Package org.mozilla.jss.pkcs12

Class AuthenticatedSafes

  • All Implemented Interfaces:
    ASN1Value
    public class AuthenticatedSafes
extends java.lang.Object
implements ASN1Value
    An AuthenticatedSafes, which is a SEQUENCE of SafeContents.

    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description
      static class  AuthenticatedSafes.Template
      A Template class for decoding an AuthenticatedSafes from its BER encoding.

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static int DEFAULT_ITERATIONS
      The default number of hash iterations (1) when performing PBE keygen.
      static PBEAlgorithm DEFAULT_KEY_GEN_ALG
      The default PBE key generation algorithm: SHA-1 with RC2 40-bit CBC.

    • Constructor Summary

      Constructors 
      Constructor Description
      AuthenticatedSafes()
      Default constructor, creates an empty AuthenticatedSafes.
      AuthenticatedSafes​(SEQUENCE sequence)
      Creates an AuthenticatedSafes from a SEQUENCE of ContentInfo.

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void addEncryptedSafeContents​(PBEAlgorithm keyGenAlg, Password password, byte[] salt, int iterationCount, SEQUENCE safeContents)
      Encrypts a SafeContents and adds it to the AuthenticatedSafes.
      void addSafeContents​(SEQUENCE safeContents)
      Appends an unencrypted SafeContents to the end of the AuthenticatedSafes.
      void encode​(java.io.OutputStream ostream)
      Write this value's DER encoding to an output stream using its own base tag.
      void encode​(Tag implicitTag, java.io.OutputStream ostream)
      Write this value's DER encoding to an output stream using an implicit tag.
      SEQUENCE getSafeContentsAt​(Password password, int index)
      Returns the SafeContents at the given index in the AuthenticatedSafes, decrypting it if necessary.
      SEQUENCE getSequence()
      Returns the raw SEQUENCE which constitutes this AuthenticatedSafes.
      int getSize()
      Returns the size of the sequence, which is the number of SafeContents in this AuthenticatedSafes.
      Tag getTag()
      Returns the base tag for this type, not counting any tags that may be imposed on it by its context.
      static AuthenticatedSafes.Template getTemplate()  
      boolean safeContentsIsEncrypted​(int index)
      Returns true if the SafeContents at the given index in the AuthenticatedSafes is encrypted.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • DEFAULT_ITERATIONS

        public static final int DEFAULT_ITERATIONS
        The default number of hash iterations (1) when performing PBE keygen.
        See Also:
        Constant Field Values

      • DEFAULT_KEY_GEN_ALG

        public static final PBEAlgorithm DEFAULT_KEY_GEN_ALG
        The default PBE key generation algorithm: SHA-1 with RC2 40-bit CBC.

    • Constructor Detail

      • AuthenticatedSafes

        public AuthenticatedSafes()
        Default constructor, creates an empty AuthenticatedSafes.

      • AuthenticatedSafes

        public AuthenticatedSafes​(SEQUENCE sequence)
        Creates an AuthenticatedSafes from a SEQUENCE of ContentInfo.
        Parameters:
        sequence - A non-null sequence of ContentInfo.

    • Method Detail

      • getSequence

        public SEQUENCE getSequence()
        Returns the raw SEQUENCE which constitutes this AuthenticatedSafes. The elements of this sequence are some form of SafeContents, wrapped in a ContentInfo or an EncryptedData.

      • getSize

        public int getSize()
        Returns the size of the sequence, which is the number of SafeContents in this AuthenticatedSafes.

      • safeContentsIsEncrypted

        public boolean safeContentsIsEncrypted​(int index)
        Returns true if the SafeContents at the given index in the AuthenticatedSafes is encrypted. If it is encrypted, a password must be supplied to getSafeContentsAt when accessing this SafeContents.

      • getSafeContentsAt

        public SEQUENCE getSafeContentsAt​(Password password,
                                  int index)
                           throws java.lang.IllegalStateException,
                                  NotInitializedException,
                                  java.security.NoSuchAlgorithmException,
                                  InvalidBERException,
                                  java.io.IOException,
                                  java.security.InvalidKeyException,
                                  java.security.InvalidAlgorithmParameterException,
                                  TokenException,
                                  IllegalBlockSizeException,
                                  javax.crypto.BadPaddingException
        Returns the SafeContents at the given index in the AuthenticatedSafes, decrypting it if necessary.

        The algorithm used to extract encrypted SafeContents does not conform to version 1.0 of the spec. Instead, it conforms to the draft 1.0 spec, because this is what Communicator and MSIE seem to conform to. This looks like an implementation error that has become firmly entrenched to preserve interoperability. The draft spec dictates that the encrypted content in the EncryptedContentInfo is the DER encoding of a SafeContents. This is simple enough. The 1.0 final spec says that the SafeContents is wrapped in a ContentInfo, then the ContentInfo is BER encoded, then the value octets (not the tag or length) are encrypted. No wonder people stayed with the old way.

        Parameters:
        password - The password to use to decrypt the SafeContents if it is encrypted. If the SafeContents is known to not be encrypted, this parameter can be null. If the password is incorrect, the decoding will fail somehow, probably with an InvalidBERException, BadPaddingException, or IllegalBlockSizeException.
        index - The index of the SafeContents to extract.
        Returns:
        A SafeContents object, which is merely a SEQUENCE of SafeBags.
        Throws:
        java.lang.IllegalArgumentException - If no password was provided, but the SafeContents is encrypted.
        java.lang.IllegalStateException
        NotInitializedException
        java.security.NoSuchAlgorithmException
        InvalidBERException
        java.io.IOException
        java.security.InvalidKeyException
        java.security.InvalidAlgorithmParameterException
        TokenException
        IllegalBlockSizeException
        javax.crypto.BadPaddingException

      • addSafeContents

        public void addSafeContents​(SEQUENCE safeContents)
        Appends an unencrypted SafeContents to the end of the AuthenticatedSafes.

      • addEncryptedSafeContents

        public void addEncryptedSafeContents​(PBEAlgorithm keyGenAlg,
                                     Password password,
                                     byte[] salt,
                                     int iterationCount,
                                     SEQUENCE safeContents)
                              throws NotInitializedException,
                                     java.security.InvalidKeyException,
                                     java.security.InvalidAlgorithmParameterException,
                                     TokenException,
                                     java.security.NoSuchAlgorithmException,
                                     javax.crypto.BadPaddingException,
                                     IllegalBlockSizeException
        Encrypts a SafeContents and adds it to the AuthenticatedSafes.
        Parameters:
        keyGenAlg - The algorithm used to generate a key from the password. Must be a PBE algorithm. DEFAULT_KEY_GEN_ALG is usually fine here. It only provides 40-bit security, but if the private key material is packaged in its own EncryptedPrivateKeyInfo, the security of the SafeContents is not as important.
        password - The password to use to generate the encryption key and IV.
        salt - The salt to use to generate the key and IV. If null is passed in, the salt will be generated randomly, which is usually the right thing to do.
        iterationCount - The number of hash iterations to perform when generating the key and IV. Use DEFAULT_ITERATIONS unless you want to be clever.
        safeContents - A SafeContents, which is a SEQUENCE of SafeBags. Each element of the sequence must in fact be an instance of SafeBag.
        Throws:
        NotInitializedException
        java.security.InvalidKeyException
        java.security.InvalidAlgorithmParameterException
        TokenException
        java.security.NoSuchAlgorithmException
        javax.crypto.BadPaddingException
        IllegalBlockSizeException

      • getTag

        public Tag getTag()
        Description copied from interface: ASN1Value
        Returns the base tag for this type, not counting any tags that may be imposed on it by its context.
        Specified by:
        getTag in interface ASN1Value
        Returns:
        Base tag.

      • encode

        public void encode​(java.io.OutputStream ostream)
            throws java.io.IOException
        Description copied from interface: ASN1Value
        Write this value's DER encoding to an output stream using its own base tag.
        Specified by:
        encode in interface ASN1Value
        Parameters:
        ostream - Output stream.
        Throws:
        java.io.IOException - If an error occurred.

      • encode

        public void encode​(Tag implicitTag,
                   java.io.OutputStream ostream)
            throws java.io.IOException
        Description copied from interface: ASN1Value
        Write this value's DER encoding to an output stream using an implicit tag.
        Specified by:
        encode in interface ASN1Value
        Parameters:
        implicitTag - Implicit tag.
        ostream - Output stream.
        Throws:
        java.io.IOException - If an error occurred.