directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From plusplusjia...@apache.org
Subject [13/21] directory-kerby git commit: Merge from pkinit-support branch.
Date Wed, 16 Dec 2015 06:17:00 GMT
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/commons/ssl/X509CertificateChainBuilder.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/commons/ssl/X509CertificateChainBuilder.java b/kerby-pkix/src/main/java/org/apache/commons/ssl/X509CertificateChainBuilder.java
new file mode 100644
index 0000000..fb2642f
--- /dev/null
+++ b/kerby-pkix/src/main/java/org/apache/commons/ssl/X509CertificateChainBuilder.java
@@ -0,0 +1,204 @@
+/*
+ * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.16/src/java/org/apache/commons/ssl/X509CertificateChainBuilder.java $
+ * $Revision: 134 $
+ * $Date: 2008-02-26 21:30:48 -0800 (Tue, 26 Feb 2008) $
+ *
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.ssl;
+
+import java.io.FileInputStream;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PublicKey;
+import java.security.SignatureException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.LinkedList;
+
+/**
+ * Utility for building X509 certificate chains.
+ *
+ * @author Credit Union Central of British Columbia
+ * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
+ * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
+ * @since 16-Nov-2005
+ */
+public class X509CertificateChainBuilder {
+    /**
+     * Builds the ordered certificate chain upwards from the startingPoint.
+     * Uses the supplied X509Certificate[] array to search for the parent,
+     * grandparent, and higher ancestor certificates.  Stops at self-signed
+     * certificates, or when no ancestor can be found.
+     * <p/>
+     * Thanks to Joe Whitney for helping me put together a Big-O( m * n )
+     * implementation where m = the length of the final certificate chain.
+     * For a while I was using a Big-O( n ^ 2 ) implementation!
+     *
+     * @param startingPoint the X509Certificate for which we want to find
+     *                      ancestors
+     * @param certificates  A pool of certificates in which we expect to find
+     *                      the startingPoint's ancestors.
+     * @return Array of X509Certificates, starting with the "startingPoint" and
+     *         ending with highest level ancestor we could find in the supplied
+     *         collection.
+     * @throws java.security.NoSuchAlgorithmException
+     *          on unsupported signature
+     *          algorithms.
+     * @throws java.security.InvalidKeyException
+     *          on incorrect key.
+     * @throws java.security.NoSuchProviderException
+     *          if there's no default provider.
+     * @throws java.security.cert.CertificateException
+     *          on encoding errors.
+     */
+    public static X509Certificate[] buildPath(X509Certificate startingPoint,
+                                              Certificate[] certificates)
+        throws NoSuchAlgorithmException, InvalidKeyException,
+        NoSuchProviderException, CertificateException {
+        // Use a LinkedList, because we do lots of random it.remove() operations.
+        return buildPath(startingPoint,
+            new LinkedList(Arrays.asList(certificates)));
+    }
+
+    /**
+     * Builds the ordered certificate chain upwards from the startingPoint.
+     * Uses the supplied collection to search for the parent, grandparent,
+     * and higher ancestor certificates.  Stops at self-signed certificates,
+     * or when no ancestor can be found.
+     * <p/>
+     * Thanks to Joe Whitney for helping me put together a Big-O( m * n )
+     * implementation where m = the length of the final certificate chain.
+     * For a while I was using a Big-O( n ^ 2 ) implementation!
+     *
+     * @param startingPoint the X509Certificate for which we want to find
+     *                      ancestors
+     * @param certificates  A pool of certificates in which we expect to find
+     *                      the startingPoint's ancestors.
+     * @return Array of X509Certificates, starting with the "startingPoint" and
+     *         ending with highest level ancestor we could find in the supplied
+     *         collection.
+     * @throws java.security.NoSuchAlgorithmException
+     *          on unsupported signature
+     *          algorithms.
+     * @throws java.security.InvalidKeyException
+     *          on incorrect key.
+     * @throws java.security.NoSuchProviderException
+     *          if there's no default provider.
+     * @throws java.security.cert.CertificateException
+     *          on encoding errors.
+     */
+    public static X509Certificate[] buildPath(X509Certificate startingPoint,
+                                              Collection certificates)
+        throws NoSuchAlgorithmException, InvalidKeyException,
+        NoSuchProviderException, CertificateException {
+        LinkedList path = new LinkedList();
+        path.add(startingPoint);
+        boolean nodeAdded = true;
+        // Keep looping until an iteration happens where we don't add any nodes
+        // to our path.
+        while (nodeAdded) {
+            // We'll start out by assuming nothing gets added.  If something
+            // gets added, then nodeAdded will be changed to "true".
+            nodeAdded = false;
+            X509Certificate top = (X509Certificate) path.getLast();
+            if (isSelfSigned(top)) {
+                // We're self-signed, so we're done!
+                break;
+            }
+
+            // Not self-signed.  Let's see if we're signed by anyone in the
+            // collection.
+            Iterator it = certificates.iterator();
+            while (it.hasNext()) {
+                X509Certificate x509 = (X509Certificate) it.next();
+                if (verify(top, x509.getPublicKey())) {
+                    // We're signed by this guy!  Add him to the chain we're
+                    // building up.
+                    path.add(x509);
+                    nodeAdded = true;
+                    it.remove(); // Not interested in this guy anymore!
+                    break;
+                }
+                // Not signed by this guy, let's try the next guy.
+            }
+        }
+        X509Certificate[] results = new X509Certificate[path.size()];
+        path.toArray(results);
+        return results;
+    }
+
+    public static boolean isSelfSigned(X509Certificate cert)
+        throws CertificateException, InvalidKeyException,
+        NoSuchAlgorithmException, NoSuchProviderException {
+
+        return verify(cert, cert.getPublicKey());
+    }
+
+    public static boolean verify(X509Certificate cert, PublicKey key)
+        throws CertificateException, InvalidKeyException,
+        NoSuchAlgorithmException, NoSuchProviderException {
+
+        String sigAlg = cert.getSigAlgName();
+        String keyAlg = key.getAlgorithm();
+        sigAlg = sigAlg != null ? sigAlg.trim().toUpperCase() : "";
+        keyAlg = keyAlg != null ? keyAlg.trim().toUpperCase() : "";
+        if (keyAlg.length() >= 2 && sigAlg.endsWith(keyAlg)) {
+            try {
+                cert.verify(key);
+                return true;
+            } catch (SignatureException se) {
+                return false;
+            }
+        } else {
+            return false;
+        }
+    }
+
+    public static void main(String[] args) throws Exception {
+        if (args.length < 2) {
+            System.out.println("Usage: [special-one] [file-with-certs]");
+            System.exit(1);
+        }
+        FileInputStream f1 = new FileInputStream(args[0]);
+        FileInputStream f2 = new FileInputStream(args[1]);
+        CertificateFactory cf = CertificateFactory.getInstance("X.509");
+        X509Certificate theOne = (X509Certificate) cf.generateCertificate(f1);
+        Collection c = cf.generateCertificates(f2);
+
+        X509Certificate[] path = buildPath(theOne, c);
+        for (int i = 0; i < path.length; i++) {
+            System.out.println(Certificates.getCN(path[i]));
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/cms/type/Attribute.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/Attribute.java b/kerby-pkix/src/main/java/org/apache/kerby/cms/type/Attribute.java
index f9a4615..1bfb21d 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/Attribute.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/cms/type/Attribute.java
@@ -24,6 +24,7 @@ import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1ObjectIdentifier;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
 import org.apache.kerby.x509.type.AttributeValues;
+
 import static org.apache.kerby.cms.type.Attribute.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/cms/type/AttributeCertificateInfoV1.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/AttributeCertificateInfoV1.java b/kerby-pkix/src/main/java/org/apache/kerby/cms/type/AttributeCertificateInfoV1.java
index bc01773..b0a894b 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/AttributeCertificateInfoV1.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/cms/type/AttributeCertificateInfoV1.java
@@ -19,9 +19,9 @@
  */
 package org.apache.kerby.cms.type;
 
+import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1BitString;
-import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.type.Asn1Integer;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
 import org.apache.kerby.x509.type.AlgorithmIdentifier;
@@ -30,6 +30,7 @@ import org.apache.kerby.x509.type.AttCertValidityPeriod;
 import org.apache.kerby.x509.type.Attributes;
 import org.apache.kerby.x509.type.CertificateSerialNumber;
 import org.apache.kerby.x509.type.Extensions;
+
 import static org.apache.kerby.cms.type.AttributeCertificateInfoV1.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/cms/type/AttributeCertificateV1.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/AttributeCertificateV1.java b/kerby-pkix/src/main/java/org/apache/kerby/cms/type/AttributeCertificateV1.java
index 8eaeebf..b84a09d 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/AttributeCertificateV1.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/cms/type/AttributeCertificateV1.java
@@ -19,12 +19,13 @@
  */
 package org.apache.kerby.cms.type;
 
+import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1BitString;
-import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
 import org.apache.kerby.x509.type.AlgorithmIdentifier;
 import org.apache.kerby.x509.type.AttributeCertificateInfo;
+
 import static org.apache.kerby.cms.type.AttributeCertificateV1.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/cms/type/Certificate.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/Certificate.java b/kerby-pkix/src/main/java/org/apache/kerby/cms/type/Certificate.java
deleted file mode 100644
index 6635015..0000000
--- a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/Certificate.java
+++ /dev/null
@@ -1,89 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License.
- *
- */
-package org.apache.kerby.cms.type;
-
-import org.apache.kerby.asn1.EnumType;
-import org.apache.kerby.asn1.type.Asn1BitString;
-import org.apache.kerby.asn1.Asn1FieldInfo;
-import org.apache.kerby.asn1.type.Asn1SequenceType;
-import org.apache.kerby.x509.type.AlgorithmIdentifier;
-import org.apache.kerby.x509.type.TBSCertificate;
-import static org.apache.kerby.cms.type.Certificate.MyEnum.*;
-
-/**
- * <pre>
- *  Certificate ::= SEQUENCE {
- *      tbsCertificate          TBSCertificate,
- *      signatureAlgorithm      AlgorithmIdentifier,
- *      signature               BIT STRING
- *  }
- * </pre>
- */
-public class Certificate extends Asn1SequenceType {
-    protected enum MyEnum implements EnumType {
-        TBS_CERTIFICATE,
-        SIGNATURE_ALGORITHM,
-        SIGNATURE;
-
-        @Override
-        public int getValue() {
-            return ordinal();
-        }
-
-        @Override
-        public String getName() {
-            return name();
-        }
-    }
-
-    static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
-            new Asn1FieldInfo(TBS_CERTIFICATE, TBSCertificate.class),
-            new Asn1FieldInfo(SIGNATURE_ALGORITHM, AlgorithmIdentifier.class),
-            new Asn1FieldInfo(SIGNATURE, Asn1BitString.class)
-    };
-
-    public Certificate() {
-        super(fieldInfos);
-    }
-
-    public TBSCertificate getTBSCertificate() {
-        return getFieldAs(TBS_CERTIFICATE, TBSCertificate.class);
-    }
-
-    public void setTbsCertificate(TBSCertificate tbsCertificate) {
-        setFieldAs(TBS_CERTIFICATE, tbsCertificate);
-    }
-
-    public AlgorithmIdentifier getSignatureAlgorithm() {
-        return getFieldAs(SIGNATURE_ALGORITHM, AlgorithmIdentifier.class);
-    }
-
-    public void setSignatureAlgorithm(AlgorithmIdentifier signatureAlgorithm) {
-        setFieldAs(SIGNATURE_ALGORITHM, signatureAlgorithm);
-    }
-
-    public Asn1BitString getSignature() {
-        return getFieldAs(SIGNATURE, Asn1BitString.class);
-    }
-
-    public void setSignature(Asn1BitString signature) {
-        setFieldAs(SIGNATURE, signature);
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/cms/type/CertificateChoices.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/CertificateChoices.java b/kerby-pkix/src/main/java/org/apache/kerby/cms/type/CertificateChoices.java
index 0856534..57a0a48 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/CertificateChoices.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/cms/type/CertificateChoices.java
@@ -19,10 +19,12 @@
  */
 package org.apache.kerby.cms.type;
 
-import org.apache.kerby.asn1.EnumType;
-import org.apache.kerby.asn1.type.Asn1Choice;
 import org.apache.kerby.asn1.Asn1FieldInfo;
+import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.ImplicitField;
+import org.apache.kerby.asn1.type.Asn1Choice;
+import org.apache.kerby.x509.type.Certificate;
+
 import static org.apache.kerby.cms.type.CertificateChoices.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/cms/type/CompressedData.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/CompressedData.java b/kerby-pkix/src/main/java/org/apache/kerby/cms/type/CompressedData.java
index 6f36340..2995421 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/CompressedData.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/cms/type/CompressedData.java
@@ -23,6 +23,7 @@ import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
 import org.apache.kerby.x509.type.AlgorithmIdentifier;
+
 import static org.apache.kerby.cms.type.CompressedData.MyEnum.*;
 
 /** 

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/cms/type/ContentInfo.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/ContentInfo.java b/kerby-pkix/src/main/java/org/apache/kerby/cms/type/ContentInfo.java
index 2627857..077abe2 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/ContentInfo.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/cms/type/ContentInfo.java
@@ -19,13 +19,14 @@
  */
 package org.apache.kerby.cms.type;
 
+import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
+import org.apache.kerby.asn1.ExplicitField;
 import org.apache.kerby.asn1.type.Asn1Any;
-import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.type.Asn1ObjectIdentifier;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
 import org.apache.kerby.asn1.type.Asn1Type;
-import org.apache.kerby.asn1.ExplicitField;
+
 import static org.apache.kerby.cms.type.ContentInfo.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/cms/type/EncapsulatedContentInfo.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/EncapsulatedContentInfo.java b/kerby-pkix/src/main/java/org/apache/kerby/cms/type/EncapsulatedContentInfo.java
index 17f9beb..17b5c76 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/EncapsulatedContentInfo.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/cms/type/EncapsulatedContentInfo.java
@@ -21,10 +21,11 @@ package org.apache.kerby.cms.type;
 
 import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
+import org.apache.kerby.asn1.ExplicitField;
 import org.apache.kerby.asn1.type.Asn1ObjectIdentifier;
 import org.apache.kerby.asn1.type.Asn1OctetString;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
-import org.apache.kerby.asn1.ExplicitField;
+
 import static org.apache.kerby.cms.type.EncapsulatedContentInfo.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/cms/type/ExtendedCertificate.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/ExtendedCertificate.java b/kerby-pkix/src/main/java/org/apache/kerby/cms/type/ExtendedCertificate.java
index 44dc604..ca46571 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/ExtendedCertificate.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/cms/type/ExtendedCertificate.java
@@ -22,6 +22,7 @@ package org.apache.kerby.cms.type;
 import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
+
 import static org.apache.kerby.cms.type.ExtendedCertificate.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/cms/type/ExtendedCertificateInfo.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/ExtendedCertificateInfo.java b/kerby-pkix/src/main/java/org/apache/kerby/cms/type/ExtendedCertificateInfo.java
index b2223f8..1cd5d92 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/ExtendedCertificateInfo.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/cms/type/ExtendedCertificateInfo.java
@@ -22,6 +22,7 @@ package org.apache.kerby.cms.type;
 import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
+
 import static org.apache.kerby.cms.type.ExtendedCertificateInfo.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/cms/type/IssuerAndSerialNumber.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/IssuerAndSerialNumber.java b/kerby-pkix/src/main/java/org/apache/kerby/cms/type/IssuerAndSerialNumber.java
index 1c9173a..55c0025 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/IssuerAndSerialNumber.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/cms/type/IssuerAndSerialNumber.java
@@ -24,6 +24,7 @@ import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1Integer;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
 import org.apache.kerby.x500.type.Name;
+
 import static org.apache.kerby.cms.type.IssuerAndSerialNumber.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/cms/type/OtherCertificateFormat.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/OtherCertificateFormat.java b/kerby-pkix/src/main/java/org/apache/kerby/cms/type/OtherCertificateFormat.java
index df77423..11b302c 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/OtherCertificateFormat.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/cms/type/OtherCertificateFormat.java
@@ -19,12 +19,13 @@
  */
 package org.apache.kerby.cms.type;
 
+import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1Any;
-import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.type.Asn1ObjectIdentifier;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
 import org.apache.kerby.asn1.type.Asn1Type;
+
 import static org.apache.kerby.cms.type.OtherCertificateFormat.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/cms/type/OtherRevocationInfoFormat.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/OtherRevocationInfoFormat.java b/kerby-pkix/src/main/java/org/apache/kerby/cms/type/OtherRevocationInfoFormat.java
index 5f1fa94..abbf9d3 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/OtherRevocationInfoFormat.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/cms/type/OtherRevocationInfoFormat.java
@@ -19,12 +19,13 @@
  */
 package org.apache.kerby.cms.type;
 
+import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1Any;
-import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.type.Asn1ObjectIdentifier;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
 import org.apache.kerby.asn1.type.Asn1Type;
+
 import static org.apache.kerby.cms.type.OtherRevocationInfoFormat.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/cms/type/RevocationInfoChoice.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/RevocationInfoChoice.java b/kerby-pkix/src/main/java/org/apache/kerby/cms/type/RevocationInfoChoice.java
index 57be933..539c0ce 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/RevocationInfoChoice.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/cms/type/RevocationInfoChoice.java
@@ -19,10 +19,10 @@
  */
 package org.apache.kerby.cms.type;
 
-import org.apache.kerby.asn1.EnumType;
-import org.apache.kerby.asn1.type.Asn1Choice;
 import org.apache.kerby.asn1.Asn1FieldInfo;
+import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.ImplicitField;
+import org.apache.kerby.asn1.type.Asn1Choice;
 import org.apache.kerby.x509.type.CertificateList;
 
 import static org.apache.kerby.cms.type.RevocationInfoChoice.MyEnum.*;

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/cms/type/SignedData.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/SignedData.java b/kerby-pkix/src/main/java/org/apache/kerby/cms/type/SignedData.java
index 68dd37f..7be20a2 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/SignedData.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/cms/type/SignedData.java
@@ -21,8 +21,9 @@ package org.apache.kerby.cms.type;
 
 import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
-import org.apache.kerby.asn1.type.Asn1SequenceType;
 import org.apache.kerby.asn1.ImplicitField;
+import org.apache.kerby.asn1.type.Asn1SequenceType;
+
 import static org.apache.kerby.cms.type.SignedData.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/cms/type/SignerIdentifier.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/SignerIdentifier.java b/kerby-pkix/src/main/java/org/apache/kerby/cms/type/SignerIdentifier.java
index 9b2d859..66535e3 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/SignerIdentifier.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/cms/type/SignerIdentifier.java
@@ -19,11 +19,12 @@
  */
 package org.apache.kerby.cms.type;
 
-import org.apache.kerby.asn1.EnumType;
-import org.apache.kerby.asn1.type.Asn1Choice;
 import org.apache.kerby.asn1.Asn1FieldInfo;
+import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.ExplicitField;
+import org.apache.kerby.asn1.type.Asn1Choice;
 import org.apache.kerby.x509.type.SubjectKeyIdentifier;
+
 import static org.apache.kerby.cms.type.SignerIdentifier.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/cms/type/SignerInfo.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/SignerInfo.java b/kerby-pkix/src/main/java/org/apache/kerby/cms/type/SignerInfo.java
index 69dcd27..82cda9f 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/SignerInfo.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/cms/type/SignerInfo.java
@@ -21,8 +21,9 @@ package org.apache.kerby.cms.type;
 
 import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
-import org.apache.kerby.asn1.type.Asn1SequenceType;
 import org.apache.kerby.asn1.ImplicitField;
+import org.apache.kerby.asn1.type.Asn1SequenceType;
+
 import static org.apache.kerby.cms.type.SignerInfo.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/cms/type/Subject.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/Subject.java b/kerby-pkix/src/main/java/org/apache/kerby/cms/type/Subject.java
index 8779c8c..1a1b64b 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/cms/type/Subject.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/cms/type/Subject.java
@@ -19,12 +19,13 @@
  */
 package org.apache.kerby.cms.type;
 
-import org.apache.kerby.asn1.EnumType;
-import org.apache.kerby.asn1.type.Asn1Choice;
 import org.apache.kerby.asn1.Asn1FieldInfo;
+import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.ExplicitField;
+import org.apache.kerby.asn1.type.Asn1Choice;
 import org.apache.kerby.x509.type.GeneralNames;
 import org.apache.kerby.x509.type.IssuerSerial;
+
 import static org.apache.kerby.cms.type.Subject.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/pki/PkiLoader.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/pki/PkiLoader.java b/kerby-pkix/src/main/java/org/apache/kerby/pki/PkiLoader.java
new file mode 100644
index 0000000..7523f39
--- /dev/null
+++ b/kerby-pkix/src/main/java/org/apache/kerby/pki/PkiLoader.java
@@ -0,0 +1,114 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.pki;
+
+import org.apache.commons.ssl.PKCS8Key;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.GeneralSecurityException;
+import java.security.KeyFactory;
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+public class PkiLoader {
+
+    public List<Certificate> loadCerts(String certFile) throws IOException {
+        InputStream is;
+        try {
+            is = new FileInputStream(new File(certFile));
+        } catch (FileNotFoundException e) {
+            throw new IOException("No cert file found", e);
+        }
+        return loadCerts(is);
+    }
+
+    public List<Certificate> loadCerts(InputStream inputStream) throws IOException {
+        CertificateFactory certFactory = null;
+        try {
+            certFactory = CertificateFactory.getInstance("X.509");
+            Collection<? extends Certificate> certs = (Collection<? extends Certificate>)
+                    certFactory.generateCertificates(inputStream);
+            return new ArrayList<Certificate>(certs);
+        } catch (CertificateException e) {
+            throw new IOException("Failed to load certificates", e);
+        }
+    }
+
+    public PrivateKey loadPrivateKey(String keyFile, String password) throws IOException {
+        InputStream in = null;
+        try {
+            in = new FileInputStream("/path/to/pkcs8_private_key.der");
+        } catch (FileNotFoundException e) {
+            throw new IOException("No cert file found", e);
+        }
+        return loadPrivateKey(in, password);
+    }
+
+    public PrivateKey loadPrivateKey(InputStream inputStream, String password) throws IOException {
+        try {
+            return doLoadPrivateKey(inputStream, password);
+        } catch (GeneralSecurityException e) {
+            throw new IOException("Failed to load private key", e);
+        } catch (IOException e) {
+            throw new IOException("Failed to load private key", e);
+        }
+    }
+
+    private PrivateKey doLoadPrivateKey(
+            InputStream inputStream, String password) throws GeneralSecurityException, IOException {
+        if (password == null) {
+            password = "";
+        }
+        // If the provided InputStream is encrypted, we need a password to decrypt
+        // it. If the InputStream is not encrypted, then the password is ignored
+        // (can be null).  The InputStream can be DER (raw ASN.1) or PEM (base64).
+        PKCS8Key pkcs8 = new PKCS8Key(inputStream, password.toCharArray());
+
+        // If an unencrypted PKCS8 key was provided, then this actually returns
+        // exactly what was originally passed inputStream (with no changes).  If an OpenSSL
+        // key was provided, it gets reformatted as PKCS #8 first, and so these
+        // bytes will still be PKCS #8, not OpenSSL.
+        byte[] decrypted = pkcs8.getDecryptedBytes();
+        PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(decrypted);
+
+        // A Java PrivateKey object is born.
+        PrivateKey pk = null;
+        if (pkcs8.isDSA()) {
+            pk = KeyFactory.getInstance("DSA").generatePrivate(spec);
+        } else if (pkcs8.isRSA()) {
+            pk = KeyFactory.getInstance("RSA").generatePrivate(spec);
+        }
+
+        // For lazier types:
+        pk = pkcs8.getPrivateKey();
+
+        return pk;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x500/type/AttributeTypeAndValue.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x500/type/AttributeTypeAndValue.java b/kerby-pkix/src/main/java/org/apache/kerby/x500/type/AttributeTypeAndValue.java
index 2da8077..ee541a5 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x500/type/AttributeTypeAndValue.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x500/type/AttributeTypeAndValue.java
@@ -19,12 +19,13 @@
  */
 package org.apache.kerby.x500.type;
 
+import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1Any;
-import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.type.Asn1ObjectIdentifier;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
 import org.apache.kerby.asn1.type.Asn1Type;
+
 import static org.apache.kerby.x500.type.AttributeTypeAndValue.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x500/type/Name.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x500/type/Name.java b/kerby-pkix/src/main/java/org/apache/kerby/x500/type/Name.java
index 7e3060b..bf24c61 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x500/type/Name.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x500/type/Name.java
@@ -19,9 +19,10 @@
  */
 package org.apache.kerby.x500.type;
 
+import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1Choice;
-import org.apache.kerby.asn1.Asn1FieldInfo;
+
 import static org.apache.kerby.x500.type.Name.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/AccessDescription.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/AccessDescription.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/AccessDescription.java
index 4fd854f..e7060d2 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/AccessDescription.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/AccessDescription.java
@@ -23,6 +23,7 @@ import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1ObjectIdentifier;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
+
 import static org.apache.kerby.x509.type.AccessDescription.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/AlgorithmIdentifier.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/AlgorithmIdentifier.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/AlgorithmIdentifier.java
index f8d7aa4..913768a 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/AlgorithmIdentifier.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/AlgorithmIdentifier.java
@@ -19,12 +19,13 @@
  */
 package org.apache.kerby.x509.type;
 
+import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1Any;
-import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.type.Asn1ObjectIdentifier;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
 import org.apache.kerby.asn1.type.Asn1Type;
+
 import static org.apache.kerby.x509.type.AlgorithmIdentifier.MyEnum.*;
 
 /**
@@ -33,6 +34,7 @@ import static org.apache.kerby.x509.type.AlgorithmIdentifier.MyEnum.*;
  *    parameters              ANY DEFINED BY algorithm OPTIONAL
  * }
  */
+
 public class AlgorithmIdentifier extends Asn1SequenceType {
     protected enum MyEnum implements EnumType {
         ALGORITHM,
@@ -49,7 +51,7 @@ public class AlgorithmIdentifier extends Asn1SequenceType {
         }
     }
 
-    static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+    static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[]{
             new Asn1FieldInfo(ALGORITHM, Asn1ObjectIdentifier.class),
             new Asn1FieldInfo(PARAMETERS, Asn1Any.class)
     };
@@ -73,4 +75,4 @@ public class AlgorithmIdentifier extends Asn1SequenceType {
     public void setParameters(Asn1Type parameters) {
         setFieldAsAny(PARAMETERS, parameters);
     }
-}
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/AttCertIssuer.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/AttCertIssuer.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/AttCertIssuer.java
index 81a9da1..bb961ec 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/AttCertIssuer.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/AttCertIssuer.java
@@ -24,8 +24,7 @@ import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.ExplicitField;
 import org.apache.kerby.asn1.type.Asn1Choice;
 
-import static org.apache.kerby.x509.type.AttCertIssuer.MyEnum.V1_FORM;
-import static org.apache.kerby.x509.type.AttCertIssuer.MyEnum.V2_FORM;
+import static org.apache.kerby.x509.type.AttCertIssuer.MyEnum.*;
 
 /**
  *

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/Attribute.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/Attribute.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/Attribute.java
index 772468b..d9ca88f 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/Attribute.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/Attribute.java
@@ -23,6 +23,7 @@ import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1ObjectIdentifier;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
+
 import static org.apache.kerby.x509.type.Attribute.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/AttributeCertificate.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/AttributeCertificate.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/AttributeCertificate.java
index 95df411..cc26ab4 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/AttributeCertificate.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/AttributeCertificate.java
@@ -19,10 +19,11 @@
  */
 package org.apache.kerby.x509.type;
 
+import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1BitString;
-import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
+
 import static org.apache.kerby.x509.type.AttributeCertificate.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/AttributeCertificateInfo.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/AttributeCertificateInfo.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/AttributeCertificateInfo.java
index 3964560..eea4d54 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/AttributeCertificateInfo.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/AttributeCertificateInfo.java
@@ -19,11 +19,12 @@
  */
 package org.apache.kerby.x509.type;
 
+import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1BitString;
-import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.type.Asn1Integer;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
+
 import static org.apache.kerby.x509.type.AttributeCertificateInfo.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/AuthorityKeyIdentifier.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/AuthorityKeyIdentifier.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/AuthorityKeyIdentifier.java
index 3617bf8..6ab1200 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/AuthorityKeyIdentifier.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/AuthorityKeyIdentifier.java
@@ -21,8 +21,9 @@ package org.apache.kerby.x509.type;
 
 import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
-import org.apache.kerby.asn1.type.Asn1SequenceType;
 import org.apache.kerby.asn1.ImplicitField;
+import org.apache.kerby.asn1.type.Asn1SequenceType;
+
 import static org.apache.kerby.x509.type.AuthorityKeyIdentifier.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/BasicConstraints.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/BasicConstraints.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/BasicConstraints.java
index bbb4dd2..e24339e 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/BasicConstraints.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/BasicConstraints.java
@@ -19,15 +19,16 @@
  */
 package org.apache.kerby.x509.type;
 
+import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1Boolean;
-import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.type.Asn1Integer;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
-import static org.apache.kerby.x509.type.BasicConstraints.MyEnum.*;
 
 import java.math.BigInteger;
 
+import static org.apache.kerby.x509.type.BasicConstraints.MyEnum.*;
+
 /**
  * <pre>
  * BasicConstraints := SEQUENCE {

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/Certificate.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/Certificate.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/Certificate.java
index ef44524..8f652d7 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/Certificate.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/Certificate.java
@@ -19,10 +19,11 @@
  */
 package org.apache.kerby.x509.type;
 
+import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1BitString;
-import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
+
 import static org.apache.kerby.x509.type.Certificate.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/CertificateList.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/CertificateList.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/CertificateList.java
index 8f3ebab..e355610 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/CertificateList.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/CertificateList.java
@@ -19,10 +19,11 @@
  */
 package org.apache.kerby.x509.type;
 
+import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1BitString;
-import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
+
 import static org.apache.kerby.x509.type.CertificateList.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/CertificatePair.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/CertificatePair.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/CertificatePair.java
index 4463e68..749fa61 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/CertificatePair.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/CertificatePair.java
@@ -21,8 +21,9 @@ package org.apache.kerby.x509.type;
 
 import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
-import org.apache.kerby.asn1.type.Asn1SequenceType;
 import org.apache.kerby.asn1.ExplicitField;
+import org.apache.kerby.asn1.type.Asn1SequenceType;
+
 import static org.apache.kerby.x509.type.CertificatePair.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DHParameter.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DHParameter.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DHParameter.java
new file mode 100644
index 0000000..beb9474
--- /dev/null
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DHParameter.java
@@ -0,0 +1,65 @@
+package org.apache.kerby.x509.type;
+
+import org.apache.kerby.asn1.Asn1FieldInfo;
+import org.apache.kerby.asn1.EnumType;
+import org.apache.kerby.asn1.type.Asn1Integer;
+import org.apache.kerby.asn1.type.Asn1SequenceType;
+
+import java.math.BigInteger;
+
+import static org.apache.kerby.x509.type.DHParameter.MyEnum.*;
+
+public class DHParameter extends Asn1SequenceType {
+    protected static enum MyEnum implements EnumType {
+        P,
+        G,
+        Q;
+
+        @Override
+        public int getValue() {
+            return ordinal();
+        }
+
+        @Override
+        public String getName() {
+            return name();
+        }
+    }
+
+    static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+            new Asn1FieldInfo(P, Asn1Integer.class),
+            new Asn1FieldInfo(G, Asn1Integer.class),
+            new Asn1FieldInfo(Q, Asn1Integer.class),
+    };
+
+    public DHParameter() {
+        super(fieldInfos);
+    }
+
+    public void setP(BigInteger p) {
+        setFieldAsBigInteger(P, p);
+    }
+
+    public BigInteger getP() {
+        Asn1Integer p = getFieldAs(P, Asn1Integer.class);
+        return p.getValue();
+    }
+
+    public void setG(BigInteger g) {
+        setFieldAsBigInteger(G, g);
+    }
+
+    public BigInteger getG() {
+        Asn1Integer g = getFieldAs(G, Asn1Integer.class);
+        return g.getValue();
+    }
+
+    public void setQ(BigInteger q) {
+        setFieldAsBigInteger(Q, q);
+    }
+
+    public BigInteger getQ() {
+        Asn1Integer q = getFieldAs(Q, Asn1Integer.class);
+        return q.getValue();
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DSAParameter.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DSAParameter.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DSAParameter.java
index 8b7d9b3..fd85108 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DSAParameter.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DSAParameter.java
@@ -23,10 +23,11 @@ import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1Integer;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
-import static org.apache.kerby.x509.type.DSAParameter.MyEnum.*;
 
 import java.math.BigInteger;
 
+import static org.apache.kerby.x509.type.DSAParameter.MyEnum.*;
+
 public class DSAParameter extends Asn1SequenceType {
     protected enum MyEnum implements EnumType {
         P,

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DigestInfo.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DigestInfo.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DigestInfo.java
index 81fbefb..809043f 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DigestInfo.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DigestInfo.java
@@ -23,6 +23,7 @@ import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1OctetString;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
+
 import static org.apache.kerby.x509.type.DigestInfo.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DirectoryString.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DirectoryString.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DirectoryString.java
index 8008eec..3689c17 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DirectoryString.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DirectoryString.java
@@ -19,14 +19,15 @@
  */
 package org.apache.kerby.x509.type;
 
+import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1BmpString;
 import org.apache.kerby.asn1.type.Asn1Choice;
-import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.type.Asn1PrintableString;
 import org.apache.kerby.asn1.type.Asn1T61String;
 import org.apache.kerby.asn1.type.Asn1UniversalString;
 import org.apache.kerby.asn1.type.Asn1Utf8String;
+
 import static org.apache.kerby.x509.type.DirectoryString.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DisplayText.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DisplayText.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DisplayText.java
index 887ceba..091a28b 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DisplayText.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DisplayText.java
@@ -19,13 +19,14 @@
  */
 package org.apache.kerby.x509.type;
 
+import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1BmpString;
 import org.apache.kerby.asn1.type.Asn1Choice;
-import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.type.Asn1IA5String;
 import org.apache.kerby.asn1.type.Asn1Utf8String;
 import org.apache.kerby.asn1.type.Asn1VisibleString;
+
 import static org.apache.kerby.x509.type.DisplayText.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DistributionPoint.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DistributionPoint.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DistributionPoint.java
index a6a7d0c..d971381 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DistributionPoint.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DistributionPoint.java
@@ -21,8 +21,9 @@ package org.apache.kerby.x509.type;
 
 import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
-import org.apache.kerby.asn1.type.Asn1SequenceType;
 import org.apache.kerby.asn1.ExplicitField;
+import org.apache.kerby.asn1.type.Asn1SequenceType;
+
 import static org.apache.kerby.x509.type.DistributionPoint.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DistributionPointName.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DistributionPointName.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DistributionPointName.java
index 975a02b..2fd050c 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DistributionPointName.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/DistributionPointName.java
@@ -19,11 +19,12 @@
  */
 package org.apache.kerby.x509.type;
 
-import org.apache.kerby.asn1.EnumType;
-import org.apache.kerby.asn1.type.Asn1Choice;
 import org.apache.kerby.asn1.Asn1FieldInfo;
+import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.ExplicitField;
+import org.apache.kerby.asn1.type.Asn1Choice;
 import org.apache.kerby.x500.type.RelativeDistinguishedName;
+
 import static org.apache.kerby.x509.type.DistributionPointName.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/EDIPartyName.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/EDIPartyName.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/EDIPartyName.java
index 65b711f..bca0e6d 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/EDIPartyName.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/EDIPartyName.java
@@ -19,10 +19,11 @@
  */
 package org.apache.kerby.x509.type;
 
-import org.apache.kerby.asn1.EnumType;
-import org.apache.kerby.asn1.type.Asn1Choice;
 import org.apache.kerby.asn1.Asn1FieldInfo;
+import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.ExplicitField;
+import org.apache.kerby.asn1.type.Asn1Choice;
+
 import static org.apache.kerby.x509.type.EDIPartyName.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/Extension.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/Extension.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/Extension.java
index 1769e60..5637f50 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/Extension.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/Extension.java
@@ -19,12 +19,13 @@
  */
 package org.apache.kerby.x509.type;
 
+import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1Boolean;
-import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.type.Asn1ObjectIdentifier;
 import org.apache.kerby.asn1.type.Asn1OctetString;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
+
 import static org.apache.kerby.x509.type.Extension.MyEnum.*;
 
 /**
@@ -55,6 +56,8 @@ public class Extension extends Asn1SequenceType {
         }
     }
 
+    private final boolean critical = false;
+
     static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
         new Asn1FieldInfo(EXTN_ID, Asn1ObjectIdentifier.class),
         new Asn1FieldInfo(CRITICAL, Asn1Boolean.class),
@@ -63,6 +66,7 @@ public class Extension extends Asn1SequenceType {
 
     public Extension() {
         super(fieldInfos);
+        setCritical(critical);
     }
 
     public Asn1ObjectIdentifier getExtnId() {
@@ -85,7 +89,7 @@ public class Extension extends Asn1SequenceType {
         return getFieldAsOctets(EXTN_VALUE);
     }
 
-    public void setValue(byte[] value) {
+    public void setExtnValue(byte[] value) {
         setFieldAsOctets(EXTN_VALUE, value);
     }
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/GeneralNames.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/GeneralNames.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/GeneralNames.java
index 87a8027..a9940bf 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/GeneralNames.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/GeneralNames.java
@@ -21,6 +21,9 @@ package org.apache.kerby.x509.type;
 
 import org.apache.kerby.asn1.type.Asn1SequenceOf;
 
+/*
+ * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
+ */
 public class GeneralNames extends Asn1SequenceOf<GeneralName> {
 
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/GeneralSubtree.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/GeneralSubtree.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/GeneralSubtree.java
index fcf1dee..4c4a211 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/GeneralSubtree.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/GeneralSubtree.java
@@ -21,9 +21,10 @@ package org.apache.kerby.x509.type;
 
 import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
+import org.apache.kerby.asn1.ExplicitField;
 import org.apache.kerby.asn1.type.Asn1Integer;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
-import org.apache.kerby.asn1.ExplicitField;
+
 import static org.apache.kerby.x509.type.GeneralSubtree.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/Holder.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/Holder.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/Holder.java
index 05fde32..9282575 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/Holder.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/Holder.java
@@ -21,8 +21,9 @@ package org.apache.kerby.x509.type;
 
 import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
-import org.apache.kerby.asn1.type.Asn1SequenceType;
 import org.apache.kerby.asn1.ExplicitField;
+import org.apache.kerby.asn1.type.Asn1SequenceType;
+
 import static org.apache.kerby.x509.type.Holder.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/IetfAttrSyntax.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/IetfAttrSyntax.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/IetfAttrSyntax.java
index d573255..2633c8b 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/IetfAttrSyntax.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/IetfAttrSyntax.java
@@ -21,8 +21,9 @@ package org.apache.kerby.x509.type;
 
 import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
-import org.apache.kerby.asn1.type.Asn1SequenceType;
 import org.apache.kerby.asn1.ExplicitField;
+import org.apache.kerby.asn1.type.Asn1SequenceType;
+
 import static org.apache.kerby.x509.type.IetfAttrSyntax.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/IetfAttrSyntaxChoice.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/IetfAttrSyntaxChoice.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/IetfAttrSyntaxChoice.java
index c8d9e63..c0fdb49 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/IetfAttrSyntaxChoice.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/IetfAttrSyntaxChoice.java
@@ -19,11 +19,12 @@
  */
 package org.apache.kerby.x509.type;
 
+import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1Choice;
-import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.type.Asn1ObjectIdentifier;
 import org.apache.kerby.asn1.type.Asn1OctetString;
+
 import static org.apache.kerby.x509.type.IetfAttrSyntaxChoice.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/IssuerSerial.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/IssuerSerial.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/IssuerSerial.java
index cc413b4..96b76c8 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/IssuerSerial.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/IssuerSerial.java
@@ -19,10 +19,11 @@
  */
 package org.apache.kerby.x509.type;
 
+import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1BitString;
-import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
+
 import static org.apache.kerby.x509.type.IssuerSerial.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/IssuingDistributionPoint.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/IssuingDistributionPoint.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/IssuingDistributionPoint.java
index fbaeb72..6b0c6ef 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/IssuingDistributionPoint.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/IssuingDistributionPoint.java
@@ -19,11 +19,12 @@
  */
 package org.apache.kerby.x509.type;
 
+import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
+import org.apache.kerby.asn1.ExplicitField;
 import org.apache.kerby.asn1.type.Asn1Boolean;
-import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
-import org.apache.kerby.asn1.ExplicitField;
+
 import static org.apache.kerby.x509.type.IssuingDistributionPoint.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/NameConstraints.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/NameConstraints.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/NameConstraints.java
index 6b1cbf3..34972df 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/NameConstraints.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/NameConstraints.java
@@ -21,8 +21,9 @@ package org.apache.kerby.x509.type;
 
 import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
-import org.apache.kerby.asn1.type.Asn1SequenceType;
 import org.apache.kerby.asn1.ExplicitField;
+import org.apache.kerby.asn1.type.Asn1SequenceType;
+
 import static org.apache.kerby.x509.type.NameConstraints.MyEnum.*;
 
 /*

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/NoticeReference.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/NoticeReference.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/NoticeReference.java
index 225d316..7c6dcb6 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/NoticeReference.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/NoticeReference.java
@@ -22,6 +22,7 @@ package org.apache.kerby.x509.type;
 import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
+
 import static org.apache.kerby.x509.type.NoticeReference.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/ObjectDigestInfo.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/ObjectDigestInfo.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/ObjectDigestInfo.java
index b4f3d87..bcbeaf9 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/ObjectDigestInfo.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/ObjectDigestInfo.java
@@ -19,11 +19,12 @@
  */
 package org.apache.kerby.x509.type;
 
+import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1BitString;
-import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.type.Asn1ObjectIdentifier;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
+
 import static org.apache.kerby.x509.type.ObjectDigestInfo.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/OtherName.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/OtherName.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/OtherName.java
index 59fbacd..b963411 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/OtherName.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/OtherName.java
@@ -19,13 +19,14 @@
  */
 package org.apache.kerby.x509.type;
 
+import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
+import org.apache.kerby.asn1.ExplicitField;
 import org.apache.kerby.asn1.type.Asn1Any;
-import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.type.Asn1ObjectIdentifier;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
 import org.apache.kerby.asn1.type.Asn1Type;
-import org.apache.kerby.asn1.ExplicitField;
+
 import static org.apache.kerby.x509.type.OtherName.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/PolicyConstraints.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/PolicyConstraints.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/PolicyConstraints.java
index 8fadefd..76d35e1 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/PolicyConstraints.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/PolicyConstraints.java
@@ -21,9 +21,10 @@ package org.apache.kerby.x509.type;
 
 import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
+import org.apache.kerby.asn1.ExplicitField;
 import org.apache.kerby.asn1.type.Asn1Integer;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
-import org.apache.kerby.asn1.ExplicitField;
+
 import static org.apache.kerby.x509.type.PolicyConstraints.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/PolicyInformation.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/PolicyInformation.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/PolicyInformation.java
index 424cc0d..3f6cbce 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/PolicyInformation.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/PolicyInformation.java
@@ -22,6 +22,7 @@ package org.apache.kerby.x509.type;
 import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
+
 import static org.apache.kerby.x509.type.PolicyInformation.MyEnum.*;
 
 /*

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/PolicyMapping.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/PolicyMapping.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/PolicyMapping.java
index 348a77c..69cc184 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/PolicyMapping.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/PolicyMapping.java
@@ -22,6 +22,7 @@ package org.apache.kerby.x509.type;
 import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
+
 import static org.apache.kerby.x509.type.PolicyMapping.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/PolicyQualifierInfo.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/PolicyQualifierInfo.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/PolicyQualifierInfo.java
index cdef931..77e2de3 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/PolicyQualifierInfo.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/PolicyQualifierInfo.java
@@ -19,11 +19,12 @@
  */
 package org.apache.kerby.x509.type;
 
+import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1Any;
-import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
 import org.apache.kerby.asn1.type.Asn1Type;
+
 import static org.apache.kerby.x509.type.PolicyQualifierInfo.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/PrivateKeyUsagePeriod.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/PrivateKeyUsagePeriod.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/PrivateKeyUsagePeriod.java
index 52c84b9..3834535 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/PrivateKeyUsagePeriod.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/PrivateKeyUsagePeriod.java
@@ -21,9 +21,10 @@ package org.apache.kerby.x509.type;
 
 import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
+import org.apache.kerby.asn1.ExplicitField;
 import org.apache.kerby.asn1.type.Asn1GeneralizedTime;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
-import org.apache.kerby.asn1.ExplicitField;
+
 import static org.apache.kerby.x509.type.PrivateKeyUsagePeriod.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/RevokedCertificate.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/RevokedCertificate.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/RevokedCertificate.java
index e64b507..0fbbbca 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/RevokedCertificate.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/RevokedCertificate.java
@@ -22,6 +22,7 @@ package org.apache.kerby.x509.type;
 import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
+
 import static org.apache.kerby.x509.type.RevokedCertificate.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/RoleSyntax.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/RoleSyntax.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/RoleSyntax.java
index c2d980a..157e14d 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/RoleSyntax.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/RoleSyntax.java
@@ -21,8 +21,9 @@ package org.apache.kerby.x509.type;
 
 import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
-import org.apache.kerby.asn1.type.Asn1SequenceType;
 import org.apache.kerby.asn1.ExplicitField;
+import org.apache.kerby.asn1.type.Asn1SequenceType;
+
 import static org.apache.kerby.x509.type.RoleSyntax.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/SubjectPublicKeyInfo.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/SubjectPublicKeyInfo.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/SubjectPublicKeyInfo.java
index 7436dcb..eeea0ab 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/SubjectPublicKeyInfo.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/SubjectPublicKeyInfo.java
@@ -19,10 +19,11 @@
  */
 package org.apache.kerby.x509.type;
 
+import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1BitString;
-import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
+
 import static org.apache.kerby.x509.type.SubjectPublicKeyInfo.MyEnum.*;
 
 /**
@@ -64,8 +65,8 @@ public class SubjectPublicKeyInfo extends Asn1SequenceType {
         setFieldAs(ALGORITHM, algorithm);
     }
 
-    public byte[] getSubjectPubKey() {
-        return getFieldAsOctets(SUBJECT_PUBLIC_KEY);
+    public Asn1BitString getSubjectPubKey() {
+        return getFieldAs(SUBJECT_PUBLIC_KEY, Asn1BitString.class);
     }
 
     public void setSubjectPubKey(byte[] subjectPubKey) {

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/TBSCertList.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/TBSCertList.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/TBSCertList.java
index a3bcd38..0628644 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/TBSCertList.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/TBSCertList.java
@@ -21,10 +21,11 @@ package org.apache.kerby.x509.type;
 
 import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
+import org.apache.kerby.asn1.ExplicitField;
 import org.apache.kerby.asn1.type.Asn1Integer;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
-import org.apache.kerby.asn1.ExplicitField;
 import org.apache.kerby.x500.type.Name;
+
 import static org.apache.kerby.x509.type.TBSCertList.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/TBSCertificate.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/TBSCertificate.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/TBSCertificate.java
index c93a3dc..31f018d 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/TBSCertificate.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/TBSCertificate.java
@@ -19,16 +19,16 @@
  */
 package org.apache.kerby.x509.type;
 
+import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
+import org.apache.kerby.asn1.ExplicitField;
+import org.apache.kerby.asn1.ImplicitField;
 import org.apache.kerby.asn1.type.Asn1BitString;
-import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.type.Asn1Integer;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
-import org.apache.kerby.asn1.ExplicitField;
-import org.apache.kerby.asn1.ImplicitField;
 import org.apache.kerby.x500.type.Name;
-import static org.apache.kerby.x509.type.TBSCertificate.MyEnum.*;
 
+import static org.apache.kerby.x509.type.TBSCertificate.MyEnum.*;
 
 /**
  * <pre>
@@ -156,7 +156,7 @@ public class TBSCertificate extends Asn1SequenceType {
     }
 
     public void setSubjectUniqueId(byte[] issuerUniqueId) {
-        setFieldAs(ISSUER_UNIQUE_ID, new Asn1BitString(issuerUniqueId));
+        setFieldAs(SUBJECT_UNIQUE_ID, new Asn1BitString(issuerUniqueId));
     }
 
     public Extensions getExtensions() {

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/Target.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/Target.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/Target.java
index 10894e9..b332a40 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/Target.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/Target.java
@@ -19,10 +19,11 @@
  */
 package org.apache.kerby.x509.type;
 
-import org.apache.kerby.asn1.EnumType;
-import org.apache.kerby.asn1.type.Asn1Choice;
 import org.apache.kerby.asn1.Asn1FieldInfo;
+import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.ExplicitField;
+import org.apache.kerby.asn1.type.Asn1Choice;
+
 import static org.apache.kerby.x509.type.Target.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/TargetCert.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/TargetCert.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/TargetCert.java
index 022edd9..7507208 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/TargetCert.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/TargetCert.java
@@ -22,6 +22,7 @@ package org.apache.kerby.x509.type;
 import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
+
 import static org.apache.kerby.x509.type.TargetCert.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/Time.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/Time.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/Time.java
index be9d332..5475b3d 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/Time.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/Time.java
@@ -19,15 +19,16 @@
  */
 package org.apache.kerby.x509.type;
 
+import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1Choice;
-import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.type.Asn1GeneralizedTime;
 import org.apache.kerby.asn1.type.Asn1UtcTime;
-import static org.apache.kerby.x509.type.Time.MyEnum.*;
 
 import java.util.Date;
 
+import static org.apache.kerby.x509.type.Time.MyEnum.*;
+
 /**
  *
  * <pre>

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/UserNotice.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/UserNotice.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/UserNotice.java
index 22e1306..776e88e 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/UserNotice.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/UserNotice.java
@@ -22,6 +22,7 @@ package org.apache.kerby.x509.type;
 import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
 import org.apache.kerby.asn1.type.Asn1SequenceType;
+
 import static org.apache.kerby.x509.type.UserNotice.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/main/java/org/apache/kerby/x509/type/V2Form.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/V2Form.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/V2Form.java
index 20ba80a..4b7cc3a 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/V2Form.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/V2Form.java
@@ -21,8 +21,9 @@ package org.apache.kerby.x509.type;
 
 import org.apache.kerby.asn1.Asn1FieldInfo;
 import org.apache.kerby.asn1.EnumType;
-import org.apache.kerby.asn1.type.Asn1SequenceType;
 import org.apache.kerby.asn1.ExplicitField;
+import org.apache.kerby.asn1.type.Asn1SequenceType;
+
 import static org.apache.kerby.x509.type.V2Form.MyEnum.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/test/java/org/apache/commons/ssl/JUnitConfig.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/java/org/apache/commons/ssl/JUnitConfig.java b/kerby-pkix/src/test/java/org/apache/commons/ssl/JUnitConfig.java
new file mode 100644
index 0000000..a9a33f7
--- /dev/null
+++ b/kerby-pkix/src/test/java/org/apache/commons/ssl/JUnitConfig.java
@@ -0,0 +1,16 @@
+package org.apache.commons.ssl;
+
+import java.io.File;
+import java.net.URL;
+
+public class JUnitConfig {
+
+    public static final String TEST_HOME;
+
+    static {
+        URL url = JUnitConfig.class.getResource("/not-so-commons-ssl");
+        String tmpPath = url.getFile();
+        File homeDir = new File(tmpPath);
+        TEST_HOME = homeDir.getAbsolutePath() + File.separator;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0a19b1d7/kerby-pkix/src/test/java/org/apache/commons/ssl/TestCertificates.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/test/java/org/apache/commons/ssl/TestCertificates.java b/kerby-pkix/src/test/java/org/apache/commons/ssl/TestCertificates.java
new file mode 100644
index 0000000..2113510
--- /dev/null
+++ b/kerby-pkix/src/test/java/org/apache/commons/ssl/TestCertificates.java
@@ -0,0 +1,84 @@
+package org.apache.commons.ssl;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.runners.MockitoJUnitRunner;
+
+import javax.security.auth.x500.X500Principal;
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.cert.X509Certificate;
+
+import static org.apache.commons.ssl.JUnitConfig.TEST_HOME;
+import static org.mockito.Mockito.when;
+
+/**
+ * Created by julius on 06/09/14.
+ */
+@RunWith(MockitoJUnitRunner.class)
+public class TestCertificates {
+
+    @Mock
+    private X509Certificate x509;
+
+    @Test
+    public void testGetCNsMocked() {
+        X500Principal normal = new X500Principal("CN=abc,OU=ou,O=o,C=canada,EMAILADDRESS=bob@bob.com");
+        X500Principal bad1 = new X500Principal("CN=\"abc,CN=foo.com,\",OU=ou,O=o,C=canada,EMAILADDRESS=bob@bob.com");
+        X500Principal bad2 = new X500Principal("ou=\",CN=evil.ca,\",  CN=good.net");
+
+        when(x509.getSubjectX500Principal()).thenReturn(normal);
+        String[] cns = Certificates.getCNs(x509);
+        Assert.assertEquals(1, cns.length);
+        Assert.assertEquals("abc", cns[0]);
+
+        when(x509.getSubjectX500Principal()).thenReturn(bad2);
+        cns = Certificates.getCNs(x509);
+        Assert.assertEquals(1, cns.length);
+        Assert.assertEquals("good.net", cns[0]);
+
+        when(x509.getSubjectX500Principal()).thenReturn(bad1);
+        cns = Certificates.getCNs(x509);
+        Assert.assertEquals(1, cns.length);
+        Assert.assertEquals("abc,CN=foo.com,", cns[0]);
+    }
+
+    @Test
+    public void testGetCNsReal() throws IOException, GeneralSecurityException {
+        String samplesDir = TEST_HOME + "x509";
+
+        TrustMaterial tm = new TrustMaterial(samplesDir + "/x509_three_cns_foo_bar_hanako.pem");
+        X509Certificate c = (X509Certificate) tm.getCertificates().first();
+        String[] cns = Certificates.getCNs(c);
+        Assert.assertEquals(3, cns.length);
+        Assert.assertEquals("foo.com", cns[0]);
+        Assert.assertEquals("bar.com", cns[1]);
+        //Assert.assertEquals("花子.co.jp", cns[2]);
+
+        tm = new TrustMaterial(samplesDir + "/x509_foo_bar_hanako.pem");
+        c = (X509Certificate) tm.getCertificates().first();
+        cns = Certificates.getCNs(c);
+        Assert.assertEquals(1, cns.length);
+        Assert.assertEquals("foo.com", cns[0]);
+
+        tm = new TrustMaterial(samplesDir + "/x509_wild_co_jp.pem");
+        c = (X509Certificate) tm.getCertificates().first();
+        cns = Certificates.getCNs(c);
+        Assert.assertEquals(1, cns.length);
+        Assert.assertEquals("*.co.jp", cns[0]);
+
+        tm = new TrustMaterial(samplesDir + "/x509_wild_foo_bar_hanako.pem");
+        c = (X509Certificate) tm.getCertificates().first();
+        cns = Certificates.getCNs(c);
+        Assert.assertEquals(1, cns.length);
+        Assert.assertEquals("*.foo.com", cns[0]);
+
+        tm = new TrustMaterial(samplesDir + "/x509_wild_foo.pem");
+        c = (X509Certificate) tm.getCertificates().first();
+        cns = Certificates.getCNs(c);
+        Assert.assertEquals(1, cns.length);
+        Assert.assertEquals("*.foo.com", cns[0]);
+    }
+}
\ No newline at end of file


Mime
View raw message