public static KeyUsage convertKeyUsage(NativeKeyUsage nativeKeyUsage)
        {
            KeyUsage keyUsage = new KeyUsage();

            keyUsage.HasKeyUsageExtension = nativeKeyUsage.HasKeyUsageExtension;
            keyUsage.IsCritical           = nativeKeyUsage.IsCritical;
            keyUsage.KeyUsageFlags        = convertIntToKeyUsageFlag(nativeKeyUsage.Value);
            return(keyUsage);
        }
        public static CertificateStr deserializeCertData(byte[] raw)
        {
            int            length = raw.Length;
            int            idx    = 0;
            CertificateStr cert   = new CertificateStr();

            cert.Version = readInt(raw, idx);
            idx         += 4;

            DeserializationFieldResult serialNumber = readByteArray(raw, idx);

            cert.SerialNumber = (byte[])serialNumber.value;
            idx += serialNumber.size;

            DeserializationFieldResult issuer = deserializeName(raw, idx);

            cert.issuer = (NameStr)issuer.value;
            idx        += issuer.size;

            DeserializationFieldResult subject = deserializeName(raw, idx);

            cert.subject = (NameStr)subject.value;
            idx         += subject.size;

            Validity validity = new Validity();

            validity.NotBefore = readLong(raw, idx); //check
            idx += 8;

            validity.NotAfter = readLong(raw, idx); //check
            idx          += 8;
            cert.Validity = validity;

            NativeExtendedKeyUsage extendedKeyUsage = new NativeExtendedKeyUsage();

            extendedKeyUsage.Count = readInt(raw, idx);
            idx += 4;

            DeserializationFieldResult extendedKeyUsageOIDs = readStringArray(raw, idx);

            extendedKeyUsage.Oids = (CMap <int, string>)extendedKeyUsageOIDs.value;
            idx += extendedKeyUsageOIDs.size;
            cert.ExtendedKeyUsage = extendedKeyUsage;

            NativeKeyUsage keyUsage = new NativeKeyUsage();

            keyUsage.Value = readInt(raw, idx);
            idx           += 4;
            cert.KeyUsage  = keyUsage;

            BasicConstraints basicConstraints = new BasicConstraints();

            basicConstraints.HasBasicConstraints = readBool(raw, idx);
            idx += 1;

            basicConstraints.IsCa = readBool(raw, idx);
            idx += 1;

            basicConstraints.MaxPathLen = readInt(raw, idx); //check FF FF FF FF becomes FF FF FE FE
            idx += 4;
            cert.BasicConstraints = basicConstraints;

            AuthorityKeyIdentifier     authorityKeyIdentifier = new AuthorityKeyIdentifier();
            DeserializationFieldResult authorityKeyId         = readByteArray(raw, idx);

            authorityKeyIdentifier.keyIdentifier = (byte[])authorityKeyId.value;
            if (authorityKeyId.size > 2)
            {
                authorityKeyIdentifier.HasAuthorityKeyIdentifier = true;
            }

            idx += authorityKeyId.size;
            cert.AuthorityKeyIdentifier = authorityKeyIdentifier;

            SubjectKeyIdentifier       subjectKeyIdentifier = new SubjectKeyIdentifier();
            DeserializationFieldResult subjectKeyId         = readByteArray(raw, idx);

            subjectKeyIdentifier.keyIdentifier = (byte[])subjectKeyId.value;
            if (subjectKeyId.size > 2)
            {
                subjectKeyIdentifier.HasSubjectKeyIdentifierExtension = true;
            }

            idx += subjectKeyId.size;
            cert.SubjectKeyIdentifier = subjectKeyIdentifier;

            DeserializationFieldResult dnsNames = readStringArray(raw, idx);

            cert.DnsNames = (CMap <int, string>)dnsNames.value;
            idx          += dnsNames.size;

            DeserializationFieldResult emailAddresses = readStringArray(raw, idx);

            cert.EmailAddresses = (CMap <int, string>)emailAddresses.value;
            idx += emailAddresses.size;

            DeserializationFieldResult ipAddresses = readStringArray(raw, idx);

            cert.IpAddresses = (CMap <int, string>)ipAddresses.value;
            idx += ipAddresses.size;

            DeserializationFieldResult urls = readStringArray(raw, idx);

            cert.Urls = (CMap <int, string>)urls.value;
            idx      += urls.size;

            DeserializationFieldResult tbsCertificate = readByteArray(raw, idx);

            cert.TbsCertificate = (byte[])tbsCertificate.value;
            idx += tbsCertificate.size;

            DeserializationFieldResult signatureAlgorithm = readByteArray(raw, idx);

            cert.SignatureAlgorithm = (byte[])signatureAlgorithm.value;
            idx += signatureAlgorithm.size;

            DeserializationFieldResult signatureValue = readByteArray(raw, idx);

            cert.Signature = (byte[])signatureValue.value;
            idx           += signatureValue.size;

            DeserializationFieldResult subjectPublicKeyInfo = readByteArray(raw, idx);

            cert.SubjectPublicKeyInfo = (byte[])subjectPublicKeyInfo.value;
            idx += subjectPublicKeyInfo.size;

            DeserializationFieldResult publicKeySignatureAlgorithm = readByteArray(raw, idx);

            cert.PublicKeyAlgName = (byte[])publicKeySignatureAlgorithm.value;
            idx += publicKeySignatureAlgorithm.size;

            DeserializationFieldResult tbsCertificateSignatureAlgorithm = readByteArray(raw, idx);

            cert.TBSSignatureAlgorithm = (byte[])tbsCertificateSignatureAlgorithm.value;
            idx += tbsCertificateSignatureAlgorithm.size;

            // todo return byte[] ?
            return(cert);
        }