Package org.mozilla.jss.pkcs12
Class SafeBag
- java.lang.Object
-
- org.mozilla.jss.pkcs12.SafeBag
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
SafeBag.Template
A template for decoding SafeBags.
-
Field Summary
Fields Modifier and Type Field Description static OBJECT_IDENTIFIER
CERT_BAG
A bag containing a certificate.static OBJECT_IDENTIFIER
CRL_BAG
A bag containing a certificate revocation list.static OBJECT_IDENTIFIER
FRIENDLY_NAME
A FriendlyName attribute.static OBJECT_IDENTIFIER
KEY_BAG
A bag containing a private key.static OBJECT_IDENTIFIER
LOCAL_KEY_ID
A LocalKeyID attribute.static OBJECT_IDENTIFIER
PKCS12_BAG_IDS
The OID branch for the PKCS #12 bag types.static OBJECT_IDENTIFIER
PKCS12_VERSION_1
The OID branch for PKCS #12, version 1.0.static OBJECT_IDENTIFIER
PKCS8_SHROUDED_KEY_BAG
A bag containing a private key encrypted a la PKCS #8.static OBJECT_IDENTIFIER
SAFE_CONTENTS_BAG
A bag containing a nested SafeContent .static OBJECT_IDENTIFIER
SECRET_BAG
A bag containing an arbitrary secret.
-
Constructor Summary
Constructors Constructor Description SafeBag(OBJECT_IDENTIFIER bagType, ASN1Value bagContent, SET bagAttributes)
Creates a new SafeBag from its components.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static SafeBag
createCertBag(byte[] cert, java.lang.String friendlyName)
Creates a SafeBag that contains an X.509 Certificate.static SafeBag
createCertBag(byte[] cert, java.lang.String friendlyName, byte[] localKeyID)
Creates a SafeBag that contains an X.509 Certificate.static SafeBag
createEncryptedPrivateKeyBag(PrivateKeyInfo privk, java.lang.String friendlyName, byte[] localKeyID, Password password)
Creates a SafeBag containing a PKCS-8ShroudedKeyBag, which is an EncryptedPrivateKeyInfo.void
encode(java.io.OutputStream ostream)
Write this value's DER encoding to an output stream using its own base tag.void
encode(Tag implicitTag, java.io.OutputStream ostream)
Write this value's DER encoding to an output stream using an implicit tag.SET
getBagAttributes()
Returns the attributes of this bag.ANY
getBagContent()
Returns the contents of this bag as an ANY.OBJECT_IDENTIFIER
getBagType()
ASN1Value
getInterpretedBagContent()
Returns the bagContent interpreted by type.static byte[]
getLocalKeyIDFromCert(byte[] derCert)
Computes the LocalKeyID attribute that should be stored with a key and certificate.Tag
getTag()
Returns the base tag for this type, not counting any tags that may be imposed on it by its context.static SafeBag.Template
getTemplate()
-
-
-
Field Detail
-
PKCS12_VERSION_1
public static final OBJECT_IDENTIFIER PKCS12_VERSION_1
The OID branch for PKCS #12, version 1.0.
-
PKCS12_BAG_IDS
public static final OBJECT_IDENTIFIER PKCS12_BAG_IDS
The OID branch for the PKCS #12 bag types.
-
KEY_BAG
public static final OBJECT_IDENTIFIER KEY_BAG
A bag containing a private key. The bag content is a KeyBag, which is equivalent to a PKCS #8 PrivateKeyInfo
-
PKCS8_SHROUDED_KEY_BAG
public static final OBJECT_IDENTIFIER PKCS8_SHROUDED_KEY_BAG
A bag containing a private key encrypted a la PKCS #8. The bag content is a PKCS #8 EncryptedPrivateKeyInfo.
-
CERT_BAG
public static final OBJECT_IDENTIFIER CERT_BAG
A bag containing a certificate. The bag content isCertBag
.
-
CRL_BAG
public static final OBJECT_IDENTIFIER CRL_BAG
A bag containing a certificate revocation list. The bag content isCRLBag
.
-
SECRET_BAG
public static final OBJECT_IDENTIFIER SECRET_BAG
A bag containing an arbitrary secret. The bag content isSecretBag
.
-
SAFE_CONTENTS_BAG
public static final OBJECT_IDENTIFIER SAFE_CONTENTS_BAG
A bag containing a nested SafeContent . The bag content is SafeContents, which is merely a SEQUENCE of SafeBag.
-
FRIENDLY_NAME
public static final OBJECT_IDENTIFIER FRIENDLY_NAME
A FriendlyName attribute. The value is a BMPString.
-
LOCAL_KEY_ID
public static final OBJECT_IDENTIFIER LOCAL_KEY_ID
A LocalKeyID attribute. The value is an octet string.
-
-
Constructor Detail
-
SafeBag
public SafeBag(OBJECT_IDENTIFIER bagType, ASN1Value bagContent, SET bagAttributes)
Creates a new SafeBag from its components.- Parameters:
bagType
- The type of this bag. For compatibility, it should be one of the constants defined in this class.bagContent
- The contents of the bag. The type of this parameter is defined by thebagType
parameter.bagAttributes
- A SET of Attributes for this SafeBag. Since attributes are optional, this parameter may be null.
-
-
Method Detail
-
getBagType
public OBJECT_IDENTIFIER getBagType()
-
getBagContent
public ANY getBagContent()
Returns the contents of this bag as an ANY.
-
getInterpretedBagContent
public ASN1Value getInterpretedBagContent() throws InvalidBERException
Returns the bagContent interpreted by type.- Returns:
- If type is KeyBag, a PrivateKeyInfo.
If type is PKCS-8ShroudedKeyBag, an EncryptedPrivateKeyInfo.
If type is CertBag, a CertBag.
For any other type, returns an ANY. - Throws:
InvalidBERException
-
getBagAttributes
public SET getBagAttributes()
Returns the attributes of this bag. May return null if this bag has no attributes. Each element of the set is aorg.mozilla.jss.pkix.primitive.Attribute
.
-
createCertBag
public static SafeBag createCertBag(byte[] cert, java.lang.String friendlyName) throws java.security.DigestException, java.security.NoSuchAlgorithmException, InvalidBERException
Creates a SafeBag that contains an X.509 Certificate. The SafeBag will have a localKeyID attribute equal to the SHA-1 hash of the certificate, and a friendlyName attribute equal to the supplied string. This is the way Communicator makes a CertBag. The same localKeyID attribute should be stored in the matching private key bag.- Parameters:
cert
- A DER-encoded X.509 certificate.friendlyName
- Will be stored in the friendlyName attribute of the SafeBag. Should be the nickname of the cert.- Throws:
java.security.DigestException
java.security.NoSuchAlgorithmException
InvalidBERException
-
createCertBag
public static SafeBag createCertBag(byte[] cert, java.lang.String friendlyName, byte[] localKeyID) throws InvalidBERException
Creates a SafeBag that contains an X.509 Certificate. The SafeBag will have the given localKeyID attribute, and a friendlyName attribute equal to the supplied string. This is the way Communicator makes a CertBag. The same localKeyID attribute should be stored in the matching private key bag.- Parameters:
cert
- A DER-encoded X.509 certificate.friendlyName
- Will be stored in the friendlyName attribute of the SafeBag. Should be the nickname of the cert.localKeyID
- The bytes to used for the localKeyID. These should be obtained from thegetLocalKeyIDFromCert
method.- Throws:
InvalidBERException
- If the cert is not a valid DER encoding.- See Also:
getLocalKeyIDFromCert(byte[])
-
getLocalKeyIDFromCert
public static final byte[] getLocalKeyIDFromCert(byte[] derCert) throws java.security.DigestException, java.security.NoSuchAlgorithmException
Computes the LocalKeyID attribute that should be stored with a key and certificate.- Parameters:
derCert
- A DER-encoded X.509 certificate.- Returns:
- The SHA-1 hash of the cert, which should be used as the localKeyID attribute for the cert's SafeBag.
- Throws:
java.security.DigestException
java.security.NoSuchAlgorithmException
-
createEncryptedPrivateKeyBag
public static SafeBag createEncryptedPrivateKeyBag(PrivateKeyInfo privk, java.lang.String friendlyName, byte[] localKeyID, Password password) throws NotInitializedException, TokenException
Creates a SafeBag containing a PKCS-8ShroudedKeyBag, which is an EncryptedPrivateKeyInfo. The key will be encrypted using a triple-DES PBE algorithm, using the supplied password.- Parameters:
privk
- The PrivateKeyInfo containing the private key.friendlyName
- The nickname for the key; should be the same as the nickname of the associated cert.localKeyID
- The localKeyID for the key; should be the same as the localKeyID of the associated cert.password
- The password used to encrypt the private key.- Throws:
NotInitializedException
TokenException
-
getTag
public Tag getTag()
Description copied from interface:ASN1Value
Returns the base tag for this type, not counting any tags that may be imposed on it by its context.
-
encode
public void encode(java.io.OutputStream ostream) throws java.io.IOException
Description copied from interface:ASN1Value
Write this value's DER encoding to an output stream using its own base tag.
-
encode
public void encode(Tag implicitTag, java.io.OutputStream ostream) throws java.io.IOException
Description copied from interface:ASN1Value
Write this value's DER encoding to an output stream using an implicit tag.
-
getTemplate
public static SafeBag.Template getTemplate()
-
-