Java Code Examples for sun.security.util.DerOutputStream#putInteger()
The following examples show how to use
sun.security.util.DerOutputStream#putInteger() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: DSA.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* Sign all the data thus far updated. The signature is formatted
* according to the Canonical Encoding Rules, returned as a DER
* sequence of Integer, r and s.
*
* @return a signature block formatted according to the Canonical
* Encoding Rules.
*
* @exception SignatureException if the signature object was not
* properly initialized, or if another exception occurs.
*
* @see sun.security.DSA#engineUpdate
* @see sun.security.DSA#engineVerify
*/
protected byte[] engineSign() throws SignatureException {
BigInteger k = generateK(presetQ);
BigInteger r = generateR(presetP, presetQ, presetG, k);
BigInteger s = generateS(presetX, presetQ, r, k);
try {
DerOutputStream outseq = new DerOutputStream(100);
outseq.putInteger(r);
outseq.putInteger(s);
DerValue result = new DerValue(DerValue.tag_Sequence,
outseq.toByteArray());
return result.toByteArray();
} catch (IOException e) {
throw new SignatureException("error encoding signature");
}
}
Example 2
| Source File: DSA.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* Sign all the data thus far updated. The signature is formatted
* according to the Canonical Encoding Rules, returned as a DER
* sequence of Integer, r and s.
*
* @return a signature block formatted according to the Canonical
* Encoding Rules.
*
* @exception SignatureException if the signature object was not
* properly initialized, or if another exception occurs.
*
* @see sun.security.DSA#engineUpdate
* @see sun.security.DSA#engineVerify
*/
protected byte[] engineSign() throws SignatureException {
BigInteger k = generateK(presetQ);
BigInteger r = generateR(presetP, presetQ, presetG, k);
BigInteger s = generateS(presetX, presetQ, r, k);
try {
DerOutputStream outseq = new DerOutputStream(100);
outseq.putInteger(r);
outseq.putInteger(s);
DerValue result = new DerValue(DerValue.tag_Sequence,
outseq.toByteArray());
return result.toByteArray();
} catch (IOException e) {
throw new SignatureException("error encoding signature");
}
}
Example 3
| Source File: DSA.java From hottub with GNU General Public License v2.0 | 6 votes |
|
/**
* Sign all the data thus far updated. The signature is formatted
* according to the Canonical Encoding Rules, returned as a DER
* sequence of Integer, r and s.
*
* @return a signature block formatted according to the Canonical
* Encoding Rules.
*
* @exception SignatureException if the signature object was not
* properly initialized, or if another exception occurs.
*
* @see sun.security.DSA#engineUpdate
* @see sun.security.DSA#engineVerify
*/
protected byte[] engineSign() throws SignatureException {
BigInteger k = generateK(presetQ);
BigInteger r = generateR(presetP, presetQ, presetG, k);
BigInteger s = generateS(presetX, presetQ, r, k);
try {
DerOutputStream outseq = new DerOutputStream(100);
outseq.putInteger(r);
outseq.putInteger(s);
DerValue result = new DerValue(DerValue.tag_Sequence,
outseq.toByteArray());
return result.toByteArray();
} catch (IOException e) {
throw new SignatureException("error encoding signature");
}
}
Example 4
| Source File: MacData.java From openjdk-8 with GNU General Public License v2.0 | 5 votes |
|
/**
* Returns the ASN.1 encoding of this object.
* @return the ASN.1 encoding.
* @exception IOException if error occurs when constructing its
* ASN.1 encoding.
*/
public byte[] getEncoded() throws NoSuchAlgorithmException, IOException
{
if (this.encoded != null)
return this.encoded.clone();
DerOutputStream out = new DerOutputStream();
DerOutputStream tmp = new DerOutputStream();
DerOutputStream tmp2 = new DerOutputStream();
// encode encryption algorithm
AlgorithmId algid = AlgorithmId.get(digestAlgorithmName);
algid.encode(tmp2);
// encode digest data
tmp2.putOctetString(digest);
tmp.write(DerValue.tag_Sequence, tmp2);
// encode salt
tmp.putOctetString(macSalt);
// encode iterations
tmp.putInteger(iterations);
// wrap everything into a SEQUENCE
out.write(DerValue.tag_Sequence, tmp);
this.encoded = out.toByteArray();
return this.encoded.clone();
}
Example 5
| Source File: TSRequest.java From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
|
public byte[] encode() throws IOException {
DerOutputStream request = new DerOutputStream();
// encode version
request.putInteger(version);
// encode messageImprint
DerOutputStream messageImprint = new DerOutputStream();
hashAlgorithmId.encode(messageImprint);
messageImprint.putOctetString(hashValue);
request.write(DerValue.tag_Sequence, messageImprint);
// encode optional elements
if (policyId != null) {
request.putOID(new ObjectIdentifier(policyId));
}
if (nonce != null) {
request.putInteger(nonce);
}
if (returnCertificate) {
request.putBoolean(true);
}
DerOutputStream out = new DerOutputStream();
out.write(DerValue.tag_Sequence, request);
return out.toByteArray();
}
Example 6
| Source File: TSRequest.java From Bytecoder with Apache License 2.0 | 5 votes |
|
public byte[] encode() throws IOException {
DerOutputStream request = new DerOutputStream();
// encode version
request.putInteger(version);
// encode messageImprint
DerOutputStream messageImprint = new DerOutputStream();
hashAlgorithmId.encode(messageImprint);
messageImprint.putOctetString(hashValue);
request.write(DerValue.tag_Sequence, messageImprint);
// encode optional elements
if (policyId != null) {
request.putOID(new ObjectIdentifier(policyId));
}
if (nonce != null) {
request.putInteger(nonce);
}
if (returnCertificate) {
request.putBoolean(true);
}
DerOutputStream out = new DerOutputStream();
out.write(DerValue.tag_Sequence, request);
return out.toByteArray();
}
Example 7
| Source File: DSAParameters.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 5 votes |
|
protected byte[] engineGetEncoded() throws IOException {
DerOutputStream out = new DerOutputStream();
DerOutputStream bytes = new DerOutputStream();
bytes.putInteger(p);
bytes.putInteger(q);
bytes.putInteger(g);
out.write(DerValue.tag_Sequence, bytes);
return out.toByteArray();
}
Example 8
| Source File: MacData.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 5 votes |
|
/**
* Returns the ASN.1 encoding of this object.
* @return the ASN.1 encoding.
* @exception IOException if error occurs when constructing its
* ASN.1 encoding.
*/
public byte[] getEncoded() throws NoSuchAlgorithmException, IOException
{
if (this.encoded != null)
return this.encoded.clone();
DerOutputStream out = new DerOutputStream();
DerOutputStream tmp = new DerOutputStream();
DerOutputStream tmp2 = new DerOutputStream();
// encode encryption algorithm
AlgorithmId algid = AlgorithmId.get(digestAlgorithmName);
algid.encode(tmp2);
// encode digest data
tmp2.putOctetString(digest);
tmp.write(DerValue.tag_Sequence, tmp2);
// encode salt
tmp.putOctetString(macSalt);
// encode iterations
tmp.putInteger(iterations);
// wrap everything into a SEQUENCE
out.write(DerValue.tag_Sequence, tmp);
this.encoded = out.toByteArray();
return this.encoded.clone();
}
Example 9
| Source File: MacData.java From Bytecoder with Apache License 2.0 | 5 votes |
|
/**
* Returns the ASN.1 encoding of this object.
* @return the ASN.1 encoding.
* @exception IOException if error occurs when constructing its
* ASN.1 encoding.
*/
public byte[] getEncoded() throws NoSuchAlgorithmException, IOException
{
if (this.encoded != null)
return this.encoded.clone();
DerOutputStream out = new DerOutputStream();
DerOutputStream tmp = new DerOutputStream();
DerOutputStream tmp2 = new DerOutputStream();
// encode encryption algorithm
AlgorithmId algid = AlgorithmId.get(digestAlgorithmName);
algid.encode(tmp2);
// encode digest data
tmp2.putOctetString(digest);
tmp.write(DerValue.tag_Sequence, tmp2);
// encode salt
tmp.putOctetString(macSalt);
// encode iterations
tmp.putInteger(iterations);
// wrap everything into a SEQUENCE
out.write(DerValue.tag_Sequence, tmp);
this.encoded = out.toByteArray();
return this.encoded.clone();
}
Example 10
| Source File: SignerInfo.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
|
/**
* DER encode this object onto an output stream.
* Implements the {@code DerEncoder} interface.
*
* @param out
* the output stream on which to write the DER encoding.
*
* @exception IOException on encoding error.
*/
public void derEncode(OutputStream out) throws IOException {
DerOutputStream seq = new DerOutputStream();
seq.putInteger(version);
DerOutputStream issuerAndSerialNumber = new DerOutputStream();
issuerName.encode(issuerAndSerialNumber);
issuerAndSerialNumber.putInteger(certificateSerialNumber);
seq.write(DerValue.tag_Sequence, issuerAndSerialNumber);
digestAlgorithmId.encode(seq);
// encode authenticated attributes if there are any
if (authenticatedAttributes != null)
authenticatedAttributes.encode((byte)0xA0, seq);
digestEncryptionAlgorithmId.encode(seq);
seq.putOctetString(encryptedDigest);
// encode unauthenticated attributes if there are any
if (unauthenticatedAttributes != null)
unauthenticatedAttributes.encode((byte)0xA1, seq);
DerOutputStream tmp = new DerOutputStream();
tmp.write(DerValue.tag_Sequence, seq);
out.write(tmp.toByteArray());
}
Example 11
| Source File: DSAParameters.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
|
protected byte[] engineGetEncoded() throws IOException {
DerOutputStream out = new DerOutputStream();
DerOutputStream bytes = new DerOutputStream();
bytes.putInteger(p);
bytes.putInteger(q);
bytes.putInteger(g);
out.write(DerValue.tag_Sequence, bytes);
return out.toByteArray();
}
Example 12
| Source File: TSRequest.java From openjdk-8-source with GNU General Public License v2.0 | 5 votes |
|
public byte[] encode() throws IOException {
DerOutputStream request = new DerOutputStream();
// encode version
request.putInteger(version);
// encode messageImprint
DerOutputStream messageImprint = new DerOutputStream();
hashAlgorithmId.encode(messageImprint);
messageImprint.putOctetString(hashValue);
request.write(DerValue.tag_Sequence, messageImprint);
// encode optional elements
if (policyId != null) {
request.putOID(new ObjectIdentifier(policyId));
}
if (nonce != null) {
request.putInteger(nonce);
}
if (returnCertificate) {
request.putBoolean(true);
}
DerOutputStream out = new DerOutputStream();
out.write(DerValue.tag_Sequence, request);
return out.toByteArray();
}
Example 13
| Source File: TSRequest.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
|
public byte[] encode() throws IOException {
DerOutputStream request = new DerOutputStream();
// encode version
request.putInteger(version);
// encode messageImprint
DerOutputStream messageImprint = new DerOutputStream();
hashAlgorithmId.encode(messageImprint);
messageImprint.putOctetString(hashValue);
request.write(DerValue.tag_Sequence, messageImprint);
// encode optional elements
if (policyId != null) {
request.putOID(new ObjectIdentifier(policyId));
}
if (nonce != null) {
request.putInteger(nonce);
}
if (returnCertificate) {
request.putBoolean(true);
}
DerOutputStream out = new DerOutputStream();
out.write(DerValue.tag_Sequence, request);
return out.toByteArray();
}
Example 14
| Source File: InhibitAnyPolicyExtension.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
|
private void encodeThis() throws IOException {
DerOutputStream out = new DerOutputStream();
out.putInteger(skipCerts);
this.extensionValue = out.toByteArray();
}
Example 15
| Source File: PKCS12KeyStore.java From jdk8u60 with GNU General Public License v2.0 | 4 votes |
|
/**
* Stores this keystore to the given output stream, and protects its
* integrity with the given password.
*
* @param stream the output stream to which this keystore is written.
* @param password the password to generate the keystore integrity check
*
* @exception IOException if there was an I/O problem with data
* @exception NoSuchAlgorithmException if the appropriate data integrity
* algorithm could not be found
* @exception CertificateException if any of the certificates included in
* the keystore data could not be stored
*/
public synchronized void engineStore(OutputStream stream, char[] password)
throws IOException, NoSuchAlgorithmException, CertificateException
{
// password is mandatory when storing
if (password == null) {
throw new IllegalArgumentException("password can't be null");
}
// -- Create PFX
DerOutputStream pfx = new DerOutputStream();
// PFX version (always write the latest version)
DerOutputStream version = new DerOutputStream();
version.putInteger(VERSION_3);
byte[] pfxVersion = version.toByteArray();
pfx.write(pfxVersion);
// -- Create AuthSafe
DerOutputStream authSafe = new DerOutputStream();
// -- Create ContentInfos
DerOutputStream authSafeContentInfo = new DerOutputStream();
// -- create safeContent Data ContentInfo
if (privateKeyCount > 0 || secretKeyCount > 0) {
if (debug != null) {
debug.println("Storing " + (privateKeyCount + secretKeyCount) +
" protected key(s) in a PKCS#7 data content-type");
}
byte[] safeContentData = createSafeContent();
ContentInfo dataContentInfo = new ContentInfo(safeContentData);
dataContentInfo.encode(authSafeContentInfo);
}
// -- create EncryptedContentInfo
if (certificateCount > 0) {
if (debug != null) {
debug.println("Storing " + certificateCount +
" certificate(s) in a PKCS#7 encryptedData content-type");
}
byte[] encrData = createEncryptedData(password);
ContentInfo encrContentInfo =
new ContentInfo(ContentInfo.ENCRYPTED_DATA_OID,
new DerValue(encrData));
encrContentInfo.encode(authSafeContentInfo);
}
// wrap as SequenceOf ContentInfos
DerOutputStream cInfo = new DerOutputStream();
cInfo.write(DerValue.tag_SequenceOf, authSafeContentInfo);
byte[] authenticatedSafe = cInfo.toByteArray();
// Create Encapsulated ContentInfo
ContentInfo contentInfo = new ContentInfo(authenticatedSafe);
contentInfo.encode(authSafe);
byte[] authSafeData = authSafe.toByteArray();
pfx.write(authSafeData);
// -- MAC
byte[] macData = calculateMac(password, authenticatedSafe);
pfx.write(macData);
// write PFX to output stream
DerOutputStream pfxout = new DerOutputStream();
pfxout.write(DerValue.tag_Sequence, pfx);
byte[] pfxData = pfxout.toByteArray();
stream.write(pfxData);
stream.flush();
}
Example 16
| Source File: PKCS12KeyStore.java From openjdk-8-source with GNU General Public License v2.0 | 4 votes |
|
/**
* Stores this keystore to the given output stream, and protects its
* integrity with the given password.
*
* @param stream the output stream to which this keystore is written.
* @param password the password to generate the keystore integrity check
*
* @exception IOException if there was an I/O problem with data
* @exception NoSuchAlgorithmException if the appropriate data integrity
* algorithm could not be found
* @exception CertificateException if any of the certificates included in
* the keystore data could not be stored
*/
public synchronized void engineStore(OutputStream stream, char[] password)
throws IOException, NoSuchAlgorithmException, CertificateException
{
// password is mandatory when storing
if (password == null) {
throw new IllegalArgumentException("password can't be null");
}
// -- Create PFX
DerOutputStream pfx = new DerOutputStream();
// PFX version (always write the latest version)
DerOutputStream version = new DerOutputStream();
version.putInteger(VERSION_3);
byte[] pfxVersion = version.toByteArray();
pfx.write(pfxVersion);
// -- Create AuthSafe
DerOutputStream authSafe = new DerOutputStream();
// -- Create ContentInfos
DerOutputStream authSafeContentInfo = new DerOutputStream();
// -- create safeContent Data ContentInfo
if (privateKeyCount > 0 || secretKeyCount > 0) {
if (debug != null) {
debug.println("Storing " + (privateKeyCount + secretKeyCount) +
" protected key(s) in a PKCS#7 data content-type");
}
byte[] safeContentData = createSafeContent();
ContentInfo dataContentInfo = new ContentInfo(safeContentData);
dataContentInfo.encode(authSafeContentInfo);
}
// -- create EncryptedContentInfo
if (certificateCount > 0) {
if (debug != null) {
debug.println("Storing " + certificateCount +
" certificate(s) in a PKCS#7 encryptedData content-type");
}
byte[] encrData = createEncryptedData(password);
ContentInfo encrContentInfo =
new ContentInfo(ContentInfo.ENCRYPTED_DATA_OID,
new DerValue(encrData));
encrContentInfo.encode(authSafeContentInfo);
}
// wrap as SequenceOf ContentInfos
DerOutputStream cInfo = new DerOutputStream();
cInfo.write(DerValue.tag_SequenceOf, authSafeContentInfo);
byte[] authenticatedSafe = cInfo.toByteArray();
// Create Encapsulated ContentInfo
ContentInfo contentInfo = new ContentInfo(authenticatedSafe);
contentInfo.encode(authSafe);
byte[] authSafeData = authSafe.toByteArray();
pfx.write(authSafeData);
// -- MAC
byte[] macData = calculateMac(password, authenticatedSafe);
pfx.write(macData);
// write PFX to output stream
DerOutputStream pfxout = new DerOutputStream();
pfxout.write(DerValue.tag_Sequence, pfx);
byte[] pfxData = pfxout.toByteArray();
stream.write(pfxData);
stream.flush();
}
Example 17
| Source File: InhibitAnyPolicyExtension.java From openjdk-jdk9 with GNU General Public License v2.0 | 4 votes |
|
private void encodeThis() throws IOException {
DerOutputStream out = new DerOutputStream();
out.putInteger(skipCerts);
this.extensionValue = out.toByteArray();
}
Example 18
| Source File: PKCS12KeyStore.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 4 votes |
|
/**
* Stores this keystore to the given output stream, and protects its
* integrity with the given password.
*
* @param stream the output stream to which this keystore is written.
* @param password the password to generate the keystore integrity check
*
* @exception IOException if there was an I/O problem with data
* @exception NoSuchAlgorithmException if the appropriate data integrity
* algorithm could not be found
* @exception CertificateException if any of the certificates included in
* the keystore data could not be stored
*/
public synchronized void engineStore(OutputStream stream, char[] password)
throws IOException, NoSuchAlgorithmException, CertificateException
{
// password is mandatory when storing
if (password == null) {
throw new IllegalArgumentException("password can't be null");
}
// -- Create PFX
DerOutputStream pfx = new DerOutputStream();
// PFX version (always write the latest version)
DerOutputStream version = new DerOutputStream();
version.putInteger(VERSION_3);
byte[] pfxVersion = version.toByteArray();
pfx.write(pfxVersion);
// -- Create AuthSafe
DerOutputStream authSafe = new DerOutputStream();
// -- Create ContentInfos
DerOutputStream authSafeContentInfo = new DerOutputStream();
// -- create safeContent Data ContentInfo
if (privateKeyCount > 0 || secretKeyCount > 0) {
if (debug != null) {
debug.println("Storing " + (privateKeyCount + secretKeyCount) +
" protected key(s) in a PKCS#7 data");
}
byte[] safeContentData = createSafeContent();
ContentInfo dataContentInfo = new ContentInfo(safeContentData);
dataContentInfo.encode(authSafeContentInfo);
}
// -- create EncryptedContentInfo
if (certificateCount > 0) {
if (debug != null) {
debug.println("Storing " + certificateCount +
" certificate(s) in a PKCS#7 encryptedData");
}
byte[] encrData = createEncryptedData(password);
ContentInfo encrContentInfo =
new ContentInfo(ContentInfo.ENCRYPTED_DATA_OID,
new DerValue(encrData));
encrContentInfo.encode(authSafeContentInfo);
}
// wrap as SequenceOf ContentInfos
DerOutputStream cInfo = new DerOutputStream();
cInfo.write(DerValue.tag_SequenceOf, authSafeContentInfo);
byte[] authenticatedSafe = cInfo.toByteArray();
// Create Encapsulated ContentInfo
ContentInfo contentInfo = new ContentInfo(authenticatedSafe);
contentInfo.encode(authSafe);
byte[] authSafeData = authSafe.toByteArray();
pfx.write(authSafeData);
// -- MAC
byte[] macData = calculateMac(password, authenticatedSafe);
pfx.write(macData);
// write PFX to output stream
DerOutputStream pfxout = new DerOutputStream();
pfxout.write(DerValue.tag_Sequence, pfx);
byte[] pfxData = pfxout.toByteArray();
stream.write(pfxData);
stream.flush();
}
Example 19
| Source File: PKCS12KeyStore.java From openjdk-jdk9 with GNU General Public License v2.0 | 4 votes |
|
/**
* Stores this keystore to the given output stream, and protects its
* integrity with the given password.
*
* @param stream the output stream to which this keystore is written.
* @param password the password to generate the keystore integrity check
*
* @exception IOException if there was an I/O problem with data
* @exception NoSuchAlgorithmException if the appropriate data integrity
* algorithm could not be found
* @exception CertificateException if any of the certificates included in
* the keystore data could not be stored
*/
public synchronized void engineStore(OutputStream stream, char[] password)
throws IOException, NoSuchAlgorithmException, CertificateException
{
// password is mandatory when storing
if (password == null) {
throw new IllegalArgumentException("password can't be null");
}
// -- Create PFX
DerOutputStream pfx = new DerOutputStream();
// PFX version (always write the latest version)
DerOutputStream version = new DerOutputStream();
version.putInteger(VERSION_3);
byte[] pfxVersion = version.toByteArray();
pfx.write(pfxVersion);
// -- Create AuthSafe
DerOutputStream authSafe = new DerOutputStream();
// -- Create ContentInfos
DerOutputStream authSafeContentInfo = new DerOutputStream();
// -- create safeContent Data ContentInfo
if (privateKeyCount > 0 || secretKeyCount > 0) {
if (debug != null) {
debug.println("Storing " + (privateKeyCount + secretKeyCount) +
" protected key(s) in a PKCS#7 data content-type");
}
byte[] safeContentData = createSafeContent();
ContentInfo dataContentInfo = new ContentInfo(safeContentData);
dataContentInfo.encode(authSafeContentInfo);
}
// -- create EncryptedContentInfo
if (certificateCount > 0) {
if (debug != null) {
debug.println("Storing " + certificateCount +
" certificate(s) in a PKCS#7 encryptedData content-type");
}
byte[] encrData = createEncryptedData(password);
ContentInfo encrContentInfo =
new ContentInfo(ContentInfo.ENCRYPTED_DATA_OID,
new DerValue(encrData));
encrContentInfo.encode(authSafeContentInfo);
}
// wrap as SequenceOf ContentInfos
DerOutputStream cInfo = new DerOutputStream();
cInfo.write(DerValue.tag_SequenceOf, authSafeContentInfo);
byte[] authenticatedSafe = cInfo.toByteArray();
// Create Encapsulated ContentInfo
ContentInfo contentInfo = new ContentInfo(authenticatedSafe);
contentInfo.encode(authSafe);
byte[] authSafeData = authSafe.toByteArray();
pfx.write(authSafeData);
// -- MAC
byte[] macData = calculateMac(password, authenticatedSafe);
pfx.write(macData);
// write PFX to output stream
DerOutputStream pfxout = new DerOutputStream();
pfxout.write(DerValue.tag_Sequence, pfx);
byte[] pfxData = pfxout.toByteArray();
stream.write(pfxData);
stream.flush();
}
Example 20
| Source File: PKCS12KeyStore.java From dragonwell8_jdk with GNU General Public License v2.0 | 4 votes |
|
/**
* Stores this keystore to the given output stream, and protects its
* integrity with the given password.
*
* @param stream the output stream to which this keystore is written.
* @param password the password to generate the keystore integrity check
*
* @exception IOException if there was an I/O problem with data
* @exception NoSuchAlgorithmException if the appropriate data integrity
* algorithm could not be found
* @exception CertificateException if any of the certificates included in
* the keystore data could not be stored
*/
public synchronized void engineStore(OutputStream stream, char[] password)
throws IOException, NoSuchAlgorithmException, CertificateException
{
// password is mandatory when storing
if (password == null) {
throw new IllegalArgumentException("password can't be null");
}
// -- Create PFX
DerOutputStream pfx = new DerOutputStream();
// PFX version (always write the latest version)
DerOutputStream version = new DerOutputStream();
version.putInteger(VERSION_3);
byte[] pfxVersion = version.toByteArray();
pfx.write(pfxVersion);
// -- Create AuthSafe
DerOutputStream authSafe = new DerOutputStream();
// -- Create ContentInfos
DerOutputStream authSafeContentInfo = new DerOutputStream();
// -- create safeContent Data ContentInfo
if (privateKeyCount > 0 || secretKeyCount > 0) {
if (debug != null) {
debug.println("Storing " + (privateKeyCount + secretKeyCount) +
" protected key(s) in a PKCS#7 data");
}
byte[] safeContentData = createSafeContent();
ContentInfo dataContentInfo = new ContentInfo(safeContentData);
dataContentInfo.encode(authSafeContentInfo);
}
// -- create EncryptedContentInfo
if (certificateCount > 0) {
if (debug != null) {
debug.println("Storing " + certificateCount +
" certificate(s) in a PKCS#7 encryptedData");
}
byte[] encrData = createEncryptedData(password);
ContentInfo encrContentInfo =
new ContentInfo(ContentInfo.ENCRYPTED_DATA_OID,
new DerValue(encrData));
encrContentInfo.encode(authSafeContentInfo);
}
// wrap as SequenceOf ContentInfos
DerOutputStream cInfo = new DerOutputStream();
cInfo.write(DerValue.tag_SequenceOf, authSafeContentInfo);
byte[] authenticatedSafe = cInfo.toByteArray();
// Create Encapsulated ContentInfo
ContentInfo contentInfo = new ContentInfo(authenticatedSafe);
contentInfo.encode(authSafe);
byte[] authSafeData = authSafe.toByteArray();
pfx.write(authSafeData);
// -- MAC
byte[] macData = calculateMac(password, authenticatedSafe);
pfx.write(macData);
// write PFX to output stream
DerOutputStream pfxout = new DerOutputStream();
pfxout.write(DerValue.tag_Sequence, pfx);
byte[] pfxData = pfxout.toByteArray();
stream.write(pfxData);
stream.flush();
}
