byte[] createLocalKeyId(X509Certificate cert) throws Exception {
// SHA1 hash of the X509Cert der encoding
byte certDer[] = cert.getEncoded();
MessageDigest md = MessageDigest.getInstance("SHA");
md.update(certDer);
return md.digest();
}
byte[] addCertBag(X509Certificate x509cert, String nickname, SEQUENCE safeContents)
throws Exception {
ASN1Value cert = new OCTET_STRING(x509cert.getEncoded());
byte[] localKeyId = createLocalKeyId(x509cert);
SET certAttrs = null;
if (nickname != null) certAttrs = createBagAttrs(nickname, localKeyId);
SafeBag certBag =
new SafeBag(SafeBag.CERT_BAG, new CertBag(CertBag.X509_CERT_TYPE, cert), certAttrs);
safeContents.addElement(certBag);
return localKeyId;
}
void addKeyBag(
org.mozilla.jss.crypto.PrivateKey pkey,
X509Certificate x509cert,
Password pass,
byte[] localKeyId,
SEQUENCE safeContents)
throws Exception {
PasswordConverter passConverter = new PasswordConverter();
byte salt[] = {0x01, 0x01, 0x01, 0x01};
byte[] priData = getEncodedKey(pkey);
PrivateKeyInfo pki = (PrivateKeyInfo) ASN1Util.decode(PrivateKeyInfo.getTemplate(), priData);
ASN1Value key =
EncryptedPrivateKeyInfo.createPBE(
PBEAlgorithm.PBE_SHA1_DES3_CBC, pass, salt, 1, passConverter, pki);
SET keyAttrs = createBagAttrs(x509cert.getSubjectDN().toString(), localKeyId);
SafeBag keyBag = new SafeBag(SafeBag.PKCS8_SHROUDED_KEY_BAG, key, keyAttrs);
safeContents.addElement(keyBag);
}