com.rsa.certj.pkcs12

Class PKCS12

java.lang.Object
  |
  +--com.rsa.certj.pkcs12.PKCS12

All Implemented Interfaces:

Serializable

public class PKCS12

extends Object

implements Serializable

This class builds, reads and writes PKCS #12 data files.

PKCS #12 data is actually composed of PFX (Microsoft Personal Information Exchange) data. This class will read PKCS #12 data from a PKCS #12 file. The PKCS #12 file uses only three of the six data types from the PKCS #7 specification:

PKCS #7 Types Used by this Class

• Data
• EnvelopedData
• EncryptedData

When reading a PKCS #12 file, the PKCS #12 class will store new certificates, CRLs, and keys in a database if a database is entered as a parameter. The certificates CRLs, and keys are kept in the PKCS #12 object and can be retrieved by using the getCertificates, getCrls, or getKeys methods that are defined in this class. Therefore, a database parameter is not required.

Copyright © RSA Security Inc., 1999-2001. All rights reserved.

See Also

Serialized Form

Field Summary

static int	DEFAULT_ITERATIONS Indicates the default value of iterations used for MAC calculation.
static String[]	POSSIBLE_DIGEST_ALGORITHMS Indicates the possible digest algorithms to use for HMAC calculation.
static String[]	POSSIBLE_ENCRYPTION_ALGORITHMS Indicates the possible PBE algorithms to use.
static int[]	POSSIBLE_OPTIONS Indicates the possible values of the option argument for the export method.
static int	USE_MS_FORMAT Indicates the format of PKCS #12 files that Microsoft Internet Explorer (IE) uses.
static int	USE_NS_FORMAT Indicates the format of PKCS #12 files that Netscape Navigator uses except that it encodes using DER instead of indefinite-length BER.

Constructor Summary

PKCS12(CertJ certJ, Certificate[] certs, CRL[] crls, com.rsa.jsafe.JSAFE_PrivateKey[] keys, X501Attributes[] certAttrs, X501Attributes[] crlAttrs, X501Attributes[] keyAttrs)

Constructs a PKCS12 object that holds specified certificates, CRLs, and private keys.

PKCS12(CertJ certJ, Certificate[] certs, CRL[] crls, com.rsa.jsafe.JSAFE_PrivateKey[] keys, X501Attributes[] certAttrs, X501Attributes[] crlAttrs, X501Attributes[] keyAttrs, String[] keyFormats)

Constructs a PKCS12 object that holds specified certificates, CRLs, and private keys.

PKCS12(CertJ certJ, Certificate cert, CertPathCtx pathCtx)

Constructs a PKCS12 object that holds key materials for the certificate given in cert.

PKCS12(CertJ certJ, Certificate cert, CertPathCtx pathCtx, String keyFormat)

Constructs a PKCS12 object that holds key materials for the certificate given in cert.

PKCS12(CertJ certJ, DatabaseService database, char[] password, char[] encPassword, File pkcs12File)

Constructs an object from a given PKCS #12 file named pkcs12file.

PKCS12(CertJ certJ, DatabaseService database, char[] password, char[] encPassword, InputStream pkcs12Stream)

Constructs an object from a given PKCS #12 stream named pkcs12Stream.

PKCS12(CertJ certJ, DatabaseService database, char[] password, char[] encPassword, InputStream pkcs12Stream, int length)

Constructs an object from a given PKCS #12 stream named pkcs12Stream.

PKCS12(CertJ certJ, DatabaseService database, char[] password, char[] encPassword, String pkcs12File)

Constructs an object from a given PKCS #12 file string named pkcs12file.

PKCS12(CertJ certJ, DatabaseService database, char[] password, File pkcs12File)

Constructs an object from a given PKCS #12 file named pkcs12file.

PKCS12(CertJ certJ, DatabaseService database, char[] password, InputStream pkcs12Stream)

Constructs an object from a given PKCS #12 stream named pkcs12Stream.

PKCS12(CertJ certJ, DatabaseService database, char[] password, InputStream pkcs12Stream, int length)

Constructs an object from a given PKCS #12 stream named pkcs12Stream.

PKCS12(CertJ certJ, DatabaseService database, char[] password, String pkcs12File)

Constructs an object from a given PKCS #12 file string named pkcs12file.

PKCS12(CertJ certJ, X500Name subjectName, CertPathCtx pathCtx)

Constructs a PKCS12 object that holds key materials corresponding to subjectName.

PKCS12(CertJ certJ, X500Name subjectName, CertPathCtx pathCtx, String keyFormat)

Constructs a PKCS12 object that holds key materials corresponding to subjectName.

Method Summary

void	export(File file, char[] password, char[] encPassword, String encAlg, String digestAlg, int iterations, int option) Exports the contents of this PKCS12 object into a file given as a File.
void	export(File file, char[] password, String encAlg, String digestAlg, int iterations, int option) Exports the contents of this PKCS12 object into a file given as a File.
void	export(OutputStream stream, char[] password, char[] encPassword, String encAlg, String digestAlg, int iterations, int option) Exports the contents of this PKCS12 object into an output stream given as an OutputStream.
void	export(OutputStream stream, char[] password, String encAlg, String digestAlg, int iterations, int option) Exports the contents of this PKCS12 object into an output stream given as an OutputStream.
void	export(String filename, char[] password, char[] encPassword, String encAlg, String digestAlg, int iterations, int option) Exports the contents of this PKCS12 object into a file given as a String.
void	export(String filename, char[] password, String encAlg, String digestAlg, int iterations, int option) Exports the contents of this PKCS12 object into a file given as a String.
Certificate[]	getCertificates() Retrieves the certificates found in the PKCS12 data.
X501Attributes[]	getCertsAttributes() Retrieves the certificates attributes found in the PKCS12 data.
CRL[]	getCrls() Retrieves the CRLs found in the PKCS12 data.
X501Attributes[]	getCRLsAttributes() Retrieves the CRLs attributes found in the PKCS12 data.
com.rsa.jsafe.JSAFE_PrivateKey[]	getKeys() Retrieves the private keys found in the PKCS12 data.
X501Attributes[]	getKeysAttributes() Retrieves the private keys attributes found in the PKCS12 data.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

USE_MS_FORMAT

public static final int USE_MS_FORMAT

Indicates the format of PKCS #12 files that Microsoft Internet Explorer (IE) uses. That is, to encrypt the entire contents and hold the keys in plain key bags instead of PKCS #8 shrouded key bags.

USE_NS_FORMAT

public static final int USE_NS_FORMAT

Indicates the format of PKCS #12 files that Netscape Navigator uses except that it encodes using DER instead of indefinite-length BER. That is, it uses the plain data format for the entire contents and protects keys in PKCS #8 shrouded key bags.

POSSIBLE_ENCRYPTION_ALGORITHMS

public static final String[] POSSIBLE_ENCRYPTION_ALGORITHMS

Indicates the possible PBE algorithms to use. If the value of encAlg provided to the export method is null, the first element of this array is used. This array is a list of algorithms that have been tested, but it is not an exclusive list. You can use other PBE algorithms as long as they are supported in the underlying Crypto-J toolkit. For example, all the algorithms currently use the iteration count 1 but you can use a different number.

POSSIBLE_DIGEST_ALGORITHMS

public static final String[] POSSIBLE_DIGEST_ALGORITHMS

Indicates the possible digest algorithms to use for HMAC calculation. If the value of digestAlg provided to the export method is null, the first element of this array is used. This array is a list of algorithms that have been tested, but it is not an exclusive list. You can use other digest algorithms as long as they are supported in the underlying Crypto-J toolkit.

DEFAULT_ITERATIONS

public static final int DEFAULT_ITERATIONS

Indicates the default value of iterations used for MAC calculation. If the iterations parameter passed to the export method is not a positive number, it uses this value.

POSSIBLE_OPTIONS

public static final int[] POSSIBLE_OPTIONS

Indicates the possible values of the option argument for the export method.

Constructor Detail

PKCS12

public PKCS12(CertJ certJ,
              DatabaseService database,
              char[] password,
              InputStream pkcs12Stream,
              int length)
       throws PKCS12Exception

Constructs an object from a given PKCS #12 stream named pkcs12Stream. Certificates, CRLs, and private keys will be placed into database, if database is not set to null.

Parameters

	certJ		A CertJ object holding the various service providers available.
	database		A DatabaseService to store certificates, CRLs, and keys.
	password		A char array holding the password used to decrypt and authenticate the PKCS #12 file.
	pkcs12Stream		A String holding a stream object which is the source of BER-encoded PKCS #12 contents.
	length		An int value indicating the BER-encoding of the PKCS #12 contents that is expected from pkcs12Stream. If the length is unknown, use -1.

Throws

PKCS12Exception - If the PKCS #12 contents cannot be read or decoded.

PKCS12

public PKCS12(CertJ certJ,
              DatabaseService database,
              char[] password,
              char[] encPassword,
              InputStream pkcs12Stream,
              int length)
       throws PKCS12Exception

Constructs an object from a given PKCS #12 stream named pkcs12Stream. Certificates, CRLs, and private keys will be placed into database, if database is not set to null.

Parameters

	certJ		A CertJ object holding the various service providers available.
	database		A DatabaseService to store certificates, CRLs, and keys.
	password		A char array holding the password used to authenticate the PKCS #12 file with HMAC.
	encPassword		A char array holding the password used to decrypt the PKCS #12 data. If it is null, then password will be used to decrypt it.
	pkcs12Stream		A String holding a stream object which is the source of BER-encoded PKCS #12 contents.
	length		An int value indicating the BER-encoding of the PKCS #12 contents that is expected from pkcs12Stream. If the length is unknown, use -1.

Throws

PKCS12Exception - If the PKCS #12 contents cannot be read or decoded.

PKCS12

public PKCS12(CertJ certJ,
              DatabaseService database,
              char[] password,
              InputStream pkcs12Stream)
       throws PKCS12Exception

Constructs an object from a given PKCS #12 stream named pkcs12Stream. Use another constructor, PKCS12(CertJ, DatabaseService, char[] InputStream, int) if you know how many bytes should be expected from the stream. Certificates, CRLs, and private keys will be placed into database, if database is not set to null.

Parameters

	certJ		A CertJ object holding the various service providers available.
	database		A DatabaseService to store certificates, CRLs, and keys.
	password		A char array holding the password used to decrypt and authenticate the PKCS #12 file.
	pkcs12Stream		A String holding a stream object which is the source of BER-encoded PKCS #12 contents.

Throws

PKCS12Exception - If the PKCS #12 contents cannot be read or decoded.

See Also

PKCS12(com.rsa.certj.CertJ, com.rsa.certj.DatabaseService, char[], java.io.InputStream, int)

PKCS12

public PKCS12(CertJ certJ,
              DatabaseService database,
              char[] password,
              char[] encPassword,
              InputStream pkcs12Stream)
       throws PKCS12Exception

Constructs an object from a given PKCS #12 stream named pkcs12Stream. Use another constructor, PKCS12(CertJ, DatabaseService, char[] InputStream, int) if you know how many bytes should be expected from the stream. Certificates, CRLs, and private keys will be placed into database, if database is not set to null.

Parameters

	certJ		A CertJ object holding the various service providers available.
	database		A DatabaseService to store certificates, CRLs, and keys.
	password		A char array holding the password used to authenticate the PKCS #12 file with HMAC.
	encPassword		A char array holding the password used to decrypt the PKCS#12 data. If it is null, then password will be used to decrypt it.
	pkcs12Stream		A String holding a stream object which is the source of BER-encoded PKCS #12 contents.

Throws

PKCS12Exception - If the PKCS #12 contents cannot be read or decoded.

See Also

PKCS12(com.rsa.certj.CertJ, com.rsa.certj.DatabaseService, char[], java.io.InputStream, int)

PKCS12

public PKCS12(CertJ certJ,
              DatabaseService database,
              char[] password,
              String pkcs12File)
       throws PKCS12Exception

Constructs an object from a given PKCS #12 file string named pkcs12file. Certificates, CRLs, and private keys will be placed into database, if database is not set to null.

Parameters

	certJ		A CertJ object holding the various service providers available.
	database		A DatabaseService to store certificates, CRLs, and keys.
	password		A char array holding the password used to decrypt and authenticate the PKCS #12 file.
	pkcs12File		A String holding the PKCS #12 file.

Throws

PKCS12Exception - If the PKCS #12 file cannot be read or decoded.

PKCS12

public PKCS12(CertJ certJ,
              DatabaseService database,
              char[] password,
              char[] encPassword,
              String pkcs12File)
       throws PKCS12Exception

Constructs an object from a given PKCS #12 file string named pkcs12file. Certificates, CRLs, and private keys will be placed into database, if database is not set to null.

Parameters

	certJ		A CertJ object holding the various service providers available.
	database		A DatabaseService to store certificates, CRLs, and keys.
	password		A char array holding the password used to authenticate the PKCS #12 file with HMAC.
	encPassword		A char array holding the password used to decrypt the PKCS#12 data. If it is null, then password will be used to decrypt it.
	pkcs12File		A String holding the PKCS #12 file.

Throws

PKCS12Exception - If the PKCS #12 file cannot be read or decoded.

PKCS12

public PKCS12(CertJ certJ,
              DatabaseService database,
              char[] password,
              File pkcs12File)
       throws PKCS12Exception

Constructs an object from a given PKCS #12 file named pkcs12file. Certificates, CRLs, and private keys will be placed into database, if database is not set to null.

Parameters

	certJ		A CertJ object holding the various service providers available.
	database		A DatabaseService to store certificates, CRLs, and keys.
	password		A char array holding the password used to decrypt and authenticate the PKCS #12 file.
	pkcs12File		A File representing the PKCS #12 file.

Throws

PKCS12Exception - If the PKCS #12 file cannot be read or decoded.

PKCS12

public PKCS12(CertJ certJ,
              DatabaseService database,
              char[] password,
              char[] encPassword,
              File pkcs12File)
       throws PKCS12Exception

Constructs an object from a given PKCS #12 file named pkcs12file. Certificates, CRLs, and private keys will be placed into database, if database is not set to null.

Parameters

	certJ		A CertJ object holding the various service providers available.
	database		A DatabaseService to store certificates, CRLs, and keys.
	password		A char array holding the password used to authenticate the PKCS #12 file with HMAC.
	encPassword		A char array holding the password used to decrypt the PKCS#12 data. If it is null, then password will be used to decrypt it.
	pkcs12File		A File representing the PKCS #12 file.

Throws

PKCS12Exception - If the PKCS #12 file cannot be read or decoded.

PKCS12

public PKCS12(CertJ certJ,
              Certificate[] certs,
              CRL[] crls,
              com.rsa.jsafe.JSAFE_PrivateKey[] keys,
              X501Attributes[] certAttrs,
              X501Attributes[] crlAttrs,
              X501Attributes[] keyAttrs)
       throws InvalidParameterException

Constructs a PKCS12 object that holds specified certificates, CRLs, and private keys.

Parameters

	certJ		A CertJ object holding the various providers available. Only a random provider will be used.
	certs		A Certificate array containing certificates to be included in a PKCS #12 file.
	crls		A CRL array containing CRLs to be included in a PKCS #12 file.
	keys		A JSAFE_PrivateKey array containing private keys to be included in a PKCS #12 file.
	certAttrs		An X501Attributes array containing an attributes object for each certificate in certs.
	crlAttrs		An X501Attributes array containing an attributes object for each CRL in crls.
	keyAttrs		An X501Attributes array containing an attributes object for each private key in keys.

Throws

InvalidParameterException - If any of the parameters is invalid.

PKCS12

public PKCS12(CertJ certJ,
              Certificate[] certs,
              CRL[] crls,
              com.rsa.jsafe.JSAFE_PrivateKey[] keys,
              X501Attributes[] certAttrs,
              X501Attributes[] crlAttrs,
              X501Attributes[] keyAttrs,
              String[] keyFormats)
       throws InvalidParameterException

Constructs a PKCS12 object that holds specified certificates, CRLs, and private keys.

Parameters

	certJ		A CertJ object holding the various providers available. Only a random provider will be used.
	certs		A Certificate array containing certificates to be included in a PKCS #12 file.
	crls		A CRL array containing CRLs to be included in a PKCS #12 file.
	keys		A JSAFE_PrivateKey array containing private keys to be included in a PKCS #12 file.
	certAttrs		An X501Attributes array containing an attributes object for each certificate in certs.
	crlAttrs		An X501Attributes array containing an attributes object for each CRL in crls.
	keyAttrs		An X501Attributes array containing an attributes object for each private key in keys.
	keyFormats		An String array containing private keys formats, e.g., "DSAPrivateKeyX957BER". Elements of this array should be in the same order as keys in keys array. For more info about proper key formats see Crypto-J manual.

Throws

InvalidParameterException - If any of the parameters is invalid.

PKCS12

public PKCS12(CertJ certJ,
              X500Name subjectName,
              CertPathCtx pathCtx)
       throws InvalidParameterException,
              PKCS12Exception

Constructs a PKCS12 object that holds key materials corresponding to subjectName. Key materials are the certificates corresponding to the subjectName and the private keys corresponding to the public keys found in the certificates. Key materials may also include valid certification chains for the certificates, and CRLs for any certificate included.

The pathCtx argument specifies the source of the materials to be included in the resulting PKCS #12 file. First, the subjectName argument is used to look for one or more certificates with subject names that match it. For each certificate found, it looks for the corresponding private key, and builds a certificate path from this certificate up to a trusted root certificate in the pathCtx. If building a certificate path fails, it throws an exception indicating the failure. In summary, the following four steps are used to build the PKCS #12 file:

1. Include certificates that match the given subject name.
2. Include the private keys that correspond to each of the certificates found in step 1.
3. Include a certificate path of each certificate in step 1 that ends with any of the trusted certificates provided in the pathCtx argument.
4. If the pathOptions associated with the pathCtx argument does not have the CertPathCtx.PF_IGNORE_REVOCATION bit set, include the the CRLs found while building a certificate path in step 3.

It is not necessary to include a certificate path with a certificate. Include the certificate in the trustedCerts associated with the pathCtx argument if the certificate path is not included.

Parameters

	certJ		A CertJ object that holds the various service providers available. In addition to a random provider, this object can contain a certification path provider, a certificate revocation status provider, or both. Include a certification path provider if the PKCS #12 file should contain a certificate chain for the certificate corresponding to subjectName. Include a certificate revocation status provider if the PKCS #12 file should contain CRLs for the certificates it contains.
	subjectName		An X500Name object that contains key materials will be exported to a PKCS #12 file.
	pathCtx		A CertPathCtx object specifying the valid certification path to construct to find which certificates and CRLs to include in a PKCS #12 file.

Throws

InvalidParameterException - If any of the parameters is invalid.

PKCS12Exception - If constructing the contents of a PKCS #12 file fails.

PKCS12

public PKCS12(CertJ certJ,
              X500Name subjectName,
              CertPathCtx pathCtx,
              String keyFormat)
       throws InvalidParameterException,
              PKCS12Exception

Constructs a PKCS12 object that holds key materials corresponding to subjectName. Key materials are the certificates corresponding to the subjectName and the private keys corresponding to the public keys found in the certificates. Key materials may also include valid certification chains for the certificates, and CRLs for any certificate included.

The pathCtx argument specifies the source of the materials to be included in the resulting PKCS #12 file. First, the subjectName argument is used to look for one or more certificates with subject names that match it. For each certificate found, it looks for the corresponding private key, and builds a certificate path from this certificate up to a trusted root certificate in the pathCtx. If building a certificate path fails, it throws an exception indicating the failure. In summary, the following four steps are used to build the PKCS #12 file:

1. Include certificates that match the given subject name.
2. Include the private keys that correspond to each of the certificates found in step 1.
3. Include a certificate path of each certificate in step 1 that ends with any of the trusted certificates provided in the pathCtx argument.
4. If the pathOptions associated with the pathCtx argument does not have the CertPathCtx.PF_IGNORE_REVOCATION bit set, include the the CRLs found while building a certificate path in step 3.

It is not necessary to include a certificate path with a certificate. Include the certificate in the trustedCerts associated with the pathCtx argument if the certificate path is not included.

Parameters

	certJ		A CertJ object that holds the various service providers available. In addition to a random provider, this object can contain a certification path provider, a certificate revocation status provider, or both. Include a certification path provider if the PKCS #12 file should contain a certificate chain for the certificate corresponding to subjectName. Include a certificate revocation status provider if the PKCS #12 file should contain CRLs for the certificates it contains.
	subjectName		An X500Name object that contains key materials will be exported to a PKCS #12 file.
	pathCtx		A CertPathCtx object specifying the valid certification path to construct to find which certificates and CRLs to include in a PKCS #12 file.
	keyFormat		An String specifying a format of the private key corresponding to the cert, e.g., "DSAPrivateKeyX957BER". For more info about proper key format see Crypto-J manual.

Throws

InvalidParameterException - If any of the parameters is invalid.

PKCS12Exception - If constructing the contents of a PKCS #12 file fails.

PKCS12

public PKCS12(CertJ certJ,
              Certificate cert,
              CertPathCtx pathCtx)
       throws InvalidParameterException,
              PKCS12Exception

Constructs a PKCS12 object that holds key materials for the certificate given in cert. Key materials are the certificate given in cert and the private key corresponding to the public keys found in the certificate. Key materials may also include valid certification chains for the certificate, and CRLs for the certificate.

The pathCtx argument specifies the source of the materials to be included in the resulting PKCS #12 file. First, it looks for the corresponding private key for the certificate and builds a certificate path from this certificate up to a trusted root certificate in the pathCtx. If building a certificate path fails, it throws an exception indicating the failure. In summary, the following three steps are used to build the PKCS #12 file:

1. Include the private key that corresponds to the certificate.
2. Include a certificate path of the certificate that ends with any of the trusted certificates provided in the pathCtx argument.
3. If the pathOptions associated with the pathCtx argument does not have the CertPathCtx.PF_IGNORE_REVOCATION bit set, include the the CRLs found while building a certificate path in step 2.

It is not necessary to include a certificate path with a certificate. Include the certificate in the trustedCerts associated with the pathCtx argument if the certificate path is not included.

Parameters

	certJ		A CertJ object that holds the various service providers available. In addition to a random provider, this object can contain a certification path provider, a certificate revocation status provider, or both. Include a certification path provider if the PKCS #12 file should contain a certificate chain for the certificate corresponding to subjectName. Include a certificate revocation status provider if the PKCS #12 file should contain CRLs for the certificates in it.
	cert		A Certificate object that holds the public key whose private key will be included in a PKCS #12 file.
	pathCtx		A CertPathCtx object specifying the valid certification path to construct to find which certificates and CRLs to include in a PKCS #12 file.

Throws

InvalidParameterException - If any of the parameters is invalid.

PKCS12Exception - If constructing the contents of a PKCS #12 file fails.

PKCS12

public PKCS12(CertJ certJ,
              Certificate cert,
              CertPathCtx pathCtx,
              String keyFormat)
       throws InvalidParameterException,
              PKCS12Exception

Constructs a PKCS12 object that holds key materials for the certificate given in cert. Key materials are the certificate given in cert and the private key corresponding to the public keys found in the certificate. Key materials may also include valid certification chains for the certificate, and CRLs for the certificate.

The pathCtx argument specifies the source of the materials to be included in the resulting PKCS #12 file. First, it looks for the corresponding private key for the certificate and builds a certificate path from this certificate up to a trusted root certificate in the pathCtx. If building a certificate path fails, it throws an exception indicating the failure. In summary, the following three steps are used to build the PKCS #12 file:

1. Include the private key that corresponds to the certificate.
2. Include a certificate path of the certificate that ends with any of the trusted certificates provided in the pathCtx argument.
3. If the pathOptions associated with the pathCtx argument does not have the CertPathCtx.PF_IGNORE_REVOCATION bit set, include the the CRLs found while building a certificate path in step 2.

It is not necessary to include a certificate path with a certificate. Include the certificate in the trustedCerts associated with the pathCtx argument if the certificate path is not included.

Parameters

	certJ		A CertJ object that holds the various service providers available. In addition to a random provider, this object can contain a certification path provider, a certificate revocation status provider, or both. Include a certification path provider if the PKCS #12 file should contain a certificate chain for the certificate corresponding to subjectName. Include a certificate revocation status provider if the PKCS #12 file should contain CRLs for the certificates in it.
	cert		A Certificate object that holds the public key whose private key will be included in a PKCS #12 file.
	pathCtx		A CertPathCtx object specifying the valid certification path to construct to find which certificates and CRLs to include in a PKCS #12 file.
	keyFormat		An String specifying a format of the private key corresponding to the cert, e.g., "DSAPrivateKeyX957BER". For more info about proper key format see Crypto-J manual.

Throws

InvalidParameterException - If any of the parameters is invalid.

PKCS12Exception - If constructing the contents of a PKCS #12 file fails.

Method Detail

export

public void export(String filename,
                   char[] password,
                   String encAlg,
                   String digestAlg,
                   int iterations,
                   int option)
            throws InvalidParameterException,
                   PKCS12Exception

Exports the contents of this PKCS12 object into a file given as a String.

Parameters

	filename		A String representing the name of a PKCS #12 file to be created.
	password		A char array holding the password for the PKCS #12 file.
	encAlg		A String representing the encryption algorithm to be used in the PBE. Possible values are listed in POSSIBLE_ENCRYPTION_ALGORITHMS.
	digestAlg		A String representing the digest algorithm to be used in the MAC. Possible values are listed in POSSIBLE_DIGEST_ALGORITHMS.
	iterations		An int indicating the number of iterations used for MAC calculation.
	option		An int holding a collection of bit values. Possible bit values are USE_MS_FORMAT and USE_NS_FORMAT. If the USE_MS_FORMAT flag is set, this method uses the format that Microsoft IE uses. That is, the entire content is encrypted and the keys are held in plain key bags instead of PKCS #8 shrouded key bags. If the USE_NS_FORMAT flag is set, this method uses the format that Netscape Navigator uses, except the encoding is DER instead of indefinite-length BER. That is, the entire content is in plain data format and the keys are protected in PKCS #8 shrouded key bags.

Throws

InvalidParameterException - If any of the parameters is invalid.

PKCS12Exception - If creation of the PKCS #12 file fails.

export

public void export(File file,
                   char[] password,
                   String encAlg,
                   String digestAlg,
                   int iterations,
                   int option)
            throws InvalidParameterException,
                   PKCS12Exception

Exports the contents of this PKCS12 object into a file given as a File.

Parameters

	file		A File specifying the PKCS #12 file to create.
	password		A char array holding the password for the PKCS #12 file.
	encAlg		A String representing the encryption algorithm to be used in the PBE. Possible values are listed in POSSIBLE_ENCRYPTION_ALGORITHMS.
	digestAlg		A String representing the digest algorithm to be used in the MAC. Possible values are listed in POSSIBLE_DIGEST_ALGORITHMS.
	iterations		An int indicating the number of iterations used for MAC calculation.
	option		An int holding a collection of bit values. Possible bit values are USE_MS_FORMAT and USE_NS_FORMAT. If the USE_MS_FORMAT flag is set, this method uses the format that Microsoft IE uses. That is, the entire content is encrypted and the keys are held in plain key bags instead of PKCS #8 shrouded key bags. If the USE_NS_FORMAT flag is set, this method uses the format that Netscape Navigator uses, except the encoding is DER instead of indefinite-length BER. That is, the entire content is in plain data format and the keys are protected in PKCS #8 shrouded key bags.

Throws

InvalidParameterException - If any of the parameters is invalid.

PKCS12Exception - If creation of the PKCS #12 file failed.

export

public void export(String filename,
                   char[] password,
                   char[] encPassword,
                   String encAlg,
                   String digestAlg,
                   int iterations,
                   int option)
            throws InvalidParameterException,
                   PKCS12Exception

Exports the contents of this PKCS12 object into a file given as a String.

Parameters

	filename		A String representing the name of a PKCS #12 file to be created.
	password		A char array holding the password for authenticating the PKCS #12 file with HMAC.
	encPassword		A char array holding the password used to encrypt the PKCS#12 data. If it is null, then password will be used to encrypt it.
	encAlg		A String representing the encryption algorithm to be used in the PBE. Possible values are listed in POSSIBLE_ENCRYPTION_ALGORITHMS.
	digestAlg		A String representing the digest algorithm to be used in the MAC. Possible values are listed in POSSIBLE_DIGEST_ALGORITHMS.
	iterations		An int indicating the number of iterations used for MAC calculation.
	option		An int holding a collection of bit values. Possible bit values are USE_MS_FORMAT and USE_NS_FORMAT. If the USE_MS_FORMAT flag is set, this method uses the format that Microsoft IE uses. That is, the entire content is encrypted and the keys are held in plain key bags instead of PKCS #8 shrouded key bags. If the USE_NS_FORMAT flag is set, this method uses the format that Netscape Navigator uses, except the encoding is DER instead of indefinite-length BER. That is, the entire content is in plain data format and the keys are protected in PKCS #8 shrouded key bags.

Throws

InvalidParameterException - If any of the parameters is invalid.

PKCS12Exception - If creation of the PKCS #12 file fails.

export

public void export(File file,
                   char[] password,
                   char[] encPassword,
                   String encAlg,
                   String digestAlg,
                   int iterations,
                   int option)
            throws InvalidParameterException,
                   PKCS12Exception

Exports the contents of this PKCS12 object into a file given as a File.

Parameters

	file		A File specifying the PKCS #12 file to create.
	password		A char array holding the password for authenticating the PKCS #12 file with HMAC.
	encPassword		A char array holding the password used to encrypt the PKCS#12 data. If it is null, then password will be used to encrypt it.
	encAlg		A String representing the encryption algorithm to be used in the PBE. Possible values are listed in POSSIBLE_ENCRYPTION_ALGORITHMS.
	digestAlg		A String representing the digest algorithm to be used in the MAC. Possible values are listed in POSSIBLE_DIGEST_ALGORITHMS.
	iterations		An int indicating the number of iterations used for MAC calculation.
	option		An int holding a collection of bit values. Possible bit values are USE_MS_FORMAT and USE_NS_FORMAT. If the USE_MS_FORMAT flag is set, this method uses the format that Microsoft IE uses. That is, the entire content is encrypted and the keys are held in plain key bags instead of PKCS #8 shrouded key bags. If the USE_NS_FORMAT flag is set, this method uses the format that Netscape Navigator uses, except the encoding is DER instead of indefinite-length BER. That is, the entire content is in plain data format and the keys are protected in PKCS #8 shrouded key bags.

Throws

InvalidParameterException - If any of the parameters is invalid.

PKCS12Exception - If creation of the PKCS #12 file failed.

export

public void export(OutputStream stream,
                   char[] password,
                   String encAlg,
                   String digestAlg,
                   int iterations,
                   int option)
            throws InvalidParameterException,
                   PKCS12Exception

Exports the contents of this PKCS12 object into an output stream given as an OutputStream.

Parameters

	stream		An OutputStream specifying the stream to which the PKCS #12 file contents are to be written.
	password		A char array holding the password for the PKCS #12 file.
	encAlg		A String representing the encryption algorithm to be used in the PBE. Possible values are listed in POSSIBLE_ENCRYPTION_ALGORITHMS.
	digestAlg		A String representing the digest algorithm to be used in the MAC. Possible values are listed in POSSIBLE_DIGEST_ALGORITHMS.
	iterations		An int indicating the number of iterations used for MAC calculation.
	option		An int holding a collection of bit values. Possible bit values are USE_MS_FORMAT and USE_NS_FORMAT. If the USE_MS_FORMAT flag is set, this method uses the format that Microsoft IE uses. That is, the entire content is encrypted and the keys are held in plain key bags instead of PKCS #8 shrouded key bags. If the USE_NS_FORMAT flag is set, this method uses the format that Netscape Navigator uses, except the encoding is DER instead of indefinite-length BER. That is, the entire content is in plain data format and the keys are protected in PKCS #8 shrouded key bags.

Throws

InvalidParameterException - If any of the parameters is invalid.

PKCS12Exception - If creation of the PKCS #12 file fails.

export

public void export(OutputStream stream,
                   char[] password,
                   char[] encPassword,
                   String encAlg,
                   String digestAlg,
                   int iterations,
                   int option)
            throws InvalidParameterException,
                   PKCS12Exception

Exports the contents of this PKCS12 object into an output stream given as an OutputStream.

Parameters

	stream		An OutputStream specifying the stream to which the PKCS #12 file contents are to be written.
	password		A char array holding the password for authenticating the PKCS #12 file with HMAC.
	encPassword		A char array holding the password used to encrypt the PKCS#12 data. If it is null, then password will be used to encrypt both private keys and the whole PKCS#12 file.
	encAlg		A String representing the encryption algorithm to be used in the PBE. Possible values are listed in POSSIBLE_ENCRYPTION_ALGORITHMS.
	digestAlg		A String representing the digest algorithm to be used in the MAC. Possible values are listed in POSSIBLE_DIGEST_ALGORITHMS.
	iterations		An int indicating the number of iterations used for MAC calculation.
	option		An int holding a collection of bit values. Possible bit values are USE_MS_FORMAT and USE_NS_FORMAT. If the USE_MS_FORMAT flag is set, this method uses the format that Microsoft IE uses. That is, the entire content is encrypted and the keys are held in plain key bags instead of PKCS #8 shrouded key bags. If the USE_NS_FORMAT flag is set, this method uses the format that Netscape Navigator uses, except the encoding is DER instead of indefinite-length BER. That is, the entire content is in plain data format and the keys are protected in PKCS #8 shrouded key bags.

Throws

InvalidParameterException - If any of the parameters is invalid.

PKCS12Exception - If creation of the PKCS #12 file fails.

getCertificates

public Certificate[] getCertificates()

Retrieves the certificates found in the PKCS12 data.

Returns

A Certificate array containing all of the certificates in the PKCS12 data.

getCrls

public CRL[] getCrls()

Retrieves the CRLs found in the PKCS12 data.

Returns

A CRL array containing all of the CRLs in the PKCS12 data.

getKeys

public com.rsa.jsafe.JSAFE_PrivateKey[] getKeys()

Retrieves the private keys found in the PKCS12 data.

Returns

A JSAFE_PrivateKey array containing all of the private keys in the PKCS12 data.

getKeysAttributes

public X501Attributes[] getKeysAttributes()

Retrieves the private keys attributes found in the PKCS12 data. Keys attributes are ordered as keys, so if some key is missing its attributes, the corresponding attributes element is null.

Returns

A X501Attributes array containing all of the private keys attributes in the PKCS12 data.

getCertsAttributes

public X501Attributes[] getCertsAttributes()

Retrieves the certificates attributes found in the PKCS12 data. Certificates attributes are ordered as certs, so if some cert is missing its attributes, the corresponding attributes element is null.

Returns

A X501Attributes array containing all of the certificates attributes in the PKCS12 data.

getCRLsAttributes

public X501Attributes[] getCRLsAttributes()

Retrieves the CRLs attributes found in the PKCS12 data. CRLs attributes are ordered as CRLss, so if some CRL is missing attributes, the corresponding attributes element is null.

Returns

A X501Attributes array containing all of the CRLs attributes in the PKCS12 data.