Package org.mozilla.jss.pkcs12
Class SafeBag
java.lang.Object
org.mozilla.jss.pkcs12.SafeBag
- All Implemented Interfaces:
ASN1Value
A PKCS #12 SafeBag structure.
-
Nested Class Summary
Nested Classes -
Field Summary
FieldsModifier and TypeFieldDescriptionprivate SET
private ANY
private OBJECT_IDENTIFIER
static final OBJECT_IDENTIFIER
A bag containing a certificate.static final OBJECT_IDENTIFIER
A bag containing a certificate revocation list.static final OBJECT_IDENTIFIER
A FriendlyName attribute.static final OBJECT_IDENTIFIER
A bag containing a private key.static final OBJECT_IDENTIFIER
A LocalKeyID attribute.static final OBJECT_IDENTIFIER
The OID branch for the PKCS #12 bag types.static final OBJECT_IDENTIFIER
The OID branch for PKCS #12, version 1.0.static final OBJECT_IDENTIFIER
A bag containing a private key encrypted a la PKCS #8.static final OBJECT_IDENTIFIER
A bag containing a nested SafeContent .static final OBJECT_IDENTIFIER
A bag containing an arbitrary secret.private static final Tag
private static final SafeBag.Template
-
Constructor Summary
ConstructorsConstructorDescriptionSafeBag
(OBJECT_IDENTIFIER bagType, ASN1Value bagContent, SET bagAttributes) Creates a new SafeBag from its components. -
Method Summary
Modifier and TypeMethodDescriptionstatic SafeBag
createCertBag
(byte[] cert, String friendlyName) Creates a SafeBag that contains an X.509 Certificate.static SafeBag
createCertBag
(byte[] cert, String friendlyName, byte[] localKeyID) Creates a SafeBag that contains an X.509 Certificate.static SafeBag
createEncryptedPrivateKeyBag
(PrivateKeyInfo privk, String friendlyName, byte[] localKeyID, Password password) Creates a SafeBag containing a PKCS-8ShroudedKeyBag, which is an EncryptedPrivateKeyInfo.void
encode
(OutputStream ostream) Write this value's DER encoding to an output stream using its own base tag.void
encode
(Tag implicitTag, OutputStream ostream) Write this value's DER encoding to an output stream using an implicit tag.Returns the attributes of this bag.Returns the contents of this bag as an ANY.Returns the bagContent interpreted by type.static final byte[]
getLocalKeyIDFromCert
(byte[] derCert) Computes the LocalKeyID attribute that should be stored with a key and certificate.getTag()
Returns the base tag for this type, not counting any tags that may be imposed on it by its context.static SafeBag.Template
-
Field Details
-
bagType
-
bagContent
-
bagAttributes
-
PKCS12_VERSION_1
The OID branch for PKCS #12, version 1.0. -
PKCS12_BAG_IDS
The OID branch for the PKCS #12 bag types. -
KEY_BAG
A bag containing a private key. The bag content is a KeyBag, which is equivalent to a PKCS #8 PrivateKeyInfo -
PKCS8_SHROUDED_KEY_BAG
A bag containing a private key encrypted a la PKCS #8. The bag content is a PKCS #8 EncryptedPrivateKeyInfo. -
CERT_BAG
A bag containing a certificate. The bag content isCertBag
. -
CRL_BAG
A bag containing a certificate revocation list. The bag content isCRLBag
. -
SECRET_BAG
A bag containing an arbitrary secret. The bag content isSecretBag
. -
SAFE_CONTENTS_BAG
A bag containing a nested SafeContent . The bag content is SafeContents, which is merely a SEQUENCE of SafeBag. -
FRIENDLY_NAME
A FriendlyName attribute. The value is a BMPString. -
LOCAL_KEY_ID
A LocalKeyID attribute. The value is an octet string. -
TAG
-
templateInstance
-
-
Constructor Details
-
SafeBag
Creates a new SafeBag from its components.- Parameters:
bagType
- The type of this bag. For compatibility, it should be one of the constants defined in this class.bagContent
- The contents of the bag. The type of this parameter is defined by thebagType
parameter.bagAttributes
- A SET of Attributes for this SafeBag. Since attributes are optional, this parameter may be null.
-
-
Method Details
-
getBagType
-
getBagContent
Returns the contents of this bag as an ANY. -
getInterpretedBagContent
Returns the bagContent interpreted by type.- Returns:
- If type is KeyBag, a PrivateKeyInfo.
If type is PKCS-8ShroudedKeyBag, an EncryptedPrivateKeyInfo.
If type is CertBag, a CertBag.
For any other type, returns an ANY. - Throws:
InvalidBERException
-
getBagAttributes
Returns the attributes of this bag. May return null if this bag has no attributes. Each element of the set is aorg.mozilla.jss.pkix.primitive.Attribute
. -
createCertBag
public static SafeBag createCertBag(byte[] cert, String friendlyName) throws DigestException, NoSuchAlgorithmException, InvalidBERException Creates a SafeBag that contains an X.509 Certificate. The SafeBag will have a localKeyID attribute equal to the SHA-1 hash of the certificate, and a friendlyName attribute equal to the supplied string. This is the way Communicator makes a CertBag. The same localKeyID attribute should be stored in the matching private key bag.- Parameters:
cert
- A DER-encoded X.509 certificate.friendlyName
- Will be stored in the friendlyName attribute of the SafeBag. Should be the nickname of the cert.- Throws:
DigestException
NoSuchAlgorithmException
InvalidBERException
-
createCertBag
public static SafeBag createCertBag(byte[] cert, String friendlyName, byte[] localKeyID) throws InvalidBERException Creates a SafeBag that contains an X.509 Certificate. The SafeBag will have the given localKeyID attribute, and a friendlyName attribute equal to the supplied string. This is the way Communicator makes a CertBag. The same localKeyID attribute should be stored in the matching private key bag.- Parameters:
cert
- A DER-encoded X.509 certificate.friendlyName
- Will be stored in the friendlyName attribute of the SafeBag. Should be the nickname of the cert.localKeyID
- The bytes to used for the localKeyID. These should be obtained from thegetLocalKeyIDFromCert
method.- Throws:
InvalidBERException
- If the cert is not a valid DER encoding.- See Also:
-
getLocalKeyIDFromCert
public static final byte[] getLocalKeyIDFromCert(byte[] derCert) throws DigestException, NoSuchAlgorithmException Computes the LocalKeyID attribute that should be stored with a key and certificate.- Parameters:
derCert
- A DER-encoded X.509 certificate.- Returns:
- The SHA-1 hash of the cert, which should be used as the localKeyID attribute for the cert's SafeBag.
- Throws:
DigestException
NoSuchAlgorithmException
-
createEncryptedPrivateKeyBag
public static SafeBag createEncryptedPrivateKeyBag(PrivateKeyInfo privk, String friendlyName, byte[] localKeyID, Password password) throws NotInitializedException, TokenException Creates a SafeBag containing a PKCS-8ShroudedKeyBag, which is an EncryptedPrivateKeyInfo. The key will be encrypted using a triple-DES PBE algorithm, using the supplied password.- Parameters:
privk
- The PrivateKeyInfo containing the private key.friendlyName
- The nickname for the key; should be the same as the nickname of the associated cert.localKeyID
- The localKeyID for the key; should be the same as the localKeyID of the associated cert.password
- The password used to encrypt the private key.- Throws:
NotInitializedException
TokenException
-
getTag
Description copied from interface:ASN1Value
Returns the base tag for this type, not counting any tags that may be imposed on it by its context. -
encode
Description copied from interface:ASN1Value
Write this value's DER encoding to an output stream using its own base tag.- Specified by:
encode
in interfaceASN1Value
- Parameters:
ostream
- Output stream.- Throws:
IOException
- If an error occurred.
-
encode
Description copied from interface:ASN1Value
Write this value's DER encoding to an output stream using an implicit tag.- Specified by:
encode
in interfaceASN1Value
- Parameters:
implicitTag
- Implicit tag.ostream
- Output stream.- Throws:
IOException
- If an error occurred.
-
getTemplate
-