Java 类org.bouncycastle.asn1.pkcs.PKCS12PBEParams 实例源码

public PKCS12MacCalculatorBuilder get(final AlgorithmIdentifier algorithmIdentifier)
{
    return new PKCS12MacCalculatorBuilder()
    {
        public MacCalculator build(final char[] password)
            throws OperatorCreationException
        {
            PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algorithmIdentifier.getParameters());

            return PKCS12PBEUtils.createMacCalculator(algorithmIdentifier.getAlgorithm(), digestProvider.get(algorithmIdentifier), pbeParams, password);
        }

        public AlgorithmIdentifier getDigestAlgorithmIdentifier()
        {
            return new AlgorithmIdentifier(algorithmIdentifier.getAlgorithm(), DERNull.INSTANCE);
        }
    };
}

static CipherParameters createCipherParameters(ASN1ObjectIdentifier algorithm, ExtendedDigest digest, int blockSize, PKCS12PBEParams pbeParams, char[] password)
{
    PKCS12ParametersGenerator pGen = new PKCS12ParametersGenerator(digest);

    pGen.init(PKCS12ParametersGenerator.PKCS12PasswordToBytes(password), pbeParams.getIV(), pbeParams.getIterations().intValue());

    CipherParameters params;

    if (PKCS12PBEUtils.hasNoIv(algorithm))
    {
        params = pGen.generateDerivedParameters(PKCS12PBEUtils.getKeySize(algorithm));
    }
    else
    {
        params = pGen.generateDerivedParameters(PKCS12PBEUtils.getKeySize(algorithm), blockSize * 8);

        if (PKCS12PBEUtils.isDesAlg(algorithm))
        {
            DESedeParameters.setOddParity(((KeyParameter)((ParametersWithIV)params).getParameters()).getKey());
        }
    }
    return params;
}

/**
 * Verify the MacData attached to the PFX is consistent with what is expected.
 *
 * @param macCalcProviderBuilder provider builder for the calculator for the MAC
 * @param password password to use
 * @return true if mac data is valid, false otherwise.
 * @throws PKCSException if there is a problem evaluating the MAC.
 * @throws IllegalStateException if no MAC is actually present
 */
public boolean isMacValid(PKCS12MacCalculatorBuilderProvider macCalcProviderBuilder, char[] password)
    throws PKCSException
{
    if (hasMac())
    {
        MacData pfxmData = pfx.getMacData();
        MacDataGenerator mdGen = new MacDataGenerator(macCalcProviderBuilder.get(new AlgorithmIdentifier(pfxmData.getMac().getAlgorithmId().getAlgorithm(), new PKCS12PBEParams(pfxmData.getSalt(), pfxmData.getIterationCount().intValue()))));

        try
        {
            MacData mData = mdGen.build(
                password,
                ASN1OctetString.getInstance(pfx.getAuthSafe().getContent()).getOctets());

            return Arrays.constantTimeAreEqual(mData.getEncoded(), pfx.getMacData().getEncoded());
        }
        catch (IOException e)
        {
            throw new PKCSException("unable to process AuthSafe: " + e.getMessage());
        }
    }

    throw new IllegalStateException("no MAC present on PFX");
}

public PKCS12MacCalculatorBuilder get(final AlgorithmIdentifier algorithmIdentifier)
{
    return new PKCS12MacCalculatorBuilder()
    {
        public MacCalculator build(final char[] password)
            throws OperatorCreationException
        {
            PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algorithmIdentifier.getParameters());

            return PKCS12PBEUtils.createMacCalculator(algorithmIdentifier.getAlgorithm(), digestProvider.get(algorithmIdentifier), pbeParams, password);
        }

        public AlgorithmIdentifier getDigestAlgorithmIdentifier()
        {
            return new AlgorithmIdentifier(algorithmIdentifier.getAlgorithm(), DERNull.INSTANCE);
        }
    };
}

static CipherParameters createCipherParameters(ASN1ObjectIdentifier algorithm, ExtendedDigest digest, int blockSize, PKCS12PBEParams pbeParams, char[] password)
{
    PKCS12ParametersGenerator pGen = new PKCS12ParametersGenerator(digest);

    pGen.init(PKCS12ParametersGenerator.PKCS12PasswordToBytes(password), pbeParams.getIV(), pbeParams.getIterations().intValue());

    CipherParameters params;

    if (PKCS12PBEUtils.hasNoIv(algorithm))
    {
        params = pGen.generateDerivedParameters(PKCS12PBEUtils.getKeySize(algorithm));
    }
    else
    {
        params = pGen.generateDerivedParameters(PKCS12PBEUtils.getKeySize(algorithm), blockSize * 8);

        if (PKCS12PBEUtils.isDesAlg(algorithm))
        {
            DESedeParameters.setOddParity(((KeyParameter)((ParametersWithIV)params).getParameters()).getKey());
        }
    }
    return params;
}

/**
 * Verify the MacData attached to the PFX is consistent with what is expected.
 *
 * @param macCalcProviderBuilder provider builder for the calculator for the MAC
 * @param password password to use
 * @return true if mac data is valid, false otherwise.
 * @throws PKCSException if there is a problem evaluating the MAC.
 * @throws IllegalStateException if no MAC is actually present
 */
public boolean isMacValid(PKCS12MacCalculatorBuilderProvider macCalcProviderBuilder, char[] password)
    throws PKCSException
{
    if (hasMac())
    {
        MacData pfxmData = pfx.getMacData();
        MacDataGenerator mdGen = new MacDataGenerator(macCalcProviderBuilder.get(new AlgorithmIdentifier(pfxmData.getMac().getAlgorithmId().getAlgorithm(), new PKCS12PBEParams(pfxmData.getSalt(), pfxmData.getIterationCount().intValue()))));

        try
        {
            MacData mData = mdGen.build(
                password,
                ASN1OctetString.getInstance(pfx.getAuthSafe().getContent()).getOctets());

            return Arrays.constantTimeAreEqual(mData.getEncoded(), pfx.getMacData().getEncoded());
        }
        catch (IOException e)
        {
            throw new PKCSException("unable to process AuthSafe: " + e.getMessage());
        }
    }

    throw new IllegalStateException("no MAC present on PFX");
}

public PKCS12MacCalculatorBuilder get(final AlgorithmIdentifier algorithmIdentifier)
{
    return new PKCS12MacCalculatorBuilder()
    {
        public MacCalculator build(final char[] password)
            throws OperatorCreationException
        {
            PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algorithmIdentifier.getParameters());

            return PKCS12PBEUtils.createMacCalculator(algorithmIdentifier.getAlgorithm(), digestProvider.get(algorithmIdentifier), pbeParams, password);
        }

        public AlgorithmIdentifier getDigestAlgorithmIdentifier()
        {
            return new AlgorithmIdentifier(algorithmIdentifier.getAlgorithm(), DERNull.INSTANCE);
        }
    };
}

static CipherParameters createCipherParameters(ASN1ObjectIdentifier algorithm, ExtendedDigest digest, int blockSize, PKCS12PBEParams pbeParams, char[] password)
{
    PKCS12ParametersGenerator pGen = new PKCS12ParametersGenerator(digest);

    pGen.init(PKCS12ParametersGenerator.PKCS12PasswordToBytes(password), pbeParams.getIV(), pbeParams.getIterations().intValue());

    CipherParameters params;

    if (PKCS12PBEUtils.hasNoIv(algorithm))
    {
        params = pGen.generateDerivedParameters(PKCS12PBEUtils.getKeySize(algorithm));
    }
    else
    {
        params = pGen.generateDerivedParameters(PKCS12PBEUtils.getKeySize(algorithm), blockSize * 8);

        if (PKCS12PBEUtils.isDesAlg(algorithm))
        {
            DESedeParameters.setOddParity(((KeyParameter)((ParametersWithIV)params).getParameters()).getKey());
        }
    }
    return params;
}

/**
 * Verify the MacData attached to the PFX is consistent with what is expected.
 *
 * @param macCalcProviderBuilder provider builder for the calculator for the MAC
 * @param password password to use
 * @return true if mac data is valid, false otherwise.
 * @throws PKCSException if there is a problem evaluating the MAC.
 * @throws IllegalStateException if no MAC is actually present
 */
public boolean isMacValid(PKCS12MacCalculatorBuilderProvider macCalcProviderBuilder, char[] password)
    throws PKCSException
{
    if (hasMac())
    {
        MacData pfxmData = pfx.getMacData();
        MacDataGenerator mdGen = new MacDataGenerator(macCalcProviderBuilder.get(new AlgorithmIdentifier(pfxmData.getMac().getAlgorithmId().getAlgorithm(), new PKCS12PBEParams(pfxmData.getSalt(), pfxmData.getIterationCount().intValue()))));

        try
        {
            MacData mData = mdGen.build(
                password,
                ASN1OctetString.getInstance(pfx.getAuthSafe().getContent()).getOctets());

            return Arrays.constantTimeAreEqual(mData.getEncoded(), pfx.getMacData().getEncoded());
        }
        catch (IOException e)
        {
            throw new PKCSException("unable to process AuthSafe: " + e.getMessage());
        }
    }

    throw new IllegalStateException("no MAC present on PFX");
}

public PKCS12MacCalculatorBuilder get(final AlgorithmIdentifier algorithmIdentifier)
{
    return new PKCS12MacCalculatorBuilder()
    {
        public MacCalculator build(final char[] password)
            throws OperatorCreationException
        {
            PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algorithmIdentifier.getParameters());

            return PKCS12PBEUtils.createMacCalculator(algorithmIdentifier.getAlgorithm(), digestProvider.get(algorithmIdentifier), pbeParams, password);
        }

        public AlgorithmIdentifier getDigestAlgorithmIdentifier()
        {
            return new AlgorithmIdentifier(algorithmIdentifier.getAlgorithm(), DERNull.INSTANCE);
        }
    };
}

static CipherParameters createCipherParameters(ASN1ObjectIdentifier algorithm, ExtendedDigest digest, int blockSize, PKCS12PBEParams pbeParams, char[] password)
{
    PKCS12ParametersGenerator pGen = new PKCS12ParametersGenerator(digest);

    pGen.init(PKCS12ParametersGenerator.PKCS12PasswordToBytes(password), pbeParams.getIV(), pbeParams.getIterations().intValue());

    CipherParameters params;

    if (PKCS12PBEUtils.hasNoIv(algorithm))
    {
        params = pGen.generateDerivedParameters(PKCS12PBEUtils.getKeySize(algorithm));
    }
    else
    {
        params = pGen.generateDerivedParameters(PKCS12PBEUtils.getKeySize(algorithm), blockSize * 8);

        if (PKCS12PBEUtils.isDesAlg(algorithm))
        {
            DESedeParameters.setOddParity(((KeyParameter)((ParametersWithIV)params).getParameters()).getKey());
        }
    }
    return params;
}

/**
 * Verify the MacData attached to the PFX is consistent with what is expected.
 *
 * @param macCalcProviderBuilder provider builder for the calculator for the MAC
 * @param password password to use
 * @return true if mac data is valid, false otherwise.
 * @throws PKCSException if there is a problem evaluating the MAC.
 * @throws IllegalStateException if no MAC is actually present
 */
public boolean isMacValid(PKCS12MacCalculatorBuilderProvider macCalcProviderBuilder, char[] password)
    throws PKCSException
{
    if (hasMac())
    {
        MacData pfxmData = pfx.getMacData();
        MacDataGenerator mdGen = new MacDataGenerator(macCalcProviderBuilder.get(new AlgorithmIdentifier(pfxmData.getMac().getAlgorithmId().getAlgorithm(), new PKCS12PBEParams(pfxmData.getSalt(), pfxmData.getIterationCount().intValue()))));

        try
        {
            MacData mData = mdGen.build(
                password,
                ASN1OctetString.getInstance(pfx.getAuthSafe().getContent()).getOctets());

            return Arrays.constantTimeAreEqual(mData.getEncoded(), pfx.getMacData().getEncoded());
        }
        catch (IOException e)
        {
            throw new PKCSException("unable to process AuthSafe: " + e.getMessage());
        }
    }

    throw new IllegalStateException("no MAC present on PFX");
}

public PKCS12MacCalculatorBuilder get(final AlgorithmIdentifier algorithmIdentifier)
{
    return new PKCS12MacCalculatorBuilder()
    {
        public MacCalculator build(final char[] password)
            throws OperatorCreationException
        {
            PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algorithmIdentifier.getParameters());

            return PKCS12PBEUtils.createMacCalculator(algorithmIdentifier.getAlgorithm(), digestProvider.get(algorithmIdentifier), pbeParams, password);
        }

        public AlgorithmIdentifier getDigestAlgorithmIdentifier()
        {
            return new AlgorithmIdentifier(algorithmIdentifier.getAlgorithm(), DERNull.INSTANCE);
        }
    };
}

static CipherParameters createCipherParameters(ASN1ObjectIdentifier algorithm, ExtendedDigest digest, int blockSize, PKCS12PBEParams pbeParams, char[] password)
{
    PKCS12ParametersGenerator pGen = new PKCS12ParametersGenerator(digest);

    pGen.init(PKCS12ParametersGenerator.PKCS12PasswordToBytes(password), pbeParams.getIV(), pbeParams.getIterations().intValue());

    CipherParameters params;

    if (PKCS12PBEUtils.hasNoIv(algorithm))
    {
        params = pGen.generateDerivedParameters(PKCS12PBEUtils.getKeySize(algorithm));
    }
    else
    {
        params = pGen.generateDerivedParameters(PKCS12PBEUtils.getKeySize(algorithm), blockSize * 8);

        if (PKCS12PBEUtils.isDesAlg(algorithm))
        {
            DESedeParameters.setOddParity(((KeyParameter)((ParametersWithIV)params).getParameters()).getKey());
        }
    }
    return params;
}

/**
 * Verify the MacData attached to the PFX is consistent with what is expected.
 *
 * @param macCalcProviderBuilder provider builder for the calculator for the MAC
 * @param password password to use
 * @return true if mac data is valid, false otherwise.
 * @throws PKCSException if there is a problem evaluating the MAC.
 * @throws IllegalStateException if no MAC is actually present
 */
public boolean isMacValid(PKCS12MacCalculatorBuilderProvider macCalcProviderBuilder, char[] password)
    throws PKCSException
{
    if (hasMac())
    {
        MacData pfxmData = pfx.getMacData();
        MacDataGenerator mdGen = new MacDataGenerator(macCalcProviderBuilder.get(new AlgorithmIdentifier(pfxmData.getMac().getAlgorithmId().getAlgorithm(), new PKCS12PBEParams(pfxmData.getSalt(), pfxmData.getIterationCount().intValue()))));

        try
        {
            MacData mData = mdGen.build(
                password,
                ASN1OctetString.getInstance(pfx.getAuthSafe().getContent()).getOctets());

            return Arrays.constantTimeAreEqual(mData.getEncoded(), pfx.getMacData().getEncoded());
        }
        catch (IOException e)
        {
            throw new PKCSException("unable to process AuthSafe: " + e.getMessage());
        }
    }

    throw new IllegalStateException("no MAC present on PFX");
}

public InputDecryptorProvider build(final char[] password)
{
    return new InputDecryptorProvider()
    {
        public InputDecryptor get(final AlgorithmIdentifier algorithmIdentifier)
        {
            final PaddedBufferedBlockCipher engine = PKCS12PBEUtils.getEngine(algorithmIdentifier.getAlgorithm());

            PKCS12PBEParams           pbeParams = PKCS12PBEParams.getInstance(algorithmIdentifier.getParameters());

            CipherParameters params = PKCS12PBEUtils.createCipherParameters(algorithmIdentifier.getAlgorithm(), digest, engine.getBlockSize(), pbeParams, password);

            engine.init(false, params);

            return new InputDecryptor()
            {
                public AlgorithmIdentifier getAlgorithmIdentifier()
                {
                    return algorithmIdentifier;
                }

                public InputStream getInputStream(InputStream input)
                {
                    return new CipherInputStream(input, engine);
                }

                public GenericKey getKey()
                {
                    return new GenericKey(PKCS12ParametersGenerator.PKCS12PasswordToBytes(password));
                }
            };
        }
    };

}

static MacCalculator createMacCalculator(final ASN1ObjectIdentifier digestAlgorithm, ExtendedDigest digest, final PKCS12PBEParams pbeParams, final char[] password)
{
    PKCS12ParametersGenerator pGen = new PKCS12ParametersGenerator(digest);

    pGen.init(PKCS12ParametersGenerator.PKCS12PasswordToBytes(password), pbeParams.getIV(), pbeParams.getIterations().intValue());

    final KeyParameter keyParam = (KeyParameter)pGen.generateDerivedMacParameters(digest.getDigestSize() * 8);

    final HMac hMac = new HMac(digest);

    hMac.init(keyParam);

    return new MacCalculator()
    {
        public AlgorithmIdentifier getAlgorithmIdentifier()
        {
            return new AlgorithmIdentifier(digestAlgorithm, pbeParams);
        }

        public OutputStream getOutputStream()
        {
            return new MacOutputStream(hMac);
        }

        public byte[] getMac()
        {
            byte[] res = new byte[hMac.getMacSize()];

            hMac.doFinal(res, 0);

            return res;
        }

        public GenericKey getKey()
        {
            return new GenericKey(getAlgorithmIdentifier(), PKCS12ParametersGenerator.PKCS12PasswordToBytes(password));
        }
    };
}

public MacData build(char[] password, byte[] data)
    throws PKCSException
{
    MacCalculator     macCalculator;

    try
    {
        macCalculator = builder.build(password);

        OutputStream out = macCalculator.getOutputStream();

        out.write(data);

        out.close();
    }
    catch (Exception e)
    {
        throw new PKCSException("unable to process data: " + e.getMessage(), e);
    }

    AlgorithmIdentifier algId = macCalculator.getAlgorithmIdentifier();

    DigestInfo dInfo = new DigestInfo(builder.getDigestAlgorithmIdentifier(), macCalculator.getMac());
    PKCS12PBEParams params = PKCS12PBEParams.getInstance(algId.getParameters());

    return new MacData(dInfo, params.getIV(), params.getIterations().intValue());
}

protected void engineInit(
    AlgorithmParameterSpec paramSpec)
    throws InvalidParameterSpecException
{
    if (!(paramSpec instanceof PBEParameterSpec))
    {
        throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PKCS12 PBE parameters algorithm parameters object");
    }

    PBEParameterSpec pbeSpec = (PBEParameterSpec)paramSpec;

    this.params = new PKCS12PBEParams(pbeSpec.getSalt(),
        pbeSpec.getIterationCount());
}

protected byte[] wrapKey(
    String algorithm,
    Key key,
    PKCS12PBEParams pbeParams,
    char[] password)
    throws IOException
{
    PBEKeySpec pbeSpec = new PBEKeySpec(password);
    byte[] out;

    try
    {
        SecretKeyFactory keyFact = SecretKeyFactory.getInstance(
            algorithm, bcProvider);
        PBEParameterSpec defParams = new PBEParameterSpec(
            pbeParams.getIV(),
            pbeParams.getIterations().intValue());

        Cipher cipher = Cipher.getInstance(algorithm, bcProvider);

        cipher.init(Cipher.WRAP_MODE, keyFact.generateSecret(pbeSpec), defParams);

        out = cipher.wrap(key);
    }
    catch (Exception e)
    {
        throw new IOException("exception encrypting data - " + e.toString());
    }

    return out;
}

protected byte[] cryptData(
    boolean forEncryption,
    AlgorithmIdentifier algId,
    char[] password,
    boolean wrongPKCS12Zero,
    byte[] data)
    throws IOException
{
    String algorithm = algId.getAlgorithm().getId();
    PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algId.getParameters());
    PBEKeySpec pbeSpec = new PBEKeySpec(password);

    try
    {
        SecretKeyFactory keyFact = SecretKeyFactory.getInstance(algorithm, bcProvider);
        PBEParameterSpec defParams = new PBEParameterSpec(
            pbeParams.getIV(),
            pbeParams.getIterations().intValue());
        BCPBEKey key = (BCPBEKey)keyFact.generateSecret(pbeSpec);

        key.setTryWrongPKCS12Zero(wrongPKCS12Zero);

        Cipher cipher = Cipher.getInstance(algorithm, bcProvider);
        int mode = forEncryption ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE;
        cipher.init(mode, key, defParams);
        return cipher.doFinal(data);
    }
    catch (Exception e)
    {
        throw new IOException("exception decrypting data - " + e.toString());
    }
}

public InputDecryptorProvider build(final char[] password)
{
    return new InputDecryptorProvider()
    {
        public InputDecryptor get(final AlgorithmIdentifier algorithmIdentifier)
        {
            final PaddedBufferedBlockCipher engine = PKCS12PBEUtils.getEngine(algorithmIdentifier.getAlgorithm());

            PKCS12PBEParams           pbeParams = PKCS12PBEParams.getInstance(algorithmIdentifier.getParameters());

            CipherParameters params = PKCS12PBEUtils.createCipherParameters(algorithmIdentifier.getAlgorithm(), digest, engine.getBlockSize(), pbeParams, password);

            engine.init(false, params);

            return new InputDecryptor()
            {
                public AlgorithmIdentifier getAlgorithmIdentifier()
                {
                    return algorithmIdentifier;
                }

                public InputStream getInputStream(InputStream input)
                {
                    return new CipherInputStream(input, engine);
                }

                public GenericKey getKey()
                {
                    return new GenericKey(PKCS12ParametersGenerator.PKCS12PasswordToBytes(password));
                }
            };
        }
    };

}

public MacCalculator build(final char[] password)
{
    if (random == null)
    {
        random = new SecureRandom();
    }

    byte[] salt = new byte[saltLength];

    random.nextBytes(salt);

    return PKCS12PBEUtils.createMacCalculator(algorithmIdentifier.getAlgorithm(), digest, new PKCS12PBEParams(salt, iterationCount), password);
}

static MacCalculator createMacCalculator(final ASN1ObjectIdentifier digestAlgorithm, ExtendedDigest digest, final PKCS12PBEParams pbeParams, final char[] password)
{
    PKCS12ParametersGenerator pGen = new PKCS12ParametersGenerator(digest);

    pGen.init(PKCS12ParametersGenerator.PKCS12PasswordToBytes(password), pbeParams.getIV(), pbeParams.getIterations().intValue());

    final KeyParameter keyParam = (KeyParameter)pGen.generateDerivedMacParameters(digest.getDigestSize() * 8);

    final HMac hMac = new HMac(digest);

    hMac.init(keyParam);

    return new MacCalculator()
    {
        public AlgorithmIdentifier getAlgorithmIdentifier()
        {
            return new AlgorithmIdentifier(digestAlgorithm, pbeParams);
        }

        public OutputStream getOutputStream()
        {
            return new MacOutputStream(hMac);
        }

        public byte[] getMac()
        {
            byte[] res = new byte[hMac.getMacSize()];

            hMac.doFinal(res, 0);

            return res;
        }

        public GenericKey getKey()
        {
            return new GenericKey(getAlgorithmIdentifier(), PKCS12ParametersGenerator.PKCS12PasswordToBytes(password));
        }
    };
}

public OutputEncryptor build(final char[] password)
{
    if (random == null)
    {
        random = new SecureRandom();
    }

    final byte[] salt = new byte[20];

    random.nextBytes(salt);

    final PKCS12PBEParams pbeParams = new PKCS12PBEParams(salt, iterationCount);

    CipherParameters params = PKCS12PBEUtils.createCipherParameters(algorithm, digest, engine.getBlockSize(), pbeParams, password);

    engine.init(true, params);

    return new OutputEncryptor()
    {
        public AlgorithmIdentifier getAlgorithmIdentifier()
        {
            return new AlgorithmIdentifier(algorithm, pbeParams);
        }

        public OutputStream getOutputStream(OutputStream out)
        {
            return new CipherOutputStream(out, engine);
        }

        public GenericKey getKey()
        {
            return new GenericKey(new AlgorithmIdentifier(algorithm, pbeParams), PKCS12ParametersGenerator.PKCS12PasswordToBytes(password));
        }
    };
}

public MacData build(char[] password, byte[] data)
    throws PKCSException
{
    MacCalculator     macCalculator;

    try
    {
        macCalculator = builder.build(password);

        OutputStream out = macCalculator.getOutputStream();

        out.write(data);

        out.close();
    }
    catch (Exception e)
    {
        throw new PKCSException("unable to process data: " + e.getMessage(), e);
    }

    AlgorithmIdentifier algId = macCalculator.getAlgorithmIdentifier();

    DigestInfo dInfo = new DigestInfo(builder.getDigestAlgorithmIdentifier(), macCalculator.getMac());
    PKCS12PBEParams params = PKCS12PBEParams.getInstance(algId.getParameters());

    return new MacData(dInfo, params.getIV(), params.getIterations().intValue());
}

public InputDecryptorProvider build(final char[] password)
{
    return new InputDecryptorProvider()
    {
        public InputDecryptor get(final AlgorithmIdentifier algorithmIdentifier)
        {
            final PaddedBufferedBlockCipher engine = PKCS12PBEUtils.getEngine(algorithmIdentifier.getAlgorithm());

            PKCS12PBEParams           pbeParams = PKCS12PBEParams.getInstance(algorithmIdentifier.getParameters());

            CipherParameters params = PKCS12PBEUtils.createCipherParameters(algorithmIdentifier.getAlgorithm(), digest, engine.getBlockSize(), pbeParams, password);

            engine.init(false, params);

            return new InputDecryptor()
            {
                public AlgorithmIdentifier getAlgorithmIdentifier()
                {
                    return algorithmIdentifier;
                }

                public InputStream getInputStream(InputStream input)
                {
                    return new CipherInputStream(input, engine);
                }

                public GenericKey getKey()
                {
                    return new GenericKey(PKCS12ParametersGenerator.PKCS12PasswordToBytes(password));
                }
            };
        }
    };

}

public MacCalculator build(final char[] password)
{
    if (random == null)
    {
        random = new SecureRandom();
    }

    byte[] salt = new byte[saltLength];

    random.nextBytes(salt);

    return PKCS12PBEUtils.createMacCalculator(algorithmIdentifier.getAlgorithm(), digest, new PKCS12PBEParams(salt, iterationCount), password);
}

static MacCalculator createMacCalculator(final ASN1ObjectIdentifier digestAlgorithm, ExtendedDigest digest, final PKCS12PBEParams pbeParams, final char[] password)
{
    PKCS12ParametersGenerator pGen = new PKCS12ParametersGenerator(digest);

    pGen.init(PKCS12ParametersGenerator.PKCS12PasswordToBytes(password), pbeParams.getIV(), pbeParams.getIterations().intValue());

    final KeyParameter keyParam = (KeyParameter)pGen.generateDerivedMacParameters(digest.getDigestSize() * 8);

    final HMac hMac = new HMac(digest);

    hMac.init(keyParam);

    return new MacCalculator()
    {
        public AlgorithmIdentifier getAlgorithmIdentifier()
        {
            return new AlgorithmIdentifier(digestAlgorithm, pbeParams);
        }

        public OutputStream getOutputStream()
        {
            return new MacOutputStream(hMac);
        }

        public byte[] getMac()
        {
            byte[] res = new byte[hMac.getMacSize()];

            hMac.doFinal(res, 0);

            return res;
        }

        public GenericKey getKey()
        {
            return new GenericKey(getAlgorithmIdentifier(), PKCS12ParametersGenerator.PKCS12PasswordToBytes(password));
        }
    };
}

public OutputEncryptor build(final char[] password)
{
    if (random == null)
    {
        random = new SecureRandom();
    }

    final byte[] salt = new byte[20];

    random.nextBytes(salt);

    final PKCS12PBEParams pbeParams = new PKCS12PBEParams(salt, iterationCount);

    CipherParameters params = PKCS12PBEUtils.createCipherParameters(algorithm, digest, engine.getBlockSize(), pbeParams, password);

    engine.init(true, params);

    return new OutputEncryptor()
    {
        public AlgorithmIdentifier getAlgorithmIdentifier()
        {
            return new AlgorithmIdentifier(algorithm, pbeParams);
        }

        public OutputStream getOutputStream(OutputStream out)
        {
            return new CipherOutputStream(out, engine);
        }

        public GenericKey getKey()
        {
            return new GenericKey(new AlgorithmIdentifier(algorithm, pbeParams), PKCS12ParametersGenerator.PKCS12PasswordToBytes(password));
        }
    };
}

public MacData build(char[] password, byte[] data)
    throws PKCSException
{
    MacCalculator     macCalculator;

    try
    {
        macCalculator = builder.build(password);

        OutputStream out = macCalculator.getOutputStream();

        out.write(data);

        out.close();
    }
    catch (Exception e)
    {
        throw new PKCSException("unable to process data: " + e.getMessage(), e);
    }

    AlgorithmIdentifier algId = macCalculator.getAlgorithmIdentifier();

    DigestInfo dInfo = new DigestInfo(builder.getDigestAlgorithmIdentifier(), macCalculator.getMac());
    PKCS12PBEParams params = PKCS12PBEParams.getInstance(algId.getParameters());

    return new MacData(dInfo, params.getIV(), params.getIterations().intValue());
}

protected void engineInit(
    AlgorithmParameterSpec paramSpec)
    throws InvalidParameterSpecException
{
    if (!(paramSpec instanceof PBEParameterSpec))
    {
        throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PKCS12 PBE parameters algorithm parameters object");
    }

    PBEParameterSpec pbeSpec = (PBEParameterSpec)paramSpec;

    this.params = new PKCS12PBEParams(pbeSpec.getSalt(),
        pbeSpec.getIterationCount());
}

protected byte[] wrapKey(
    String algorithm,
    Key key,
    PKCS12PBEParams pbeParams,
    char[] password)
    throws IOException
{
    PBEKeySpec pbeSpec = new PBEKeySpec(password);
    byte[] out;

    try
    {
        SecretKeyFactory keyFact =  helper.createSecretKeyFactory(algorithm);
        PBEParameterSpec defParams = new PBEParameterSpec(
            pbeParams.getIV(),
            pbeParams.getIterations().intValue());

        Cipher cipher = helper.createCipher(algorithm);

        cipher.init(Cipher.WRAP_MODE, keyFact.generateSecret(pbeSpec), defParams);

        out = cipher.wrap(key);
    }
    catch (Exception e)
    {
        throw new IOException("exception encrypting data - " + e.toString());
    }

    return out;
}

protected void engineInit(
    AlgorithmParameterSpec paramSpec)
    throws InvalidParameterSpecException
{
    if (!(paramSpec instanceof PBEParameterSpec))
    {
        throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PKCS12 PBE parameters algorithm parameters object");
    }

    PBEParameterSpec pbeSpec = (PBEParameterSpec)paramSpec;

    this.params = new PKCS12PBEParams(pbeSpec.getSalt(),
        pbeSpec.getIterationCount());
}

protected byte[] wrapKey(
    String algorithm,
    Key key,
    PKCS12PBEParams pbeParams,
    char[] password)
    throws IOException
{
    PBEKeySpec pbeSpec = new PBEKeySpec(password);
    byte[] out;

    try
    {
        SecretKeyFactory keyFact = SecretKeyFactory.getInstance(
            algorithm, bcProvider);
        PBEParameterSpec defParams = new PBEParameterSpec(
            pbeParams.getIV(),
            pbeParams.getIterations().intValue());

        Cipher cipher = Cipher.getInstance(algorithm, bcProvider);

        cipher.init(Cipher.WRAP_MODE, keyFact.generateSecret(pbeSpec), defParams);

        out = cipher.wrap(key);
    }
    catch (Exception e)
    {
        throw new IOException("exception encrypting data - " + e.toString());
    }

    return out;
}

public boolean checkCryptoPermission()
    throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidAlgorithmParameterException,
    InvalidKeySpecException
{
    LOG.debug("Cryptography permission check");

    try
    {
        byte[] iv = new byte[20];
        CertificateUtilities.RANDOM.nextBytes(iv);
        PKCS12PBEParams pbeParams = new PKCS12PBEParams(iv, 1024);
        String algorithm = "1.2.840.113549.1.12.1.3";
        SecretKeyFactory keyFact = SecretKeyFactory.getInstance(algorithm, "BC");
        PBEParameterSpec defParams = new PBEParameterSpec(pbeParams.getIV(), pbeParams.getIterations().intValue());

        Cipher cipher = Cipher.getInstance(algorithm, "BC");
        PBEKeySpec pbeSpec = new PBEKeySpec("testwelcome".toCharArray());
        cipher.init(Cipher.WRAP_MODE, keyFact.generateSecret(pbeSpec), defParams);

        return true;
    } catch (InvalidKeyException ex)
    {
        cryptoPermissionDenied = true;
        setErrorMessage(Messages.getString("MailsterKeyStoreFactory.error.vm.crypto.restrictions"));
        return false;
    }
}

public InputDecryptorProvider build(final char[] password)
{
    return new InputDecryptorProvider()
    {
        public InputDecryptor get(final AlgorithmIdentifier algorithmIdentifier)
        {
            final PaddedBufferedBlockCipher engine = PKCS12PBEUtils.getEngine(algorithmIdentifier.getAlgorithm());

            PKCS12PBEParams           pbeParams = PKCS12PBEParams.getInstance(algorithmIdentifier.getParameters());

            CipherParameters params = PKCS12PBEUtils.createCipherParameters(algorithmIdentifier.getAlgorithm(), digest, engine.getBlockSize(), pbeParams, password);

            engine.init(false, params);

            return new InputDecryptor()
            {
                public AlgorithmIdentifier getAlgorithmIdentifier()
                {
                    return algorithmIdentifier;
                }

                public InputStream getInputStream(InputStream input)
                {
                    return new CipherInputStream(input, engine);
                }

                public GenericKey getKey()
                {
                    return new GenericKey(PKCS12ParametersGenerator.PKCS12PasswordToBytes(password));
                }
            };
        }
    };

}

public MacCalculator build(final char[] password)
{
    if (random == null)
    {
        random = new SecureRandom();
    }

    byte[] salt = new byte[saltLength];

    random.nextBytes(salt);

    return PKCS12PBEUtils.createMacCalculator(algorithmIdentifier.getAlgorithm(), digest, new PKCS12PBEParams(salt, iterationCount), password);
}

static MacCalculator createMacCalculator(final ASN1ObjectIdentifier digestAlgorithm, ExtendedDigest digest, final PKCS12PBEParams pbeParams, final char[] password)
{
    PKCS12ParametersGenerator pGen = new PKCS12ParametersGenerator(digest);

    pGen.init(PKCS12ParametersGenerator.PKCS12PasswordToBytes(password), pbeParams.getIV(), pbeParams.getIterations().intValue());

    final KeyParameter keyParam = (KeyParameter)pGen.generateDerivedMacParameters(digest.getDigestSize() * 8);

    final HMac hMac = new HMac(digest);

    hMac.init(keyParam);

    return new MacCalculator()
    {
        public AlgorithmIdentifier getAlgorithmIdentifier()
        {
            return new AlgorithmIdentifier(digestAlgorithm, pbeParams);
        }

        public OutputStream getOutputStream()
        {
            return new MacOutputStream(hMac);
        }

        public byte[] getMac()
        {
            byte[] res = new byte[hMac.getMacSize()];

            hMac.doFinal(res, 0);

            return res;
        }

        public GenericKey getKey()
        {
            return new GenericKey(getAlgorithmIdentifier(), PKCS12ParametersGenerator.PKCS12PasswordToBytes(password));
        }
    };
}

public OutputEncryptor build(final char[] password)
{
    if (random == null)
    {
        random = new SecureRandom();
    }

    final byte[] salt = new byte[20];
    final int    iterationCount = 1024;

    random.nextBytes(salt);

    final PKCS12PBEParams pbeParams = new PKCS12PBEParams(salt, iterationCount);

    CipherParameters params = PKCS12PBEUtils.createCipherParameters(algorithm, digest, engine.getBlockSize(), pbeParams, password);

    engine.init(true, params);

    return new OutputEncryptor()
    {
        public AlgorithmIdentifier getAlgorithmIdentifier()
        {
            return new AlgorithmIdentifier(algorithm, pbeParams);
        }

        public OutputStream getOutputStream(OutputStream out)
        {
            return new CipherOutputStream(out, engine);
        }

        public GenericKey getKey()
        {
            return new GenericKey(new AlgorithmIdentifier(algorithm, pbeParams), PKCS12ParametersGenerator.PKCS12PasswordToBytes(password));
        }
    };
}