Package org.mozilla.jss.pkcs12
Class PFX
- java.lang.Object
-
- org.mozilla.jss.pkcs12.PFX
-
- All Implemented Interfaces:
ASN1Value
public class PFX extends java.lang.Object implements ASN1Value
The top level ASN.1 structure for a PKCS #12 blob.The general procedure for creating a PFX blob is as follows:
- Create instances of
SafeBagcontaining things such as private keys, certificates, or arbitrary secrets. - Store the SafeBags in one or more SEQUENCEs. Each SEQUENCE is called a SafeContents.
- Create an AuthenticatedSafes. Store each SafeContents into the
AuthenticatedSafes with
addEncryptedSafeContentsoraddSafeContents.Standard procedure for browsers is for the AuthenticatedSafes to contain two instances of SafeContents, one encrypted and the other not. Anything you want encrypted can go in the encrypted SafeContents, and anything you want in plaintext can go in the regular SafeContents. Keep in mind that private key SafeBags usually consist of an EncryptedPrivateKeyInfo, which has its own (strong) encryption, in which case it is not essential that the SafeContents containing the private key also be encrypted.
- Create a PFX containing the AuthenticatedSafes instance, using the
PFX(AuthenticatedSafes)constructor. - Add a MAC to the PFX so it can be verified, using
PFX.computeMacData.
- Use a
PFX.Templateto decode the ASN.1 into aPFXobject. - Check the output of
PFX.verifyAuthSafesto verify the MAC on the PFX. - Use
PFX.getAuthSafesto extract the AuthenticatedSafes instance. - Use
AuthenticatedSafes.getSafeContentsAtto grab the SafeContents objects in the AuthenticatedSafes. - Each SafeContents is a SEQUENCE of SafeBags, each of which may contain a private key, cert, or arbitrary secret.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classPFX.TemplateA Template for decoding a BER-encoded PFX.
-
Field Summary
Fields Modifier and Type Field Description static intDEFAULT_ITERATIONSThe default number of iterations to use when generating the MAC.
-
Constructor Summary
Constructors Constructor Description PFX(INTEGER version, AuthenticatedSafes authSafes, MacData macData)Creates a PFX with the given parameters.PFX(AuthenticatedSafes authSafes)Creates a PFX with the default version and no MacData.PFX(AuthenticatedSafes authSafes, MacData macData)Creates a PFX with the default version.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description voidcomputeMacData(Password password, byte[] salt, int iterationCount)Computes the macData field and adds it to the PFX.voidencode(java.io.OutputStream ostream)Write this value's DER encoding to an output stream using its own base tag.voidencode(Tag implicitTag, java.io.OutputStream ostream)Write this value's DER encoding to an output stream using an implicit tag.AuthenticatedSafesgetAuthSafes()MacDatagetMacData()Returns the MacData of this PFX, which is used to verify the contents.TaggetTag()Returns the base tag for this type, not counting any tags that may be imposed on it by its context.INTEGERgetVersion()static voidmain(java.lang.String[] args)booleanverifyAuthSafes(Password password, java.lang.StringBuffer reason)Verifies the HMAC on the authenticated safes, using the password provided.
-
-
-
Field Detail
-
DEFAULT_ITERATIONS
public static final int DEFAULT_ITERATIONS
The default number of iterations to use when generating the MAC. Currently, it is 1.- See Also:
- Constant Field Values
-
-
Constructor Detail
-
PFX
public PFX(INTEGER version, AuthenticatedSafes authSafes, MacData macData)
Creates a PFX with the given parameters.
-
PFX
public PFX(AuthenticatedSafes authSafes, MacData macData)
Creates a PFX with the default version.
-
PFX
public PFX(AuthenticatedSafes authSafes)
Creates a PFX with the default version and no MacData. The MacData can be added later withcomputeMacData.
-
-
Method Detail
-
getVersion
public INTEGER getVersion()
-
getAuthSafes
public AuthenticatedSafes getAuthSafes()
-
getMacData
public MacData getMacData()
Returns the MacData of this PFX, which is used to verify the contents. This field is optional. If it is not present, null is returned.
-
verifyAuthSafes
public boolean verifyAuthSafes(Password password, java.lang.StringBuffer reason) throws NotInitializedException
Verifies the HMAC on the authenticated safes, using the password provided.- Parameters:
password- The password to use to compute the HMAC.reason- If supplied, the reason for the verification failure will be appended to this StringBuffer.- Returns:
- true if the MAC verifies correctly, false otherwise. If this PFX does not contain a MacData, returns false.
- Throws:
NotInitializedException
-
computeMacData
public void computeMacData(Password password, byte[] salt, int iterationCount) throws NotInitializedException, java.security.DigestException, TokenException, java.io.CharConversionException
Computes the macData field and adds it to the PFX. The macData field is a Message Authentication Code of the AuthenticatedSafes, and is used to prove the authenticity of the PFX.- Parameters:
password- The password to be used to create the password-based MAC.salt- The salt to be used. If null is passed in, a new salt will be created from a random source.iterationCount- The iteration count for the key generation. Use DEFAULT_ITERATIONS unless there's a need to be clever.- Throws:
NotInitializedExceptionjava.security.DigestExceptionTokenExceptionjava.io.CharConversionException
-
getTag
public Tag getTag()
Description copied from interface:ASN1ValueReturns the base tag for this type, not counting any tags that may be imposed on it by its context.
-
encode
public void encode(java.io.OutputStream ostream) throws java.io.IOExceptionDescription copied from interface:ASN1ValueWrite this value's DER encoding to an output stream using its own base tag.
-
encode
public void encode(Tag implicitTag, java.io.OutputStream ostream) throws java.io.IOException
Description copied from interface:ASN1ValueWrite this value's DER encoding to an output stream using an implicit tag.
-
main
public static void main(java.lang.String[] args)
-
-