Package org.bouncycastle.jcajce.provider.keystore.pkcs12

Class PKCS12KeyStoreSpi

java.lang.Object

java.security.KeyStoreSpi

org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi

All Implemented Interfaces:

PKCSObjectIdentifiers, X509ObjectIdentifiers, BCKeyStore

public class PKCS12KeyStoreSpi
extends KeyStoreSpi
implements PKCSObjectIdentifiers, X509ObjectIdentifiers, BCKeyStore

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	PKCS12KeyStoreSpi.BCPKCS12KeyStore
static class	PKCS12KeyStoreSpi.BCPKCS12KeyStore3DES
static class	PKCS12KeyStoreSpi.BCPKCS12KeyStoreAES256
static class	PKCS12KeyStoreSpi.BCPKCS12KeyStoreAES256GCM
static class	PKCS12KeyStoreSpi.DefPKCS12KeyStore
static class	PKCS12KeyStoreSpi.DefPKCS12KeyStore3DES
static class	PKCS12KeyStoreSpi.DefPKCS12KeyStoreAES256
static class	PKCS12KeyStoreSpi.DefPKCS12KeyStoreAES256GCM

Field Summary

Fields

Modifier and Type	Field	Description
protected SecureRandom	random

Fields inherited from interface org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers

bagtypes, canNotDecryptAny, certBag, certTypes, crlBag, crlTypes, data, des_EDE3_CBC, dhKeyAgreement, digestAlgorithm, digestedData, encryptedData, encryptionAlgorithm, envelopedData, id_aa, id_aa_asymmDecryptKeyID, id_aa_cmsAlgorithmProtect, id_aa_commitmentType, id_aa_communityIdentifiers, id_aa_contentHint, id_aa_contentIdentifier, id_aa_contentReference, id_aa_decryptKeyID, id_aa_encrypKeyPref, id_aa_ets_archiveTimestamp, id_aa_ets_certCRLTimestamp, id_aa_ets_certificateRefs, id_aa_ets_certValues, id_aa_ets_commitmentType, id_aa_ets_contentTimestamp, id_aa_ets_escTimeStamp, id_aa_ets_otherSigCert, id_aa_ets_revocationRefs, id_aa_ets_revocationValues, id_aa_ets_signerAttr, id_aa_ets_signerLocation, id_aa_ets_sigPolicyId, id_aa_implCompressAlgs, id_aa_implCryptoAlgs, id_aa_msgSigDigest, id_aa_otherSigCert, id_aa_receiptRequest, id_aa_signatureTimeStampToken, id_aa_signerLocation, id_aa_signingCertificate, id_aa_signingCertificateV2, id_aa_sigPolicyId, id_alg, id_alg_AEADChaCha20Poly1305, id_alg_CMS3DESwrap, id_alg_CMSRC2wrap, id_alg_ESDH, id_alg_hkdf_with_sha256, id_alg_hkdf_with_sha384, id_alg_hkdf_with_sha512, id_alg_hss_lms_hashsig, id_alg_PWRI_KEK, id_alg_SSDH, id_alg_zlibCompress, id_ct, id_ct_authData, id_ct_authEnvelopedData, id_ct_compressedData, id_ct_timestampedData, id_ct_TSTInfo, id_cti, id_cti_ets_proofOfApproval, id_cti_ets_proofOfCreation, id_cti_ets_proofOfDelivery, id_cti_ets_proofOfOrigin, id_cti_ets_proofOfReceipt, id_cti_ets_proofOfSender, id_hmacWithSHA1, id_hmacWithSHA224, id_hmacWithSHA256, id_hmacWithSHA384, id_hmacWithSHA512, id_hmacWithSHA512_224, id_hmacWithSHA512_256, id_mgf1, id_PBES2, id_PBKDF2, id_PBMAC1, id_pSpecified, id_rsa_KEM, id_RSAES_OAEP, id_RSASSA_PSS, id_smime, id_spq, id_spq_ets_unotice, id_spq_ets_uri, id_spq_oid, keyBag, md2, md2WithRSAEncryption, md4, md4WithRSAEncryption, md5, md5WithRSAEncryption, pbeWithMD2AndDES_CBC, pbeWithMD2AndRC2_CBC, pbeWithMD5AndDES_CBC, pbeWithMD5AndRC2_CBC, pbeWithSHA1AndDES_CBC, pbeWithSHA1AndRC2_CBC, pbeWithSHAAnd128BitRC2_CBC, pbeWithSHAAnd128BitRC4, pbeWithSHAAnd2_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC, pbewithSHAAnd40BitRC2_CBC, pbeWithSHAAnd40BitRC2_CBC, pbeWithSHAAnd40BitRC4, pkcs_1, pkcs_12, pkcs_12PbeIds, pkcs_3, pkcs_5, pkcs_7, pkcs_9, pkcs_9_at_binarySigningTime, pkcs_9_at_challengePassword, pkcs_9_at_contentType, pkcs_9_at_counterSignature, pkcs_9_at_emailAddress, pkcs_9_at_extendedCertificateAttributes, pkcs_9_at_extensionRequest, pkcs_9_at_friendlyName, pkcs_9_at_localKeyId, pkcs_9_at_messageDigest, pkcs_9_at_signingDescription, pkcs_9_at_signingTime, pkcs_9_at_smimeCapabilities, pkcs_9_at_unstructuredAddress, pkcs_9_at_unstructuredName, pkcs8ShroudedKeyBag, preferSignedData, RC2_CBC, rc4, rsaEncryption, safeContentsBag, sdsiCertificate, secretBag, sha1WithRSAEncryption, sha224WithRSAEncryption, sha256WithRSAEncryption, sha384WithRSAEncryption, sha512_224WithRSAEncryption, sha512_256WithRSAEncryption, sha512WithRSAEncryption, signedAndEnvelopedData, signedData, smime_alg, sMIMECapabilitiesVersions, srsaOAEPEncryptionSET, x509Certificate, x509certType, x509Crl

Fields inherited from interface org.bouncycastle.asn1.x509.X509ObjectIdentifiers

attributeType, commonName, countryName, crlAccessMethod, id_ad, id_ad_caIssuers, id_ad_ocsp, id_at_name, id_at_organizationIdentifier, id_at_telephoneNumber, id_ce, id_ea_rsa, id_ecdsa_with_shake128, id_ecdsa_with_shake256, id_PasswordBasedMac, id_pda, id_pe, id_pkix, id_rsassa_pss_shake128, id_rsassa_pss_shake256, id_SHA1, localityName, ocspAccessMethod, organization, organizationalUnitName, pkix_algorithms, ripemd160, ripemd160WithRSAEncryption, stateOrProvinceName

Constructor Summary

Constructors

Constructor	Description
PKCS12KeyStoreSpi(JcaJceHelper helper, ASN1ObjectIdentifier keyAlgorithm, ASN1ObjectIdentifier certAlgorithm)

Method Summary

Modifier and Type	Method	Description
protected byte[]	cryptData(boolean forEncryption, AlgorithmIdentifier algId, char[] password, boolean wrongPKCS12Zero, byte[] data)
Enumeration	engineAliases()
boolean	engineContainsAlias(String alias)
void	engineDeleteEntry(String alias)	this is not quite complete - we should follow up on the chain, a bit tricky if a certificate appears in more than one chain...
Certificate	engineGetCertificate(String alias)	simply return the cert for the private key
String	engineGetCertificateAlias(Certificate cert)
Certificate[]	engineGetCertificateChain(String alias)
Date	engineGetCreationDate(String alias)
Key	engineGetKey(String alias, char[] password)
boolean	engineIsCertificateEntry(String alias)
boolean	engineIsKeyEntry(String alias)
void	engineLoad(InputStream stream, char[] password)
void	engineLoad(KeyStore.LoadStoreParameter loadStoreParameter)
boolean	engineProbe(InputStream stream)
void	engineSetCertificateEntry(String alias, Certificate cert)
void	engineSetKeyEntry(String alias, byte[] key, Certificate[] chain)
void	engineSetKeyEntry(String alias, Key key, char[] password, Certificate[] chain)
int	engineSize()
void	engineStore(OutputStream stream, char[] password)
void	engineStore(KeyStore.LoadStoreParameter param)
void	setRandom(SecureRandom rand)	set the random source for the key store
protected PrivateKey	unwrapKey(AlgorithmIdentifier algId, byte[] data, char[] password, boolean wrongPKCS12Zero)
protected byte[]	wrapKey(String algorithm, Key key, PKCS12PBEParams pbeParams, char[] password)
protected byte[]	wrapKey(EncryptionScheme encAlgId, Key key, PBKDF2Params pbeParams, char[] password)

Methods inherited from class java.security.KeyStoreSpi

engineEntryInstanceOf, engineGetAttributes, engineGetEntry, engineSetEntry

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

random

protected SecureRandom random

Constructor Details

PKCS12KeyStoreSpi

public PKCS12KeyStoreSpi(JcaJceHelper helper,
 ASN1ObjectIdentifier keyAlgorithm,
 ASN1ObjectIdentifier certAlgorithm)

Method Details

setRandom

public void setRandom(SecureRandom rand)

Description copied from interface: BCKeyStore

set the random source for the key store

Specified by:

setRandom in interface BCKeyStore

engineProbe

public boolean engineProbe(InputStream stream)
                    throws IOException

Overrides:

engineProbe in class KeyStoreSpi

Throws:

IOException

engineAliases

public Enumeration engineAliases()

Specified by:

engineAliases in class KeyStoreSpi

engineContainsAlias

public boolean engineContainsAlias(String alias)

Specified by:

engineContainsAlias in class KeyStoreSpi

engineDeleteEntry

public void engineDeleteEntry(String alias)
                       throws KeyStoreException

this is not quite complete - we should follow up on the chain, a bit tricky if a certificate appears in more than one chain... the store method now prunes out unused certificates from the chain map if they are present.

Specified by:

engineDeleteEntry in class KeyStoreSpi

Throws:

KeyStoreException

engineGetCertificate

public Certificate engineGetCertificate(String alias)

simply return the cert for the private key

Specified by:

engineGetCertificate in class KeyStoreSpi

engineGetCertificateAlias

public String engineGetCertificateAlias(Certificate cert)

Specified by:

engineGetCertificateAlias in class KeyStoreSpi

engineGetCertificateChain

public Certificate[] engineGetCertificateChain(String alias)

Specified by:

engineGetCertificateChain in class KeyStoreSpi

engineGetCreationDate

public Date engineGetCreationDate(String alias)

Specified by:

engineGetCreationDate in class KeyStoreSpi

engineGetKey

public Key engineGetKey(String alias,
 char[] password)
                 throws NoSuchAlgorithmException,
UnrecoverableKeyException

Specified by:

engineGetKey in class KeyStoreSpi

Throws:

NoSuchAlgorithmException

UnrecoverableKeyException

engineIsCertificateEntry

public boolean engineIsCertificateEntry(String alias)

Specified by:

engineIsCertificateEntry in class KeyStoreSpi

engineIsKeyEntry

public boolean engineIsKeyEntry(String alias)

Specified by:

engineIsKeyEntry in class KeyStoreSpi

engineSetCertificateEntry

public void engineSetCertificateEntry(String alias,
 Certificate cert)
                               throws KeyStoreException

Specified by:

engineSetCertificateEntry in class KeyStoreSpi

Throws:

KeyStoreException

engineSetKeyEntry

public void engineSetKeyEntry(String alias,
 byte[] key,
 Certificate[] chain)
                       throws KeyStoreException

Specified by:

engineSetKeyEntry in class KeyStoreSpi

Throws:

KeyStoreException

engineSetKeyEntry

public void engineSetKeyEntry(String alias,
 Key key,
 char[] password,
 Certificate[] chain)
                       throws KeyStoreException

Specified by:

engineSetKeyEntry in class KeyStoreSpi

Throws:

KeyStoreException

engineSize

public int engineSize()

Specified by:

engineSize in class KeyStoreSpi

unwrapKey

protected PrivateKey unwrapKey(AlgorithmIdentifier algId,
 byte[] data,
 char[] password,
 boolean wrongPKCS12Zero)
                        throws IOException

Throws:

IOException

wrapKey

protected byte[] wrapKey(String algorithm,
 Key key,
 PKCS12PBEParams pbeParams,
 char[] password)
                  throws IOException

Throws:

IOException

wrapKey

protected byte[] wrapKey(EncryptionScheme encAlgId,
 Key key,
 PBKDF2Params pbeParams,
 char[] password)
                  throws IOException

Throws:

IOException

cryptData

protected byte[] cryptData(boolean forEncryption,
 AlgorithmIdentifier algId,
 char[] password,
 boolean wrongPKCS12Zero,
 byte[] data)
                    throws IOException

Throws:

IOException

engineLoad

public void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter)
                throws IOException,
NoSuchAlgorithmException,
CertificateException

Overrides:

engineLoad in class KeyStoreSpi

Throws:

IOException

NoSuchAlgorithmException

CertificateException

engineLoad

public void engineLoad(InputStream stream,
 char[] password)
                throws IOException

Specified by:

engineLoad in class KeyStoreSpi

Throws:

IOException

engineStore

public void engineStore(KeyStore.LoadStoreParameter param)
                 throws IOException,
NoSuchAlgorithmException,
CertificateException

Overrides:

engineStore in class KeyStoreSpi

Throws:

IOException

NoSuchAlgorithmException

CertificateException

engineStore

public void engineStore(OutputStream stream,
 char[] password)
                 throws IOException

Specified by:

engineStore in class KeyStoreSpi

Throws:

IOException