crlDataFromPem static method

CertificateRevokeListeData crlDataFromPem(String pem)

Implementation

static CertificateRevokeListeData crlDataFromPem(String pem) {
  var bytes = CryptoUtils.getBytesFromPEMString(pem);
  var asn1Parser = ASN1Parser(bytes);
  // TOP LEVEL DATA
  var topLevelSeq = asn1Parser.nextObject() as ASN1Sequence;
  var tbsCertList = topLevelSeq.elements!.elementAt(0) as ASN1Sequence;
  var sigSeq = topLevelSeq.elements!.elementAt(1) as ASN1Sequence;
  var sig = topLevelSeq.elements!.elementAt(2) as ASN1BitString;

  var certificateList = CertificateListData();

  // GET VERSION
  var asn1Version = tbsCertList.elements!.elementAt(0) as ASN1Integer;
  certificateList.version = asn1Version.integer!.toInt();

  // GET SIGNATURE
  var sigSequence = tbsCertList.elements!.elementAt(1) as ASN1Sequence;
  var oid = sigSequence.elements!.elementAt(0) as ASN1ObjectIdentifier;
  certificateList.signatureAlgorithm = oid.objectIdentifierAsString;
  certificateList.signatureAlgorithmReadableName = oid.readableName;

  // GET ISSUER
  var issuerSequence = tbsCertList.elements!.elementAt(2) as ASN1Sequence;
  var issuer = _getDnFromSeq(issuerSequence);
  certificateList.issuer = issuer;

  // GET THIS UPDATE
  var thisUpdate = tbsCertList.elements!.elementAt(3) as ASN1UtcTime;
  certificateList.thisUpdate = thisUpdate.time;

  // GET NEXT UPDATE
  var nextUpdate = tbsCertList.elements!.elementAt(4) as ASN1UtcTime;
  certificateList.nextUpdate = nextUpdate.time;

  // GET REVOKED CERTIFICATES
  var rCertificates = <RevokedCertificate>[];
  if (tbsCertList.elements!.elementAt(5) is ASN1Sequence) {
    var revokedCertificates =
        tbsCertList.elements!.elementAt(5) as ASN1Sequence;
    for (var e in revokedCertificates.elements!) {
      var revoked = RevokedCertificate();
      var data = e as ASN1Sequence;
      var asn1Int = data.elements!.elementAt(0) as ASN1Integer;
      revoked.serialNumber = asn1Int.integer!;
      var revokeDate = data.elements!.elementAt(1) as ASN1UtcTime;
      revoked.revocationDate = revokeDate.time;
      if (data.elements!.length > 2) {
        var extensions = CrlEntryExtensionsData();
        var ext = data.elements!.elementAt(2) as ASN1Sequence;
        if (ext.elements!.isNotEmpty) {
          var crlReason = ext.elements!.elementAt(0) as ASN1Sequence;
          var octedString =
              crlReason.elements!.elementAt(1) as ASN1OctetString;
          var parser = ASN1Parser(octedString.octets);
          var enumerated = parser.nextObject() as ASN1Integer;
          var int = enumerated.integer;
          var crlReasonValue = _crlReasonFromInt(int!);
          extensions.reason = crlReasonValue;
        }
        revoked.extensions = extensions;
      }
      rCertificates.add(revoked);
    }
  } else {
    // MISSING SEQUENCE THAT CONTAINS REVOKED CERTIFICATES
  }
  certificateList.revokedCertificates = rCertificates;

  // GET EXTENSIONS
  // TODO PARSE

  // GET SIGNATURE ALGORITHM
  var pubKeyOid = sigSeq.elements!.elementAt(0) as ASN1ObjectIdentifier;

  // GET SIGNATURE
  var sigAsString = _bytesAsString(sig.valueBytes!);

  return CertificateRevokeListeData(
    tbsCertList: certificateList,
    signatureAlgorithm: pubKeyOid.objectIdentifierAsString,
    signatureAlgorithmReadableName: pubKeyOid.readableName,
    signature: sigAsString,
  );
}