|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
com.ibm.security.pkcs12.PFX
Implements the PKCS #12 PFX PDU type in a format importable into Netscape Communicator's certificate database or Microsoft's Certificate Import Wizard. These PFXs are a subset of those described by the PKCS #12 standard, and certain requirements must be met in their construction. For example, these PFXs must use password integrity mode and therefore include a MacData. The password used to create the message authentication code must be the same password used to provide protection to any data that is privacy protected. Another requirement is that all data items in the PFX must include a LocalKeyId attribute. There are other requirements as well.
The format of a PFX object is as follows:
To construct a PKCS #12 PFX that deviates from the format required by Netscape or Microsoft, for example, one that uses public-key cryptotography, use the PKCS12PFX class.
PFX objects are not immutable; they may be changed once created. After construction, data items such as private keys, encrypted private keys, certificates and certificate revocation lists may be added. In addition, a message authentication code can be added to protect the data integrity of the PFX.
ContentInfo
,
MacData
,
PKCS12PFX
Constructor Summary | |
PFX()
Create a PFX object with data attributes to be filled in later. |
|
PFX(byte[] der)
Create a PFX object with a DER byte array. |
|
PFX(byte[] der,
String provider)
Create a PFX object with a DER byte array. |
|
PFX(String provider)
Create a PFX object with data attributes to be filled in later. |
|
PFX(String filename,
boolean base64)
Create a PFX with the filename of the DER-encoded or BASE64-encoded object. |
|
PFX(String filename,
boolean base64,
String provider)
Create a PFX with the filename of the DER-encoded or BASE64-encoded object. |
Method Summary | |
void |
addCertificate(Certificate cert,
String friendlyName,
byte[] localKeyId)
Add a certificate to this PFX object. |
void |
addCRL(CRL crl,
String friendlyName,
byte[] localKeyId)
Add a certificate revocation list (CRL) to this PFX object. |
void |
addPrivateKey(PrivateKey key,
String friendlyName,
byte[] localKeyId)
Add a private key to this PFX object. |
void |
addShroudedKey(EncryptedPrivateKeyInfo key,
String friendlyName,
byte[] localKeyId)
Add a shrouded key (encrypted private key) to this PFX object. |
Object |
clone()
Creates a clone of this PFX object. |
protected void |
decode(com.ibm.security.pkcs12.DerValue der)
Initialize a PFX object from an input stream. |
void |
encode(OutputStream out)
Encodes this object to a DER OutputStream. |
boolean |
equals(Object other)
Determines if this PFX object is equivalent to the input object. |
protected void |
finalize()
Ensures that the bytes of this key are set to zero when there are no more references to it. |
Certificate[] |
getCertificates(char[] pwd)
Get all certificates stored in this PFX and protected with the input password. |
Certificate[] |
getCertificatesByFriendlyName(char[] pwd,
String friendlyName)
Get all certificates stored in this PFX having the input friendly name and protected with the input password (or unprotected). |
CRL[] |
getCRLs(char[] pwd)
Get all certificate revocation lists (CRLs) stored in this PFX and protected with the input password. |
String[] |
getFriendlyNames(char[] pwd)
Get all friendly names attached to data items stored in this PFX and protected with the input password (or unprotected). |
MacData |
getMacData()
Returns the MacData (SHA-1 HMAC) of this PFX. |
PrivateKeyInfo[] |
getPrivateKeys(char[] pwd)
Get all private keys stored in this PFX and protected with the input password. |
PrivateKeyInfo[] |
getPrivateKeysByFriendlyName(char[] pwd,
String friendlyName)
Get all private keys stored in this PFX having the input friendly name and protected with the input password (or unprotected). |
EncryptedPrivateKeyInfo[] |
getShroudedKeys(char[] pwd)
Get all encrypted private keys (shrouded keys) stored in this PFX and protected with the input password. |
EncryptedPrivateKeyInfo[] |
getShroudedKeysByFriendlyName(char[] pwd,
String friendlyName)
Get all encrypted private keys (shrouded keys) stored in this PFX having the input friendly name and protected with the input password (or unprotected). |
void |
protect(String encryptionAlg,
char[] pwd)
Protect the private information in this PFX and attach a message authentication code based on the enclosed data. |
String |
toString()
Returns a string representation of this PFX object. |
boolean |
verifyMac(char[] pwd)
Verifies the message authentication code attached to this PFX. |
Constructor Detail |
public PFX()
public PFX(String provider)
public PFX(byte[] der) throws IOException
This PFX should be treated as a "read-only" object. If you add any data and then protect it, the original information contained in the input DER byte array will be lost.
public PFX(byte[] der, String provider) throws IOException
This PFX should be treated as a "read-only" object. If you add any data and then protect it, the original information contained in the input DER byte array will be lost.
public PFX(String filename, boolean base64) throws IOException
filename
- name of the DER-encoded or base64-encoded objectbase64
- true if BASE64-encoded, false if DER-encodedpublic PFX(String filename, boolean base64, String provider) throws IOException
filename
- name of the DER-encoded or base64-encoded objectbase64
- true if BASE64-encoded, false if DER-encodedprovider
- a provider to be usedMethod Detail |
public Object clone()
public void addCertificate(Certificate cert, String friendlyName, byte[] localKeyId) throws PKCSException
cert
- the certificate to add.friendlyName
- the name to be used as the label for this
certificate. This may be null.localKeyId
- the local key id attribute for this certificate.public void addPrivateKey(PrivateKey key, String friendlyName, byte[] localKeyId) throws PKCSException, IOException
key
- the private key to add.friendlyName
- the name to be used as the label for this
key. This may be null.localKeyId
- the local key id attribute for this private key.public void addShroudedKey(EncryptedPrivateKeyInfo key, String friendlyName, byte[] localKeyId) throws PKCSException
key
- the shrouded key to add.friendlyName
- the name to be used as the label for this
key. This may be null.localKeyId
- the local key id attribute for this shrouded key.public void addCRL(CRL crl, String friendlyName, byte[] localKeyId) throws PKCSException
crl
- the CRL to add.friendlyName
- the name to be used as the label for this
CRL. This may be null.localKeyId
- the local key id attribute for this CRL.public void protect(String encryptionAlg, char[] pwd) throws NoSuchAlgorithmException, IOException, PKCSException
encryptionAlg
- the algorithm used to protect the PFX data. Valid
values are "3KeyTripleDES", "2KeyTripleDES", "40BitRC2", "128BitRC2",
"40BitRC4" and "128BitRC4".pwd
- the password used in the data encryption operation.public PrivateKeyInfo[] getPrivateKeys(char[] pwd) throws IOException, PKCSException
pwd
- the password with which to decrypt the private keys.public EncryptedPrivateKeyInfo[] getShroudedKeys(char[] pwd) throws IOException, PKCSException
pwd
- the password with which to decrypt the shrouded keys.public Certificate[] getCertificates(char[] pwd) throws IOException, PKCSException
pwd
- the password with which to decrypt the certificates.public CRL[] getCRLs(char[] pwd) throws IOException, PKCSException
pwd
- the password with which to decrypt the CRLs.public String[] getFriendlyNames(char[] pwd) throws PKCSException
pwd
- the password with which to decrypt the contents.public Certificate[] getCertificatesByFriendlyName(char[] pwd, String friendlyName) throws PKCSException
pwd
- the password with which to decrypt the certificates.friendlyName
- the friendly name to search for.public PrivateKeyInfo[] getPrivateKeysByFriendlyName(char[] pwd, String friendlyName) throws PKCSException
pwd
- the password with which to decrypt the certificates.friendlyName
- the friendly name to search for.public EncryptedPrivateKeyInfo[] getShroudedKeysByFriendlyName(char[] pwd, String friendlyName) throws PKCSException
pwd
- the password with which to decrypt the certificates.friendlyName
- the friendly name to search for.public void encode(OutputStream out) throws IOException
out
- the DER OutputStream to write the encoded data to.public boolean equals(Object other)
other
- the object to compare this one to.public String toString()
public boolean verifyMac(char[] pwd) throws IOException
pwd
- the password used to verify the MAC.public MacData getMacData()
protected void decode(com.ibm.security.pkcs12.DerValue der) throws IOException
encoding
- an input stream with a DER-encoded PFX object.protected void finalize()
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |