Search in sources :

Example 1 with AssertionException

use of org.mozilla.jss.util.AssertionException in project jss by dogtagpki.

the class SafeBag method createEncryptedPrivateKeyBag.

/**
 * Creates a SafeBag containing a PKCS-8ShroudedKeyBag, which is
 * an EncryptedPrivateKeyInfo. The key will be encrypted using
 *  a triple-DES PBE algorithm, using the supplied password.
 *
 * @param privk The PrivateKeyInfo containing the private key.
 * @param friendlyName The nickname for the key; should be the same
 *      as the nickname of the associated cert.
 * @param localKeyID The localKeyID for the key; should be the same as
 *      the localKeyID of the associated cert.
 * @param password The password used to encrypt the private key.
 */
public static SafeBag createEncryptedPrivateKeyBag(PrivateKeyInfo privk, String friendlyName, byte[] localKeyID, Password password) throws NotInitializedException, TokenException {
    try {
        PBEAlgorithm pbeAlg = PBEAlgorithm.PBE_SHA1_DES3_CBC;
        final int DEFAULT_ITERATIONS = 1;
        byte[] salt = new byte[pbeAlg.getSaltLength()];
        JSSSecureRandom rand = CryptoManager.getInstance().getSecureRNG();
        rand.nextBytes(salt);
        EncryptedPrivateKeyInfo epki = EncryptedPrivateKeyInfo.createPBE(PBEAlgorithm.PBE_SHA1_DES3_CBC, password, salt, DEFAULT_ITERATIONS, new PasswordConverter(), privk);
        SET attributes = new SET();
        attributes.addElement(new Attribute(FRIENDLY_NAME, new BMPString(friendlyName)));
        attributes.addElement(new Attribute(LOCAL_KEY_ID, new OCTET_STRING(localKeyID)));
        return new SafeBag(PKCS8_SHROUDED_KEY_BAG, epki, attributes);
    } catch (java.security.NoSuchAlgorithmException e) {
        throw new AssertionException("Unable to find PBE algorithm: " + e);
    } catch (java.security.InvalidKeyException e) {
        throw new AssertionException("InvalidKeyException while creating EncryptedContentInfo: " + e);
    } catch (java.security.InvalidAlgorithmParameterException e) {
        throw new AssertionException("InvalidAlgorithmParameterException while creating" + " EncryptedContentInfo: " + e);
    } catch (java.io.CharConversionException e) {
        throw new AssertionException("CharConversionException while creating EncryptedContentInfo: " + e);
    }
}
Also used : SET(org.mozilla.jss.asn1.SET) Attribute(org.mozilla.jss.pkix.primitive.Attribute) JSSSecureRandom(org.mozilla.jss.crypto.JSSSecureRandom) AssertionException(org.mozilla.jss.util.AssertionException) OCTET_STRING(org.mozilla.jss.asn1.OCTET_STRING) PBEAlgorithm(org.mozilla.jss.crypto.PBEAlgorithm) CharConversionException(java.io.CharConversionException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) EncryptedPrivateKeyInfo(org.mozilla.jss.pkix.primitive.EncryptedPrivateKeyInfo) BMPString(org.mozilla.jss.asn1.BMPString)

Example 2 with AssertionException

use of org.mozilla.jss.util.AssertionException in project jss by dogtagpki.

the class SafeBag method createCertBag.

/**
 * Creates a SafeBag that contains an X.509 Certificate.
 * The SafeBag will have the given <i>localKeyID</i> attribute,
 *  and a <i>friendlyName</i>
 *  attribute equal to the supplied string.  This is the way Communicator
 *  makes a CertBag.  The same <i>localKeyID</i> attribute should be stored
 *  in the matching private key bag.
 *
 * @param cert A DER-encoded X.509 certificate.
 * @param friendlyName Will be stored in the <i>friendlyName</i>
 *      attribute of the SafeBag.  Should be the nickname of the cert.
 * @param localKeyID The bytes to used for the localKeyID.  These should
 *      be obtained from the <code>getLocalKeyIDFromCert</code> method.
 * @exception InvalidBERException If the cert is not a valid DER encoding.
 * @see #getLocalKeyIDFromCert
 */
public static SafeBag createCertBag(byte[] cert, String friendlyName, byte[] localKeyID) throws InvalidBERException {
    try {
        // create CertBag
        CertBag cb = new CertBag(CertBag.X509_CERT_TYPE, new ANY(cert));
        // setup attributes
        SET attributes = new SET();
        // friendly name should be cert nickname
        attributes.addElement(new Attribute(FRIENDLY_NAME, new BMPString(friendlyName)));
        attributes.addElement(new Attribute(LOCAL_KEY_ID, new OCTET_STRING(localKeyID)));
        return new SafeBag(CERT_BAG, cb, attributes);
    } catch (CharConversionException e) {
        throw new AssertionException("CharConversionException converting" + " Unicode to BMPString");
    }
}
Also used : SET(org.mozilla.jss.asn1.SET) OCTET_STRING(org.mozilla.jss.asn1.OCTET_STRING) Attribute(org.mozilla.jss.pkix.primitive.Attribute) AssertionException(org.mozilla.jss.util.AssertionException) ANY(org.mozilla.jss.asn1.ANY) CharConversionException(java.io.CharConversionException) BMPString(org.mozilla.jss.asn1.BMPString)

Aggregations

CharConversionException (java.io.CharConversionException)2 BMPString (org.mozilla.jss.asn1.BMPString)2 OCTET_STRING (org.mozilla.jss.asn1.OCTET_STRING)2 SET (org.mozilla.jss.asn1.SET)2 Attribute (org.mozilla.jss.pkix.primitive.Attribute)2 AssertionException (org.mozilla.jss.util.AssertionException)2 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 ANY (org.mozilla.jss.asn1.ANY)1 JSSSecureRandom (org.mozilla.jss.crypto.JSSSecureRandom)1 PBEAlgorithm (org.mozilla.jss.crypto.PBEAlgorithm)1 EncryptedPrivateKeyInfo (org.mozilla.jss.pkix.primitive.EncryptedPrivateKeyInfo)1