/// <summary>
/// Build the Pfx structure, protecting it with a MAC calculated against the passed in password.
/// </summary>
/// <param name="macCalcFactory">a builder for a Pkcs12 mac calculator.</param>
/// <returns>A Pfx object.</returns>
public Pkcs12PfxPdu Build(IMacFactory <Pkcs12MacAlgDescriptor> macCalcFactory)
{
AuthenticatedSafe auth = AuthenticatedSafe.GetInstance(new DerSequence(dataVector));
byte[] encAuth;
try
{
encAuth = auth.GetEncoded();
}
catch (IOException e)
{
throw new PkcsException("unable to encode AuthenticatedSafe: " + e.Message, e);
}
ContentInfo mainInfo = new ContentInfo(PkcsObjectIdentifiers.Data, new DerOctetString(encAuth));
MacData mData = null;
if (macCalcFactory != null)
{
mData = PkcsUtilities.CreateMacData(macCalcFactory, encAuth);
}
//
// output the Pfx
//
Pfx pfx = new Pfx(mainInfo, mData);
return(new Pkcs12PfxPdu(pfx));
}
/**
* Verify the MacData attached to the PFX is consistent with what is expected.
*
* @param macCalcProviderBuilder provider builder for the calculator for the MAC
* @return true if mac data is valid, false otherwise.
* @throws PkcsException if there is a problem evaluating the MAC.
* @throws IllegalStateException if no MAC is actually present
*/
public bool IsMacValid(IMacFactoryProvider <Pkcs12MacAlgDescriptor> macCalcProviderBuilder)
{
if (HasMac)
{
MacData pfxmData = pfx.MacData;
IMacFactory <Pkcs12MacAlgDescriptor> mdFact = macCalcProviderBuilder.CreateMacFactory(new Pkcs12MacAlgDescriptor(pfxmData.Mac.AlgorithmID, pfxmData.GetSalt(), pfxmData.IterationCount.IntValue));
try
{
MacData mData = PkcsUtilities.CreateMacData(mdFact, Asn1OctetString.GetInstance(pfx.AuthSafe.Content).GetOctets());
return(Arrays.ConstantTimeAreEqual(mData.GetEncoded(), pfx.MacData.GetEncoded()));
}
catch (IOException e)
{
throw new PkcsException("unable to process AuthSafe: " + e.Message);
}
}
throw new InvalidOperationException("no MAC present on PFX");
}
