Package org.mozilla.jss.pkcs12
Class AuthenticatedSafes
java.lang.Object
org.mozilla.jss.pkcs12.AuthenticatedSafes
- All Implemented Interfaces:
ASN1Value
An AuthenticatedSafes, which is a
SEQUENCE
of
SafeContents.-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic class
A Template class for decoding an AuthenticatedSafes from its BER encoding. -
Field Summary
FieldsModifier and TypeFieldDescriptionprivate static final boolean
static final int
The default number of hash iterations (1) when performing PBE keygen.static final PBEAlgorithm
Deprecated, for removal: This API element is subject to removal in a future version.private static final int
Salt length is variable with PKCS #12.private SEQUENCE
private static final Tag
private static final AuthenticatedSafes.Template
-
Constructor Summary
ConstructorsConstructorDescriptionDefault constructor, creates an empty AuthenticatedSafes.AuthenticatedSafes
(SEQUENCE sequence) Creates an AuthenticatedSafes from a SEQUENCE of ContentInfo. -
Method Summary
Modifier and TypeMethodDescriptionvoid
addEncryptedSafeContents
(PBEAlgorithm keyGenAlg, Password password, byte[] salt, int iterationCount, SEQUENCE safeContents) Encrypts a SafeContents and adds it to the AuthenticatedSafes.void
addSafeContents
(SEQUENCE safeContents) Appends an unencrypted SafeContents to the end of the AuthenticatedSafes.private static void
checkSafeContents
(SEQUENCE safeContents) Verifies that each element is a SafeBag.void
encode
(OutputStream ostream) Write this value's DER encoding to an output stream using its own base tag.void
encode
(Tag implicitTag, OutputStream ostream) Write this value's DER encoding to an output stream using an implicit tag.getSafeContentsAt
(Password password, int index) Returns the SafeContents at the given index in the AuthenticatedSafes, decrypting it if necessary.Returns the raw SEQUENCE which constitutes this AuthenticatedSafes.int
getSize()
Returns the size of the sequence, which is the number of SafeContents in this AuthenticatedSafes.getTag()
Returns the base tag for this type, not counting any tags that may be imposed on it by its context.static AuthenticatedSafes.Template
(package private) static void
print_byte_array
(byte[] bytes) boolean
safeContentsIsEncrypted
(int index) Returns true if the SafeContents at the given index in the AuthenticatedSafes is encrypted.
-
Field Details
-
sequence
-
DEFAULT_ITERATIONS
public static final int DEFAULT_ITERATIONSThe default number of hash iterations (1) when performing PBE keygen.- See Also:
-
SALT_LENGTH
private static final int SALT_LENGTHSalt length is variable with PKCS #12. NSS uses 16 bytes, MSIE uses 20. We'll use 20 to get the 4 extra bytes of security.- See Also:
-
DEFAULT_KEY_GEN_ALG
Deprecated, for removal: This API element is subject to removal in a future version.The default PBE key generation algorithm: SHA-1 with RC2 40-bit CBC. -
ACCEPT_SECURITY_DYNAMICS
private static final boolean ACCEPT_SECURITY_DYNAMICS- See Also:
-
TAG
-
templateInstance
-
-
Constructor Details
-
AuthenticatedSafes
public AuthenticatedSafes()Default constructor, creates an empty AuthenticatedSafes. -
AuthenticatedSafes
Creates an AuthenticatedSafes from a SEQUENCE of ContentInfo.- Parameters:
sequence
- A non-null sequence of ContentInfo.
-
-
Method Details
-
getSequence
Returns the raw SEQUENCE which constitutes this AuthenticatedSafes. The elements of this sequence are some form of SafeContents, wrapped in a ContentInfo or an EncryptedData. -
getSize
public int getSize()Returns the size of the sequence, which is the number of SafeContents in this AuthenticatedSafes. -
safeContentsIsEncrypted
public boolean safeContentsIsEncrypted(int index) Returns true if the SafeContents at the given index in the AuthenticatedSafes is encrypted. If it is encrypted, a password must be supplied togetSafeContentsAt
when accessing this SafeContents. -
getSafeContentsAt
public SEQUENCE getSafeContentsAt(Password password, int index) throws IllegalStateException, NotInitializedException, NoSuchAlgorithmException, InvalidBERException, IOException, InvalidKeyException, InvalidAlgorithmParameterException, TokenException, IllegalBlockSizeException, BadPaddingException Returns the SafeContents at the given index in the AuthenticatedSafes, decrypting it if necessary.The algorithm used to extract encrypted SafeContents does not conform to version 1.0 of the spec. Instead, it conforms to the draft 1.0 spec, because this is what Communicator and MSIE seem to conform to. This looks like an implementation error that has become firmly entrenched to preserve interoperability. The draft spec dictates that the encrypted content in the EncryptedContentInfo is the DER encoding of a SafeContents. This is simple enough. The 1.0 final spec says that the SafeContents is wrapped in a ContentInfo, then the ContentInfo is BER encoded, then the value octets (not the tag or length) are encrypted. No wonder people stayed with the old way.
- Parameters:
password
- The password to use to decrypt the SafeContents if it is encrypted. If the SafeContents is known to not be encrypted, this parameter can be null. If the password is incorrect, the decoding will fail somehow, probably with an InvalidBERException, BadPaddingException, or IllegalBlockSizeException.index
- The index of the SafeContents to extract.- Returns:
- A SafeContents object, which is merely a SEQUENCE of SafeBags.
- Throws:
IllegalArgumentException
- If no password was provided, but the SafeContents is encrypted.IllegalStateException
NotInitializedException
NoSuchAlgorithmException
InvalidBERException
IOException
InvalidKeyException
InvalidAlgorithmParameterException
TokenException
IllegalBlockSizeException
BadPaddingException
-
print_byte_array
static void print_byte_array(byte[] bytes) -
addSafeContents
Appends an unencrypted SafeContents to the end of the AuthenticatedSafes. -
checkSafeContents
Verifies that each element is a SafeBag. Throws an IllegalArgumentException otherwise. -
addEncryptedSafeContents
public void addEncryptedSafeContents(PBEAlgorithm keyGenAlg, Password password, byte[] salt, int iterationCount, SEQUENCE safeContents) throws NotInitializedException, InvalidKeyException, InvalidAlgorithmParameterException, TokenException, NoSuchAlgorithmException, BadPaddingException, IllegalBlockSizeException Encrypts a SafeContents and adds it to the AuthenticatedSafes.- Parameters:
keyGenAlg
- The algorithm used to generate a key from the password. Must be a PBE algorithm.DEFAULT_KEY_GEN_ALG
is usually fine here. It only provides 40-bit security, but if the private key material is packaged in its own EncryptedPrivateKeyInfo, the security of the SafeContents is not as important.password
- The password to use to generate the encryption key and IV.salt
- The salt to use to generate the key and IV. If null is passed in, the salt will be generated randomly, which is usually the right thing to do.iterationCount
- The number of hash iterations to perform when generating the key and IV. Use DEFAULT_ITERATIONS unless you want to be clever.safeContents
- A SafeContents, which is a SEQUENCE of SafeBags. Each element of the sequence must in fact be an instance ofSafeBag
.- Throws:
NotInitializedException
InvalidKeyException
InvalidAlgorithmParameterException
TokenException
NoSuchAlgorithmException
BadPaddingException
IllegalBlockSizeException
-
getTag
Description copied from interface:ASN1Value
Returns the base tag for this type, not counting any tags that may be imposed on it by its context. -
encode
Description copied from interface:ASN1Value
Write this value's DER encoding to an output stream using its own base tag.- Specified by:
encode
in interfaceASN1Value
- Parameters:
ostream
- Output stream.- Throws:
IOException
- If an error occurred.
-
encode
Description copied from interface:ASN1Value
Write this value's DER encoding to an output stream using an implicit tag.- Specified by:
encode
in interfaceASN1Value
- Parameters:
implicitTag
- Implicit tag.ostream
- Output stream.- Throws:
IOException
- If an error occurred.
-
getTemplate
-