org.mozilla.jss.pkcs12

Class PFX

public class PFX extends Object implements ASN1Value

The top level ASN.1 structure for a PKCS #12 blob.

The general procedure for creating a PFX blob is as follows:

To decode a PFX,
Nested Class Summary
static classPFX.Template
A Template for decoding a BER-encoded PFX.
Field Summary
static intDEFAULT_ITERATIONS
The default number of iterations to use when generating the MAC.
Constructor Summary
PFX(INTEGER version, AuthenticatedSafes authSafes, MacData macData)
Creates a PFX with the given parameters.
PFX(AuthenticatedSafes authSafes, MacData macData)
Creates a PFX with the default version.
PFX(AuthenticatedSafes authSafes)
Creates a PFX with the default version and no MacData.
Method Summary
voidcomputeMacData(Password password, byte[] salt, int iterationCount)
Computes the macData field and adds it to the PFX.
voidencode(OutputStream ostream)
voidencode(Tag implicitTag, OutputStream ostream)
AuthenticatedSafesgetAuthSafes()
MacDatagetMacData()
Returns the MacData of this PFX, which is used to verify the contents.
TaggetTag()
INTEGERgetVersion()
static voidmain(String[] args)
booleanverifyAuthSafes(Password password, StringBuffer reason)
Verifies the HMAC on the authenticated safes, using the password provided.

Field Detail

DEFAULT_ITERATIONS

public static final int DEFAULT_ITERATIONS
The default number of iterations to use when generating the MAC. Currently, it is 1.

Constructor Detail

PFX

public PFX(INTEGER version, AuthenticatedSafes authSafes, MacData macData)
Creates a PFX with the given parameters.

PFX

public PFX(AuthenticatedSafes authSafes, MacData macData)
Creates a PFX with the default version.

PFX

public PFX(AuthenticatedSafes authSafes)
Creates a PFX with the default version and no MacData. The MacData can be added later with computeMacData.

See Also: PFX

Method Detail

computeMacData

public void computeMacData(Password password, byte[] salt, int iterationCount)
Computes the macData field and adds it to the PFX. The macData field is a Message Authentication Code of the AuthenticatedSafes, and is used to prove the authenticity of the PFX.

Parameters: password The password to be used to create the password-based MAC. salt The salt to be used. If null is passed in, a new salt will be created from a random source. iterationCount The iteration count for the key generation. Use DEFAULT_ITERATIONS unless there's a need to be clever.

encode

public void encode(OutputStream ostream)

encode

public void encode(Tag implicitTag, OutputStream ostream)

getAuthSafes

public AuthenticatedSafes getAuthSafes()

getMacData

public MacData getMacData()
Returns the MacData of this PFX, which is used to verify the contents. This field is optional. If it is not present, null is returned.

getTag

public Tag getTag()

getVersion

public INTEGER getVersion()

main

public static void main(String[] args)

verifyAuthSafes

public boolean verifyAuthSafes(Password password, StringBuffer reason)
Verifies the HMAC on the authenticated safes, using the password provided.

Parameters: password The password to use to compute the HMAC. reason If supplied, the reason for the verification failure will be appended to this StringBuffer.

Returns: true if the MAC verifies correctly, false otherwise. If this PFX does not contain a MacData, returns false.