org.mozilla.jss.pkcs12
public class PFX extends Object implements ASN1Value
The general procedure for creating a PFX blob is as follows:
SafeBag
containing things such as
private keys, certificates, or arbitrary secrets.
addEncryptedSafeContents
or
addSafeContents
.
Standard procedure for browsers is for the AuthenticatedSafes to contain two instances of SafeContents, one encrypted and the other not. Anything you want encrypted can go in the encrypted SafeContents, and anything you want in plaintext can go in the regular SafeContents. Keep in mind that private key SafeBags usually consist of an EncryptedPrivateKeyInfo, which has its own (strong) encryption, in which case it is not essential that the SafeContents containing the private key also be encrypted.
PFX(AuthenticatedSafes)
constructor.
PFX.computeMacData
.
PFX.Template
to decode the ASN.1 into a
PFX
object.
PFX.verifyAuthSafes
to verify
the MAC on the PFX.
PFX.getAuthSafes
to extract the AuthenticatedSafes
instance.
AuthenticatedSafes.getSafeContentsAt
to grab the
SafeContents objects in the AuthenticatedSafes.
Nested Class Summary | |
---|---|
static class | PFX.Template
A Template for decoding a BER-encoded PFX. |
Field Summary | |
---|---|
static int | DEFAULT_ITERATIONS
The default number of iterations to use when generating the MAC.
|
Constructor Summary | |
---|---|
PFX(INTEGER version, AuthenticatedSafes authSafes, MacData macData)
Creates a PFX with the given parameters. | |
PFX(AuthenticatedSafes authSafes, MacData macData)
Creates a PFX with the default version. | |
PFX(AuthenticatedSafes authSafes)
Creates a PFX with the default version and no MacData. |
Method Summary | |
---|---|
void | computeMacData(Password password, byte[] salt, int iterationCount)
Computes the macData field and adds it to the PFX. |
void | encode(OutputStream ostream) |
void | encode(Tag implicitTag, OutputStream ostream) |
AuthenticatedSafes | getAuthSafes() |
MacData | getMacData()
Returns the MacData of this PFX, which is used to verify the contents.
|
Tag | getTag() |
INTEGER | getVersion() |
static void | main(String[] args) |
boolean | verifyAuthSafes(Password password, StringBuffer reason)
Verifies the HMAC on the authenticated safes, using the password
provided.
|
computeMacData
.See Also: PFX
Parameters: password The password to be used to create the password-based MAC. salt The salt to be used. If null is passed in, a new salt will be created from a random source. iterationCount The iteration count for the key generation. Use DEFAULT_ITERATIONS unless there's a need to be clever.
Parameters: password The password to use to compute the HMAC. reason If supplied, the reason for the verification failure will be appended to this StringBuffer.
Returns: true if the MAC verifies correctly, false otherwise. If this PFX does not contain a MacData, returns false.