org.mozilla.jss.pkcs12

Class AuthenticatedSafes

public class AuthenticatedSafes extends Object implements ASN1Value

An AuthenticatedSafes, which is a SEQUENCE of SafeContents.
Nested Class Summary
static classAuthenticatedSafes.Template
A Template class for decoding an AuthenticatedSafes from its BER encoding.
Field Summary
static intDEFAULT_ITERATIONS
The default number of hash iterations (1) when performing PBE keygen.
static PBEAlgorithmDEFAULT_KEY_GEN_ALG
The default PBE key generation algorithm: SHA-1 with RC2 40-bit CBC.
Constructor Summary
AuthenticatedSafes()
Default constructor, creates an empty AuthenticatedSafes.
AuthenticatedSafes(SEQUENCE sequence)
Creates an AuthenticatedSafes from a SEQUENCE of ContentInfo.
Method Summary
voidaddEncryptedSafeContents(PBEAlgorithm keyGenAlg, Password password, byte[] salt, int iterationCount, SEQUENCE safeContents)
Encrypts a SafeContents and adds it to the AuthenticatedSafes.
voidaddSafeContents(SEQUENCE safeContents)
Appends an unencrypted SafeContents to the end of the AuthenticatedSafes.
voidencode(OutputStream ostream)
voidencode(Tag implicitTag, OutputStream ostream)
SEQUENCEgetSafeContentsAt(Password password, int index)
Returns the SafeContents at the given index in the AuthenticatedSafes, decrypting it if necessary.
SEQUENCEgetSequence()
Returns the raw SEQUENCE which constitutes this AuthenticatedSafes.
intgetSize()
Returns the size of the sequence, which is the number of SafeContents in this AuthenticatedSafes.
TaggetTag()
static AuthenticatedSafes.TemplategetTemplate()
booleansafeContentsIsEncrypted(int index)
Returns true if the SafeContents at the given index in the AuthenticatedSafes is encrypted.

Field Detail

DEFAULT_ITERATIONS

public static final int DEFAULT_ITERATIONS
The default number of hash iterations (1) when performing PBE keygen.

DEFAULT_KEY_GEN_ALG

public static final PBEAlgorithm DEFAULT_KEY_GEN_ALG
The default PBE key generation algorithm: SHA-1 with RC2 40-bit CBC.

Constructor Detail

AuthenticatedSafes

public AuthenticatedSafes()
Default constructor, creates an empty AuthenticatedSafes.

AuthenticatedSafes

public AuthenticatedSafes(SEQUENCE sequence)
Creates an AuthenticatedSafes from a SEQUENCE of ContentInfo.

Parameters: sequence A non-null sequence of ContentInfo.

Method Detail

addEncryptedSafeContents

public void addEncryptedSafeContents(PBEAlgorithm keyGenAlg, Password password, byte[] salt, int iterationCount, SEQUENCE safeContents)
Encrypts a SafeContents and adds it to the AuthenticatedSafes.

Parameters: keyGenAlg The algorithm used to generate a key from the password. Must be a PBE algorithm. DEFAULT_KEY_GEN_ALG is usually fine here. It only provides 40-bit security, but if the private key material is packaged in its own EncryptedPrivateKeyInfo, the security of the SafeContents is not as important. password The password to use to generate the encryption key and IV. salt The salt to use to generate the key and IV. If null is passed in, the salt will be generated randomly, which is usually the right thing to do. iterationCount The number of hash iterations to perform when generating the key and IV. Use DEFAULT_ITERATIONS unless you want to be clever. safeContents A SafeContents, which is a SEQUENCE of SafeBags. Each element of the sequence must in fact be an instance of SafeBag.

addSafeContents

public void addSafeContents(SEQUENCE safeContents)
Appends an unencrypted SafeContents to the end of the AuthenticatedSafes.

encode

public void encode(OutputStream ostream)

encode

public void encode(Tag implicitTag, OutputStream ostream)

getSafeContentsAt

public SEQUENCE getSafeContentsAt(Password password, int index)
Returns the SafeContents at the given index in the AuthenticatedSafes, decrypting it if necessary.

The algorithm used to extract encrypted SafeContents does not conform to version 1.0 of the spec. Instead, it conforms to the draft 1.0 spec, because this is what Communicator and MSIE seem to conform to. This looks like an implementation error that has become firmly entrenched to preserve interoperability. The draft spec dictates that the encrypted content in the EncryptedContentInfo is the DER encoding of a SafeContents. This is simple enough. The 1.0 final spec says that the SafeContents is wrapped in a ContentInfo, then the ContentInfo is BER encoded, then the value octets (not the tag or length) are encrypted. No wonder people stayed with the old way.

Parameters: password The password to use to decrypt the SafeContents if it is encrypted. If the SafeContents is known to not be encrypted, this parameter can be null. If the password is incorrect, the decoding will fail somehow, probably with an InvalidBERException, BadPaddingException, or IllegalBlockSizeException. index The index of the SafeContents to extract.

Returns: A SafeContents object, which is merely a SEQUENCE of SafeBags.

Throws: IllegalArgumentException If no password was provided, but the SafeContents is encrypted.

getSequence

public SEQUENCE getSequence()
Returns the raw SEQUENCE which constitutes this AuthenticatedSafes. The elements of this sequence are some form of SafeContents, wrapped in a ContentInfo or an EncryptedData.

getSize

public int getSize()
Returns the size of the sequence, which is the number of SafeContents in this AuthenticatedSafes.

getTag

public Tag getTag()

getTemplate

public static AuthenticatedSafes.Template getTemplate()

safeContentsIsEncrypted

public boolean safeContentsIsEncrypted(int index)
Returns true if the SafeContents at the given index in the AuthenticatedSafes is encrypted. If it is encrypted, a password must be supplied to getSafeContentsAt when accessing this SafeContents.