anon.crypto
Class PKCS12

java.lang.Object
  extended by anon.crypto.PKCS12
All Implemented Interfaces:
ICertificate, org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers, org.bouncycastle.asn1.x509.X509ObjectIdentifiers

public final class PKCS12
extends java.lang.Object
implements org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers, org.bouncycastle.asn1.x509.X509ObjectIdentifiers, ICertificate

This class creates and handles PKCS12 certificates, that include a private key, a public key and an X509 certificate.


Nested Class Summary
private static class PKCS12.MyCipher
           
 
Field Summary
private static java.lang.String BASE64_TAG
           
private static java.lang.String CERT_ALGORITHM
           
static java.lang.String FILE_EXTENSION
           
private static java.lang.String KEY_ALGORITHM
           
private  AsymmetricCryptoKeyPair m_keyPair
           
private  JAPCertificate m_x509certificate
           
private static int MIN_ITERATIONS
           
private  java.security.SecureRandom random
           
private static int SALT_SIZE
           
static java.lang.String XML_ELEMENT_NAME
           
 
Fields inherited from interface org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers
bagtypes, canNotDecryptAny, certBag, certTypes, crlBag, crlTypes, data, des_EDE3_CBC, dhKeyAgreement, digestAlgorithm, digestedData, encryptedData, encryptionAlgorithm, envelopedData, id_aa, id_aa_commitmentType, id_aa_contentHint, id_aa_contentIdentifier, id_aa_encrypKeyPref, id_aa_ets_archiveTimestamp, id_aa_ets_certCRLTimestamp, id_aa_ets_certificateRefs, id_aa_ets_certValues, id_aa_ets_commitmentType, id_aa_ets_contentTimestamp, id_aa_ets_escTimeStamp, id_aa_ets_otherSigCert, id_aa_ets_revocationRefs, id_aa_ets_revocationValues, id_aa_ets_signerAttr, id_aa_ets_signerLocation, id_aa_ets_sigPolicyId, id_aa_otherSigCert, id_aa_receiptRequest, id_aa_signatureTimeStampToken, id_aa_signerLocation, id_aa_signingCertificate, id_aa_signingCertificateV2, id_aa_sigPolicyId, id_alg_CMS3DESwrap, id_alg_CMSRC2wrap, id_alg_PWRI_KEK, id_ct, id_ct_compressedData, id_ct_TSTInfo, id_cti, id_cti_ets_proofOfApproval, id_cti_ets_proofOfCreation, id_cti_ets_proofOfDelivery, id_cti_ets_proofOfOrigin, id_cti_ets_proofOfReceipt, id_cti_ets_proofOfSender, id_hmacWithSHA1, id_hmacWithSHA224, id_hmacWithSHA256, id_hmacWithSHA384, id_hmacWithSHA512, id_mgf1, id_PBES2, id_PBKDF2, id_pSpecified, id_RSAES_OAEP, id_RSASSA_PSS, id_spq, id_spq_ets_unotice, id_spq_ets_uri, keyBag, md2, md2WithRSAEncryption, md4, md4WithRSAEncryption, md5, md5WithRSAEncryption, pbeWithMD2AndDES_CBC, pbeWithMD2AndRC2_CBC, pbeWithMD5AndDES_CBC, pbeWithMD5AndRC2_CBC, pbeWithSHA1AndDES_CBC, pbeWithSHA1AndRC2_CBC, pbeWithSHAAnd128BitRC2_CBC, pbeWithSHAAnd128BitRC4, pbeWithSHAAnd2_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC, pbewithSHAAnd40BitRC2_CBC, pbeWithSHAAnd40BitRC4, pkcs_1, pkcs_12, pkcs_12PbeIds, pkcs_3, pkcs_5, pkcs_7, pkcs_9, pkcs_9_at_challengePassword, pkcs_9_at_contentType, pkcs_9_at_counterSignature, pkcs_9_at_emailAddress, pkcs_9_at_extendedCertificateAttributes, pkcs_9_at_extensionRequest, pkcs_9_at_friendlyName, pkcs_9_at_localKeyId, pkcs_9_at_messageDigest, pkcs_9_at_signingDescription, pkcs_9_at_signingTime, pkcs_9_at_smimeCapabilities, pkcs_9_at_unstructuredAddress, pkcs_9_at_unstructuredName, pkcs8ShroudedKeyBag, preferSignedData, RC2_CBC, rsaEncryption, safeContentsBag, sdsiCertificate, secretBag, sha1WithRSAEncryption, sha224WithRSAEncryption, sha256WithRSAEncryption, sha384WithRSAEncryption, sha512WithRSAEncryption, signedAndEnvelopedData, signedData, sMIMECapabilitiesVersions, srsaOAEPEncryptionSET, x509Certificate, x509certType, x509Crl
 
Fields inherited from interface org.bouncycastle.asn1.x509.X509ObjectIdentifiers
commonName, countryName, crlAccessMethod, id, id_ad, id_ad_caIssuers, id_ad_ocsp, id_ea_rsa, id_pe, id_pkix, id_SHA1, localityName, ocspAccessMethod, organization, organizationalUnitName, ripemd160, ripemd160WithRSAEncryption, stateOrProvinceName
 
Constructor Summary
private PKCS12(AsymmetricCryptoKeyPair a_keyPair, JAPCertificate a_X509certificate)
          Creates a new PKCS12 certificate.
  PKCS12(X509DistinguishedName a_ownerAlias, AsymmetricCryptoKeyPair a_keyPair, Validity a_validity)
          Creates a new PKCS12 certificate.
  PKCS12(X509DistinguishedName a_ownerAlias, AsymmetricCryptoKeyPair a_keyPair, Validity a_validity, X509Extensions a_extensions)
          Creates a new PKCS12 certificate.
 
Method Summary
private static byte[] codeData(boolean encrypt, byte[] data, org.bouncycastle.asn1.pkcs.PKCS12PBEParams pbeParams, char[] password, org.bouncycastle.crypto.BlockCipher cipher, int keySize)
           
 PKCS10CertificationRequest createCertifcationRequest()
          Creates a certification request from this private certificate.
private  org.bouncycastle.asn1.x509.SubjectKeyIdentifier createSubjectKeyId()
           
 java.lang.String getAlias()
           
private static PKCS12.MyCipher getCipher(java.lang.String algId)
           
 X509Extensions getExtensions()
           
static PKCS12 getInstance(byte[] a_bytes, char[] a_password)
          Loads a PKCS12 certificate from a byte array.
static PKCS12 getInstance(byte[] a_bytes, IMiscPasswordReader a_passwordReader)
          Loads a PKCS12 certificate from a byte array.
static PKCS12 getInstance(byte[] a_bytes, java.lang.String a_password)
           
static PKCS12 getInstance(java.io.InputStream a_stream, char[] password)
          Loads a PKCS12 certificate from an input stream.
static PKCS12 getInstance(java.io.InputStream a_stream, IMiscPasswordReader a_passwordReader)
          Loads a PKCS12 certificate from an input stream.
static PKCS12 getInstance(java.io.InputStream a_stream, java.lang.String password)
           
static PKCS12 getInstance(java.lang.String privCertString, java.lang.String password)
           
 X509DistinguishedName getIssuer()
           
 AsymmetricCryptoKeyPair getKeyPair()
          Returns the key pair of this certificate.
 IMyPrivateKey getPrivateKey()
          Returns the private key of this certificate.
 IMyPublicKey getPublicKey()
          Returns the public key of this certificate.
 X509DistinguishedName getSubject()
           
 JAPCertificate getX509Certificate()
          Returns the X509 certificate corresponding to this PKCS12 certificate.
private static org.bouncycastle.crypto.PBEParametersGenerator makePBEGenerator()
           
private static org.bouncycastle.crypto.CipherParameters makePBEMacParameters(char[] password, org.bouncycastle.asn1.pkcs.PKCS12PBEParams pbeParams, int keySize)
           
private static org.bouncycastle.crypto.CipherParameters makePBEParameters(char[] password, org.bouncycastle.asn1.pkcs.PKCS12PBEParams pbeParams, java.lang.String targetAlgorithm, int keySize, int ivSize)
           
 boolean setX509Certificate(JAPCertificate a_X509certificate)
          Replaces the current X509 certificate by a clone of the given certificate if the given certificate has the same public key as the current certificate.
 void sign(PKCS12 a_pkcs12Certificate)
          Signs the coresponding X509 certificate with an other pkcs12 certificate.
 void sign(PKCS12 a_signerCertificate, Validity a_validity, X509Extensions a_extensions, java.math.BigInteger a_serialNumber)
          Signs the coresponding X509 certificate with an other pkcs12 certificate.
 void store(java.io.OutputStream stream, char[] password)
          Writes the certificate to an output stream.
 byte[] toByteArray()
          Converts the certificate to a byte array.
 byte[] toByteArray(boolean a_Base64Encoded)
           
 byte[] toByteArray(char[] a_password)
          Converts the certificate to a (optionally encrypted) byte array.
 byte[] toByteArray(char[] a_password, boolean a_Base64Encoded)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

FILE_EXTENSION

public static final java.lang.String FILE_EXTENSION
See Also:
Constant Field Values

SALT_SIZE

private static final int SALT_SIZE
See Also:
Constant Field Values

MIN_ITERATIONS

private static final int MIN_ITERATIONS
See Also:
Constant Field Values

BASE64_TAG

private static final java.lang.String BASE64_TAG
See Also:
Constant Field Values

XML_ELEMENT_NAME

public static final java.lang.String XML_ELEMENT_NAME
See Also:
Constant Field Values

KEY_ALGORITHM

private static final java.lang.String KEY_ALGORITHM
See Also:
Constant Field Values

CERT_ALGORITHM

private static final java.lang.String CERT_ALGORITHM
See Also:
Constant Field Values

random

private java.security.SecureRandom random

m_keyPair

private AsymmetricCryptoKeyPair m_keyPair

m_x509certificate

private JAPCertificate m_x509certificate
Constructor Detail

PKCS12

public PKCS12(X509DistinguishedName a_ownerAlias,
              AsymmetricCryptoKeyPair a_keyPair,
              Validity a_validity)
Creates a new PKCS12 certificate.

Parameters:
a_ownerAlias - The owner of the certificate. The name is set as the common name (CN).
a_keyPair - a key pair with a private and a public key
a_validFrom - The date from which the certificate is valid.
a_validTo - The date until which the certificate is valid.

PKCS12

public PKCS12(X509DistinguishedName a_ownerAlias,
              AsymmetricCryptoKeyPair a_keyPair,
              Validity a_validity,
              X509Extensions a_extensions)
Creates a new PKCS12 certificate.

Parameters:
a_ownerAlias - The owner of the certificate. The name is set as the common name (CN).
a_keyPair - a key pair with a private and a public key
a_validFrom - The date from which the certificate is valid.
a_validTo - The date until which the certificate is valid.
a_extensions - optional X509 extensions; may be null

PKCS12

private PKCS12(AsymmetricCryptoKeyPair a_keyPair,
               JAPCertificate a_X509certificate)
Creates a new PKCS12 certificate. This constructor is not public as is is possible that the X509 certificate owner alias and the PKCS12 owner alias differ, what they should not!

Parameters:
a_keyPair - a key pair with a private and a public key
a_X509certificate - an X509 certificate
Method Detail

getInstance

public static PKCS12 getInstance(byte[] a_bytes,
                                 char[] a_password)
Loads a PKCS12 certificate from a byte array. The type of the encryption algorithm is recognized dynamically.

Parameters:
a_bytes - a byte array
a_password - a password (may be null)
Returns:
a PKCS12 certificate or null if an error occured
See Also:
IMyPrivateKey, ClassUtil.loadClasses(), anon.crypto.AsymmetricKeyPair

getInstance

public static PKCS12 getInstance(byte[] a_bytes,
                                 java.lang.String a_password)

getInstance

public static PKCS12 getInstance(java.lang.String privCertString,
                                 java.lang.String password)

getInstance

public static PKCS12 getInstance(byte[] a_bytes,
                                 IMiscPasswordReader a_passwordReader)
Loads a PKCS12 certificate from a byte array. The type of the encryption algorithm is recognized dynamically.

Parameters:
a_bytes - a byte array
a_password - a password (may be null)
Returns:
a PKCS12 certificate or null if an error occured
See Also:
IMyPrivateKey, ClassUtil.loadClasses(), anon.crypto.AsymmetricKeyPair

getInstance

public static PKCS12 getInstance(java.io.InputStream a_stream,
                                 char[] password)
Loads a PKCS12 certificate from an input stream. The type of the encryption algorithm is recognized dynamically.

Parameters:
a_stream - InputStream
password - a password (may be null)
Returns:
PKCS12
See Also:
IMyPrivateKey, ClassUtil.loadClasses(), anon.crypto.AsymmetricKeyPair

getInstance

public static PKCS12 getInstance(java.io.InputStream a_stream,
                                 java.lang.String password)

getInstance

public static PKCS12 getInstance(java.io.InputStream a_stream,
                                 IMiscPasswordReader a_passwordReader)
Loads a PKCS12 certificate from an input stream. The type of the encryption algorithm is recognized dynamically.

Parameters:
a_stream - InputStream
password - a password (may be null)
Returns:
PKCS12
See Also:
IMyPrivateKey, ClassUtil.loadClasses(), anon.crypto.AsymmetricKeyPair

toByteArray

public byte[] toByteArray()
Converts the certificate to a byte array.

Specified by:
toByteArray in interface ICertificate
Returns:
the certificate as a byte array

toByteArray

public byte[] toByteArray(boolean a_Base64Encoded)

toByteArray

public byte[] toByteArray(char[] a_password,
                          boolean a_Base64Encoded)

toByteArray

public byte[] toByteArray(char[] a_password)
Converts the certificate to a (optionally encrypted) byte array.

Parameters:
a_password - a password
Returns:
the certificate as a byte array
Throws:
java.io.IOException

store

public void store(java.io.OutputStream stream,
                  char[] password)
           throws java.io.IOException
Writes the certificate to an output stream.

Parameters:
stream - an output stream
password - a password; may be null
Throws:
java.io.IOException - if an I/O error occurs

getAlias

public java.lang.String getAlias()

getExtensions

public X509Extensions getExtensions()

getSubject

public X509DistinguishedName getSubject()

getIssuer

public X509DistinguishedName getIssuer()

getPrivateKey

public IMyPrivateKey getPrivateKey()
Returns the private key of this certificate.

Returns:
the private key of this certificate

getPublicKey

public IMyPublicKey getPublicKey()
Returns the public key of this certificate.

Specified by:
getPublicKey in interface ICertificate
Returns:
the public key of this certificate

getKeyPair

public AsymmetricCryptoKeyPair getKeyPair()
Returns the key pair of this certificate.

Returns:
the key pair of this certificate

getX509Certificate

public JAPCertificate getX509Certificate()
Returns the X509 certificate corresponding to this PKCS12 certificate. The certificate is enabled by default

Specified by:
getX509Certificate in interface ICertificate
Returns:
the X509 certificate corresponding to this PKCS12 certificate

createCertifcationRequest

public PKCS10CertificationRequest createCertifcationRequest()
Creates a certification request from this private certificate.

Returns:
a new certification request

setX509Certificate

public boolean setX509Certificate(JAPCertificate a_X509certificate)
Replaces the current X509 certificate by a clone of the given certificate if the given certificate has the same public key as the current certificate.

Parameters:
a_X509certificate - JAPCertificate
Returns:
true if the current X509 certificate has been replaced; false otherwise

sign

public void sign(PKCS12 a_pkcs12Certificate)
Signs the coresponding X509 certificate with an other pkcs12 certificate. Any previous signature is removed. If the signature was self-signed before, it is no more (but it can still be verified by this PKCS12 certificate via the public key).

Parameters:
a_pkcs12Certificate - a PKCS12 certificate

sign

public void sign(PKCS12 a_signerCertificate,
                 Validity a_validity,
                 X509Extensions a_extensions,
                 java.math.BigInteger a_serialNumber)
Signs the coresponding X509 certificate with an other pkcs12 certificate. Any previous signature is removed. If the signature was self-signed before, it is no more (but it can still be verified by this PKCS12 certificate via the public key). With this method it is possible to change some certificate attributes (validity, extensions, serial number).

Parameters:
a_signerCertificate - the PKCS12 certificate of the signer
a_validFrom - The date from which the certificate is valid.
a_validTo - The date until which the certificate is valid.
a_extensions - some X509 extensions (may be null)
a_serialNumber - the serial number for this certificate (may be null)

codeData

private static byte[] codeData(boolean encrypt,
                               byte[] data,
                               org.bouncycastle.asn1.pkcs.PKCS12PBEParams pbeParams,
                               char[] password,
                               org.bouncycastle.crypto.BlockCipher cipher,
                               int keySize)
                        throws java.io.IOException
Throws:
java.io.IOException

makePBEMacParameters

private static org.bouncycastle.crypto.CipherParameters makePBEMacParameters(char[] password,
                                                                             org.bouncycastle.asn1.pkcs.PKCS12PBEParams pbeParams,
                                                                             int keySize)

makePBEParameters

private static org.bouncycastle.crypto.CipherParameters makePBEParameters(char[] password,
                                                                          org.bouncycastle.asn1.pkcs.PKCS12PBEParams pbeParams,
                                                                          java.lang.String targetAlgorithm,
                                                                          int keySize,
                                                                          int ivSize)

makePBEGenerator

private static org.bouncycastle.crypto.PBEParametersGenerator makePBEGenerator()

getCipher

private static PKCS12.MyCipher getCipher(java.lang.String algId)

createSubjectKeyId

private org.bouncycastle.asn1.x509.SubjectKeyIdentifier createSubjectKeyId()