Class PKCS12Util
java.lang.Object
org.mozilla.jss.netscape.security.pkcs.PKCS12Util
-
Field Summary
FieldsModifier and TypeFieldDescription(package private) PBEAlgorithmstatic final PBEAlgorithmstatic final Stringstatic final PBEAlgorithmstatic final String(package private) PBEAlgorithmprivate static org.slf4j.Loggerstatic final String(package private) SecureRandomstatic final List<PBEAlgorithm>static final List<PBEAlgorithm>(package private) boolean -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidaddCertBag(PKCS12CertInfo certInfo, SEQUENCE safeContents) voidaddKeyBag(PKCS12KeyInfo keyInfo, Password password, SEQUENCE encSafeContents) Add a private key to the PKCS #12 object.create_EPKI_with_PBE_PKCS5_PBES2(CryptoToken token, PrivateKey privateKey, Password password) create_EPKI_with_PBE_SHA1_DES3_CBC(CryptoToken token, PrivateKey privateKey, Password password) (package private) SETcreateCertBagAttrs(PKCS12CertInfo certInfo) createCertInfoFromNSS(X509Certificate cert, String friendlyName) (package private) SETcreateKeyBagAttrs(PKCS12KeyInfo keyInfo) createKeyInfoFromNSS(X509Certificate cert, PrivateKey privateKey) createKeyInfoFromNSS(X509Certificate cert, PrivateKey privateKey, String friendlyName) (package private) BigIntegercreateLocalID(byte[] bytes) (package private) BigIntegercreateLocalID(X509Certificate cert) generatePFX(PKCS12 pkcs12, Password password) getCertBySubjectDN(PKCS12 pkcs12, String subjectDN) getCertInfo(SafeBag bag) voidgetCertInfos(PKCS12 pkcs12, PFX pfx, Password password) getKeyInfo(SafeBag bag, Password password) Loads key bags (for IMPORT and other operations on existing PKCS #12 files).voidgetKeyInfos(PKCS12 pkcs12, PFX pfx, Password password) getPrivateKeyType(PublicKey publicKey) getTrustFlags(X509Certificate cert) Deprecated.Use PK11Cert.getTrustFlags() instead.voidimportKey(PKCS12 pkcs12, Password password, String nickname, PKCS12KeyInfo keyInfo) booleanvoidloadCertFromNSS(PKCS12 pkcs12, String nickname, boolean includeKey, boolean includeChain) voidloadCertFromNSS(PKCS12 pkcs12, String nickname, boolean includeKey, boolean includeChain, String friendlyName) voidloadCertFromNSS(PKCS12 pkcs12, X509Certificate cert, boolean includeKey, boolean includeChain) voidloadCertFromNSS(PKCS12 pkcs12, X509Certificate cert, boolean includeKey, boolean includeChain, String friendlyName) loadFromByteArray(byte[] b, Password password) loadFromFile(String filename) loadFromFile(String filename, Password password) voidloadFromNSS(PKCS12 pkcs12) voidloadFromNSS(PKCS12 pkcs12, boolean includeKey, boolean includeChain) voidsetCertEncryption(String name) voidsetCertEncryption(PBEAlgorithm algorithm) voidsetKeyEncryption(String name) voidsetKeyEncryption(PBEAlgorithm algorithm) voidsetTrustFlags(X509Certificate cert, String trustFlags) Deprecated.Use PK11Cert.setTrustFlags() instead.voidsetTrustFlagsEnabled(boolean trustFlagsEnabled) voidstoreCertIntoNSS(PKCS12 pkcs12, Password password, String nickname, boolean overwrite) voidstoreCertIntoNSS(PKCS12 pkcs12, Password password, PKCS12CertInfo certInfo, boolean overwrite) Store a certificate (and key, if present) in NSSDB.voidstoreIntoFile(PKCS12 pkcs12, String filename, Password password) voidstoreIntoNSS(PKCS12 pkcs12, Password password, boolean overwrite)
-
Field Details
-
logger
private static org.slf4j.Logger logger -
NO_ENCRYPTION
- See Also:
-
SUPPORTED_CERT_ENCRYPTIONS
-
SUPPORTED_KEY_ENCRYPTIONS
-
DEFAULT_CERT_ENCRYPTION
-
DEFAULT_CERT_ENCRYPTION_NAME
- See Also:
-
DEFAULT_KEY_ENCRYPTION
-
DEFAULT_KEY_ENCRYPTION_NAME
-
random
SecureRandom random -
certEncryption
PBEAlgorithm certEncryption -
keyEncryption
PBEAlgorithm keyEncryption -
trustFlagsEnabled
boolean trustFlagsEnabled
-
-
Constructor Details
-
PKCS12Util
- Throws:
Exception
-
-
Method Details
-
setCertEncryption
- Throws:
Exception
-
setCertEncryption
- Throws:
Exception
-
getCertEncryption
-
setKeyEncryption
- Throws:
Exception
-
setKeyEncryption
- Throws:
Exception
-
getKeyEncryption
-
isTrustFlagsEnabled
public boolean isTrustFlagsEnabled() -
setTrustFlagsEnabled
public void setTrustFlagsEnabled(boolean trustFlagsEnabled) -
getTrustFlags
Deprecated.Use PK11Cert.getTrustFlags() instead. -
setTrustFlags
Deprecated.Use PK11Cert.setTrustFlags() instead.- Throws:
Exception
-
addKeyBag
public void addKeyBag(PKCS12KeyInfo keyInfo, Password password, SEQUENCE encSafeContents) throws Exception Add a private key to the PKCS #12 object. The PKCS12KeyInfo object received comes about in two different scenarios: - The private key could be in encrypted byte[] form (e.g. when we have merely loaded a PKCS #12 file for inspection or e.g. to delete a certificate and its associated key). In this case we simply re-use this encrypted private key info byte[]. - The private key could be a be an NSS PrivateKey handle. In this case we must export the PrivateKey from the token to obtain the EncryptedPrivateKeyInfo. The common final step is to add the encrypted private key data to a "Shrouded Key Bag" to the PKCS #12 object. Unencrypted key material is never seen.- Throws:
Exception
-
create_EPKI_with_PBE_SHA1_DES3_CBC
public ASN1Value create_EPKI_with_PBE_SHA1_DES3_CBC(CryptoToken token, PrivateKey privateKey, Password password) throws Exception - Throws:
Exception
-
create_EPKI_with_PBE_PKCS5_PBES2
public ASN1Value create_EPKI_with_PBE_PKCS5_PBES2(CryptoToken token, PrivateKey privateKey, Password password) throws Exception - Throws:
Exception
-
addCertBag
- Throws:
Exception
-
createLocalID
- Throws:
Exception
-
createLocalID
- Throws:
Exception
-
createKeyBagAttrs
- Throws:
Exception
-
createCertBagAttrs
- Throws:
Exception
-
loadFromNSS
- Throws:
Exception
-
loadFromNSS
- Throws:
Exception
-
loadCertFromNSS
public void loadCertFromNSS(PKCS12 pkcs12, String nickname, boolean includeKey, boolean includeChain) throws Exception - Throws:
Exception
-
loadCertFromNSS
public void loadCertFromNSS(PKCS12 pkcs12, String nickname, boolean includeKey, boolean includeChain, String friendlyName) throws Exception - Throws:
Exception
-
loadCertFromNSS
public void loadCertFromNSS(PKCS12 pkcs12, X509Certificate cert, boolean includeKey, boolean includeChain) throws Exception - Throws:
Exception
-
loadCertFromNSS
public void loadCertFromNSS(PKCS12 pkcs12, X509Certificate cert, boolean includeKey, boolean includeChain, String friendlyName) throws Exception - Throws:
Exception
-
createCertInfoFromNSS
- Throws:
Exception
-
createCertInfoFromNSS
public PKCS12CertInfo createCertInfoFromNSS(X509Certificate cert, String friendlyName) throws Exception - Throws:
Exception
-
createKeyInfoFromNSS
public PKCS12KeyInfo createKeyInfoFromNSS(X509Certificate cert, PrivateKey privateKey) throws Exception - Throws:
Exception
-
createKeyInfoFromNSS
public PKCS12KeyInfo createKeyInfoFromNSS(X509Certificate cert, PrivateKey privateKey, String friendlyName) throws Exception - Throws:
Exception
-
generatePFX
- Throws:
Exception
-
storeIntoFile
- Throws:
Exception
-
getKeyInfo
Loads key bags (for IMPORT and other operations on existing PKCS #12 files). Does not decrypt EncryptedPrivateKeyInfo values, but stores them in PKCS12KeyInfo objects for possible later use.- Throws:
Exception
-
getCertInfo
- Throws:
Exception
-
getKeyInfos
- Throws:
Exception
-
getCertInfos
- Throws:
Exception
-
loadFromFile
- Throws:
Exception
-
loadFromByteArray
- Throws:
Exception
-
loadFromFile
- Throws:
Exception
-
getPrivateKeyType
-
getCertBySubjectDN
public PKCS12CertInfo getCertBySubjectDN(PKCS12 pkcs12, String subjectDN) throws CertificateException - Throws:
CertificateException
-
importKey
public void importKey(PKCS12 pkcs12, Password password, String nickname, PKCS12KeyInfo keyInfo) throws Exception - Throws:
Exception
-
storeCertIntoNSS
public void storeCertIntoNSS(PKCS12 pkcs12, Password password, PKCS12CertInfo certInfo, boolean overwrite) throws Exception Store a certificate (and key, if present) in NSSDB.- Throws:
Exception
-
storeCertIntoNSS
public void storeCertIntoNSS(PKCS12 pkcs12, Password password, String nickname, boolean overwrite) throws Exception - Throws:
Exception
-
storeIntoNSS
- Throws:
Exception
-