org.bouncycastle.pkcs
Class PKCS12PfxPduBuilder
java.lang.Object
|
+--org.bouncycastle.pkcs.PKCS12PfxPduBuilder
- public class PKCS12PfxPduBuilder
- extends java.lang.Object
A builder for the PKCS#12 Pfx key and certificate store.
For example: you can build a basic key store for the user owning privKey as follows:
X509Certificate[] chain = [].
PublicKey pubKey = [].
PrivateKey privKey = [].
JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
PKCS12SafeBagBuilder taCertBagBuilder = new JcaPKCS12SafeBagBuilder(chain[2]);
taCertBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString("Bouncy Primary Certificate"));
PKCS12SafeBagBuilder caCertBagBuilder = new JcaPKCS12SafeBagBuilder(chain[1]);
caCertBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString("Bouncy Intermediate Certificate"));
PKCS12SafeBagBuilder eeCertBagBuilder = new JcaPKCS12SafeBagBuilder(chain[0]);
eeCertBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString("Eric's Key"));
eeCertBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, extUtils.createSubjectKeyIdentifier(pubKey));
PKCS12SafeBagBuilder keyBagBuilder = new JcaPKCS12SafeBagBuilder(privKey, new BcPKCS12PBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, new CBCBlockCipher(new DESedeEngine())).build(passwd));
keyBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString("Eric's Key"));
keyBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, extUtils.createSubjectKeyIdentifier(pubKey));
//
// construct the actual key store
//
PKCS12PfxPduBuilder pfxPduBuilder = new PKCS12PfxPduBuilder();
PKCS12SafeBag[] certs = new PKCS12SafeBag[3];
certs[0] = eeCertBagBuilder.build();
certs[1] = caCertBagBuilder.build();
certs[2] = taCertBagBuilder.build();
pfxPduBuilder.addEncryptedData(new BcPKCS12PBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC2_CBC, new CBCBlockCipher(new RC2Engine())).build(passwd), certs);
pfxPduBuilder.addData(keyBagBuilder.build());
PKCS12PfxPdu pfx = pfxPduBuilder.build(new BcPKCS12MacCalculatorBuilder(), passwd);
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
PKCS12PfxPduBuilder
public PKCS12PfxPduBuilder()
addData
public PKCS12PfxPduBuilder addData(PKCS12SafeBag data)
throws java.io.IOException
- Add a SafeBag that is to be included as is.
- Parameters:
data - the SafeBag to add.- Returns:
- this builder.
- Throws:
java.io.IOException -
addEncryptedData
public PKCS12PfxPduBuilder addEncryptedData(OutputEncryptor dataEncryptor,
PKCS12SafeBag data)
throws java.io.IOException
- Add a SafeBag that is to be wrapped in a EncryptedData object.
- Parameters:
dataEncryptor - the encryptor to use for encoding the data.data - the SafeBag to include.- Returns:
- this builder.
- Throws:
java.io.IOException - if a issue occurs processing the data.
addEncryptedData
public PKCS12PfxPduBuilder addEncryptedData(OutputEncryptor dataEncryptor,
PKCS12SafeBag[] data)
throws java.io.IOException
- Add a set of SafeBags that are to be wrapped in a EncryptedData object.
- Parameters:
dataEncryptor - the encryptor to use for encoding the data.data - the SafeBags to include.- Returns:
- this builder.
- Throws:
java.io.IOException - if a issue occurs processing the data.
build
public PKCS12PfxPdu build(PKCS12MacCalculatorBuilder macCalcBuilder,
char[] password)
throws PKCSException
- Build the Pfx structure, protecting it with a MAC calculated against the passed in password.
- Parameters:
macCalcBuilder - a builder for a PKCS12 mac calculator.password - the password to use.- Returns:
- a Pfx object.
- Throws:
PKCSException - on a encoding or processing error.