org.mozilla.jss.pkcs12

Class SafeBag

public final class SafeBag extends Object implements ASN1Value

A PKCS #12 SafeBag structure.
Nested Class Summary
static classSafeBag.Template
A template for decoding SafeBags.
Field Summary
static OBJECT_IDENTIFIERCERT_BAG
A bag containing a certificate.
static OBJECT_IDENTIFIERCRL_BAG
A bag containing a certificate revocation list.
static OBJECT_IDENTIFIERFRIENDLY_NAME
A FriendlyName attribute.
static OBJECT_IDENTIFIERKEY_BAG
A bag containing a private key.
static OBJECT_IDENTIFIERLOCAL_KEY_ID
A LocalKeyID attribute.
static OBJECT_IDENTIFIERPKCS12_BAG_IDS
The OID branch for the PKCS #12 bag types.
static OBJECT_IDENTIFIERPKCS12_VERSION_1
The OID branch for PKCS #12, version 1.0.
static OBJECT_IDENTIFIERPKCS8_SHROUDED_KEY_BAG
A bag containing a private key encrypted a la PKCS #8.
static OBJECT_IDENTIFIERSAFE_CONTENTS_BAG
A bag containing a nested SafeContent .
static OBJECT_IDENTIFIERSECRET_BAG
A bag containing an arbitrary secret.
Constructor Summary
SafeBag(OBJECT_IDENTIFIER bagType, ASN1Value bagContent, SET bagAttributes)
Creates a new SafeBag from its components.
Method Summary
static SafeBagcreateCertBag(byte[] cert, String friendlyName)
Creates a SafeBag that contains an X.509 Certificate.
static SafeBagcreateCertBag(byte[] cert, String friendlyName, byte[] localKeyID)
Creates a SafeBag that contains an X.509 Certificate.
static SafeBagcreateEncryptedPrivateKeyBag(PrivateKeyInfo privk, String friendlyName, byte[] localKeyID, Password password)
Creates a SafeBag containing a PKCS-8ShroudedKeyBag, which is an EncryptedPrivateKeyInfo.
voidencode(OutputStream ostream)
voidencode(Tag implicitTag, OutputStream ostream)
SETgetBagAttributes()
Returns the attributes of this bag.
ANYgetBagContent()
Returns the contents of this bag as an ANY.
OBJECT_IDENTIFIERgetBagType()
ASN1ValuegetInterpretedBagContent()
Returns the bagContent interpreted by type.
static byte[]getLocalKeyIDFromCert(byte[] derCert)
Computes the LocalKeyID attribute that should be stored with a key and certificate.
TaggetTag()
static SafeBag.TemplategetTemplate()

Field Detail

CERT_BAG

public static final OBJECT_IDENTIFIER CERT_BAG
A bag containing a certificate. The bag content is CertBag.

CRL_BAG

public static final OBJECT_IDENTIFIER CRL_BAG
A bag containing a certificate revocation list. The bag content is CRLBag.

FRIENDLY_NAME

public static final OBJECT_IDENTIFIER FRIENDLY_NAME
A FriendlyName attribute. The value is a BMPString.

KEY_BAG

public static final OBJECT_IDENTIFIER KEY_BAG
A bag containing a private key. The bag content is a KeyBag, which is equivalent to a PKCS #8 PrivateKeyInfo

LOCAL_KEY_ID

public static final OBJECT_IDENTIFIER LOCAL_KEY_ID
A LocalKeyID attribute. The value is an octet string.

PKCS12_BAG_IDS

public static final OBJECT_IDENTIFIER PKCS12_BAG_IDS
The OID branch for the PKCS #12 bag types.

PKCS12_VERSION_1

public static final OBJECT_IDENTIFIER PKCS12_VERSION_1
The OID branch for PKCS #12, version 1.0.

PKCS8_SHROUDED_KEY_BAG

public static final OBJECT_IDENTIFIER PKCS8_SHROUDED_KEY_BAG
A bag containing a private key encrypted a la PKCS #8. The bag content is a PKCS #8 EncryptedPrivateKeyInfo.

SAFE_CONTENTS_BAG

public static final OBJECT_IDENTIFIER SAFE_CONTENTS_BAG
A bag containing a nested SafeContent . The bag content is SafeContents, which is merely a SEQUENCE of SafeBag.

SECRET_BAG

public static final OBJECT_IDENTIFIER SECRET_BAG
A bag containing an arbitrary secret. The bag content is SecretBag.

Constructor Detail

SafeBag

public SafeBag(OBJECT_IDENTIFIER bagType, ASN1Value bagContent, SET bagAttributes)
Creates a new SafeBag from its components.

Parameters: bagType The type of this bag. For compatibility, it should be one of the constants defined in this class. bagContent The contents of the bag. The type of this parameter is defined by the bagType parameter. bagAttributes A SET of Attributes for this SafeBag. Since attributes are optional, this parameter may be null.

Method Detail

createCertBag

public static SafeBag createCertBag(byte[] cert, String friendlyName)
Creates a SafeBag that contains an X.509 Certificate. The SafeBag will have a localKeyID attribute equal to the SHA-1 hash of the certificate, and a friendlyName attribute equal to the supplied string. This is the way Communicator makes a CertBag. The same localKeyID attribute should be stored in the matching private key bag.

Parameters: cert A DER-encoded X.509 certificate. friendlyName Will be stored in the friendlyName attribute of the SafeBag. Should be the nickname of the cert.

createCertBag

public static SafeBag createCertBag(byte[] cert, String friendlyName, byte[] localKeyID)
Creates a SafeBag that contains an X.509 Certificate. The SafeBag will have the given localKeyID attribute, and a friendlyName attribute equal to the supplied string. This is the way Communicator makes a CertBag. The same localKeyID attribute should be stored in the matching private key bag.

Parameters: cert A DER-encoded X.509 certificate. friendlyName Will be stored in the friendlyName attribute of the SafeBag. Should be the nickname of the cert. localKeyID The bytes to used for the localKeyID. These should be obtained from the getLocalKeyIDFromCert method.

Throws: InvalidBERException If the cert is not a valid DER encoding.

See Also: SafeBag

createEncryptedPrivateKeyBag

public static SafeBag createEncryptedPrivateKeyBag(PrivateKeyInfo privk, String friendlyName, byte[] localKeyID, Password password)
Creates a SafeBag containing a PKCS-8ShroudedKeyBag, which is an EncryptedPrivateKeyInfo. The key will be encrypted using a triple-DES PBE algorithm, using the supplied password.

Parameters: privk The PrivateKeyInfo containing the private key. friendlyName The nickname for the key; should be the same as the nickname of the associated cert. localKeyID The localKeyID for the key; should be the same as the localKeyID of the associated cert. The password used to encrypt the private key.

encode

public void encode(OutputStream ostream)

encode

public void encode(Tag implicitTag, OutputStream ostream)

getBagAttributes

public SET getBagAttributes()
Returns the attributes of this bag. May return null if this bag has no attributes. Each element of the set is a org.mozilla.jss.pkix.primitive.Attribute.

getBagContent

public ANY getBagContent()
Returns the contents of this bag as an ANY.

getBagType

public OBJECT_IDENTIFIER getBagType()

getInterpretedBagContent

public ASN1Value getInterpretedBagContent()
Returns the bagContent interpreted by type.

Returns: If type is KeyBag, a PrivateKeyInfo.
If type is PKCS-8ShroudedKeyBag, an EncryptedPrivateKeyInfo.
If type is CertBag, a CertBag.
For any other type, returns an ANY.

getLocalKeyIDFromCert

public static final byte[] getLocalKeyIDFromCert(byte[] derCert)
Computes the LocalKeyID attribute that should be stored with a key and certificate.

Parameters: derCert A DER-encoded X.509 certificate.

Returns: The SHA-1 hash of the cert, which should be used as the localKeyID attribute for the cert's SafeBag.

getTag

public Tag getTag()

getTemplate

public static SafeBag.Template getTemplate()