894 mCert = cert;
895 }
896 }
897
898 /*
899 * Validate Certificate Chain
900 */
901 private boolean validateChain(Certificate[] certChain)
902 {
903 for (int i = 0; i < certChain.length-1; i++) {
904 X500Principal issuerDN =
905 ((X509Certificate)certChain[i]).getIssuerX500Principal();
906 X500Principal subjectDN =
907 ((X509Certificate)certChain[i+1]).getSubjectX500Principal();
908 if (!(issuerDN.equals(subjectDN)))
909 return false;
910 }
911 return true;
912 }
913
914 private byte[] fetchPrivateKeyFromBag(byte[] privateKeyInfo) throws IOException, NoSuchAlgorithmException, CertificateException
915 {
916 byte[] returnValue = null;
917 DerValue val = new DerValue(new ByteArrayInputStream(privateKeyInfo));
918 DerInputStream s = val.toDerInputStream();
919 int version = s.getInteger();
920
921 if (version != 3) {
922 throw new IOException("PKCS12 keystore not in version 3 format");
923 }
924
925 /*
926 * Read the authSafe.
927 */
928 byte[] authSafeData;
929 ContentInfo authSafe = new ContentInfo(s);
930 ObjectIdentifier contentType = authSafe.getContentType();
931
932 if (contentType.equals(ContentInfo.DATA_OID)) {
933 authSafeData = authSafe.getData();
954 safeContentsData = null;
955
956 if (contentType.equals(ContentInfo.DATA_OID)) {
957 safeContentsData = safeContents.getData();
958 } else if (contentType.equals(ContentInfo.ENCRYPTED_DATA_OID)) {
959 // The password was used to export the private key from the keychain.
960 // The Keychain won't export the key with encrypted data, so we don't need
961 // to worry about it.
962 continue;
963 } else {
964 throw new IOException("public key protected PKCS12" +
965 " not supported");
966 }
967 DerInputStream sc = new DerInputStream(safeContentsData);
968 returnValue = extractKeyData(sc);
969 }
970
971 return returnValue;
972 }
973
974 private byte[] extractKeyData(DerInputStream stream)
975 throws IOException, NoSuchAlgorithmException, CertificateException
976 {
977 byte[] returnValue = null;
978 DerValue[] safeBags = stream.getSequence(2);
979 int count = safeBags.length;
980
981 /*
982 * Spin over the SafeBags.
983 */
984 for (int i = 0; i < count; i++) {
985 ObjectIdentifier bagId;
986 DerInputStream sbi;
987 DerValue bagValue;
988 Object bagItem = null;
989
990 sbi = safeBags[i].toDerInputStream();
991 bagId = sbi.getOID();
992 bagValue = sbi.getDerValue();
993 if (!bagValue.isContextSpecific((byte)0)) {
|
894 mCert = cert;
895 }
896 }
897
898 /*
899 * Validate Certificate Chain
900 */
901 private boolean validateChain(Certificate[] certChain)
902 {
903 for (int i = 0; i < certChain.length-1; i++) {
904 X500Principal issuerDN =
905 ((X509Certificate)certChain[i]).getIssuerX500Principal();
906 X500Principal subjectDN =
907 ((X509Certificate)certChain[i+1]).getSubjectX500Principal();
908 if (!(issuerDN.equals(subjectDN)))
909 return false;
910 }
911 return true;
912 }
913
914 @SuppressWarnings("deprecation")
915 private byte[] fetchPrivateKeyFromBag(byte[] privateKeyInfo) throws IOException, NoSuchAlgorithmException, CertificateException
916 {
917 byte[] returnValue = null;
918 DerValue val = new DerValue(new ByteArrayInputStream(privateKeyInfo));
919 DerInputStream s = val.toDerInputStream();
920 int version = s.getInteger();
921
922 if (version != 3) {
923 throw new IOException("PKCS12 keystore not in version 3 format");
924 }
925
926 /*
927 * Read the authSafe.
928 */
929 byte[] authSafeData;
930 ContentInfo authSafe = new ContentInfo(s);
931 ObjectIdentifier contentType = authSafe.getContentType();
932
933 if (contentType.equals(ContentInfo.DATA_OID)) {
934 authSafeData = authSafe.getData();
955 safeContentsData = null;
956
957 if (contentType.equals(ContentInfo.DATA_OID)) {
958 safeContentsData = safeContents.getData();
959 } else if (contentType.equals(ContentInfo.ENCRYPTED_DATA_OID)) {
960 // The password was used to export the private key from the keychain.
961 // The Keychain won't export the key with encrypted data, so we don't need
962 // to worry about it.
963 continue;
964 } else {
965 throw new IOException("public key protected PKCS12" +
966 " not supported");
967 }
968 DerInputStream sc = new DerInputStream(safeContentsData);
969 returnValue = extractKeyData(sc);
970 }
971
972 return returnValue;
973 }
974
975 @SuppressWarnings("deprecation")
976 private byte[] extractKeyData(DerInputStream stream)
977 throws IOException, NoSuchAlgorithmException, CertificateException
978 {
979 byte[] returnValue = null;
980 DerValue[] safeBags = stream.getSequence(2);
981 int count = safeBags.length;
982
983 /*
984 * Spin over the SafeBags.
985 */
986 for (int i = 0; i < count; i++) {
987 ObjectIdentifier bagId;
988 DerInputStream sbi;
989 DerValue bagValue;
990 Object bagItem = null;
991
992 sbi = safeBags[i].toDerInputStream();
993 bagId = sbi.getOID();
994 bagValue = sbi.getDerValue();
995 if (!bagValue.isContextSpecific((byte)0)) {
|