Class PKCS12Util


  • public class PKCS12Util
    extends java.lang.Object
    • Field Detail

      • SUPPORTED_CERT_ENCRYPTIONS

        public static final java.util.List<PBEAlgorithm> SUPPORTED_CERT_ENCRYPTIONS
      • SUPPORTED_KEY_ENCRYPTIONS

        public static final java.util.List<PBEAlgorithm> SUPPORTED_KEY_ENCRYPTIONS
      • DEFAULT_CERT_ENCRYPTION

        public static final PBEAlgorithm DEFAULT_CERT_ENCRYPTION
      • DEFAULT_CERT_ENCRYPTION_NAME

        public static final java.lang.String DEFAULT_CERT_ENCRYPTION_NAME
        See Also:
        Constant Field Values
      • DEFAULT_KEY_ENCRYPTION

        public static final PBEAlgorithm DEFAULT_KEY_ENCRYPTION
      • DEFAULT_KEY_ENCRYPTION_NAME

        public static final java.lang.String DEFAULT_KEY_ENCRYPTION_NAME
    • Constructor Detail

      • PKCS12Util

        public PKCS12Util()
                   throws java.lang.Exception
        Throws:
        java.lang.Exception
    • Method Detail

      • setCertEncryption

        public void setCertEncryption​(java.lang.String name)
                               throws java.lang.Exception
        Throws:
        java.lang.Exception
      • setCertEncryption

        public void setCertEncryption​(PBEAlgorithm algorithm)
                               throws java.lang.Exception
        Throws:
        java.lang.Exception
      • getCertEncryption

        public PBEAlgorithm getCertEncryption()
      • setKeyEncryption

        public void setKeyEncryption​(java.lang.String name)
                              throws java.lang.Exception
        Throws:
        java.lang.Exception
      • setKeyEncryption

        public void setKeyEncryption​(PBEAlgorithm algorithm)
                              throws java.lang.Exception
        Throws:
        java.lang.Exception
      • isTrustFlagsEnabled

        public boolean isTrustFlagsEnabled()
      • setTrustFlagsEnabled

        public void setTrustFlagsEnabled​(boolean trustFlagsEnabled)
      • getTrustFlags

        @Deprecated
        public java.lang.String getTrustFlags​(X509Certificate cert)
        Deprecated.
        Use PK11Cert.getTrustFlags() instead.
      • setTrustFlags

        @Deprecated
        public void setTrustFlags​(X509Certificate cert,
                                  java.lang.String trustFlags)
                           throws java.lang.Exception
        Deprecated.
        Use PK11Cert.setTrustFlags() instead.
        Throws:
        java.lang.Exception
      • addKeyBag

        public void addKeyBag​(PKCS12KeyInfo keyInfo,
                              Password password,
                              SEQUENCE encSafeContents)
                       throws java.lang.Exception
        Add a private key to the PKCS #12 object. The PKCS12KeyInfo object received comes about in two different scenarios: - The private key could be in encrypted byte[] form (e.g. when we have merely loaded a PKCS #12 file for inspection or e.g. to delete a certificate and its associated key). In this case we simply re-use this encrypted private key info byte[]. - The private key could be a be an NSS PrivateKey handle. In this case we must export the PrivateKey from the token to obtain the EncryptedPrivateKeyInfo. The common final step is to add the encrypted private key data to a "Shrouded Key Bag" to the PKCS #12 object. Unencrypted key material is never seen.
        Throws:
        java.lang.Exception
      • create_EPKI_with_PBE_SHA1_DES3_CBC

        public ASN1Value create_EPKI_with_PBE_SHA1_DES3_CBC​(CryptoToken token,
                                                            PrivateKey privateKey,
                                                            Password password)
                                                     throws java.lang.Exception
        Throws:
        java.lang.Exception
      • create_EPKI_with_PBE_PKCS5_PBES2

        public ASN1Value create_EPKI_with_PBE_PKCS5_PBES2​(CryptoToken token,
                                                          PrivateKey privateKey,
                                                          Password password)
                                                   throws java.lang.Exception
        Throws:
        java.lang.Exception
      • addCertBag

        public void addCertBag​(PKCS12CertInfo certInfo,
                               SEQUENCE safeContents)
                        throws java.lang.Exception
        Throws:
        java.lang.Exception
      • loadFromNSS

        public void loadFromNSS​(PKCS12 pkcs12)
                         throws java.lang.Exception
        Throws:
        java.lang.Exception
      • loadFromNSS

        public void loadFromNSS​(PKCS12 pkcs12,
                                boolean includeKey,
                                boolean includeChain)
                         throws java.lang.Exception
        Throws:
        java.lang.Exception
      • loadCertFromNSS

        public void loadCertFromNSS​(PKCS12 pkcs12,
                                    java.lang.String nickname,
                                    boolean includeKey,
                                    boolean includeChain)
                             throws java.lang.Exception
        Throws:
        java.lang.Exception
      • loadCertFromNSS

        public void loadCertFromNSS​(PKCS12 pkcs12,
                                    java.lang.String nickname,
                                    boolean includeKey,
                                    boolean includeChain,
                                    java.lang.String friendlyName)
                             throws java.lang.Exception
        Throws:
        java.lang.Exception
      • loadCertFromNSS

        public void loadCertFromNSS​(PKCS12 pkcs12,
                                    X509Certificate cert,
                                    boolean includeKey,
                                    boolean includeChain)
                             throws java.lang.Exception
        Throws:
        java.lang.Exception
      • loadCertFromNSS

        public void loadCertFromNSS​(PKCS12 pkcs12,
                                    X509Certificate cert,
                                    boolean includeKey,
                                    boolean includeChain,
                                    java.lang.String friendlyName)
                             throws java.lang.Exception
        Throws:
        java.lang.Exception
      • createCertInfoFromNSS

        public PKCS12CertInfo createCertInfoFromNSS​(X509Certificate cert)
                                             throws java.lang.Exception
        Throws:
        java.lang.Exception
      • createCertInfoFromNSS

        public PKCS12CertInfo createCertInfoFromNSS​(X509Certificate cert,
                                                    java.lang.String friendlyName)
                                             throws java.lang.Exception
        Throws:
        java.lang.Exception
      • createKeyInfoFromNSS

        public PKCS12KeyInfo createKeyInfoFromNSS​(X509Certificate cert,
                                                  PrivateKey privateKey,
                                                  java.lang.String friendlyName)
                                           throws java.lang.Exception
        Throws:
        java.lang.Exception
      • generatePFX

        public PFX generatePFX​(PKCS12 pkcs12,
                               Password password)
                        throws java.lang.Exception
        Throws:
        java.lang.Exception
      • storeIntoFile

        public void storeIntoFile​(PKCS12 pkcs12,
                                  java.lang.String filename,
                                  Password password)
                           throws java.lang.Exception
        Throws:
        java.lang.Exception
      • getKeyInfo

        public PKCS12KeyInfo getKeyInfo​(SafeBag bag,
                                        Password password)
                                 throws java.lang.Exception
        Loads key bags (for IMPORT and other operations on existing PKCS #12 files). Does not decrypt EncryptedPrivateKeyInfo values, but stores them in PKCS12KeyInfo objects for possible later use.
        Throws:
        java.lang.Exception
      • getCertInfo

        public PKCS12CertInfo getCertInfo​(SafeBag bag)
                                   throws java.lang.Exception
        Throws:
        java.lang.Exception
      • getKeyInfos

        public void getKeyInfos​(PKCS12 pkcs12,
                                PFX pfx,
                                Password password)
                         throws java.lang.Exception
        Throws:
        java.lang.Exception
      • getCertInfos

        public void getCertInfos​(PKCS12 pkcs12,
                                 PFX pfx,
                                 Password password)
                          throws java.lang.Exception
        Throws:
        java.lang.Exception
      • loadFromFile

        public PKCS12 loadFromFile​(java.lang.String filename,
                                   Password password)
                            throws java.lang.Exception
        Throws:
        java.lang.Exception
      • loadFromByteArray

        public PKCS12 loadFromByteArray​(byte[] b,
                                        Password password)
                                 throws java.lang.Exception
        Throws:
        java.lang.Exception
      • loadFromFile

        public PKCS12 loadFromFile​(java.lang.String filename)
                            throws java.lang.Exception
        Throws:
        java.lang.Exception
      • getPrivateKeyType

        public PrivateKey.Type getPrivateKeyType​(java.security.PublicKey publicKey)
      • getCertBySubjectDN

        public PKCS12CertInfo getCertBySubjectDN​(PKCS12 pkcs12,
                                                 java.lang.String subjectDN)
                                          throws java.security.cert.CertificateException
        Throws:
        java.security.cert.CertificateException
      • importKey

        public void importKey​(PKCS12 pkcs12,
                              Password password,
                              java.lang.String nickname,
                              PKCS12KeyInfo keyInfo)
                       throws java.lang.Exception
        Throws:
        java.lang.Exception
      • storeCertIntoNSS

        public void storeCertIntoNSS​(PKCS12 pkcs12,
                                     Password password,
                                     PKCS12CertInfo certInfo,
                                     boolean overwrite)
                              throws java.lang.Exception
        Store a certificate (and key, if present) in NSSDB.
        Throws:
        java.lang.Exception
      • storeCertIntoNSS

        public void storeCertIntoNSS​(PKCS12 pkcs12,
                                     Password password,
                                     java.lang.String nickname,
                                     boolean overwrite)
                              throws java.lang.Exception
        Throws:
        java.lang.Exception
      • storeIntoNSS

        public void storeIntoNSS​(PKCS12 pkcs12,
                                 Password password,
                                 boolean overwrite)
                          throws java.lang.Exception
        Throws:
        java.lang.Exception