Java Code Examples for java.security.cert.CertificateFactory#generateCRL()
The following examples show how to use
java.security.cert.CertificateFactory#generateCRL() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: PEMReader.java From BiglyBT with GNU General Public License v2.0 | 6 votes |
|
/**
* Reads in a X509CRL.
*
* @return the X509Certificate
* @throws IOException if an I/O error occured
*/
private X509CRL readCRL(
String endMarker)
throws IOException
{
ByteArrayInputStream bIn = new ByteArrayInputStream(readBytes(endMarker));
try
{
CertificateFactory certFact
= CertificateFactory.getInstance("X.509", provider);
return (X509CRL)certFact.generateCRL(bIn);
}
catch (Exception e)
{
throw new IOException("problem parsing cert: " + e.toString());
}
}
Example 2
| Source File: GenerationTests.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 6 votes |
|
static void test_create_signature_x509_crt_crl() throws Exception {
System.out.println("* Generating signature-x509-crt-crl.xml");
List<Object> xds = new ArrayList<Object>();
CertificateFactory cf = CertificateFactory.getInstance("X.509");
xds.add(signingCert);
FileInputStream fis = new FileInputStream(CRL);
X509CRL crl = (X509CRL) cf.generateCRL(fis);
fis.close();
xds.add(crl);
KeyInfo crt_crl = kifac.newKeyInfo(Collections.singletonList
(kifac.newX509Data(xds)));
test_create_signature_external(dsaSha1, crt_crl, signingKey,
new X509KeySelector(ks), false);
System.out.println();
}
Example 3
| Source File: GenerationTests.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 6 votes |
|
static void test_create_signature_x509_crt_crl() throws Exception {
System.out.println("* Generating signature-x509-crt-crl.xml");
List<Object> xds = new ArrayList<Object>();
CertificateFactory cf = CertificateFactory.getInstance("X.509");
xds.add(signingCert);
FileInputStream fis = new FileInputStream(CRL);
X509CRL crl = (X509CRL) cf.generateCRL(fis);
fis.close();
xds.add(crl);
KeyInfo crt_crl = kifac.newKeyInfo(Collections.singletonList
(kifac.newX509Data(xds)));
test_create_signature_external(dsaSha1, crt_crl, signingKey,
new X509KeySelector(ks), false);
System.out.println();
}
Example 4
| Source File: LdapCertificateRepo.java From cxf with Apache License 2.0 | 6 votes |
|
protected List<X509CRL> getCRLsFromLdap(String tmpRootDN, String tmpFilter, String tmpAttrName) {
try {
List<X509CRL> crls = new ArrayList<>();
NamingEnumeration<SearchResult> answer = ldapSearch.searchSubTree(tmpRootDN, tmpFilter);
while (answer.hasMore()) {
SearchResult sr = answer.next();
Attributes attrs = sr.getAttributes();
Attribute attribute = attrs.get(tmpAttrName);
if (attribute != null) {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509CRL crl = (X509CRL) cf.generateCRL(new ByteArrayInputStream(
(byte[]) attribute.get()));
crls.add(crl);
}
}
return crls;
} catch (CertificateException | NamingException | CRLException e) {
throw new RuntimeException(e.getMessage(), e);
}
}
Example 5
| Source File: OrderAndDup.java From dragonwell8_jdk with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args) throws Exception {
// Generate 20 serial numbers with dup and a special order
int count = 20;
BigInteger[] serials = new BigInteger[count];
for (int i=0; i<count; i++) {
serials[i] = BigInteger.valueOf(i*7%10);
}
// Generates a CRL
X509CRLEntry[] badCerts = new X509CRLEntry[count];
for (int i=0; i<count; i++) {
badCerts[i] = new X509CRLEntryImpl(serials[i],
new Date(System.currentTimeMillis()+i*1000));
}
X500Name owner = new X500Name("CN=CA");
X509CRLImpl crl = new X509CRLImpl(owner, new Date(), new Date(), badCerts);
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
crl.sign(kpg.genKeyPair().getPrivate(), "SHA1withRSA");
byte[] data = crl.getEncodedInternal();
// Check the encoding
checkData(crl, data, serials);
// Load a CRL from raw data
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509CRLImpl crl2 = (X509CRLImpl)cf.generateCRL(new ByteArrayInputStream(data));
// Check the encoding again
data = crl2.getEncodedInternal();
checkData(crl2, data, serials);
}
Example 6
| Source File: SSLService.java From oxTrust with MIT License | 5 votes |
|
/**
* Load a CRL from the specified stream.
*
* @param is Stream to load CRL from
* @return The CRL
* @throws Exception Problem encountered while loading the CRL
*/
public static X509CRL loadCRL(InputStream is) throws Exception {
try {
CertificateFactory cf = getCertificateFactoryInstance();
X509CRL crl = (X509CRL) cf.generateCRL(is);
return crl;
} finally {
IOUtils.closeQuietly(is);
}
}
Example 7
| Source File: OrderAndDup.java From hottub with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args) throws Exception {
// Generate 20 serial numbers with dup and a special order
int count = 20;
BigInteger[] serials = new BigInteger[count];
for (int i=0; i<count; i++) {
serials[i] = BigInteger.valueOf(i*7%10);
}
// Generates a CRL
X509CRLEntry[] badCerts = new X509CRLEntry[count];
for (int i=0; i<count; i++) {
badCerts[i] = new X509CRLEntryImpl(serials[i],
new Date(System.currentTimeMillis()+i*1000));
}
X500Name owner = new X500Name("CN=CA");
X509CRLImpl crl = new X509CRLImpl(owner, new Date(), new Date(), badCerts);
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
crl.sign(kpg.genKeyPair().getPrivate(), "SHA1withRSA");
byte[] data = crl.getEncodedInternal();
// Check the encoding
checkData(crl, data, serials);
// Load a CRL from raw data
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509CRLImpl crl2 = (X509CRLImpl)cf.generateCRL(new ByteArrayInputStream(data));
// Check the encoding again
data = crl2.getEncodedInternal();
checkData(crl2, data, serials);
}
Example 8
| Source File: OrderAndDup.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args) throws Exception {
// Generate 20 serial numbers with dup and a special order
int count = 20;
BigInteger[] serials = new BigInteger[count];
for (int i=0; i<count; i++) {
serials[i] = BigInteger.valueOf(i*7%10);
}
// Generates a CRL
X509CRLEntry[] badCerts = new X509CRLEntry[count];
for (int i=0; i<count; i++) {
badCerts[i] = new X509CRLEntryImpl(serials[i],
new Date(System.currentTimeMillis()+i*1000));
}
X500Name owner = new X500Name("CN=CA");
X509CRLImpl crl = new X509CRLImpl(owner, new Date(), new Date(), badCerts);
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
crl.sign(kpg.genKeyPair().getPrivate(), "SHA1withRSA");
byte[] data = crl.getEncodedInternal();
// Check the encoding
checkData(crl, data, serials);
// Load a CRL from raw data
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509CRLImpl crl2 = (X509CRLImpl)cf.generateCRL(new ByteArrayInputStream(data));
// Check the encoding again
data = crl2.getEncodedInternal();
checkData(crl2, data, serials);
}
Example 9
| Source File: OrderAndDup.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args) throws Exception {
// Generate 20 serial numbers with dup and a special order
int count = 20;
BigInteger[] serials = new BigInteger[count];
for (int i=0; i<count; i++) {
serials[i] = BigInteger.valueOf(i*7%10);
}
// Generates a CRL
X509CRLEntry[] badCerts = new X509CRLEntry[count];
for (int i=0; i<count; i++) {
badCerts[i] = new X509CRLEntryImpl(serials[i],
new Date(System.currentTimeMillis()+i*1000));
}
X500Name owner = new X500Name("CN=CA");
X509CRLImpl crl = new X509CRLImpl(owner, new Date(), new Date(), badCerts);
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
crl.sign(kpg.genKeyPair().getPrivate(), "SHA1withRSA");
byte[] data = crl.getEncodedInternal();
// Check the encoding
checkData(crl, data, serials);
// Load a CRL from raw data
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509CRLImpl crl2 = (X509CRLImpl)cf.generateCRL(new ByteArrayInputStream(data));
// Check the encoding again
data = crl2.getEncodedInternal();
checkData(crl2, data, serials);
}
Example 10
| Source File: OrderAndDup.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args) throws Exception {
// Generate 20 serial numbers with dup and a special order
int count = 20;
BigInteger[] serials = new BigInteger[count];
for (int i=0; i<count; i++) {
serials[i] = BigInteger.valueOf(i*7%10);
}
// Generates a CRL
X509CRLEntry[] badCerts = new X509CRLEntry[count];
for (int i=0; i<count; i++) {
badCerts[i] = new X509CRLEntryImpl(serials[i],
new Date(System.currentTimeMillis()+i*1000));
}
X500Name owner = new X500Name("CN=CA");
X509CRLImpl crl = new X509CRLImpl(owner, new Date(), new Date(), badCerts);
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
crl.sign(kpg.genKeyPair().getPrivate(), "SHA1withRSA");
byte[] data = crl.getEncodedInternal();
// Check the encoding
checkData(crl, data, serials);
// Load a CRL from raw data
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509CRLImpl crl2 = (X509CRLImpl)cf.generateCRL(new ByteArrayInputStream(data));
// Check the encoding again
data = crl2.getEncodedInternal();
checkData(crl2, data, serials);
}
Example 11
| Source File: OrderAndDup.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args) throws Exception {
// Generate 20 serial numbers with dup and a special order
int count = 20;
BigInteger[] serials = new BigInteger[count];
for (int i=0; i<count; i++) {
serials[i] = BigInteger.valueOf(i*7%10);
}
// Generates a CRL
X509CRLEntry[] badCerts = new X509CRLEntry[count];
for (int i=0; i<count; i++) {
badCerts[i] = new X509CRLEntryImpl(serials[i],
new Date(System.currentTimeMillis()+i*1000));
}
X500Name owner = new X500Name("CN=CA");
X509CRLImpl crl = new X509CRLImpl(owner, new Date(), new Date(), badCerts);
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
crl.sign(kpg.genKeyPair().getPrivate(), "SHA1withRSA");
byte[] data = crl.getEncodedInternal();
// Check the encoding
checkData(crl, data, serials);
// Load a CRL from raw data
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509CRLImpl crl2 = (X509CRLImpl)cf.generateCRL(new ByteArrayInputStream(data));
// Check the encoding again
data = crl2.getEncodedInternal();
checkData(crl2, data, serials);
}
Example 12
| Source File: BigCRL.java From openjdk-jdk9 with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
int n = 500000;
String ks = System.getProperty("test.src", ".")
+ "/../../../../javax/net/ssl/etc/keystore";
String pass = "passphrase";
String alias = "dummy";
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(new FileInputStream(ks), pass.toCharArray());
Certificate signerCert = keyStore.getCertificate(alias);
byte[] encoded = signerCert.getEncoded();
X509CertImpl signerCertImpl = new X509CertImpl(encoded);
X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
X509CertImpl.NAME + "." + X509CertImpl.INFO);
X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "."
+ X509CertInfo.DN_NAME);
Date date = new Date();
PrivateKey privateKey = (PrivateKey)
keyStore.getKey(alias, pass.toCharArray());
String sigAlgName = signerCertImpl.getSigAlgOID();
X509CRLEntry[] badCerts = new X509CRLEntry[n];
CRLExtensions ext = new CRLExtensions();
ext.set("Reason", new CRLReasonCodeExtension(1));
for (int i = 0; i < n; i++) {
badCerts[i] = new X509CRLEntryImpl(
BigInteger.valueOf(i), date, ext);
}
X509CRLImpl crl = new X509CRLImpl(owner, date, date, badCerts);
crl.sign(privateKey, sigAlgName);
byte[] data = crl.getEncodedInternal();
// Make sure the CRL is big enough
if ((data[1]&0xff) != 0x84) {
throw new Exception("The file should be big enough?");
}
CertificateFactory cf = CertificateFactory.getInstance("X.509");
cf.generateCRL(new ByteArrayInputStream(data));
}
Example 13
| Source File: BigCRL.java From openjdk-jdk8u with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
int n = 500000;
String ks = System.getProperty("test.src", ".")
+ "/../../ssl/etc/keystore";
String pass = "passphrase";
String alias = "dummy";
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(new FileInputStream(ks), pass.toCharArray());
Certificate signerCert = keyStore.getCertificate(alias);
byte[] encoded = signerCert.getEncoded();
X509CertImpl signerCertImpl = new X509CertImpl(encoded);
X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
X509CertImpl.NAME + "." + X509CertImpl.INFO);
X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "."
+ X509CertInfo.DN_NAME);
Date date = new Date();
PrivateKey privateKey = (PrivateKey)
keyStore.getKey(alias, pass.toCharArray());
String sigAlgName = signerCertImpl.getSigAlgOID();
X509CRLEntry[] badCerts = new X509CRLEntry[n];
CRLExtensions ext = new CRLExtensions();
ext.set("Reason", new CRLReasonCodeExtension(1));
for (int i = 0; i < n; i++) {
badCerts[i] = new X509CRLEntryImpl(
BigInteger.valueOf(i), date, ext);
}
X509CRLImpl crl = new X509CRLImpl(owner, date, date, badCerts);
crl.sign(privateKey, sigAlgName);
byte[] data = crl.getEncodedInternal();
// Make sure the CRL is big enough
if ((data[1]&0xff) != 0x84) {
throw new Exception("The file should be big enough?");
}
CertificateFactory cf = CertificateFactory.getInstance("X.509");
cf.generateCRL(new ByteArrayInputStream(data));
}
Example 14
| Source File: BigCRL.java From openjdk-8 with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
int n = 500000;
String ks = System.getProperty("test.src", ".")
+ "/../../ssl/etc/keystore";
String pass = "passphrase";
String alias = "dummy";
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(new FileInputStream(ks), pass.toCharArray());
Certificate signerCert = keyStore.getCertificate(alias);
byte[] encoded = signerCert.getEncoded();
X509CertImpl signerCertImpl = new X509CertImpl(encoded);
X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
X509CertImpl.NAME + "." + X509CertImpl.INFO);
X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "."
+ X509CertInfo.DN_NAME);
Date date = new Date();
PrivateKey privateKey = (PrivateKey)
keyStore.getKey(alias, pass.toCharArray());
String sigAlgName = signerCertImpl.getSigAlgOID();
X509CRLEntry[] badCerts = new X509CRLEntry[n];
CRLExtensions ext = new CRLExtensions();
ext.set("Reason", new CRLReasonCodeExtension(1));
for (int i = 0; i < n; i++) {
badCerts[i] = new X509CRLEntryImpl(
BigInteger.valueOf(i), date, ext);
}
X509CRLImpl crl = new X509CRLImpl(owner, date, date, badCerts);
crl.sign(privateKey, sigAlgName);
byte[] data = crl.getEncodedInternal();
// Make sure the CRL is big enough
if ((data[1]&0xff) != 0x84) {
throw new Exception("The file should be big enough?");
}
CertificateFactory cf = CertificateFactory.getInstance("X.509");
cf.generateCRL(new ByteArrayInputStream(data));
}
Example 15
| Source File: BigCRL.java From openjdk-8-source with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
int n = 500000;
String ks = System.getProperty("test.src", ".")
+ "/../../ssl/etc/keystore";
String pass = "passphrase";
String alias = "dummy";
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(new FileInputStream(ks), pass.toCharArray());
Certificate signerCert = keyStore.getCertificate(alias);
byte[] encoded = signerCert.getEncoded();
X509CertImpl signerCertImpl = new X509CertImpl(encoded);
X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
X509CertImpl.NAME + "." + X509CertImpl.INFO);
X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "."
+ X509CertInfo.DN_NAME);
Date date = new Date();
PrivateKey privateKey = (PrivateKey)
keyStore.getKey(alias, pass.toCharArray());
String sigAlgName = signerCertImpl.getSigAlgOID();
X509CRLEntry[] badCerts = new X509CRLEntry[n];
CRLExtensions ext = new CRLExtensions();
ext.set("Reason", new CRLReasonCodeExtension(1));
for (int i = 0; i < n; i++) {
badCerts[i] = new X509CRLEntryImpl(
BigInteger.valueOf(i), date, ext);
}
X509CRLImpl crl = new X509CRLImpl(owner, date, date, badCerts);
crl.sign(privateKey, sigAlgName);
byte[] data = crl.getEncodedInternal();
// Make sure the CRL is big enough
if ((data[1]&0xff) != 0x84) {
throw new Exception("The file should be big enough?");
}
CertificateFactory cf = CertificateFactory.getInstance("X.509");
cf.generateCRL(new ByteArrayInputStream(data));
}
Example 16
| Source File: CertificateValidator.java From keycloak with Apache License 2.0 | 4 votes |
|
private X509CRL loadFromStream(CertificateFactory cf, InputStream is) throws IOException, CRLException {
DataInputStream dis = new DataInputStream(is);
X509CRL crl = (X509CRL)cf.generateCRL(dis);
dis.close();
return crl;
}
Example 17
| Source File: BigCRL.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
int n = 500000;
String ks = System.getProperty("test.src", ".")
+ "/../../ssl/etc/keystore";
String pass = "passphrase";
String alias = "dummy";
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(new FileInputStream(ks), pass.toCharArray());
Certificate signerCert = keyStore.getCertificate(alias);
byte[] encoded = signerCert.getEncoded();
X509CertImpl signerCertImpl = new X509CertImpl(encoded);
X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
X509CertImpl.NAME + "." + X509CertImpl.INFO);
X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "."
+ X509CertInfo.DN_NAME);
Date date = new Date();
PrivateKey privateKey = (PrivateKey)
keyStore.getKey(alias, pass.toCharArray());
String sigAlgName = signerCertImpl.getSigAlgOID();
X509CRLEntry[] badCerts = new X509CRLEntry[n];
CRLExtensions ext = new CRLExtensions();
ext.set("Reason", new CRLReasonCodeExtension(1));
for (int i = 0; i < n; i++) {
badCerts[i] = new X509CRLEntryImpl(
BigInteger.valueOf(i), date, ext);
}
X509CRLImpl crl = new X509CRLImpl(owner, date, date, badCerts);
crl.sign(privateKey, sigAlgName);
byte[] data = crl.getEncodedInternal();
// Make sure the CRL is big enough
if ((data[1]&0xff) != 0x84) {
throw new Exception("The file should be big enough?");
}
CertificateFactory cf = CertificateFactory.getInstance("X.509");
cf.generateCRL(new ByteArrayInputStream(data));
}
Example 18
| Source File: BigCRL.java From hottub with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
int n = 500000;
String ks = System.getProperty("test.src", ".")
+ "/../../ssl/etc/keystore";
String pass = "passphrase";
String alias = "dummy";
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(new FileInputStream(ks), pass.toCharArray());
Certificate signerCert = keyStore.getCertificate(alias);
byte[] encoded = signerCert.getEncoded();
X509CertImpl signerCertImpl = new X509CertImpl(encoded);
X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
X509CertImpl.NAME + "." + X509CertImpl.INFO);
X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "."
+ X509CertInfo.DN_NAME);
Date date = new Date();
PrivateKey privateKey = (PrivateKey)
keyStore.getKey(alias, pass.toCharArray());
String sigAlgName = signerCertImpl.getSigAlgOID();
X509CRLEntry[] badCerts = new X509CRLEntry[n];
CRLExtensions ext = new CRLExtensions();
ext.set("Reason", new CRLReasonCodeExtension(1));
for (int i = 0; i < n; i++) {
badCerts[i] = new X509CRLEntryImpl(
BigInteger.valueOf(i), date, ext);
}
X509CRLImpl crl = new X509CRLImpl(owner, date, date, badCerts);
crl.sign(privateKey, sigAlgName);
byte[] data = crl.getEncodedInternal();
// Make sure the CRL is big enough
if ((data[1]&0xff) != 0x84) {
throw new Exception("The file should be big enough?");
}
CertificateFactory cf = CertificateFactory.getInstance("X.509");
cf.generateCRL(new ByteArrayInputStream(data));
}
Example 19
| Source File: SecurityHelper.java From lams with GNU General Public License v2.0 | 3 votes |
|
/**
* Build Java CRL from base64 encoding.
*
* @param base64CRL base64-encoded CRL
* @return a native Java X509 CRL
* @throws CertificateException thrown if there is an error constructing certificate
* @throws CRLException thrown if there is an error constructing CRL
*/
public static java.security.cert.X509CRL buildJavaX509CRL(String base64CRL)
throws CertificateException, CRLException {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream input = new ByteArrayInputStream(Base64.decode(base64CRL));
return (java.security.cert.X509CRL) cf.generateCRL(input);
}
Example 20
| Source File: ICPBR_CRL.java From signer with GNU Lesser General Public License v3.0 | 2 votes |
|
/**
*
* @param is source for creating instance
* @return X509CRL
* @throws CRLException exception
* @throws CertificateException exception
*/
private X509CRL getInstance(InputStream is) throws CRLException, CertificateException {
CertificateFactory cf = CertificateFactory.getInstance("X509");
X509CRL crl = (X509CRL) cf.generateCRL(is);
return crl;
}
