org.mozilla.jss.pkcs12
Class SafeBag
java.lang.Object
org.mozilla.jss.pkcs12.SafeBag
- ASN1Value
public final class SafeBag
extends java.lang.Object
A PKCS #12 SafeBag structure.
CERT_BAG
public static final OBJECT_IDENTIFIER CERT_BAG
A bag containing a certificate. The bag content is CertBag
.
CRL_BAG
public static final OBJECT_IDENTIFIER CRL_BAG
A bag containing a certificate revocation list.
The bag content is CRLBag
.
FRIENDLY_NAME
public static final OBJECT_IDENTIFIER FRIENDLY_NAME
A FriendlyName attribute. The value is a BMPString.
KEY_BAG
public static final OBJECT_IDENTIFIER KEY_BAG
A bag containing a private key. The bag content is a KeyBag,
which is equivalent to a PKCS #8 PrivateKeyInfo
LOCAL_KEY_ID
public static final OBJECT_IDENTIFIER LOCAL_KEY_ID
A LocalKeyID attribute. The value is an octet string.
PKCS12_BAG_IDS
public static final OBJECT_IDENTIFIER PKCS12_BAG_IDS
The OID branch for the PKCS #12 bag types.
PKCS12_VERSION_1
public static final OBJECT_IDENTIFIER PKCS12_VERSION_1
The OID branch for PKCS #12, version 1.0.
PKCS8_SHROUDED_KEY_BAG
public static final OBJECT_IDENTIFIER PKCS8_SHROUDED_KEY_BAG
A bag containing a private key encrypted a la PKCS #8. The bag
content is a PKCS #8 EncryptedPrivateKeyInfo.
SAFE_CONTENTS_BAG
public static final OBJECT_IDENTIFIER SAFE_CONTENTS_BAG
A bag containing a nested SafeContent . The bag content is
SafeContents, which is merely a SEQUENCE of SafeBag.
SECRET_BAG
public static final OBJECT_IDENTIFIER SECRET_BAG
A bag containing an arbitrary secret. The bag content is
SecretBag
.
SafeBag
public SafeBag(OBJECT_IDENTIFIER bagType,
ASN1Value bagContent,
SET bagAttributes)
Creates a new SafeBag from its components.
bagType
- The type of this bag. For compatibility, it should
be one of the constants defined in this class.bagContent
- The contents of the bag. The type of this parameter
is defined by the bagType
parameter.bagAttributes
- A SET of Attributes for this SafeBag. Since
attributes are optional, this parameter may be null.
createCertBag
public static SafeBag createCertBag(byte[] cert,
String friendlyName)
throws DigestException,
NoSuchAlgorithmException,
InvalidBERException
Creates a SafeBag that contains an X.509 Certificate.
The SafeBag will have a localKeyID attribute equal
to the SHA-1 hash of the certificate, and a friendlyName
attribute equal to the supplied string. This is the way Communicator
makes a CertBag. The same localKeyID attribute should be stored
in the matching private key bag.
cert
- A DER-encoded X.509 certificate.friendlyName
- Will be stored in the friendlyName
attribute of the SafeBag. Should be the nickname of the cert.
createCertBag
public static SafeBag createCertBag(byte[] cert,
String friendlyName,
byte[] localKeyID)
throws InvalidBERException
Creates a SafeBag that contains an X.509 Certificate.
The SafeBag will have the given localKeyID attribute,
and a friendlyName
attribute equal to the supplied string. This is the way Communicator
makes a CertBag. The same localKeyID attribute should be stored
in the matching private key bag.
cert
- A DER-encoded X.509 certificate.friendlyName
- Will be stored in the friendlyName
attribute of the SafeBag. Should be the nickname of the cert.localKeyID
- The bytes to used for the localKeyID. These should
be obtained from the getLocalKeyIDFromCert
method.
createEncryptedPrivateKeyBag
public static SafeBag createEncryptedPrivateKeyBag(PrivateKeyInfo privk,
String friendlyName,
byte[] localKeyID,
Password password)
throws CryptoManager.NotInitializedException,
TokenException
Creates a SafeBag containing a PKCS-8ShroudedKeyBag, which is
an EncryptedPrivateKeyInfo. The key will be encrypted using
a triple-DES PBE algorithm, using the supplied password.
privk
- The PrivateKeyInfo containing the private key.friendlyName
- The nickname for the key; should be the same
as the nickname of the associated cert.localKeyID
- The localKeyID for the key; should be the same as
the localKeyID of the associated cert.
encode
public void encode(OutputStream ostream)
throws IOException
Write this value's DER encoding to an output stream using
its own base tag.
- encode in interface ASN1Value
encode
public void encode(Tag implicitTag,
OutputStream ostream)
throws IOException
Write this value's DER encoding to an output stream using
an implicit tag.
- encode in interface ASN1Value
getBagAttributes
public SET getBagAttributes()
Returns the attributes of this bag. May return null if this bag
has no attributes. Each element of the set is a
org.mozilla.jss.pkix.primitive.Attribute
.
getBagContent
public ANY getBagContent()
Returns the contents of this bag as an ANY.
getInterpretedBagContent
public ASN1Value getInterpretedBagContent()
throws InvalidBERException
Returns the bagContent interpreted by type.
- If type is KeyBag, a PrivateKeyInfo.
If type is PKCS-8ShroudedKeyBag, an EncryptedPrivateKeyInfo.
If type is CertBag, a CertBag.
For any other type, returns an ANY.
getLocalKeyIDFromCert
public static final byte[] getLocalKeyIDFromCert(byte[] derCert)
throws DigestException,
NoSuchAlgorithmException
Computes the LocalKeyID attribute that should be stored with a key
and certificate.
derCert
- A DER-encoded X.509 certificate.
- The SHA-1 hash of the cert, which should be used as the
localKeyID attribute for the cert's SafeBag.
getTag
public Tag getTag()
Returns the base tag for this type, not counting any tags
that may be imposed on it by its context.
- getTag in interface ASN1Value