org.mozilla.jss.pkcs12
Class AuthenticatedSafes
java.lang.Object
org.mozilla.jss.pkcs12.AuthenticatedSafes
- ASN1Value
public class AuthenticatedSafes
extends java.lang.Object
An AuthenticatedSafes, which is a SEQUENCE
of
SafeContents.
static int | DEFAULT_ITERATIONS - The default number of hash iterations (1) when performing PBE keygen.
|
static PBEAlgorithm | DEFAULT_KEY_GEN_ALG - The default PBE key generation algorithm: SHA-1 with RC2 40-bit CBC.
|
void | addEncryptedSafeContents(PBEAlgorithm keyGenAlg, Password password, byte[] salt, int iterationCount, SEQUENCE safeContents) - Encrypts a SafeContents and adds it to the AuthenticatedSafes.
|
void | addSafeContents(SEQUENCE safeContents) - Appends an unencrypted SafeContents to the end of the AuthenticatedSafes.
|
void | encode(OutputStream ostream) - Write this value's DER encoding to an output stream using
its own base tag.
|
void | encode(Tag implicitTag, OutputStream ostream) - Write this value's DER encoding to an output stream using
an implicit tag.
|
SEQUENCE | getSafeContentsAt(Password password, int index) - Returns the SafeContents at the given index in the AuthenticatedSafes,
decrypting it if necessary.
|
SEQUENCE | getSequence() - Returns the raw SEQUENCE which constitutes this
AuthenticatedSafes.
|
int | getSize() - Returns the size of the sequence, which is the number of SafeContents
in this AuthenticatedSafes.
|
Tag | getTag() - Returns the base tag for this type, not counting any tags
that may be imposed on it by its context.
|
static AuthenticatedSafes.Template | getTemplate()
|
boolean | safeContentsIsEncrypted(int index) - Returns true if the SafeContents at the given index in the
AuthenticatedSafes is encrypted.
|
DEFAULT_ITERATIONS
public static final int DEFAULT_ITERATIONS
The default number of hash iterations (1) when performing PBE keygen.
DEFAULT_KEY_GEN_ALG
public static final PBEAlgorithm DEFAULT_KEY_GEN_ALG
The default PBE key generation algorithm: SHA-1 with RC2 40-bit CBC.
AuthenticatedSafes
public AuthenticatedSafes()
Default constructor, creates an empty AuthenticatedSafes.
AuthenticatedSafes
public AuthenticatedSafes(SEQUENCE sequence)
Creates an AuthenticatedSafes from a SEQUENCE of ContentInfo.
sequence
- A non-null sequence of ContentInfo.
addEncryptedSafeContents
public void addEncryptedSafeContents(PBEAlgorithm keyGenAlg,
Password password,
byte[] salt,
int iterationCount,
SEQUENCE safeContents)
throws CryptoManager.NotInitializedException,
InvalidKeyException,
InvalidAlgorithmParameterException,
TokenException,
NoSuchAlgorithmException,
BadPaddingException,
IllegalBlockSizeException
Encrypts a SafeContents and adds it to the AuthenticatedSafes.
keyGenAlg
- The algorithm used to generate a key from the password.
Must be a PBE algorithm. DEFAULT_KEY_GEN_ALG
is
usually fine here. It only provides 40-bit security, but if the
private key material is packaged in its own
EncryptedPrivateKeyInfo, the security of the SafeContents
is not as important.password
- The password to use to generate the encryption key
and IV.salt
- The salt to use to generate the key and IV. If null is
passed in, the salt will be generated randomly, which is usually
the right thing to do.iterationCount
- The number of hash iterations to perform when
generating the key and IV. Use DEFAULT_ITERATIONS unless
you want to be clever.safeContents
- A SafeContents, which is a SEQUENCE of SafeBags.
Each element of the sequence must in fact be an instance of
SafeBag
.
addSafeContents
public void addSafeContents(SEQUENCE safeContents)
Appends an unencrypted SafeContents to the end of the AuthenticatedSafes.
encode
public void encode(OutputStream ostream)
throws IOException
Write this value's DER encoding to an output stream using
its own base tag.
- encode in interface ASN1Value
encode
public void encode(Tag implicitTag,
OutputStream ostream)
throws IOException
Write this value's DER encoding to an output stream using
an implicit tag.
- encode in interface ASN1Value
getSafeContentsAt
public SEQUENCE getSafeContentsAt(Password password,
int index)
throws IllegalStateException,
CryptoManager.NotInitializedException,
NoSuchAlgorithmException,
InvalidBERException,
IOException,
InvalidKeyException,
InvalidAlgorithmParameterException,
TokenException,
IllegalBlockSizeException,
BadPaddingException
Returns the SafeContents at the given index in the AuthenticatedSafes,
decrypting it if necessary.
The algorithm used to extract encrypted SafeContents does not
conform to version 1.0 of the spec. Instead, it conforms to the
draft 1.0 spec, because this is what Communicator and MSIE seem
to conform to. This looks like an implementation error that has
become firmly entrenched to preserve interoperability. The draft
spec dictates that the encrypted content in the EncryptedContentInfo
is the DER encoding of a SafeContents. This is simple enough. The
1.0 final spec says that the SafeContents is wrapped in a ContentInfo,
then the ContentInfo is BER encoded, then the value octets (not the
tag or length) are encrypted. No wonder people stayed with the old way.
password
- The password to use to decrypt the SafeContents if
it is encrypted. If the SafeContents is known to not be encrypted,
this parameter can be null. If the password is incorrect, the
decoding will fail somehow, probably with an InvalidBERException,
BadPaddingException, or IllegalBlockSizeException.index
- The index of the SafeContents to extract.
- A SafeContents object, which is merely a
SEQUENCE of SafeBags.
getSequence
public SEQUENCE getSequence()
Returns the raw SEQUENCE which constitutes this
AuthenticatedSafes. The elements of this sequence are some
form of SafeContents, wrapped in a ContentInfo or
an EncryptedData.
getSize
public int getSize()
Returns the size of the sequence, which is the number of SafeContents
in this AuthenticatedSafes.
getTag
public Tag getTag()
Returns the base tag for this type, not counting any tags
that may be imposed on it by its context.
- getTag in interface ASN1Value
safeContentsIsEncrypted
public boolean safeContentsIsEncrypted(int index)
Returns true if the SafeContents at the given index in the
AuthenticatedSafes is encrypted. If it is encrypted, a password
must be supplied to getSafeContentsAt
when accessing
this SafeContents.