Class SafeBag

java.lang.Object
org.mozilla.jss.pkcs12.SafeBag
All Implemented Interfaces:
ASN1Value

public final class SafeBag extends Object implements ASN1Value
A PKCS #12 SafeBag structure.
  • Field Details

    • bagType

      private OBJECT_IDENTIFIER bagType
    • bagContent

      private ANY bagContent
    • bagAttributes

      private SET bagAttributes
    • PKCS12_VERSION_1

      public static final OBJECT_IDENTIFIER PKCS12_VERSION_1
      The OID branch for PKCS #12, version 1.0.
    • PKCS12_BAG_IDS

      public static final OBJECT_IDENTIFIER PKCS12_BAG_IDS
      The OID branch for the PKCS #12 bag types.
    • KEY_BAG

      public static final OBJECT_IDENTIFIER KEY_BAG
      A bag containing a private key. The bag content is a KeyBag, which is equivalent to a PKCS #8 PrivateKeyInfo
    • PKCS8_SHROUDED_KEY_BAG

      public static final OBJECT_IDENTIFIER PKCS8_SHROUDED_KEY_BAG
      A bag containing a private key encrypted a la PKCS #8. The bag content is a PKCS #8 EncryptedPrivateKeyInfo.
    • CERT_BAG

      public static final OBJECT_IDENTIFIER CERT_BAG
      A bag containing a certificate. The bag content is CertBag.
    • CRL_BAG

      public static final OBJECT_IDENTIFIER CRL_BAG
      A bag containing a certificate revocation list. The bag content is CRLBag.
    • SECRET_BAG

      public static final OBJECT_IDENTIFIER SECRET_BAG
      A bag containing an arbitrary secret. The bag content is SecretBag.
    • SAFE_CONTENTS_BAG

      public static final OBJECT_IDENTIFIER SAFE_CONTENTS_BAG
      A bag containing a nested SafeContent . The bag content is SafeContents, which is merely a SEQUENCE of SafeBag.
    • FRIENDLY_NAME

      public static final OBJECT_IDENTIFIER FRIENDLY_NAME
      A FriendlyName attribute. The value is a BMPString.
    • LOCAL_KEY_ID

      public static final OBJECT_IDENTIFIER LOCAL_KEY_ID
      A LocalKeyID attribute. The value is an octet string.
    • TAG

      private static final Tag TAG
    • templateInstance

      private static final SafeBag.Template templateInstance
  • Constructor Details

    • SafeBag

      public SafeBag(OBJECT_IDENTIFIER bagType, ASN1Value bagContent, SET bagAttributes)
      Creates a new SafeBag from its components.
      Parameters:
      bagType - The type of this bag. For compatibility, it should be one of the constants defined in this class.
      bagContent - The contents of the bag. The type of this parameter is defined by the bagType parameter.
      bagAttributes - A SET of Attributes for this SafeBag. Since attributes are optional, this parameter may be null.
  • Method Details

    • getBagType

      public OBJECT_IDENTIFIER getBagType()
    • getBagContent

      public ANY getBagContent()
      Returns the contents of this bag as an ANY.
    • getInterpretedBagContent

      public ASN1Value getInterpretedBagContent() throws InvalidBERException
      Returns the bagContent interpreted by type.
      Returns:
      If type is KeyBag, a PrivateKeyInfo.
      If type is PKCS-8ShroudedKeyBag, an EncryptedPrivateKeyInfo.
      If type is CertBag, a CertBag.
      For any other type, returns an ANY.
      Throws:
      InvalidBERException
    • getBagAttributes

      public SET getBagAttributes()
      Returns the attributes of this bag. May return null if this bag has no attributes. Each element of the set is a org.mozilla.jss.pkix.primitive.Attribute.
    • createCertBag

      public static SafeBag createCertBag(byte[] cert, String friendlyName) throws DigestException, NoSuchAlgorithmException, InvalidBERException
      Creates a SafeBag that contains an X.509 Certificate. The SafeBag will have a localKeyID attribute equal to the SHA-1 hash of the certificate, and a friendlyName attribute equal to the supplied string. This is the way Communicator makes a CertBag. The same localKeyID attribute should be stored in the matching private key bag.
      Parameters:
      cert - A DER-encoded X.509 certificate.
      friendlyName - Will be stored in the friendlyName attribute of the SafeBag. Should be the nickname of the cert.
      Throws:
      DigestException
      NoSuchAlgorithmException
      InvalidBERException
    • createCertBag

      public static SafeBag createCertBag(byte[] cert, String friendlyName, byte[] localKeyID) throws InvalidBERException
      Creates a SafeBag that contains an X.509 Certificate. The SafeBag will have the given localKeyID attribute, and a friendlyName attribute equal to the supplied string. This is the way Communicator makes a CertBag. The same localKeyID attribute should be stored in the matching private key bag.
      Parameters:
      cert - A DER-encoded X.509 certificate.
      friendlyName - Will be stored in the friendlyName attribute of the SafeBag. Should be the nickname of the cert.
      localKeyID - The bytes to used for the localKeyID. These should be obtained from the getLocalKeyIDFromCert method.
      Throws:
      InvalidBERException - If the cert is not a valid DER encoding.
      See Also:
    • getLocalKeyIDFromCert

      public static final byte[] getLocalKeyIDFromCert(byte[] derCert) throws DigestException, NoSuchAlgorithmException
      Computes the LocalKeyID attribute that should be stored with a key and certificate.
      Parameters:
      derCert - A DER-encoded X.509 certificate.
      Returns:
      The SHA-1 hash of the cert, which should be used as the localKeyID attribute for the cert's SafeBag.
      Throws:
      DigestException
      NoSuchAlgorithmException
    • createEncryptedPrivateKeyBag

      public static SafeBag createEncryptedPrivateKeyBag(PrivateKeyInfo privk, String friendlyName, byte[] localKeyID, Password password) throws NotInitializedException, TokenException
      Creates a SafeBag containing a PKCS-8ShroudedKeyBag, which is an EncryptedPrivateKeyInfo. The key will be encrypted using a triple-DES PBE algorithm, using the supplied password.
      Parameters:
      privk - The PrivateKeyInfo containing the private key.
      friendlyName - The nickname for the key; should be the same as the nickname of the associated cert.
      localKeyID - The localKeyID for the key; should be the same as the localKeyID of the associated cert.
      password - The password used to encrypt the private key.
      Throws:
      NotInitializedException
      TokenException
    • getTag

      public Tag getTag()
      Description copied from interface: ASN1Value
      Returns the base tag for this type, not counting any tags that may be imposed on it by its context.
      Specified by:
      getTag in interface ASN1Value
      Returns:
      Base tag.
    • encode

      public void encode(OutputStream ostream) throws IOException
      Description copied from interface: ASN1Value
      Write this value's DER encoding to an output stream using its own base tag.
      Specified by:
      encode in interface ASN1Value
      Parameters:
      ostream - Output stream.
      Throws:
      IOException - If an error occurred.
    • encode

      public void encode(Tag implicitTag, OutputStream ostream) throws IOException
      Description copied from interface: ASN1Value
      Write this value's DER encoding to an output stream using an implicit tag.
      Specified by:
      encode in interface ASN1Value
      Parameters:
      implicitTag - Implicit tag.
      ostream - Output stream.
      Throws:
      IOException - If an error occurred.
    • getTemplate

      public static SafeBag.Template getTemplate()