Package org.bouncycastle.pkcs

Class PKCS12PfxPduBuilder

java.lang.Object
org.bouncycastle.pkcs.PKCS12PfxPduBuilder
public class PKCS12PfxPduBuilder extends Object
A builder for the PKCS#12 Pfx key and certificate store.

For example: you can build a basic key store for the user owning privKey as follows: 

      X509Certificate[] chain = ....
      PublicKey         pubKey = ....
      PrivateKey        privKey = ....
      JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();

      PKCS12SafeBagBuilder taCertBagBuilder = new JcaPKCS12SafeBagBuilder(chain[2]);

      taCertBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString("Bouncy Primary Certificate"));

      PKCS12SafeBagBuilder caCertBagBuilder = new JcaPKCS12SafeBagBuilder(chain[1]);

      caCertBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString("Bouncy Intermediate Certificate"));

      PKCS12SafeBagBuilder eeCertBagBuilder = new JcaPKCS12SafeBagBuilder(chain[0]);

      eeCertBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString("Eric's Key"));
      eeCertBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, extUtils.createSubjectKeyIdentifier(pubKey));

      PKCS12SafeBagBuilder keyBagBuilder = new JcaPKCS12SafeBagBuilder(privKey, new BcPKCS12PBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, new CBCBlockCipher(new DESedeEngine())).build(passwd));

      keyBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString("Eric's Key"));
      keyBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, extUtils.createSubjectKeyIdentifier(pubKey));

      //
      // construct the actual key store
      //
      PKCS12PfxPduBuilder pfxPduBuilder = new PKCS12PfxPduBuilder();

      PKCS12SafeBag[] certs = new PKCS12SafeBag[3];

      certs[0] = eeCertBagBuilder.build();
      certs[1] = caCertBagBuilder.build();
      certs[2] = taCertBagBuilder.build();

      pfxPduBuilder.addEncryptedData(new BcPKCS12PBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC2_CBC, new CBCBlockCipher(new RC2Engine())).build(passwd), certs);

      pfxPduBuilder.addData(keyBagBuilder.build());

      PKCS12PfxPdu pfx = pfxPduBuilder.build(new BcPKCS12MacCalculatorBuilder(), passwd);

  • Constructor Details

    • PKCS12PfxPduBuilder

      public PKCS12PfxPduBuilder()

  • Method Details

    • addData

      public PKCS12PfxPduBuilder addData(PKCS12SafeBag data) throws IOException
      Add a SafeBag that is to be included as is.
      Parameters:
      data - the SafeBag to add.
      Returns:
      this builder.
      Throws:
      IOException

    • addEncryptedData

      public PKCS12PfxPduBuilder addEncryptedData(OutputEncryptor dataEncryptor, PKCS12SafeBag data) throws IOException
      Add a SafeBag that is to be wrapped in a EncryptedData object.
      Parameters:
      dataEncryptor - the encryptor to use for encoding the data.
      data - the SafeBag to include.
      Returns:
      this builder.
      Throws:
      IOException - if a issue occurs processing the data.

    • addEncryptedData

      public PKCS12PfxPduBuilder addEncryptedData(OutputEncryptor dataEncryptor, PKCS12SafeBag[] data) throws IOException
      Add a set of SafeBags that are to be wrapped in a EncryptedData object.
      Parameters:
      dataEncryptor - the encryptor to use for encoding the data.
      data - the SafeBags to include.
      Returns:
      this builder.
      Throws:
      IOException - if a issue occurs processing the data.

    • build

      public PKCS12PfxPdu build(PKCS12MacCalculatorBuilder macCalcBuilder, char[] password) throws PKCSException
      Build the Pfx structure, protecting it with a MAC calculated against the passed in password.
      Parameters:
      macCalcBuilder - a builder for a PKCS12 mac calculator.
      password - the password to use.
      Returns:
      a Pfx object.
      Throws:
      PKCSException - on a encoding or processing error.