Package org.mozilla.jss.pkcs12

Class AuthenticatedSafes

java.lang.Object
org.mozilla.jss.pkcs12.AuthenticatedSafes
All Implemented Interfaces:
ASN1Value
public class AuthenticatedSafes extends Object implements ASN1Value
An AuthenticatedSafes, which is a SEQUENCE of SafeContents.

  • Field Details

    • sequence

      private SEQUENCE sequence

    • DEFAULT_ITERATIONS

      public static final int DEFAULT_ITERATIONS
      The default number of hash iterations (1) when performing PBE keygen.
      See Also:

    • SALT_LENGTH

      private static final int SALT_LENGTH
      Salt length is variable with PKCS #12. NSS uses 16 bytes, MSIE uses 20. We'll use 20 to get the 4 extra bytes of security.
      See Also:

    • DEFAULT_KEY_GEN_ALG

      @Deprecated(since="5.0.1", forRemoval=true) public static final PBEAlgorithm DEFAULT_KEY_GEN_ALG
      Deprecated, for removal: This API element is subject to removal in a future version.
      The default PBE key generation algorithm: SHA-1 with RC2 40-bit CBC.

    • ACCEPT_SECURITY_DYNAMICS

      private static final boolean ACCEPT_SECURITY_DYNAMICS
      See Also:

    • TAG

      private static final Tag TAG

    • templateInstance

      private static final AuthenticatedSafes.Template templateInstance

  • Constructor Details

    • AuthenticatedSafes

      public AuthenticatedSafes()
      Default constructor, creates an empty AuthenticatedSafes.

    • AuthenticatedSafes

      public AuthenticatedSafes(SEQUENCE sequence)
      Creates an AuthenticatedSafes from a SEQUENCE of ContentInfo.
      Parameters:
      sequence - A non-null sequence of ContentInfo.

  • Method Details

    • getSequence

      public SEQUENCE getSequence()
      Returns the raw SEQUENCE which constitutes this AuthenticatedSafes. The elements of this sequence are some form of SafeContents, wrapped in a ContentInfo or an EncryptedData.

    • getSize

      public int getSize()
      Returns the size of the sequence, which is the number of SafeContents in this AuthenticatedSafes.

    • safeContentsIsEncrypted

      public boolean safeContentsIsEncrypted(int index)
      Returns true if the SafeContents at the given index in the AuthenticatedSafes is encrypted. If it is encrypted, a password must be supplied to getSafeContentsAt when accessing this SafeContents.

    • getSafeContentsAt

      public SEQUENCE getSafeContentsAt(Password password, int index) throws IllegalStateException, NotInitializedException, NoSuchAlgorithmException, InvalidBERException, IOException, InvalidKeyException, InvalidAlgorithmParameterException, TokenException, IllegalBlockSizeException, BadPaddingException
      Returns the SafeContents at the given index in the AuthenticatedSafes, decrypting it if necessary.

      The algorithm used to extract encrypted SafeContents does not conform to version 1.0 of the spec. Instead, it conforms to the draft 1.0 spec, because this is what Communicator and MSIE seem to conform to. This looks like an implementation error that has become firmly entrenched to preserve interoperability. The draft spec dictates that the encrypted content in the EncryptedContentInfo is the DER encoding of a SafeContents. This is simple enough. The 1.0 final spec says that the SafeContents is wrapped in a ContentInfo, then the ContentInfo is BER encoded, then the value octets (not the tag or length) are encrypted. No wonder people stayed with the old way.

      Parameters:
      password - The password to use to decrypt the SafeContents if it is encrypted. If the SafeContents is known to not be encrypted, this parameter can be null. If the password is incorrect, the decoding will fail somehow, probably with an InvalidBERException, BadPaddingException, or IllegalBlockSizeException.
      index - The index of the SafeContents to extract.
      Returns:
      A SafeContents object, which is merely a SEQUENCE of SafeBags.
      Throws:
      IllegalArgumentException - If no password was provided, but the SafeContents is encrypted.
      IllegalStateException
      NotInitializedException
      NoSuchAlgorithmException
      InvalidBERException
      IOException
      InvalidKeyException
      InvalidAlgorithmParameterException
      TokenException
      IllegalBlockSizeException
      BadPaddingException

    • addSafeContents

      public void addSafeContents(SEQUENCE safeContents)
      Appends an unencrypted SafeContents to the end of the AuthenticatedSafes.

    • checkSafeContents

      private static void checkSafeContents(SEQUENCE safeContents)
      Verifies that each element is a SafeBag. Throws an IllegalArgumentException otherwise.

    • addEncryptedSafeContents

      public void addEncryptedSafeContents(PBEAlgorithm keyGenAlg, Password password, byte[] salt, int iterationCount, SEQUENCE safeContents) throws NotInitializedException, InvalidKeyException, InvalidAlgorithmParameterException, TokenException, NoSuchAlgorithmException, BadPaddingException, IllegalBlockSizeException
      Encrypts a SafeContents and adds it to the AuthenticatedSafes.
      Parameters:
      keyGenAlg - The algorithm used to generate a key from the password. Must be a PBE algorithm. DEFAULT_KEY_GEN_ALG is usually fine here. It only provides 40-bit security, but if the private key material is packaged in its own EncryptedPrivateKeyInfo, the security of the SafeContents is not as important.
      password - The password to use to generate the encryption key and IV.
      salt - The salt to use to generate the key and IV. If null is passed in, the salt will be generated randomly, which is usually the right thing to do.
      iterationCount - The number of hash iterations to perform when generating the key and IV. Use DEFAULT_ITERATIONS unless you want to be clever.
      safeContents - A SafeContents, which is a SEQUENCE of SafeBags. Each element of the sequence must in fact be an instance of SafeBag.
      Throws:
      NotInitializedException
      InvalidKeyException
      InvalidAlgorithmParameterException
      TokenException
      NoSuchAlgorithmException
      BadPaddingException
      IllegalBlockSizeException

    • getTag

      public Tag getTag()
      Description copied from interface: ASN1Value
      Returns the base tag for this type, not counting any tags that may be imposed on it by its context.
      Specified by:
      getTag in interface ASN1Value
      Returns:
      Base tag.

    • encode

      public void encode(OutputStream ostream) throws IOException
      Description copied from interface: ASN1Value
      Write this value's DER encoding to an output stream using its own base tag.
      Specified by:
      encode in interface ASN1Value
      Parameters:
      ostream - Output stream.
      Throws:
      IOException - If an error occurred.

    • encode

      public void encode(Tag implicitTag, OutputStream ostream) throws IOException
      Description copied from interface: ASN1Value
      Write this value's DER encoding to an output stream using an implicit tag.
      Specified by:
      encode in interface ASN1Value
      Parameters:
      implicitTag - Implicit tag.
      ostream - Output stream.
      Throws:
      IOException - If an error occurred.

    • getTemplate

      public static AuthenticatedSafes.Template getTemplate()