org.bouncycastle.jcajce.provider.keystore.pkcs12

Class PKCS12KeyStoreSpi

java.lang.Object

java.security.KeyStoreSpi

org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi

All Implemented Interfaces:

PKCSObjectIdentifiers, X509ObjectIdentifiers, BCKeyStore

public class PKCS12KeyStoreSpi
extends java.security.KeyStoreSpi
implements PKCSObjectIdentifiers, X509ObjectIdentifiers, BCKeyStore

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	PKCS12KeyStoreSpi.BCPKCS12KeyStore
static class	PKCS12KeyStoreSpi.BCPKCS12KeyStore3DES
static class	PKCS12KeyStoreSpi.BCPKCS12KeyStoreAES256
static class	PKCS12KeyStoreSpi.BCPKCS12KeyStoreAES256GCM
static class	PKCS12KeyStoreSpi.DefPKCS12KeyStore
static class	PKCS12KeyStoreSpi.DefPKCS12KeyStore3DES
static class	PKCS12KeyStoreSpi.DefPKCS12KeyStoreAES256
static class	PKCS12KeyStoreSpi.DefPKCS12KeyStoreAES256GCM

Field Summary

Fields

Modifier and Type	Field and Description
protected java.security.SecureRandom	random

Fields inherited from interface org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers

bagtypes, canNotDecryptAny, certBag, certTypes, crlBag, crlTypes, data, des_EDE3_CBC, dhKeyAgreement, digestAlgorithm, digestedData, encryptedData, encryptionAlgorithm, envelopedData, id_aa, id_aa_asymmDecryptKeyID, id_aa_cmsAlgorithmProtect, id_aa_commitmentType, id_aa_communityIdentifiers, id_aa_contentHint, id_aa_contentIdentifier, id_aa_contentReference, id_aa_decryptKeyID, id_aa_encrypKeyPref, id_aa_ets_archiveTimestamp, id_aa_ets_certCRLTimestamp, id_aa_ets_certificateRefs, id_aa_ets_certValues, id_aa_ets_commitmentType, id_aa_ets_contentTimestamp, id_aa_ets_escTimeStamp, id_aa_ets_otherSigCert, id_aa_ets_revocationRefs, id_aa_ets_revocationValues, id_aa_ets_signerAttr, id_aa_ets_signerLocation, id_aa_ets_sigPolicyId, id_aa_implCompressAlgs, id_aa_implCryptoAlgs, id_aa_msgSigDigest, id_aa_otherSigCert, id_aa_receiptRequest, id_aa_signatureTimeStampToken, id_aa_signerLocation, id_aa_signingCertificate, id_aa_signingCertificateV2, id_aa_sigPolicyId, id_alg, id_alg_AEADChaCha20Poly1305, id_alg_CMS3DESwrap, id_alg_CMSRC2wrap, id_alg_ESDH, id_alg_hkdf_with_sha256, id_alg_hkdf_with_sha384, id_alg_hkdf_with_sha512, id_alg_hss_lms_hashsig, id_alg_PWRI_KEK, id_alg_SSDH, id_alg_zlibCompress, id_ct, id_ct_authData, id_ct_authEnvelopedData, id_ct_compressedData, id_ct_timestampedData, id_ct_TSTInfo, id_cti, id_cti_ets_proofOfApproval, id_cti_ets_proofOfCreation, id_cti_ets_proofOfDelivery, id_cti_ets_proofOfOrigin, id_cti_ets_proofOfReceipt, id_cti_ets_proofOfSender, id_hmacWithSHA1, id_hmacWithSHA224, id_hmacWithSHA256, id_hmacWithSHA384, id_hmacWithSHA512, id_hmacWithSHA512_224, id_hmacWithSHA512_256, id_mgf1, id_PBES2, id_PBKDF2, id_PBMAC1, id_pSpecified, id_rsa_KEM, id_RSAES_OAEP, id_RSASSA_PSS, id_smime, id_spq, id_spq_ets_unotice, id_spq_ets_uri, id_spq_oid, keyBag, md2, md2WithRSAEncryption, md4, md4WithRSAEncryption, md5, md5WithRSAEncryption, pbeWithMD2AndDES_CBC, pbeWithMD2AndRC2_CBC, pbeWithMD5AndDES_CBC, pbeWithMD5AndRC2_CBC, pbeWithSHA1AndDES_CBC, pbeWithSHA1AndRC2_CBC, pbeWithSHAAnd128BitRC2_CBC, pbeWithSHAAnd128BitRC4, pbeWithSHAAnd2_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC, pbewithSHAAnd40BitRC2_CBC, pbeWithSHAAnd40BitRC2_CBC, pbeWithSHAAnd40BitRC4, pkcs_1, pkcs_12, pkcs_12PbeIds, pkcs_3, pkcs_5, pkcs_7, pkcs_9, pkcs_9_at_binarySigningTime, pkcs_9_at_challengePassword, pkcs_9_at_contentType, pkcs_9_at_counterSignature, pkcs_9_at_emailAddress, pkcs_9_at_extendedCertificateAttributes, pkcs_9_at_extensionRequest, pkcs_9_at_friendlyName, pkcs_9_at_localKeyId, pkcs_9_at_messageDigest, pkcs_9_at_signingDescription, pkcs_9_at_signingTime, pkcs_9_at_smimeCapabilities, pkcs_9_at_unstructuredAddress, pkcs_9_at_unstructuredName, pkcs8ShroudedKeyBag, preferSignedData, RC2_CBC, rc4, rsaEncryption, safeContentsBag, sdsiCertificate, secretBag, sha1WithRSAEncryption, sha224WithRSAEncryption, sha256WithRSAEncryption, sha384WithRSAEncryption, sha512_224WithRSAEncryption, sha512_256WithRSAEncryption, sha512WithRSAEncryption, signedAndEnvelopedData, signedData, smime_alg, sMIMECapabilitiesVersions, srsaOAEPEncryptionSET, x509Certificate, x509certType, x509Crl

Fields inherited from interface org.bouncycastle.asn1.x509.X509ObjectIdentifiers

attributeType, commonName, countryName, crlAccessMethod, id_ad, id_ad_caIssuers, id_ad_ocsp, id_at_name, id_at_organizationIdentifier, id_at_telephoneNumber, id_ce, id_ea_rsa, id_ecdsa_with_shake128, id_ecdsa_with_shake256, id_PasswordBasedMac, id_pda, id_pe, id_pkix, id_rsassa_pss_shake128, id_rsassa_pss_shake256, id_SHA1, localityName, ocspAccessMethod, organization, organizationalUnitName, pkix_algorithms, ripemd160, ripemd160WithRSAEncryption, stateOrProvinceName

Constructor Summary

Constructors

Constructor and Description
PKCS12KeyStoreSpi(JcaJceHelper helper, ASN1ObjectIdentifier keyAlgorithm, ASN1ObjectIdentifier certAlgorithm)

Method Summary

Modifier and Type	Method and Description
protected byte[]	cryptData(boolean forEncryption, AlgorithmIdentifier algId, char[] password, boolean wrongPKCS12Zero, byte[] data)
java.util.Enumeration	engineAliases()
boolean	engineContainsAlias(java.lang.String alias)
void	engineDeleteEntry(java.lang.String alias) this is not quite complete - we should follow up on the chain, a bit tricky if a certificate appears in more than one chain... the store method now prunes out unused certificates from the chain map if they are present.
java.security.cert.Certificate	engineGetCertificate(java.lang.String alias) simply return the cert for the private key
java.lang.String	engineGetCertificateAlias(java.security.cert.Certificate cert)
java.security.cert.Certificate[]	engineGetCertificateChain(java.lang.String alias)
java.util.Date	engineGetCreationDate(java.lang.String alias)
java.security.Key	engineGetKey(java.lang.String alias, char[] password)
boolean	engineIsCertificateEntry(java.lang.String alias)
boolean	engineIsKeyEntry(java.lang.String alias)
void	engineLoad(java.io.InputStream stream, char[] password)
void	engineLoad(java.security.KeyStore.LoadStoreParameter loadStoreParameter)
boolean	engineProbe(java.io.InputStream stream)
void	engineSetCertificateEntry(java.lang.String alias, java.security.cert.Certificate cert)
void	engineSetKeyEntry(java.lang.String alias, byte[] key, java.security.cert.Certificate[] chain)
void	engineSetKeyEntry(java.lang.String alias, java.security.Key key, char[] password, java.security.cert.Certificate[] chain)
int	engineSize()
void	engineStore(java.security.KeyStore.LoadStoreParameter param)
void	engineStore(java.io.OutputStream stream, char[] password)
void	setRandom(java.security.SecureRandom rand) set the random source for the key store
protected java.security.PrivateKey	unwrapKey(AlgorithmIdentifier algId, byte[] data, char[] password, boolean wrongPKCS12Zero)
protected byte[]	wrapKey(EncryptionScheme encAlgId, java.security.Key key, PBKDF2Params pbeParams, char[] password)
protected byte[]	wrapKey(java.lang.String algorithm, java.security.Key key, PKCS12PBEParams pbeParams, char[] password)

Methods inherited from class java.security.KeyStoreSpi

engineEntryInstanceOf, engineGetEntry, engineSetEntry

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

random

protected java.security.SecureRandom random

Constructor Detail

PKCS12KeyStoreSpi

public PKCS12KeyStoreSpi(JcaJceHelper helper,
                         ASN1ObjectIdentifier keyAlgorithm,
                         ASN1ObjectIdentifier certAlgorithm)

Method Detail

setRandom

public void setRandom(java.security.SecureRandom rand)

Description copied from interface: BCKeyStore

set the random source for the key store

Specified by:

setRandom in interface BCKeyStore

engineProbe

public boolean engineProbe(java.io.InputStream stream)
                    throws java.io.IOException

Throws:

java.io.IOException

engineAliases

public java.util.Enumeration engineAliases()

Specified by:

engineAliases in class java.security.KeyStoreSpi

engineContainsAlias

public boolean engineContainsAlias(java.lang.String alias)

Specified by:

engineContainsAlias in class java.security.KeyStoreSpi

engineDeleteEntry

public void engineDeleteEntry(java.lang.String alias)
                       throws java.security.KeyStoreException

this is not quite complete - we should follow up on the chain, a bit tricky if a certificate appears in more than one chain... the store method now prunes out unused certificates from the chain map if they are present.

Specified by:

engineDeleteEntry in class java.security.KeyStoreSpi

Throws:

java.security.KeyStoreException

engineGetCertificate

public java.security.cert.Certificate engineGetCertificate(java.lang.String alias)

simply return the cert for the private key

Specified by:

engineGetCertificate in class java.security.KeyStoreSpi

engineGetCertificateAlias

public java.lang.String engineGetCertificateAlias(java.security.cert.Certificate cert)

Specified by:

engineGetCertificateAlias in class java.security.KeyStoreSpi

engineGetCertificateChain

public java.security.cert.Certificate[] engineGetCertificateChain(java.lang.String alias)

Specified by:

engineGetCertificateChain in class java.security.KeyStoreSpi

engineGetCreationDate

public java.util.Date engineGetCreationDate(java.lang.String alias)

Specified by:

engineGetCreationDate in class java.security.KeyStoreSpi

engineGetKey

public java.security.Key engineGetKey(java.lang.String alias,
                                      char[] password)
                               throws java.security.NoSuchAlgorithmException,
                                      java.security.UnrecoverableKeyException

Specified by:

engineGetKey in class java.security.KeyStoreSpi

Throws:

java.security.NoSuchAlgorithmException

java.security.UnrecoverableKeyException

engineIsCertificateEntry

public boolean engineIsCertificateEntry(java.lang.String alias)

Specified by:

engineIsCertificateEntry in class java.security.KeyStoreSpi

engineIsKeyEntry

public boolean engineIsKeyEntry(java.lang.String alias)

Specified by:

engineIsKeyEntry in class java.security.KeyStoreSpi

engineSetCertificateEntry

public void engineSetCertificateEntry(java.lang.String alias,
                                      java.security.cert.Certificate cert)
                               throws java.security.KeyStoreException

Specified by:

engineSetCertificateEntry in class java.security.KeyStoreSpi

Throws:

java.security.KeyStoreException

engineSetKeyEntry

public void engineSetKeyEntry(java.lang.String alias,
                              byte[] key,
                              java.security.cert.Certificate[] chain)
                       throws java.security.KeyStoreException

Specified by:

engineSetKeyEntry in class java.security.KeyStoreSpi

Throws:

java.security.KeyStoreException

engineSetKeyEntry

public void engineSetKeyEntry(java.lang.String alias,
                              java.security.Key key,
                              char[] password,
                              java.security.cert.Certificate[] chain)
                       throws java.security.KeyStoreException

Specified by:

engineSetKeyEntry in class java.security.KeyStoreSpi

Throws:

java.security.KeyStoreException

engineSize

public int engineSize()

Specified by:

engineSize in class java.security.KeyStoreSpi

unwrapKey

protected java.security.PrivateKey unwrapKey(AlgorithmIdentifier algId,
                                             byte[] data,
                                             char[] password,
                                             boolean wrongPKCS12Zero)
                                      throws java.io.IOException

Throws:

java.io.IOException

wrapKey

protected byte[] wrapKey(java.lang.String algorithm,
                         java.security.Key key,
                         PKCS12PBEParams pbeParams,
                         char[] password)
                  throws java.io.IOException

Throws:

java.io.IOException

wrapKey

protected byte[] wrapKey(EncryptionScheme encAlgId,
                         java.security.Key key,
                         PBKDF2Params pbeParams,
                         char[] password)
                  throws java.io.IOException

Throws:

java.io.IOException

cryptData

protected byte[] cryptData(boolean forEncryption,
                           AlgorithmIdentifier algId,
                           char[] password,
                           boolean wrongPKCS12Zero,
                           byte[] data)
                    throws java.io.IOException

Throws:

java.io.IOException

engineLoad

public void engineLoad(java.security.KeyStore.LoadStoreParameter loadStoreParameter)
                throws java.io.IOException,
                       java.security.NoSuchAlgorithmException,
                       java.security.cert.CertificateException

Overrides:

engineLoad in class java.security.KeyStoreSpi

Throws:

java.io.IOException

java.security.NoSuchAlgorithmException

java.security.cert.CertificateException

engineLoad

public void engineLoad(java.io.InputStream stream,
                       char[] password)
                throws java.io.IOException

Specified by:

engineLoad in class java.security.KeyStoreSpi

Throws:

java.io.IOException

engineStore

public void engineStore(java.security.KeyStore.LoadStoreParameter param)
                 throws java.io.IOException,
                        java.security.NoSuchAlgorithmException,
                        java.security.cert.CertificateException

Overrides:

engineStore in class java.security.KeyStoreSpi

Throws:

java.io.IOException

java.security.NoSuchAlgorithmException

java.security.cert.CertificateException

engineStore

public void engineStore(java.io.OutputStream stream,
                        char[] password)
                 throws java.io.IOException

Specified by:

engineStore in class java.security.KeyStoreSpi

Throws:

java.io.IOException