Class SafeBag

  • All Implemented Interfaces:
    ASN1Value

    public final class SafeBag
    extends java.lang.Object
    implements ASN1Value
    A PKCS #12 SafeBag structure.
    • Field Detail

      • PKCS12_VERSION_1

        public static final OBJECT_IDENTIFIER PKCS12_VERSION_1
        The OID branch for PKCS #12, version 1.0.
      • PKCS12_BAG_IDS

        public static final OBJECT_IDENTIFIER PKCS12_BAG_IDS
        The OID branch for the PKCS #12 bag types.
      • KEY_BAG

        public static final OBJECT_IDENTIFIER KEY_BAG
        A bag containing a private key. The bag content is a KeyBag, which is equivalent to a PKCS #8 PrivateKeyInfo
      • PKCS8_SHROUDED_KEY_BAG

        public static final OBJECT_IDENTIFIER PKCS8_SHROUDED_KEY_BAG
        A bag containing a private key encrypted a la PKCS #8. The bag content is a PKCS #8 EncryptedPrivateKeyInfo.
      • CERT_BAG

        public static final OBJECT_IDENTIFIER CERT_BAG
        A bag containing a certificate. The bag content is CertBag.
      • CRL_BAG

        public static final OBJECT_IDENTIFIER CRL_BAG
        A bag containing a certificate revocation list. The bag content is CRLBag.
      • SECRET_BAG

        public static final OBJECT_IDENTIFIER SECRET_BAG
        A bag containing an arbitrary secret. The bag content is SecretBag.
      • SAFE_CONTENTS_BAG

        public static final OBJECT_IDENTIFIER SAFE_CONTENTS_BAG
        A bag containing a nested SafeContent . The bag content is SafeContents, which is merely a SEQUENCE of SafeBag.
      • FRIENDLY_NAME

        public static final OBJECT_IDENTIFIER FRIENDLY_NAME
        A FriendlyName attribute. The value is a BMPString.
      • LOCAL_KEY_ID

        public static final OBJECT_IDENTIFIER LOCAL_KEY_ID
        A LocalKeyID attribute. The value is an octet string.
    • Constructor Detail

      • SafeBag

        public SafeBag​(OBJECT_IDENTIFIER bagType,
                       ASN1Value bagContent,
                       SET bagAttributes)
        Creates a new SafeBag from its components.
        Parameters:
        bagType - The type of this bag. For compatibility, it should be one of the constants defined in this class.
        bagContent - The contents of the bag. The type of this parameter is defined by the bagType parameter.
        bagAttributes - A SET of Attributes for this SafeBag. Since attributes are optional, this parameter may be null.
    • Method Detail

      • getBagContent

        public ANY getBagContent()
        Returns the contents of this bag as an ANY.
      • getInterpretedBagContent

        public ASN1Value getInterpretedBagContent()
                                           throws InvalidBERException
        Returns the bagContent interpreted by type.
        Returns:
        If type is KeyBag, a PrivateKeyInfo.
        If type is PKCS-8ShroudedKeyBag, an EncryptedPrivateKeyInfo.
        If type is CertBag, a CertBag.
        For any other type, returns an ANY.
        Throws:
        InvalidBERException
      • getBagAttributes

        public SET getBagAttributes()
        Returns the attributes of this bag. May return null if this bag has no attributes. Each element of the set is a org.mozilla.jss.pkix.primitive.Attribute.
      • createCertBag

        public static SafeBag createCertBag​(byte[] cert,
                                            java.lang.String friendlyName)
                                     throws java.security.DigestException,
                                            java.security.NoSuchAlgorithmException,
                                            InvalidBERException
        Creates a SafeBag that contains an X.509 Certificate. The SafeBag will have a localKeyID attribute equal to the SHA-1 hash of the certificate, and a friendlyName attribute equal to the supplied string. This is the way Communicator makes a CertBag. The same localKeyID attribute should be stored in the matching private key bag.
        Parameters:
        cert - A DER-encoded X.509 certificate.
        friendlyName - Will be stored in the friendlyName attribute of the SafeBag. Should be the nickname of the cert.
        Throws:
        java.security.DigestException
        java.security.NoSuchAlgorithmException
        InvalidBERException
      • createCertBag

        public static SafeBag createCertBag​(byte[] cert,
                                            java.lang.String friendlyName,
                                            byte[] localKeyID)
                                     throws InvalidBERException
        Creates a SafeBag that contains an X.509 Certificate. The SafeBag will have the given localKeyID attribute, and a friendlyName attribute equal to the supplied string. This is the way Communicator makes a CertBag. The same localKeyID attribute should be stored in the matching private key bag.
        Parameters:
        cert - A DER-encoded X.509 certificate.
        friendlyName - Will be stored in the friendlyName attribute of the SafeBag. Should be the nickname of the cert.
        localKeyID - The bytes to used for the localKeyID. These should be obtained from the getLocalKeyIDFromCert method.
        Throws:
        InvalidBERException - If the cert is not a valid DER encoding.
        See Also:
        getLocalKeyIDFromCert(byte[])
      • getLocalKeyIDFromCert

        public static final byte[] getLocalKeyIDFromCert​(byte[] derCert)
                                                  throws java.security.DigestException,
                                                         java.security.NoSuchAlgorithmException
        Computes the LocalKeyID attribute that should be stored with a key and certificate.
        Parameters:
        derCert - A DER-encoded X.509 certificate.
        Returns:
        The SHA-1 hash of the cert, which should be used as the localKeyID attribute for the cert's SafeBag.
        Throws:
        java.security.DigestException
        java.security.NoSuchAlgorithmException
      • createEncryptedPrivateKeyBag

        public static SafeBag createEncryptedPrivateKeyBag​(PrivateKeyInfo privk,
                                                           java.lang.String friendlyName,
                                                           byte[] localKeyID,
                                                           Password password)
                                                    throws NotInitializedException,
                                                           TokenException
        Creates a SafeBag containing a PKCS-8ShroudedKeyBag, which is an EncryptedPrivateKeyInfo. The key will be encrypted using a triple-DES PBE algorithm, using the supplied password.
        Parameters:
        privk - The PrivateKeyInfo containing the private key.
        friendlyName - The nickname for the key; should be the same as the nickname of the associated cert.
        localKeyID - The localKeyID for the key; should be the same as the localKeyID of the associated cert.
        password - The password used to encrypt the private key.
        Throws:
        NotInitializedException
        TokenException
      • getTag

        public Tag getTag()
        Description copied from interface: ASN1Value
        Returns the base tag for this type, not counting any tags that may be imposed on it by its context.
        Specified by:
        getTag in interface ASN1Value
        Returns:
        Base tag.
      • encode

        public void encode​(java.io.OutputStream ostream)
                    throws java.io.IOException
        Description copied from interface: ASN1Value
        Write this value's DER encoding to an output stream using its own base tag.
        Specified by:
        encode in interface ASN1Value
        Parameters:
        ostream - Output stream.
        Throws:
        java.io.IOException - If an error occurred.
      • encode

        public void encode​(Tag implicitTag,
                           java.io.OutputStream ostream)
                    throws java.io.IOException
        Description copied from interface: ASN1Value
        Write this value's DER encoding to an output stream using an implicit tag.
        Specified by:
        encode in interface ASN1Value
        Parameters:
        implicitTag - Implicit tag.
        ostream - Output stream.
        Throws:
        java.io.IOException - If an error occurred.