anon.crypto
Class PKCS12

java.lang.Object
  anon.crypto.PKCS12

All Implemented Interfaces:

ICertificate, org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers, org.bouncycastle.asn1.x509.X509ObjectIdentifiers

public final class PKCS12
extends java.lang.Object
implements org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers, org.bouncycastle.asn1.x509.X509ObjectIdentifiers, ICertificate

This class creates and handles PKCS12 certificates, that include a private key, a public key and an X509 certificate.

Nested Class Summary

private static class

PKCS12.MyCipher

Field Summary

private static java.lang.String	BASE64_TAG
private static java.lang.String	CERT_ALGORITHM
static java.lang.String	FILE_EXTENSION
private static java.lang.String	KEY_ALGORITHM
private AsymmetricCryptoKeyPair	m_keyPair
private JAPCertificate	m_x509certificate
private static int	MIN_ITERATIONS
private java.security.SecureRandom	random
private static int	SALT_SIZE
static java.lang.String	XML_ELEMENT_NAME

Fields inherited from interface org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers

bagtypes, canNotDecryptAny, certBag, certTypes, crlBag, crlTypes, data, des_EDE3_CBC, dhKeyAgreement, digestAlgorithm, digestedData, encryptedData, encryptionAlgorithm, envelopedData, id_aa, id_aa_commitmentType, id_aa_contentHint, id_aa_contentIdentifier, id_aa_encrypKeyPref, id_aa_ets_archiveTimestamp, id_aa_ets_certCRLTimestamp, id_aa_ets_certificateRefs, id_aa_ets_certValues, id_aa_ets_commitmentType, id_aa_ets_contentTimestamp, id_aa_ets_escTimeStamp, id_aa_ets_otherSigCert, id_aa_ets_revocationRefs, id_aa_ets_revocationValues, id_aa_ets_signerAttr, id_aa_ets_signerLocation, id_aa_ets_sigPolicyId, id_aa_otherSigCert, id_aa_receiptRequest, id_aa_signatureTimeStampToken, id_aa_signerLocation, id_aa_signingCertificate, id_aa_signingCertificateV2, id_aa_sigPolicyId, id_alg_CMS3DESwrap, id_alg_CMSRC2wrap, id_alg_PWRI_KEK, id_ct, id_ct_compressedData, id_ct_TSTInfo, id_cti, id_cti_ets_proofOfApproval, id_cti_ets_proofOfCreation, id_cti_ets_proofOfDelivery, id_cti_ets_proofOfOrigin, id_cti_ets_proofOfReceipt, id_cti_ets_proofOfSender, id_hmacWithSHA1, id_hmacWithSHA224, id_hmacWithSHA256, id_hmacWithSHA384, id_hmacWithSHA512, id_mgf1, id_PBES2, id_PBKDF2, id_pSpecified, id_RSAES_OAEP, id_RSASSA_PSS, id_spq, id_spq_ets_unotice, id_spq_ets_uri, keyBag, md2, md2WithRSAEncryption, md4, md4WithRSAEncryption, md5, md5WithRSAEncryption, pbeWithMD2AndDES_CBC, pbeWithMD2AndRC2_CBC, pbeWithMD5AndDES_CBC, pbeWithMD5AndRC2_CBC, pbeWithSHA1AndDES_CBC, pbeWithSHA1AndRC2_CBC, pbeWithSHAAnd128BitRC2_CBC, pbeWithSHAAnd128BitRC4, pbeWithSHAAnd2_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC, pbewithSHAAnd40BitRC2_CBC, pbeWithSHAAnd40BitRC4, pkcs_1, pkcs_12, pkcs_12PbeIds, pkcs_3, pkcs_5, pkcs_7, pkcs_9, pkcs_9_at_challengePassword, pkcs_9_at_contentType, pkcs_9_at_counterSignature, pkcs_9_at_emailAddress, pkcs_9_at_extendedCertificateAttributes, pkcs_9_at_extensionRequest, pkcs_9_at_friendlyName, pkcs_9_at_localKeyId, pkcs_9_at_messageDigest, pkcs_9_at_signingDescription, pkcs_9_at_signingTime, pkcs_9_at_smimeCapabilities, pkcs_9_at_unstructuredAddress, pkcs_9_at_unstructuredName, pkcs8ShroudedKeyBag, preferSignedData, RC2_CBC, rsaEncryption, safeContentsBag, sdsiCertificate, secretBag, sha1WithRSAEncryption, sha224WithRSAEncryption, sha256WithRSAEncryption, sha384WithRSAEncryption, sha512WithRSAEncryption, signedAndEnvelopedData, signedData, sMIMECapabilitiesVersions, srsaOAEPEncryptionSET, x509Certificate, x509certType, x509Crl

Fields inherited from interface org.bouncycastle.asn1.x509.X509ObjectIdentifiers

commonName, countryName, crlAccessMethod, id, id_ad, id_ad_caIssuers, id_ad_ocsp, id_ea_rsa, id_pe, id_pkix, id_SHA1, localityName, ocspAccessMethod, organization, organizationalUnitName, ripemd160, ripemd160WithRSAEncryption, stateOrProvinceName

Constructor Summary

private	PKCS12(AsymmetricCryptoKeyPair a_keyPair, JAPCertificate a_X509certificate) Creates a new PKCS12 certificate.
	PKCS12(X509DistinguishedName a_ownerAlias, AsymmetricCryptoKeyPair a_keyPair, Validity a_validity) Creates a new PKCS12 certificate.
	PKCS12(X509DistinguishedName a_ownerAlias, AsymmetricCryptoKeyPair a_keyPair, Validity a_validity, X509Extensions a_extensions) Creates a new PKCS12 certificate.

Method Summary

private static byte[]	codeData(boolean encrypt, byte[] data, org.bouncycastle.asn1.pkcs.PKCS12PBEParams pbeParams, char[] password, org.bouncycastle.crypto.BlockCipher cipher, int keySize)
PKCS10CertificationRequest	createCertifcationRequest() Creates a certification request from this private certificate.
private org.bouncycastle.asn1.x509.SubjectKeyIdentifier	createSubjectKeyId()
java.lang.String	getAlias()
private static PKCS12.MyCipher	getCipher(java.lang.String algId)
X509Extensions	getExtensions()
static PKCS12	getInstance(byte[] a_bytes, char[] a_password) Loads a PKCS12 certificate from a byte array.
static PKCS12	getInstance(byte[] a_bytes, IMiscPasswordReader a_passwordReader) Loads a PKCS12 certificate from a byte array.
static PKCS12	getInstance(byte[] a_bytes, java.lang.String a_password)
static PKCS12	getInstance(java.io.InputStream a_stream, char[] password) Loads a PKCS12 certificate from an input stream.
static PKCS12	getInstance(java.io.InputStream a_stream, IMiscPasswordReader a_passwordReader) Loads a PKCS12 certificate from an input stream.
static PKCS12	getInstance(java.io.InputStream a_stream, java.lang.String password)
static PKCS12	getInstance(java.lang.String privCertString, java.lang.String password)
X509DistinguishedName	getIssuer()
AsymmetricCryptoKeyPair	getKeyPair() Returns the key pair of this certificate.
IMyPrivateKey	getPrivateKey() Returns the private key of this certificate.
IMyPublicKey	getPublicKey() Returns the public key of this certificate.
X509DistinguishedName	getSubject()
JAPCertificate	getX509Certificate() Returns the X509 certificate corresponding to this PKCS12 certificate.
private static org.bouncycastle.crypto.PBEParametersGenerator	makePBEGenerator()
private static org.bouncycastle.crypto.CipherParameters	makePBEMacParameters(char[] password, org.bouncycastle.asn1.pkcs.PKCS12PBEParams pbeParams, int keySize)
private static org.bouncycastle.crypto.CipherParameters	makePBEParameters(char[] password, org.bouncycastle.asn1.pkcs.PKCS12PBEParams pbeParams, java.lang.String targetAlgorithm, int keySize, int ivSize)
boolean	setX509Certificate(JAPCertificate a_X509certificate) Replaces the current X509 certificate by a clone of the given certificate if the given certificate has the same public key as the current certificate.
void	sign(PKCS12 a_pkcs12Certificate) Signs the coresponding X509 certificate with an other pkcs12 certificate.
void	sign(PKCS12 a_signerCertificate, Validity a_validity, X509Extensions a_extensions, java.math.BigInteger a_serialNumber) Signs the coresponding X509 certificate with an other pkcs12 certificate.
void	store(java.io.OutputStream stream, char[] password) Writes the certificate to an output stream.
byte[]	toByteArray() Converts the certificate to a byte array.
byte[]	toByteArray(boolean a_Base64Encoded)
byte[]	toByteArray(char[] a_password) Converts the certificate to a (optionally encrypted) byte array.
byte[]	toByteArray(char[] a_password, boolean a_Base64Encoded)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

FILE_EXTENSION

public static final java.lang.String FILE_EXTENSION

See Also:

Constant Field Values

SALT_SIZE

private static final int SALT_SIZE

See Also:

Constant Field Values

MIN_ITERATIONS

private static final int MIN_ITERATIONS

See Also:

Constant Field Values

BASE64_TAG

private static final java.lang.String BASE64_TAG

See Also:

Constant Field Values

XML_ELEMENT_NAME

public static final java.lang.String XML_ELEMENT_NAME

See Also:

Constant Field Values

KEY_ALGORITHM

private static final java.lang.String KEY_ALGORITHM

See Also:

Constant Field Values

CERT_ALGORITHM

private static final java.lang.String CERT_ALGORITHM

See Also:

Constant Field Values

random

private java.security.SecureRandom random

m_keyPair

private AsymmetricCryptoKeyPair m_keyPair

m_x509certificate

private JAPCertificate m_x509certificate

Constructor Detail

PKCS12

public PKCS12(X509DistinguishedName a_ownerAlias,
              AsymmetricCryptoKeyPair a_keyPair,
              Validity a_validity)

Creates a new PKCS12 certificate.

Parameters:

a_ownerAlias - The owner of the certificate. The name is set as the common name (CN).

a_keyPair - a key pair with a private and a public key

a_validFrom - The date from which the certificate is valid.

a_validTo - The date until which the certificate is valid.

PKCS12

public PKCS12(X509DistinguishedName a_ownerAlias,
              AsymmetricCryptoKeyPair a_keyPair,
              Validity a_validity,
              X509Extensions a_extensions)

Creates a new PKCS12 certificate.

Parameters:

a_ownerAlias - The owner of the certificate. The name is set as the common name (CN).

a_keyPair - a key pair with a private and a public key

a_validFrom - The date from which the certificate is valid.

a_validTo - The date until which the certificate is valid.

a_extensions - optional X509 extensions; may be null

PKCS12

private PKCS12(AsymmetricCryptoKeyPair a_keyPair,
               JAPCertificate a_X509certificate)

Creates a new PKCS12 certificate. This constructor is not public as is is possible that the X509 certificate owner alias and the PKCS12 owner alias differ, what they should not!

Parameters:

a_keyPair - a key pair with a private and a public key

a_X509certificate - an X509 certificate

Method Detail

getInstance

public static PKCS12 getInstance(byte[] a_bytes,
                                 char[] a_password)

Loads a PKCS12 certificate from a byte array. The type of the encryption algorithm is recognized dynamically.

Parameters:

a_bytes - a byte array

a_password - a password (may be null)

Returns:

a PKCS12 certificate or null if an error occured

See Also:

IMyPrivateKey, ClassUtil.loadClasses(), anon.crypto.AsymmetricKeyPair

getInstance

public static PKCS12 getInstance(byte[] a_bytes,
                                 java.lang.String a_password)

getInstance

public static PKCS12 getInstance(java.lang.String privCertString,
                                 java.lang.String password)

getInstance

public static PKCS12 getInstance(byte[] a_bytes,
                                 IMiscPasswordReader a_passwordReader)

Loads a PKCS12 certificate from a byte array. The type of the encryption algorithm is recognized dynamically.

Parameters:

a_bytes - a byte array

a_password - a password (may be null)

Returns:

a PKCS12 certificate or null if an error occured

See Also:

IMyPrivateKey, ClassUtil.loadClasses(), anon.crypto.AsymmetricKeyPair

getInstance

public static PKCS12 getInstance(java.io.InputStream a_stream,
                                 char[] password)

Loads a PKCS12 certificate from an input stream. The type of the encryption algorithm is recognized dynamically.

Parameters:

a_stream - InputStream

password - a password (may be null)

Returns:

PKCS12

See Also:

IMyPrivateKey, ClassUtil.loadClasses(), anon.crypto.AsymmetricKeyPair

getInstance

public static PKCS12 getInstance(java.io.InputStream a_stream,
                                 java.lang.String password)

getInstance

public static PKCS12 getInstance(java.io.InputStream a_stream,
                                 IMiscPasswordReader a_passwordReader)

Loads a PKCS12 certificate from an input stream. The type of the encryption algorithm is recognized dynamically.

Parameters:

a_stream - InputStream

password - a password (may be null)

Returns:

PKCS12

See Also:

IMyPrivateKey, ClassUtil.loadClasses(), anon.crypto.AsymmetricKeyPair

toByteArray

public byte[] toByteArray()

Converts the certificate to a byte array.

Specified by:

toByteArray in interface ICertificate

Returns:

the certificate as a byte array

toByteArray

public byte[] toByteArray(boolean a_Base64Encoded)

toByteArray

public byte[] toByteArray(char[] a_password,
                          boolean a_Base64Encoded)

toByteArray

public byte[] toByteArray(char[] a_password)

Converts the certificate to a (optionally encrypted) byte array.

Parameters:

a_password - a password

Returns:

the certificate as a byte array

Throws:

java.io.IOException

store

public void store(java.io.OutputStream stream,
                  char[] password)
           throws java.io.IOException

Writes the certificate to an output stream.

Parameters:

stream - an output stream

password - a password; may be null

Throws:

java.io.IOException - if an I/O error occurs

getAlias

public java.lang.String getAlias()

getExtensions

public X509Extensions getExtensions()

getSubject

public X509DistinguishedName getSubject()

getIssuer

public X509DistinguishedName getIssuer()

getPrivateKey

public IMyPrivateKey getPrivateKey()

Returns the private key of this certificate.

Returns:

the private key of this certificate

getPublicKey

public IMyPublicKey getPublicKey()

Returns the public key of this certificate.

Specified by:

getPublicKey in interface ICertificate

Returns:

the public key of this certificate

getKeyPair

public AsymmetricCryptoKeyPair getKeyPair()

Returns the key pair of this certificate.

Returns:

the key pair of this certificate

getX509Certificate

public JAPCertificate getX509Certificate()

Returns the X509 certificate corresponding to this PKCS12 certificate. The certificate is enabled by default

Specified by:

getX509Certificate in interface ICertificate

Returns:

the X509 certificate corresponding to this PKCS12 certificate

createCertifcationRequest

public PKCS10CertificationRequest createCertifcationRequest()

Creates a certification request from this private certificate.

Returns:

a new certification request

setX509Certificate

public boolean setX509Certificate(JAPCertificate a_X509certificate)

Replaces the current X509 certificate by a clone of the given certificate if the given certificate has the same public key as the current certificate.

Parameters:

a_X509certificate - JAPCertificate

Returns:

true if the current X509 certificate has been replaced; false otherwise

sign

public void sign(PKCS12 a_pkcs12Certificate)

Signs the coresponding X509 certificate with an other pkcs12 certificate. Any previous signature is removed. If the signature was self-signed before, it is no more (but it can still be verified by this PKCS12 certificate via the public key).

Parameters:

a_pkcs12Certificate - a PKCS12 certificate

sign

public void sign(PKCS12 a_signerCertificate,
                 Validity a_validity,
                 X509Extensions a_extensions,
                 java.math.BigInteger a_serialNumber)

Signs the coresponding X509 certificate with an other pkcs12 certificate. Any previous signature is removed. If the signature was self-signed before, it is no more (but it can still be verified by this PKCS12 certificate via the public key). With this method it is possible to change some certificate attributes (validity, extensions, serial number).

Parameters:

a_signerCertificate - the PKCS12 certificate of the signer

a_validFrom - The date from which the certificate is valid.

a_validTo - The date until which the certificate is valid.

a_extensions - some X509 extensions (may be null)

a_serialNumber - the serial number for this certificate (may be null)

codeData

private static byte[] codeData(boolean encrypt,
                               byte[] data,
                               org.bouncycastle.asn1.pkcs.PKCS12PBEParams pbeParams,
                               char[] password,
                               org.bouncycastle.crypto.BlockCipher cipher,
                               int keySize)
                        throws java.io.IOException

Throws:

java.io.IOException

makePBEMacParameters

private static org.bouncycastle.crypto.CipherParameters makePBEMacParameters(char[] password,
                                                                             org.bouncycastle.asn1.pkcs.PKCS12PBEParams pbeParams,
                                                                             int keySize)

makePBEParameters

private static org.bouncycastle.crypto.CipherParameters makePBEParameters(char[] password,
                                                                          org.bouncycastle.asn1.pkcs.PKCS12PBEParams pbeParams,
                                                                          java.lang.String targetAlgorithm,
                                                                          int keySize,
                                                                          int ivSize)

makePBEGenerator

private static org.bouncycastle.crypto.PBEParametersGenerator makePBEGenerator()

getCipher

private static PKCS12.MyCipher getCipher(java.lang.String algId)

createSubjectKeyId

private org.bouncycastle.asn1.x509.SubjectKeyIdentifier createSubjectKeyId()