public class PFX extends java.lang.Object implements ASN1Value
The general procedure for creating a PFX blob is as follows:
SafeBag
containing things such as
private keys, certificates, or arbitrary secrets.
addEncryptedSafeContents
or
addSafeContents
.
Standard procedure for browsers is for the AuthenticatedSafes to contain two instances of SafeContents, one encrypted and the other not. Anything you want encrypted can go in the encrypted SafeContents, and anything you want in plaintext can go in the regular SafeContents. Keep in mind that private key SafeBags usually consist of an EncryptedPrivateKeyInfo, which has its own (strong) encryption, in which case it is not essential that the SafeContents containing the private key also be encrypted.
PFX(AuthenticatedSafes)
constructor.
PFX.computeMacData
.
PFX.Template
to decode the ASN.1 into a
PFX
object.
PFX.verifyAuthSafes
to verify
the MAC on the PFX.
PFX.getAuthSafes
to extract the AuthenticatedSafes
instance.
AuthenticatedSafes.getSafeContentsAt
to grab the
SafeContents objects in the AuthenticatedSafes.
Modifier and Type | Class and Description |
---|---|
static class |
PFX.Template
A Template for decoding a BER-encoded PFX.
|
Modifier and Type | Field and Description |
---|---|
static int |
DEFAULT_ITERATIONS
The default number of iterations to use when generating the MAC.
|
Constructor and Description |
---|
PFX(AuthenticatedSafes authSafes)
Creates a PFX with the default version and no MacData.
|
PFX(AuthenticatedSafes authSafes,
MacData macData)
Creates a PFX with the default version.
|
PFX(INTEGER version,
AuthenticatedSafes authSafes,
MacData macData)
Creates a PFX with the given parameters.
|
Modifier and Type | Method and Description |
---|---|
void |
computeMacData(Password password,
byte[] salt,
int iterationCount)
Computes the macData field and adds it to the PFX.
|
void |
encode(java.io.OutputStream ostream)
Write this value's DER encoding to an output stream using
its own base tag.
|
void |
encode(Tag implicitTag,
java.io.OutputStream ostream)
Write this value's DER encoding to an output stream using
an implicit tag.
|
AuthenticatedSafes |
getAuthSafes() |
MacData |
getMacData()
Returns the MacData of this PFX, which is used to verify the contents.
|
Tag |
getTag()
Returns the base tag for this type, not counting any tags
that may be imposed on it by its context.
|
INTEGER |
getVersion() |
static void |
main(java.lang.String[] args) |
boolean |
verifyAuthSafes(Password password,
java.lang.StringBuffer reason)
Verifies the HMAC on the authenticated safes, using the password
provided.
|
public static final int DEFAULT_ITERATIONS
public PFX(INTEGER version, AuthenticatedSafes authSafes, MacData macData)
public PFX(AuthenticatedSafes authSafes, MacData macData)
public PFX(AuthenticatedSafes authSafes)
computeMacData
.public INTEGER getVersion()
public AuthenticatedSafes getAuthSafes()
public MacData getMacData()
public boolean verifyAuthSafes(Password password, java.lang.StringBuffer reason) throws NotInitializedException
password
- The password to use to compute the HMAC.reason
- If supplied, the reason for the verification failure
will be appended to this StringBuffer.NotInitializedException
public void computeMacData(Password password, byte[] salt, int iterationCount) throws NotInitializedException, java.security.DigestException, TokenException, java.io.CharConversionException
password
- The password to be used to create the password-based MAC.salt
- The salt to be used. If null is passed in, a new salt
will be created from a random source.iterationCount
- The iteration count for the key generation.
Use DEFAULT_ITERATIONS unless there's a need to be clever.NotInitializedException
java.security.DigestException
TokenException
java.io.CharConversionException
public Tag getTag()
ASN1Value
public void encode(java.io.OutputStream ostream) throws java.io.IOException
ASN1Value
public void encode(Tag implicitTag, java.io.OutputStream ostream) throws java.io.IOException
ASN1Value
public static void main(java.lang.String[] args)