/**
* Just re-encode the outer layer of the PKCS#12 file to definite length encoding.
*
* @param berPKCS12File - original PKCS#12 file
* @return a byte array representing the DER encoding of the PFX structure
* @throws IOException
*/
public static byte[] ConvertToDefiniteLength(
byte[] berPkcs12File)
{
Pfx pfx = new Pfx(Asn1Sequence.GetInstance(Asn1Object.FromByteArray(berPkcs12File)));
return pfx.GetEncoded(Asn1Encodable.Der);
}
/**
* Re-encode the PKCS#12 structure to definite length encoding at the inner layer
* as well, recomputing the MAC accordingly.
*
* @param berPKCS12File - original PKCS12 file.
* @param provider - provider to use for MAC calculation.
* @return a byte array representing the DER encoding of the PFX structure.
* @throws IOException on parsing, encoding errors.
*/
public static byte[] ConvertToDefiniteLength(
byte[] berPkcs12File,
char[] passwd)
{
Pfx pfx = new Pfx(Asn1Sequence.GetInstance(Asn1Object.FromByteArray(berPkcs12File)));
ContentInfo info = pfx.AuthSafe;
Asn1OctetString content = Asn1OctetString.GetInstance(info.Content);
Asn1Object obj = Asn1Object.FromByteArray(content.GetOctets());
info = new ContentInfo(info.ContentType, new DerOctetString(obj.GetEncoded(Asn1Encodable.Der)));
MacData mData = pfx.MacData;
try
{
int itCount = mData.IterationCount.IntValue;
byte[] data = Asn1OctetString.GetInstance(info.Content).GetOctets();
byte[] res = Pkcs12Store.CalculatePbeMac(
mData.Mac.AlgorithmID.ObjectID, mData.GetSalt(), itCount, passwd, false, data);
AlgorithmIdentifier algId = new AlgorithmIdentifier(
mData.Mac.AlgorithmID.ObjectID, DerNull.Instance);
DigestInfo dInfo = new DigestInfo(algId, res);
mData = new MacData(dInfo, mData.GetSalt(), itCount);
}
catch (Exception e)
{
throw new IOException("error constructing MAC: " + e.ToString());
}
pfx = new Pfx(info, mData);
return pfx.GetEncoded(Asn1Encodable.Der);
}
public override void PerformTest()
{
Asn1Sequence obj = (Asn1Sequence) Asn1Object.FromByteArray(pkcs12);
Pfx bag = new Pfx(obj);
ContentInfo info = bag.AuthSafe;
MacData mData = bag.MacData;
DigestInfo dInfo = mData.Mac;
AlgorithmIdentifier algId = dInfo.AlgorithmID;
byte[] salt = mData.GetSalt();
int itCount = mData.IterationCount.IntValue;
byte[] octets = ((Asn1OctetString) info.Content).GetOctets();
AuthenticatedSafe authSafe = new AuthenticatedSafe(
(Asn1Sequence) Asn1Object.FromByteArray(octets));
ContentInfo[] c = authSafe.GetContentInfo();
//
// private key section
//
if (!c[0].ContentType.Equals(PkcsObjectIdentifiers.Data))
{
Fail("Failed comparison data test");
}
octets = ((Asn1OctetString)c[0].Content).GetOctets();
Asn1Sequence seq = (Asn1Sequence) Asn1Object.FromByteArray(octets);
SafeBag b = new SafeBag((Asn1Sequence)seq[0]);
if (!b.BagID.Equals(PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag))
{
Fail("Failed comparison shroudedKeyBag test");
}
EncryptedPrivateKeyInfo encInfo = EncryptedPrivateKeyInfo.GetInstance(b.BagValue);
encInfo = new EncryptedPrivateKeyInfo(encInfo.EncryptionAlgorithm, encInfo.GetEncryptedData());
b = new SafeBag(PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag, encInfo.ToAsn1Object(), b.BagAttributes);
byte[] encodedBytes = new DerSequence(b).GetEncoded();
c[0] = new ContentInfo(PkcsObjectIdentifiers.Data, new BerOctetString(encodedBytes));
//
// certificates
//
if (!c[1].ContentType.Equals(PkcsObjectIdentifiers.EncryptedData))
{
Fail("Failed comparison encryptedData test");
}
EncryptedData eData = EncryptedData.GetInstance(c[1].Content);
c[1] = new ContentInfo(PkcsObjectIdentifiers.EncryptedData, eData);
//
// create an octet stream to represent the BER encoding of authSafe
//
authSafe = new AuthenticatedSafe(c);
info = new ContentInfo(PkcsObjectIdentifiers.Data, new BerOctetString(authSafe.GetEncoded()));
mData = new MacData(new DigestInfo(algId, dInfo.GetDigest()), salt, itCount);
bag = new Pfx(info, mData);
//
// comparison test
//
if (!Arrays.AreEqual(bag.GetEncoded(), pkcs12))
{
Fail("Failed comparison test");
}
}
