|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
com.ibm.security.pkcs12.PKCS12PFX
Implements the PKCS #12 PFX PDU type. The data in a PFX can be protected in one of two integrity modes: password or public-key integrity. The individual data items can be protected in one of three privacy modes: no privacy, password privacy or public-key privacy.
A PKCS #12 PFX PDU is composed of a PKCS #7 ContentInfo object of content type Data (in password-integrity mode) or content type SignedData (in public-key integrity mode) and an optional MAC data (present only in password-integrity mode). The version number is 3 for the PKCS #12 v1.0 standard (dated June 24, 1999).
The authSafe ContentInfo contents is itself a sequence of ContentInfos which may each be protected in one of three privacy modes: no privacy (content type Data), password privacy (content type SignedData) or public-key privacy (content type EnvelopedData). Netscape and most other PFX applications do not support public-key integrity or privacy. There are also certain requirements on the methodology of password protection for Netscape-importable PFXs. For this reason, if you wish to construct a PFX for use in Netscape browsers, use the PFX class.
PKCS12PFX objects are not immutable; they may be changed once created. After construction, data items such as private keys, encrypted private keys, certificates and certificate revocation lists may be added. In addition, a message authentication code can be added to protect the data integrity of the PFX.
ContentInfo
,
MacData
,
PFX
Constructor Summary | |
PKCS12PFX()
Create a PKCS12PFX object with attributes to be filled in later. |
|
PKCS12PFX(byte[] der)
Create a PKCS12PFX object with a DER byte array. |
|
PKCS12PFX(byte[] der,
String provider)
Create a PKCS12PFX object with a DER byte array. |
|
PKCS12PFX(String provider)
Create a PKCS12PFX object with attributes to be filled in later. |
|
PKCS12PFX(String filename,
boolean base64)
Create a PKCS12PFX with the filename of the DER-encoded or BASE64-encoded object. |
|
PKCS12PFX(String filename,
boolean base64,
String provider)
Create a PKCS12PFX with the filename of the DER-encoded or BASE64-encoded object. |
Method Summary | |
void |
addBag(Object obj,
PKCSAttributes attrs)
Add a piece of private information (represented by an input object) to this PFX. |
void |
addBagWithPasswordPrivacy(Object obj,
PKCSAttributes attrs,
String cipherAlg,
char[] pwd)
Add a piece of private information (represented by an input object) to this PFX. |
void |
addBagWithPubkeyPrivacy(Object obj,
PKCSAttributes attrs,
Certificate[] certs)
Add a piece of private information (represented by an input object) to this PFX. |
void |
addSafeBags(SafeBag[] bags)
Add private information (packaged in SafeBags) to this PFX. |
void |
addSafeBagsWithPasswordPrivacy(SafeBag[] bags,
String cipherAlg,
char[] pwd)
Add private information (packaged in SafeBags) to this PFX. |
void |
addSafeBagsWithPubkeyPrivacy(SafeBag[] bags,
Certificate[] certs)
Add private information (packaged in SafeBags) to this PFX. |
void |
applyMac(char[] pwd)
Apply a message authentication code to the contents of this PFX. |
void |
applySignature(String digestAlg,
String signatureAlg,
Certificate cert,
PrivateKey key)
Apply a digital signature to the contents of this PFX. |
Object |
clone()
Create a clone of this PFX object. |
protected void |
decode(com.ibm.security.pkcs12.DerValue encoding)
Initialize a PFX object from an input stream. |
void |
encode(OutputStream out)
Encode this object to a DER OutputStream. |
boolean |
equals(Object other)
Determine if this PFX object is equivalent to the input object. |
Certificate[] |
getAllCertificates(char[] pwd,
PrivateKey key,
Certificate cert)
Same as the getCertificates method except that unprotected certificates are returned, regardless of input arguments. |
CRL[] |
getAllCRLs(char[] pwd,
PrivateKey key,
Certificate cert)
Same as the getCRLs method except that unprotected CRLs are returned, regardless of input arguments. |
PrivateKeyInfo[] |
getAllPrivateKeys(char[] pwd,
PrivateKey key,
Certificate cert)
Same as the getPrivateKeys method except that unprotected private keys are returned, regardless of input arguments. |
SafeBag[] |
getAllSafeBags(char[] pwd,
PrivateKey key,
Certificate cert)
Same as the getSafeBags method except that unprotected SafeBags are returned, regardless of input arguments. |
SafeContents[] |
getAllSafeContents(char[] pwd,
PrivateKey key,
Certificate cert)
Same as the getSafeContents method except that unprotected SafeContents are returned, regardless of input arguments. |
EncryptedPrivateKeyInfo[] |
getAllShroudedKeys(char[] pwd,
PrivateKey key,
Certificate cert)
Same as the getShroudedKeys method except that unprotected shrouded keys are returned, regardless of input arguments. |
Certificate[] |
getCertificates(char[] pwd,
PrivateKey key,
Certificate cert)
Get certificates stored in this PFX. |
CRL[] |
getCRLs(char[] pwd,
PrivateKey key,
Certificate cert)
Get certificate revocation lists (CRLs) stored in this PFX. |
MacData |
getMacData()
Returns the MacData (SHA-1 HMAC) of this PFX, or null if this PFX has not been protected with password integrity. |
PrivateKeyInfo[] |
getPrivateKeys(char[] pwd,
PrivateKey key,
Certificate cert)
Get private keys stored in this PFX. |
SafeBag[] |
getSafeBags(char[] pwd,
PrivateKey key,
Certificate cert)
Get SafeBags stored in this PFX. |
SafeContents[] |
getSafeContents(char[] pwd,
PrivateKey key,
Certificate cert)
Get SafeContents stored in this PFX. |
EncryptedPrivateKeyInfo[] |
getShroudedKeys(char[] pwd,
PrivateKey key,
Certificate cert)
Get encrypted private keys (shrouded keys) stored in this PFX. |
boolean |
hasDigitalSignature()
Determine if this PFX has a digital signature on the authSafe data. |
String |
toString()
Returns a string representation of this PFX object. |
boolean |
verifyMac(char[] pwd)
Verifies the message authentication code attached to this PFX. |
boolean |
verifySignature(Certificate cert)
Verify the digital signature on the SignedData contents of this PFX's authSafe. |
Constructor Detail |
public PKCS12PFX()
public PKCS12PFX(String provider)
public PKCS12PFX(byte[] der) throws IOException
public PKCS12PFX(byte[] der, String provider) throws IOException
public PKCS12PFX(String filename, boolean base64) throws IOException
filename
- name of the DER-encoded or base64-encoded objectbase64
- true if BASE64-encoded, false if DER-encodedpublic PKCS12PFX(String filename, boolean base64, String provider) throws IOException
filename
- name of the DER-encoded or base64-encoded objectbase64
- true if BASE64-encoded, false if DER-encodedprovider
- a provider to be usedMethod Detail |
public Object clone()
public void addBag(Object obj, PKCSAttributes attrs) throws PKCSException, IOException
obj
- the object to add to this PFX. Valid input objects are
PrivateKeyInfo (KeyBag), EncryptedPrivateKeyInfo(ShroudedKeyBag),
Certificate (CertBag), CRL (CrlBag) and SafeContents (SafeContentsBag).
This method does not currently support SecretBags.attrs
- PKCS attributes to associate with this object.public void addBagWithPasswordPrivacy(Object obj, PKCSAttributes attrs, String cipherAlg, char[] pwd) throws NoSuchAlgorithmException, IOException, PKCSException
obj
- the object to add to this PFX. Valid input objects are
PrivateKeyInfo (KeyBag), EncryptedPrivateKeyInfo(ShroudedKeyBag),
Certificate (CertBag), CRL (CrlBag) and SafeContents (SafeContentsBag).
This method does not currently support SecretBags.attrs
- PKCS attributes to associate with this object.cipherAlg
- the cipher algoirithm used to password-protect the
information. The cipher must be one of "128BitRC2", "40BitRC2",
"3KeyTripleDES", "2KeyTripleDES", "128BitRC4" or "40BitRC4". All
encryption will incorporate SHA-1 digests, PKCS5Padding and CBC
chaining mode.pwd
- the password to use in the encryption.public void addBagWithPubkeyPrivacy(Object obj, PKCSAttributes attrs, Certificate[] certs) throws PKCSException, IOException
obj
- the object to add to this PFX. Valid input objects are
PrivateKeyInfo (KeyBag), EncryptedPrivateKeyInfo(ShroudedKeyBag),
Certificate (CertBag), CRL (CrlBag) and SafeContents (SafeContentsBag).
This method does not currently support SecretBags.attrs
- PKCS attributes to associate with this object.certs
- the certificates of the intended receivers of this PFX.public void addSafeBags(SafeBag[] bags) throws PKCSException, IOException
bags
- the SafeBags to add to this PFX.public void addSafeBagsWithPasswordPrivacy(SafeBag[] bags, String cipherAlg, char[] pwd) throws NoSuchAlgorithmException, IOException, PKCSException
bags
- the SafeBags to add to this PFX.cipherAlg
- the cipher algoirithm used to password-protect the
information. The cipher must be one of "128BitRC2", "40BitRC2",
"3KeyTripleDES", "2KeyTripleDES", "128BitRC4" or "40BitRC4". All
encryption will incorporate SHA-1 digests, PKCS5Padding and CBC
chaining mode.pwd
- the password to use in the encryption.public void addSafeBagsWithPubkeyPrivacy(SafeBag[] bags, Certificate[] certs) throws PKCSException, IOException
bags
- the SafeBags to add to this PFX.certs
- the certificates of the intended receivers of this PFX.public void applySignature(String digestAlg, String signatureAlg, Certificate cert, PrivateKey key) throws PKCSException, NoSuchAlgorithmException, IOException
digestAlg
- the digest algorithm for the digital signature, for
example "SHA1".signatureAlg
- the signature algorithm for the digital signature,
for example "RSA".cert
- the certificate of the signing entity.key
- the private key of the signing entity.public boolean verifySignature(Certificate cert) throws IOException, PKCSException, NoSuchAlgorithmException
cert
- the certificate with which to verify the signature.public boolean hasDigitalSignature()
public void encode(OutputStream out) throws IOException
out
- the DER OutputStream to write the encoded data to.public boolean equals(Object other)
other
- the object to compare this one to.public String toString()
public void applyMac(char[] pwd) throws PKCSException, NoSuchAlgorithmException, IOException
pwd
- the password with which to derive the HMAC key.public boolean verifyMac(char[] pwd) throws IOException
pwd
- the password used to verify the MAC.public MacData getMacData()
public Certificate[] getCertificates(char[] pwd, PrivateKey key, Certificate cert) throws IOException, PKCSException
pwd
- the password with which to decrypt items protected with
password privacy.key
- the private key with which to decrypt items protected with
public key protection.cert
- the certificate correspoding to the private key with which
to decrypt items protected with public key protection.public Certificate[] getAllCertificates(char[] pwd, PrivateKey key, Certificate cert) throws IOException, PKCSException
pwd
- the password with which to decrypt items protected with
password privacy.key
- the private key with which to decrypt items protected with
public key protection.cert
- the certificate correspoding to the private key with which
to decrypt items protected with public key protection.public CRL[] getCRLs(char[] pwd, PrivateKey key, Certificate cert) throws IOException, PKCSException
pwd
- the password with which to decrypt items protected with
password privacy.key
- the private key with which to decrypt items protected with
public key protection.cert
- the certificate correspoding to the private key with which
to decrypt items protected with public key protection.public CRL[] getAllCRLs(char[] pwd, PrivateKey key, Certificate cert) throws IOException, PKCSException
pwd
- the password with which to decrypt items protected with
password privacy.key
- the private key with which to decrypt items protected with
public key protection.cert
- the certificate correspoding to the private key with which
to decrypt items protected with public key protection.public PrivateKeyInfo[] getPrivateKeys(char[] pwd, PrivateKey key, Certificate cert) throws IOException, PKCSException
pwd
- the password with which to decrypt items protected with
password privacy.key
- the private key with which to decrypt items protected with
public key protection.cert
- the certificate correspoding to the private key with which
to decrypt items protected with public key protection.public PrivateKeyInfo[] getAllPrivateKeys(char[] pwd, PrivateKey key, Certificate cert) throws IOException, PKCSException
pwd
- the password with which to decrypt items protected with
password privacy.key
- the private key with which to decrypt items protected with
public key protection.cert
- the certificate correspoding to the private key with which
to decrypt items protected with public key protection.public EncryptedPrivateKeyInfo[] getShroudedKeys(char[] pwd, PrivateKey key, Certificate cert) throws IOException, PKCSException
pwd
- the password with which to decrypt items protected with
password privacy.key
- the private key with which to decrypt items protected with
public key protection.cert
- the certificate correspoding to the private key with which
to decrypt items protected with public key protection.public EncryptedPrivateKeyInfo[] getAllShroudedKeys(char[] pwd, PrivateKey key, Certificate cert) throws IOException, PKCSException
pwd
- the password with which to decrypt items protected with
password privacy.key
- the private key with which to decrypt items protected with
public key protection.cert
- the certificate correspoding to the private key with which
to decrypt items protected with public key protection.public SafeContents[] getSafeContents(char[] pwd, PrivateKey key, Certificate cert) throws IOException, PKCSException
pwd
- the password with which to decrypt items protected with
password privacy.key
- the private key with which to decrypt items protected with
public key protection.cert
- the certificate correspoding to the private key with which
to decrypt items protected with public key protection.public SafeContents[] getAllSafeContents(char[] pwd, PrivateKey key, Certificate cert) throws IOException, PKCSException
pwd
- the password with which to decrypt items protected with
password privacy.key
- the private key with which to decrypt items protected with
public key protection.cert
- the certificate correspoding to the private key with which
to decrypt items protected with public key protection.public SafeBag[] getSafeBags(char[] pwd, PrivateKey key, Certificate cert) throws IOException, PKCSException
pwd
- the password with which to decrypt items protected with
password privacy.key
- the private key with which to decrypt items protected with
public key protection.cert
- the certificate correspoding to the private key with which
to decrypt items protected with public key protection.public SafeBag[] getAllSafeBags(char[] pwd, PrivateKey key, Certificate cert) throws IOException, PKCSException
pwd
- the password with which to decrypt items protected with
password privacy.key
- the private key with which to decrypt items protected with
public key protection.cert
- the certificate correspoding to the private key with which
to decrypt items protected with public key protection.protected void decode(com.ibm.security.pkcs12.DerValue encoding) throws IOException
encoding
- an input stream with a DER-encoded PFX object.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |