JSS 3.1.2

org.mozilla.jss.pkcs12
Class PFX

java.lang.Object
  |
  +--org.mozilla.jss.pkcs12.PFX
All Implemented Interfaces:
ASN1Value

public class PFX
extends java.lang.Object
implements ASN1Value

The top level ASN.1 structure for a PKCS #12 blob.

The general procedure for creating a PFX blob is as follows:

To decode a PFX,


Inner Class Summary
static class PFX.Template
          A Template for decoding a BER-encoded PFX.
 
Field Summary
private  AuthenticatedSafes authSafes
           
static int DEFAULT_ITERATIONS
          The default number of iterations to use when generating the MAC.
private  byte[] encodedAuthSafes
           
private  MacData macData
           
private static Tag TAG
           
private  INTEGER version
           
private static INTEGER VERSION
           
 
Constructor Summary
private PFX()
           
  PFX(AuthenticatedSafes authSafes)
          Creates a PFX with the default version and no MacData.
  PFX(AuthenticatedSafes authSafes, MacData macData)
          Creates a PFX with the default version.
  PFX(INTEGER version, AuthenticatedSafes authSafes, MacData macData)
          Creates a PFX with the given parameters.
 
Method Summary
 void computeMacData(Password password, byte[] salt, int iterationCount)
          Computes the macData field and adds it to the PFX.
 void encode(java.io.OutputStream ostream)
          Write this value's DER encoding to an output stream using its own base tag.
 void encode(Tag implicitTag, java.io.OutputStream ostream)
          Write this value's DER encoding to an output stream using an implicit tag.
 AuthenticatedSafes getAuthSafes()
           
 MacData getMacData()
          Returns the MacData of this PFX, which is used to verify the contents.
 Tag getTag()
          Returns the base tag for this type, not counting any tags that may be imposed on it by its context.
 INTEGER getVersion()
           
static void main(java.lang.String[] args)
           
private  void setEncodedAuthSafes(byte[] encodedAuthSafes)
           
 boolean verifyAuthSafes(Password password, java.lang.StringBuffer reason)
          Verifies the HMAC on the authenticated safes, using the password provided.
 
Methods inherited from class java.lang.Object
, clone, equals, finalize, getClass, hashCode, notify, notifyAll, registerNatives, toString, wait, wait, wait
 

Field Detail

version

private INTEGER version

authSafes

private AuthenticatedSafes authSafes

macData

private MacData macData

encodedAuthSafes

private byte[] encodedAuthSafes

VERSION

private static final INTEGER VERSION

DEFAULT_ITERATIONS

public static final int DEFAULT_ITERATIONS
The default number of iterations to use when generating the MAC. Currently, it is 1.

TAG

private static final Tag TAG
Constructor Detail

PFX

private PFX()

PFX

public PFX(INTEGER version,
           AuthenticatedSafes authSafes,
           MacData macData)
Creates a PFX with the given parameters.

PFX

public PFX(AuthenticatedSafes authSafes,
           MacData macData)
Creates a PFX with the default version.

PFX

public PFX(AuthenticatedSafes authSafes)
Creates a PFX with the default version and no MacData. The MacData can be added later with computeMacData.
See Also:
computeMacData(org.mozilla.jss.util.Password, byte[], int)
Method Detail

getVersion

public INTEGER getVersion()

getAuthSafes

public AuthenticatedSafes getAuthSafes()

getMacData

public MacData getMacData()
Returns the MacData of this PFX, which is used to verify the contents. This field is optional. If it is not present, null is returned.

setEncodedAuthSafes

private void setEncodedAuthSafes(byte[] encodedAuthSafes)

verifyAuthSafes

public boolean verifyAuthSafes(Password password,
                               java.lang.StringBuffer reason)
                        throws CryptoManager.NotInitializedException
Verifies the HMAC on the authenticated safes, using the password provided.
Parameters:
password - The password to use to compute the HMAC.
reason - If supplied, the reason for the verification failure will be appended to this StringBuffer.
Returns:
true if the MAC verifies correctly, false otherwise. If this PFX does not contain a MacData, returns false.

computeMacData

public void computeMacData(Password password,
                           byte[] salt,
                           int iterationCount)
                    throws CryptoManager.NotInitializedException,
                           java.security.DigestException,
                           TokenException,
                           java.io.CharConversionException
Computes the macData field and adds it to the PFX. The macData field is a Message Authentication Code of the AuthenticatedSafes, and is used to prove the authenticity of the PFX.
Parameters:
password - The password to be used to create the password-based MAC.
salt - The salt to be used. If null is passed in, a new salt will be created from a random source.
iterationCount - The iteration count for the key generation. Use DEFAULT_ITERATIONS unless there's a need to be clever.

getTag

public Tag getTag()
Description copied from interface: ASN1Value
Returns the base tag for this type, not counting any tags that may be imposed on it by its context.
Specified by:
getTag in interface ASN1Value

encode

public void encode(java.io.OutputStream ostream)
            throws java.io.IOException
Description copied from interface: ASN1Value
Write this value's DER encoding to an output stream using its own base tag.
Specified by:
encode in interface ASN1Value

encode

public void encode(Tag implicitTag,
                   java.io.OutputStream ostream)
            throws java.io.IOException
Description copied from interface: ASN1Value
Write this value's DER encoding to an output stream using an implicit tag.
Specified by:
encode in interface ASN1Value

main

public static void main(java.lang.String[] args)

JSS 3.1.2