(oid);
if (existing == null) {
unique.put(oid, current);
continue;
}
// commonly used e.g. with subjectAltName || issuserAltName :
if ("2.5.29.17".equals(oid.getId()) || "2.5.29.18".equals(oid.getId())) {
final ASN1EncodableVector vec = new ASN1EncodableVector();
try {
GeneralName[] n1 = extRealNames(existing);
for (int i = 0; i < n1.length; i++) vec.add(n1[i]);
GeneralName[] n2 = extRealNames(current);
for (int i = 0; i < n2.length; i++) vec.add(n2[i]);
GeneralNames nn = GeneralNames.getInstance(new DLSequence(vec));
final X509Extension existingDup = existing.clone();
existingDup.setRealValue(nn);
unique.put(oid, existingDup);
} catch (IOException ex) {
throw getRuntime().newIOErrorFromException(ex);
}
continue;
}
// TODO do we need special care for any others here ?!?
final ASN1EncodableVector vec = new ASN1EncodableVector();
try {
final ASN1Encodable existingValue = existing.getRealValue();
if (existingValue instanceof ASN1Sequence) {
final ASN1Sequence seq = (ASN1Sequence) existingValue;
for (int i = 0; i < seq.size(); i++) {
vec.add(seq.getObjectAt(i));
}
} else {
vec.add(existingValue);
}
vec.add(current.getRealValue());
// existing.setRealValue( new DLSequence(vec) );
final X509Extension existingDup = existing.clone();
existingDup.setRealValue(new DLSequence(vec));
unique.put(oid, existingDup);
} catch (IOException ex) {
throw getRuntime().newIOErrorFromException(ex);
}
}
return unique.values();
}
Also used :
IOException(java.io.IOException)
LinkedHashMap(java.util.LinkedHashMap)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
DLSequence(org.bouncycastle.asn1.DLSequence)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 75 with ASN1Sequence
use of com.android.org.bouncycastle.asn1.ASN1Sequence in project jruby-openssl by jruby.
the class X509Extension method value.
@JRubyMethod
public RubyString value(final ThreadContext context) {
if (this.value instanceof RubyString) {
// return the same as set
return (RubyString) this.value;
}
final Ruby runtime = context.runtime;
final String oid = getRealObjectID().getId();
try {
if (oid.equals("2.5.29.19")) {
// basicConstraints
ASN1Sequence seq2 = (ASN1Sequence) ASN1.readObject(getRealValueEncoded());
final ByteList val = new ByteList(32);
if (seq2.size() > 0) {
val.append(CA_);
ASN1Encodable obj0 = seq2.getObjectAt(0);
final boolean bool;
if (obj0 instanceof ASN1Boolean) {
bool = ((ASN1Boolean) obj0).isTrue();
} else {
// NOTE: keep it due BC <= 1.50
bool = ((DERBoolean) obj0).isTrue();
}
val.append(bool ? TRUE : FALSE);
}
if (seq2.size() > 1) {
val.append(", pathlen:".getBytes());
val.append(seq2.getObjectAt(1).toString().getBytes());
}
return runtime.newString(val);
}
if (oid.equals("2.5.29.15")) {
// keyUsage
final byte[] enc = getRealValueEncoded();
byte b3 = 0;
byte b2 = enc[2];
if (enc.length > 3)
b3 = enc[3];
final ByteList val = new ByteList(64);
byte[] sep = _;
if ((b2 & (byte) 128) != 0) {
val.append(sep);
val.append(Decipher_Only);
sep = SEP;
}
if ((b3 & (byte) 128) != 0) {
val.append(sep);
val.append(Digital_Signature);
sep = SEP;
}
if ((b3 & (byte) 64) != 0) {
val.append(sep);
val.append(Non_Repudiation);
sep = SEP;
}
if ((b3 & (byte) 32) != 0) {
val.append(sep);
val.append(Key_Encipherment);
sep = SEP;
}
if ((b3 & (byte) 16) != 0) {
val.append(sep);
val.append(Data_Encipherment);
sep = SEP;
}
if ((b3 & (byte) 8) != 0) {
val.append(sep);
val.append(Key_Agreement);
sep = SEP;
}
if ((b3 & (byte) 4) != 0) {
val.append(sep);
val.append(Certificate_Sign);
sep = SEP;
}
if ((b3 & (byte) 2) != 0) {
val.append(sep);
val.append(CRL_Sign);
sep = SEP;
}
if ((b3 & (byte) 1) != 0) {
// sep = SEP;
val.append(sep);
// sep = SEP;
val.append(Encipher_Only);
}
return runtime.newString(val);
}
if (oid.equals("2.16.840.1.113730.1.1")) {
// nsCertType
final byte b0 = getRealValueEncoded()[0];
final ByteList val = new ByteList(64);
byte[] sep = _;
if ((b0 & (byte) 128) != 0) {
val.append(sep);
val.append(SSL_Client);
sep = SEP;
}
if ((b0 & (byte) 64) != 0) {
val.append(sep);
val.append(SSL_Server);
sep = SEP;
}
if ((b0 & (byte) 32) != 0) {
val.append(sep);
val.append(SMIME);
sep = SEP;
}
if ((b0 & (byte) 16) != 0) {
val.append(sep);
val.append(Object_Signing);
sep = SEP;
}
if ((b0 & (byte) 8) != 0) {
val.append(sep);
val.append(Unused);
sep = SEP;
}
if ((b0 & (byte) 4) != 0) {
val.append(sep);
val.append(SSL_CA);
sep = SEP;
}
if ((b0 & (byte) 2) != 0) {
val.append(sep);
val.append(SMIME_CA);
sep = SEP;
}
if ((b0 & (byte) 1) != 0) {
val.append(sep);
val.append(Object_Signing_CA);
}
return runtime.newString(val);
}
if (oid.equals("2.5.29.14")) {
// subjectKeyIdentifier
ASN1Encodable value = getRealValue();
if (value instanceof ASN1OctetString) {
byte[] octets = ((ASN1OctetString) value).getOctets();
if (octets.length > 0 && octets[0] == BERTags.OCTET_STRING) {
// read nested octets
value = ASN1.readObject(octets);
}
}
return runtime.newString(hexBytes(keyidBytes(value.toASN1Primitive()), 0));
}
if (oid.equals("2.5.29.35")) {
// authorityKeyIdentifier
ASN1Encodable value = getRealValue();
if (value instanceof ASN1OctetString) {
value = ASN1.readObject(((ASN1OctetString) value).getOctets());
}
final ByteList val = new ByteList(72);
val.append(keyid_);
if (value instanceof ASN1Sequence) {
final ASN1Sequence seq = (ASN1Sequence) value;
final int size = seq.size();
if (size == 0)
return RubyString.newEmptyString(runtime);
ASN1Primitive keyid = seq.getObjectAt(0).toASN1Primitive();
hexBytes(keyidBytes(keyid), val).append('\n');
for (int i = 1; i < size; i++) {
final ASN1Encodable issuer = seq.getObjectAt(i);
// NOTE: blindly got OpenSSL tests passing (likely in-complete) :
if (issuer instanceof ASN1TaggedObject) {
ASN1Primitive obj = ((ASN1TaggedObject) issuer).getObject();
switch(((ASN1TaggedObject) issuer).getTagNo()) {
case 1:
if (obj instanceof ASN1TaggedObject) {
formatGeneralName(GeneralName.getInstance(obj), val, true);
}
break;
case // serial
2:
val.append(new byte[] { 's', 'e', 'r', 'i', 'a', 'l', ':' });
if (obj instanceof ASN1Integer) {
hexBytes(((ASN1Integer) obj).getValue().toByteArray(), val);
} else {
hexBytes(((ASN1OctetString) obj).getOctets(), val);
}
break;
}
}
val.append('\n');
}
return runtime.newString(val);
}
hexBytes(keyidBytes(value.toASN1Primitive()), val).append('\n');
return runtime.newString(val);
}
if (oid.equals("2.5.29.21")) {
// CRLReason
final IRubyObject value = getValue(runtime);
switch(RubyNumeric.fix2int(value)) {
case 0:
return runtime.newString(new ByteList(Unspecified));
case 1:
return RubyString.newString(runtime, "Key Compromise");
case 2:
return RubyString.newString(runtime, "CA Compromise");
case 3:
return RubyString.newString(runtime, "Affiliation Changed");
case 4:
return RubyString.newString(runtime, "Superseded");
case 5:
return RubyString.newString(runtime, "Cessation Of Operation");
case 6:
return RubyString.newString(runtime, "Certificate Hold");
case 8:
return RubyString.newString(runtime, "Remove From CRL");
case 9:
return RubyString.newString(runtime, "Privilege Withdrawn");
default:
return runtime.newString(new ByteList(Unspecified));
}
}
if (oid.equals("2.5.29.17") || oid.equals("2.5.29.18")) {
// subjectAltName || issuerAltName
try {
ASN1Encodable value = getRealValue();
final ByteList val = new ByteList(64);
if (value instanceof ASN1TaggedObject) {
formatGeneralName(GeneralName.getInstance(value), val, false);
return runtime.newString(val);
}
if (value instanceof GeneralName) {
formatGeneralName((GeneralName) value, val, false);
return runtime.newString(val);
}
if (value instanceof ASN1OctetString) {
// decoded octets will end up as an ASN1Sequence instance :
value = ASN1.readObject(((ASN1OctetString) value).getOctets());
}
if (value instanceof ASN1TaggedObject) {
// DERTaggedObject (issuerAltName wrapping)
formatGeneralName(GeneralName.getInstance(value), val, false);
return runtime.newString(val);
}
final GeneralName[] names = GeneralNames.getInstance(value).getNames();
for (int i = 0; i < names.length; i++) {
boolean other = formatGeneralName(names[i], val, false);
if (i < names.length - 1) {
if (other)
val.append(';');
else
val.append(',').append(' ');
}
}
return runtime.newString(val);
} catch (IllegalArgumentException e) {
debugStackTrace(runtime, e);
return rawValueAsString(context);
}
}
if (oid.equals("2.5.29.37")) {
// extendedKeyUsage
final ByteList val = new ByteList(64);
if (this.value instanceof ASN1Sequence) {
// opt "short" path
final ASN1Sequence seq = (ASN1Sequence) this.value;
final int size = seq.size();
for (int i = 0; i < size; i++) {
ASN1Encodable o = seq.getObjectAt(i);
String name = o.toString();
Integer nid = ASN1.oid2nid(runtime, new ASN1ObjectIdentifier(name));
if (nid != null)
name = ASN1.nid2ln(runtime, nid);
if (name == null)
name = o.toString();
val.append(ByteList.plain(name));
if (i < size - 1)
val.append(',').append(' ');
}
return runtime.newString(val);
}
final IRubyObject value = getValue(runtime);
if (value instanceof RubyArray) {
final RubyArray arr = (RubyArray) value;
final int size = arr.size();
for (int i = 0; i < size; i++) {
IRubyObject entry = arr.eltInternal(i);
if ("ObjectId".equals(entry.getMetaClass().getBaseName())) {
entry = entry.callMethod(context, "ln");
} else if (entry.respondsTo("value")) {
entry = entry.callMethod(context, "value");
}
val.append(entry.asString().getByteList());
if (i < size - 1)
val.append(',').append(' ');
}
}
return runtime.newString(val);
}
return rawValueAsString(context);
} catch (IOException e) {
debugStackTrace(runtime, e);
throw newExtensionError(runtime, e);
}
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
ByteList(org.jruby.util.ByteList)
RubyArray(org.jruby.RubyArray)
RubyString(org.jruby.RubyString)
ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
RubyString(org.jruby.RubyString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
ASN1String(org.bouncycastle.asn1.ASN1String)
DERUniversalString(org.bouncycastle.asn1.DERUniversalString)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
IOException(java.io.IOException)
IRubyObject(org.jruby.runtime.builtin.IRubyObject)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
ASN1Boolean(org.bouncycastle.asn1.ASN1Boolean)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
Ruby(org.jruby.Ruby)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
JRubyMethod(org.jruby.anno.JRubyMethod)
Aggregations
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)202
IOException (java.io.IOException)70
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)56
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)49
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)41
ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)36
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)36
ArrayList (java.util.ArrayList)35
DEROctetString (org.bouncycastle.asn1.DEROctetString)35
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)32
X509Certificate (java.security.cert.X509Certificate)31
ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)31
DERSequence (org.bouncycastle.asn1.DERSequence)30
Enumeration (java.util.Enumeration)29
BigInteger (java.math.BigInteger)28
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)28
DERIA5String (org.bouncycastle.asn1.DERIA5String)28
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)28
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)26
List (java.util.List)25
