Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
   package org.bouncycastle.jcajce.provider.keystore.pkcs12;
   
   import java.io.IOException;
   import java.io.InputStream;
   import java.io.OutputStream;
  import java.security.Key;
  import java.util.Date;
  import java.util.HashMap;
  import java.util.Map;
  import java.util.Vector;
  
  import javax.crypto.Mac;
  
 
 public class PKCS12KeyStoreSpi
     extends KeyStoreSpi
 {
     private final JcaJceHelper helper = new BCJcaJceHelper();
 
     private static final int SALT_SIZE = 20;
     private static final int MIN_ITERATIONS = 1024;
 
     private static final DefaultSecretKeyProvider keySizeProvider = new DefaultSecretKeyProvider();
 
     private IgnoresCaseHashtable keys = new IgnoresCaseHashtable();
     private Hashtable localIds = new Hashtable();
     private IgnoresCaseHashtable certs = new IgnoresCaseHashtable();
     private Hashtable chainCerts = new Hashtable();
     private Hashtable keyCerts = new Hashtable();
 
     //
     // generic object types
     //
     static final int NULL = 0;
     static final int CERTIFICATE = 1;
     static final int KEY = 2;
     static final int SECRET = 3;
     static final int SEALED = 4;
 
     //
     // key types
     //
     static final int KEY_PRIVATE = 0;
     static final int KEY_PUBLIC = 1;
     static final int KEY_SECRET = 2;
 
     protected SecureRandom random = new SecureRandom();
 
     // use of final causes problems with JDK 1.2 compiler
     private CertificateFactory certFact;
 
     private class CertId
     {
         byte[] id;
 
         CertId(
             PublicKey key)
         {
             this. = createSubjectKeyId(key).getKeyIdentifier();
         }
 
         CertId(
             byte[] id)
         {
             this. = id;
         }
 
         public int hashCode()
         {
             return Arrays.hashCode();
         }
 
         public boolean equals(
             Object o)
         {
             if (o == this)
             {
                 return true;
             }
 
             if (!(o instanceof CertId))
             {
                 return false;
             }
 
             CertId cId = (CertId)o;
 
             return Arrays.areEqual(cId.id);
         }
     }
 
     public PKCS12KeyStoreSpi(
         Provider provider,
         ASN1ObjectIdentifier keyAlgorithm,
         ASN1ObjectIdentifier certAlgorithm)
     {
         this. = keyAlgorithm;
         this. = certAlgorithm;
 
         try
         {
             if (provider != null)
             {
                  = CertificateFactory.getInstance("X.509"provider);
             }
             else
             {
                  = CertificateFactory.getInstance("X.509");
             }
         }
         catch (Exception e)
         {
             throw new IllegalArgumentException("can't create cert factory - " + e.toString());
         }
     }
 
         PublicKey pubKey)
     {
         try
         {
             SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(
                 (ASN1Sequence)ASN1Primitive.fromByteArray(pubKey.getEncoded()));
 
             return new SubjectKeyIdentifier(getDigest(info));
         }
         catch (Exception e)
         {
             throw new RuntimeException("error creating key");
         }
     }
 
     private static byte[] getDigest(SubjectPublicKeyInfo spki)
     {
         Digest digest = new SHA1Digest();
         byte[]  resBuf = new byte[digest.getDigestSize()];
 
         byte[] bytes = spki.getPublicKeyData().getBytes();
         digest.update(bytes, 0, bytes.length);
         digest.doFinal(resBuf, 0);
         return resBuf;
     }
 
     public void setRandom(
         SecureRandom rand)
     {
         this. = rand;
     }
 
     public Enumeration engineAliases()
     {
         Hashtable tab = new Hashtable();
 
         Enumeration e = .keys();
         while (e.hasMoreElements())
         {
             tab.put(e.nextElement(), "cert");
         }
 
         e = .keys();
         while (e.hasMoreElements())
         {
             String a = (String)e.nextElement();
             if (tab.get(a) == null)
             {
                 tab.put(a"key");
             }
         }
 
         return tab.keys();
     }
 
     public boolean engineContainsAlias(
         String alias)
     {
         return (.get(alias) != null || .get(alias) != null);
     }

    
this is not quite complete - we should follow up on the chain, a bit tricky if a certificate appears in more than one chain...
 
     public void engineDeleteEntry(
         String alias)
         throws KeyStoreException
     {
         Key k = (Key).remove(alias);
 
         Certificate c = (Certificate).remove(alias);
 
         if (c != null)
         {
             .remove(new CertId(c.getPublicKey()));
         }
 
         if (k != null)
         {
             String id = (String).remove(alias);
             if (id != null)
             {
                 c = (Certificate).remove(id);
             }
             if (c != null)
             {
                 .remove(new CertId(c.getPublicKey()));
             }
         }
     }

    
simply return the cert for the private key
 
         String alias)
     {
         if (alias == null)
         {
             throw new IllegalArgumentException("null alias passed to getCertificate.");
         }
 
         Certificate c = (Certificate).get(alias);
 
         //
         // look up the key table - and try the local key id
         //
         if (c == null)
         {
             String id = (String).get(alias);
             if (id != null)
             {
                 c = (Certificate).get(id);
             }
             else
             {
                 c = (Certificate).get(alias);
             }
         }
 
         return c;
     }
 
         Certificate cert)
     {
         Enumeration c = .elements();
         Enumeration k = .keys();
 
         while (c.hasMoreElements())
         {
             Certificate tc = (Certificate)c.nextElement();
             String ta = (String)k.nextElement();
 
             if (tc.equals(cert))
             {
                 return ta;
             }
         }
 
         c = .elements();
         k = .keys();
 
         while (c.hasMoreElements())
         {
             Certificate tc = (Certificate)c.nextElement();
             String ta = (String)k.nextElement();
 
             if (tc.equals(cert))
             {
                 return ta;
             }
         }
 
         return null;
     }
 
         String alias)
     {
         if (alias == null)
         {
             throw new IllegalArgumentException("null alias passed to getCertificateChain.");
         }
 
         if (!engineIsKeyEntry(alias))
         {
             return null;
         }
 
         Certificate c = engineGetCertificate(alias);
 
         if (c != null)
         {
             Vector cs = new Vector();
 
             while (c != null)
             {
                 X509Certificate x509c = (X509Certificate)c;
                 Certificate nextC = null;
 
                 byte[] bytes = x509c.getExtensionValue(..getId());
                 if (bytes != null)
                 {
                     try
                     {
                         ASN1InputStream aIn = new ASN1InputStream(bytes);
 
                         byte[] authBytes = ((ASN1OctetString)aIn.readObject()).getOctets();
                         aIn = new ASN1InputStream(authBytes);
 
                         AuthorityKeyIdentifier id = AuthorityKeyIdentifier.getInstance(aIn.readObject());
                         if (id.getKeyIdentifier() != null)
                         {
                             nextC = (Certificate).get(new CertId(id.getKeyIdentifier()));
                         }
 
                     }
                     catch (IOException e)
                     {
                         throw new RuntimeException(e.toString());
                     }
                 }
 
                 if (nextC == null)
                 {
                     //
                     // no authority key id, try the Issuer DN
                     //
                     Principal i = x509c.getIssuerDN();
                     Principal s = x509c.getSubjectDN();
 
                     if (!i.equals(s))
                     {
                         Enumeration e = .keys();
 
                         while (e.hasMoreElements())
                         {
                             X509Certificate crt = (X509Certificate).get(e.nextElement());
                             Principal sub = crt.getSubjectDN();
                             if (sub.equals(i))
                             {
                                 try
                                 {
                                     x509c.verify(crt.getPublicKey());
                                     nextC = crt;
                                     break;
                                 }
                                 catch (Exception ex)
                                 {
                                     // continue
                                 }
                             }
                         }
                     }
                 }
 
                 cs.addElement(c);
                 if (nextC != c)     // self signed - end of the chain
                 {
                     c = nextC;
                 }
                 else
                 {
                     c = null;
                 }
             }
 
             Certificate[] certChain = new Certificate[cs.size()];
 
             for (int i = 0; i != certChain.lengthi++)
             {
                 certChain[i] = (Certificate)cs.elementAt(i);
             }
 
             return certChain;
         }
 
         return null;
     }
 
     public Date engineGetCreationDate(String alias)
     {
         if (alias == null)
         {
             throw new NullPointerException("alias == null");
         }
         if (.get(alias) == null && .get(alias) == null)
         {
             return null;
         }
         return new Date();
     }
 
     public Key engineGetKey(
         String alias,
         char[] password)
     {
         if (alias == null)
         {
             throw new IllegalArgumentException("null alias passed to getKey.");
         }
 
         return (Key).get(alias);
     }
 
     public boolean engineIsCertificateEntry(
         String alias)
     {
         return (.get(alias) != null && .get(alias) == null);
     }
 
     public boolean engineIsKeyEntry(
         String alias)
     {
         return (.get(alias) != null);
     }
 
     public void engineSetCertificateEntry(
         String alias,
         Certificate cert)
         throws KeyStoreException
     {
         if (.get(alias) != null)
         {
             throw new KeyStoreException("There is a key entry with the name " + alias + ".");
         }
 
         .put(aliascert);
         .put(new CertId(cert.getPublicKey()), cert);
     }
 
     public void engineSetKeyEntry(
         String alias,
         byte[] key,
         Certificate[] chain)
         throws KeyStoreException
     {
         throw new RuntimeException("operation not supported");
     }
 
     public void engineSetKeyEntry(
         String alias,
         Key key,
         char[] password,
         Certificate[] chain)
         throws KeyStoreException
     {
         if (!(key instanceof PrivateKey))
         {
             throw new KeyStoreException("PKCS12 does not support non-PrivateKeys");
         }
 
         if ((key instanceof PrivateKey) && (chain == null))
         {
             throw new KeyStoreException("no certificate chain for private key");
         }
 
         if (.get(alias) != null)
         {
             engineDeleteEntry(alias);
         }
 
         .put(aliaskey);
         if (chain != null)
         {
             .put(aliaschain[0]);
 
             for (int i = 0; i != chain.lengthi++)
             {
                 .put(new CertId(chain[i].getPublicKey()), chain[i]);
             }
         }
     }
 
     public int engineSize()
     {
         Hashtable tab = new Hashtable();
 
         Enumeration e = .keys();
         while (e.hasMoreElements())
         {
             tab.put(e.nextElement(), "cert");
         }
 
         e = .keys();
         while (e.hasMoreElements())
         {
             String a = (String)e.nextElement();
             if (tab.get(a) == null)
             {
                 tab.put(a"key");
             }
         }
 
         return tab.size();
     }
 
     protected PrivateKey unwrapKey(
         AlgorithmIdentifier algId,
         byte[] data,
         char[] password,
         boolean wrongPKCS12Zero)
         throws IOException
     {
         ASN1ObjectIdentifier algorithm = algId.getAlgorithm();
         try
         {
             if (algorithm.on(.))
             {
                 PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algId.getParameters());
 
                 PBEKeySpec pbeSpec = new PBEKeySpec(password);
                 PrivateKey out;
 
                 SecretKeyFactory keyFact = .createSecretKeyFactory(
                     algorithm.getId());
                 PBEParameterSpec defParams = new PBEParameterSpec(
                     pbeParams.getIV(),
                     pbeParams.getIterations().intValue());
 
                 SecretKey k = keyFact.generateSecret(pbeSpec);
 
                 ((BCPBEKey)k).setTryWrongPKCS12Zero(wrongPKCS12Zero);
 
                 Cipher cipher = .createCipher(algorithm.getId());
 
                 cipher.init(.kdefParams);
 
                 // we pass "" as the key algorithm type as it is unknown at this point
                 return (PrivateKey)cipher.unwrap(data"".);
             }
             else if (algorithm.equals(.))
             {
 
                 Cipher cipher = createCipher(.passwordalgId);
 
                 // we pass "" as the key algorithm type as it is unknown at this point
                 return (PrivateKey)cipher.unwrap(data"".);
             }
         }
         catch (Exception e)
         {
             throw new IOException("exception unwrapping private key - " + e.toString());
         }
 
         throw new IOException("exception unwrapping private key - cannot recognise: " + algorithm);
     }
 
     protected byte[] wrapKey(
         String algorithm,
         Key key,
         PKCS12PBEParams pbeParams,
         char[] password)
         throws IOException
     {
         PBEKeySpec pbeSpec = new PBEKeySpec(password);
         byte[] out;
 
         try
         {
             SecretKeyFactory keyFact =  .createSecretKeyFactory(algorithm);
             PBEParameterSpec defParams = new PBEParameterSpec(
                 pbeParams.getIV(),
                 pbeParams.getIterations().intValue());
 
             Cipher cipher = .createCipher(algorithm);
 
             cipher.init(.keyFact.generateSecret(pbeSpec), defParams);
 
             out = cipher.wrap(key);
         }
         catch (Exception e)
         {
             throw new IOException("exception encrypting data - " + e.toString());
         }
 
         return out;
     }
 
     protected byte[] cryptData(
         boolean forEncryption,
         AlgorithmIdentifier algId,
         char[] password,
         boolean wrongPKCS12Zero,
         byte[] data)
         throws IOException
     {
         ASN1ObjectIdentifier algorithm = algId.getAlgorithm();
         int mode = forEncryption ? . : .;
 
         if (algorithm.on(.))
         {
             PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algId.getParameters());
             PBEKeySpec pbeSpec = new PBEKeySpec(password);
 
             try
             {
                 SecretKeyFactory keyFact = .createSecretKeyFactory(algorithm.getId());
                 PBEParameterSpec defParams = new PBEParameterSpec(
                     pbeParams.getIV(),
                     pbeParams.getIterations().intValue());
                 BCPBEKey key = (BCPBEKey)keyFact.generateSecret(pbeSpec);
 
                 key.setTryWrongPKCS12Zero(wrongPKCS12Zero);
 
                 Cipher cipher = .createCipher(algorithm.getId());
 
                 cipher.init(modekeydefParams);
                 return cipher.doFinal(data);
             }
             catch (Exception e)
             {
                 throw new IOException("exception decrypting data - " + e.toString());
             }
         }
         else  if (algorithm.equals(.))
         {
             try
             {
                 Cipher cipher = createCipher(modepasswordalgId);
 
                 return cipher.doFinal(data);
             }
             catch (Exception e)
             {
                 throw new IOException("exception decrypting data - " + e.toString());
             }
         }
         else
         {
             throw new IOException("unknown PBE algorithm: " + algorithm);
         }
     }
 
     private Cipher createCipher(int modechar[] passwordAlgorithmIdentifier algId)
     {
         PBES2Parameters alg = PBES2Parameters.getInstance(algId.getParameters());
         PBKDF2Params func = PBKDF2Params.getInstance(alg.getKeyDerivationFunc().getParameters());
         AlgorithmIdentifier encScheme = AlgorithmIdentifier.getInstance(alg.getEncryptionScheme());
 
         SecretKey key;
 
         if (func.isDefaultPrf())
         {
             key = keyFact.generateSecret(new PBEKeySpec(passwordfunc.getSalt(), func.getIterationCount().intValue(), .getKeySize(encScheme)));
         }
         else
         {
             key = keyFact.generateSecret(new PBKDF2KeySpec(passwordfunc.getSalt(), func.getIterationCount().intValue(), .getKeySize(encScheme), func.getPrf()));
         }
 
         Cipher cipher = Cipher.getInstance(alg.getEncryptionScheme().getAlgorithm().getId());
 
         AlgorithmIdentifier encryptionAlg = AlgorithmIdentifier.getInstance(alg.getEncryptionScheme());
 
         ASN1Encodable encParams = alg.getEncryptionScheme().getParameters();
         if (encParams instanceof ASN1OctetString)
         {
             cipher.init(modekeynew IvParameterSpec(ASN1OctetString.getInstance(encParams).getOctets()));
         }
         else
         {
             // TODO: at the moment it's just GOST, but...
             GOST28147Parameters gParams = GOST28147Parameters.getInstance(encParams);
 
             cipher.init(modekeynew GOST28147ParameterSpec(gParams.getEncryptionParamSet(), gParams.getIV()));
         }
         return cipher;
     }
 
     public void engineLoad(
         InputStream stream,
         char[] password)
         throws IOException
     {
         if (stream == null)     // just initialising
         {
             return;
         }
 
         if (password == null)
         {
             throw new NullPointerException("No password supplied for PKCS#12 KeyStore.");
         }
 
         BufferedInputStream bufIn = new BufferedInputStream(stream);
 
         bufIn.mark(10);
 
         int head = bufIn.read();
 
         if (head != 0x30)
         {
             throw new IOException("stream does not represent a PKCS12 key store");
         }
 
         bufIn.reset();
 
         ASN1InputStream bIn = new ASN1InputStream(bufIn);
         ASN1Sequence obj = (ASN1Sequence)bIn.readObject();
         Pfx bag = Pfx.getInstance(obj);
         ContentInfo info = bag.getAuthSafe();
         Vector chain = new Vector();
         boolean unmarkedKey = false;
         boolean wrongPKCS12Zero = false;
 
         if (bag.getMacData() != null)           // check the mac code
         {
             MacData mData = bag.getMacData();
             DigestInfo dInfo = mData.getMac();
             AlgorithmIdentifier algId = dInfo.getAlgorithmId();
             byte[] salt = mData.getSalt();
             int itCount = mData.getIterationCount().intValue();
 
             byte[] data = ((ASN1OctetString)info.getContent()).getOctets();
 
             try
             {
                 byte[] res = calculatePbeMac(algId.getAlgorithm(), saltitCountpasswordfalsedata);
                 byte[] dig = dInfo.getDigest();
 
                 if (!Arrays.constantTimeAreEqual(resdig))
                 {
                     if (password.length > 0)
                     {
                         throw new IOException("PKCS12 key store mac invalid - wrong password or corrupted file.");
                     }
 
                     // Try with incorrect zero length password
                     res = calculatePbeMac(algId.getAlgorithm(), saltitCountpasswordtruedata);
 
                     if (!Arrays.constantTimeAreEqual(resdig))
                     {
                         throw new IOException("PKCS12 key store mac invalid - wrong password or corrupted file.");
                     }
 
                     wrongPKCS12Zero = true;
                 }
             }
             catch (IOException e)
             {
                 throw e;
             }
             catch (Exception e)
             {
                 throw new IOException("error constructing MAC: " + e.toString());
             }
         }
 
          = new IgnoresCaseHashtable();
          = new Hashtable();
 
         if (info.getContentType().equals())
         {
             bIn = new ASN1InputStream(((ASN1OctetString)info.getContent()).getOctets());
 
             AuthenticatedSafe authSafe = AuthenticatedSafe.getInstance(bIn.readObject());
             ContentInfo[] c = authSafe.getContentInfo();
 
             for (int i = 0; i != c.lengthi++)
             {
                 if (c[i].getContentType().equals())
                 {
                     ASN1InputStream dIn = new ASN1InputStream(((ASN1OctetString)c[i].getContent()).getOctets());
                     ASN1Sequence seq = (ASN1Sequence)dIn.readObject();
 
                     for (int j = 0; j != seq.size(); j++)
                     {
                         SafeBag b = SafeBag.getInstance(seq.getObjectAt(j));
                         if (b.getBagId().equals())
                         {
                             org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo eIn = org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo.getInstance(b.getBagValue());
                             PrivateKey privKey = unwrapKey(eIn.getEncryptionAlgorithm(), eIn.getEncryptedData(), passwordwrongPKCS12Zero);
 
                             //
                             // set the attributes on the key
                             //
                             PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier)privKey;
                             String alias = null;
                             ASN1OctetString localId = null;
 
                             if (b.getBagAttributes() != null)
                             {
                                 Enumeration e = b.getBagAttributes().getObjects();
                                 while (e.hasMoreElements())
                                 {
                                     ASN1Sequence sq = (ASN1Sequence)e.nextElement();
                                     ASN1ObjectIdentifier aOid = (ASN1ObjectIdentifier)sq.getObjectAt(0);
                                     ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1);
                                     ASN1Primitive attr = null;
 
                                     if (attrSet.size() > 0)
                                     {
                                         attr = (ASN1Primitive)attrSet.getObjectAt(0);
 
                                         ASN1Encodable existing = bagAttr.getBagAttribute(aOid);
                                         if (existing != null)
                                         {
                                             // OK, but the value has to be the same
                                             if (!existing.toASN1Primitive().equals(attr))
                                             {
                                                 throw new IOException(
                                                     "attempt to add existing attribute with different value");
                                             }
                                         }
                                         else
                                         {
                                             bagAttr.setBagAttribute(aOidattr);
                                         }
                                     }
 
                                     if (aOid.equals())
                                     {
                                         alias = ((DERBMPString)attr).getString();
                                         .put(aliasprivKey);
                                     }
                                     else if (aOid.equals())
                                     {
                                         localId = (ASN1OctetString)attr;
                                     }
                                 }
                             }
 
                             if (localId != null)
                             {
                                 String name = new String(Hex.encode(localId.getOctets()));
 
                                 if (alias == null)
                                 {
                                     .put(nameprivKey);
                                 }
                                 else
                                 {
                                     .put(aliasname);
                                 }
                             }
                             else
                             {
                                 unmarkedKey = true;
                                 .put("unmarked"privKey);
                             }
                         }
                         else if (b.getBagId().equals())
                         {
                             chain.addElement(b);
                         }
                         else
                         {
                             ..println("extra in data " + b.getBagId());
                             ..println(ASN1Dump.dumpAsString(b));
                         }
                     }
                 }
                 else if (c[i].getContentType().equals())
                 {
                     EncryptedData d = EncryptedData.getInstance(c[i].getContent());
                     byte[] octets = cryptData(falsed.getEncryptionAlgorithm(),
                         passwordwrongPKCS12Zerod.getContent().getOctets());
                     ASN1Sequence seq = (ASN1Sequence)ASN1Primitive.fromByteArray(octets);
 
                     for (int j = 0; j != seq.size(); j++)
                     {
                         SafeBag b = SafeBag.getInstance(seq.getObjectAt(j));
 
                         if (b.getBagId().equals())
                         {
                             chain.addElement(b);
                         }
                         else if (b.getBagId().equals())
                         {
                             org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo eIn = org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo.getInstance(b.getBagValue());
                             PrivateKey privKey = unwrapKey(eIn.getEncryptionAlgorithm(), eIn.getEncryptedData(), passwordwrongPKCS12Zero);
 
                             //
                             // set the attributes on the key
                             //
                             PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier)privKey;
                             String alias = null;
                             ASN1OctetString localId = null;
 
                             Enumeration e = b.getBagAttributes().getObjects();
                             while (e.hasMoreElements())
                             {
                                 ASN1Sequence sq = (ASN1Sequence)e.nextElement();
                                 ASN1ObjectIdentifier aOid = (ASN1ObjectIdentifier)sq.getObjectAt(0);
                                 ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1);
                                 ASN1Primitive attr = null;
 
                                 if (attrSet.size() > 0)
                                 {
                                     attr = (ASN1Primitive)attrSet.getObjectAt(0);
 
                                     ASN1Encodable existing = bagAttr.getBagAttribute(aOid);
                                     if (existing != null)
                                     {
                                         // OK, but the value has to be the same
                                         if (!existing.toASN1Primitive().equals(attr))
                                         {
                                             throw new IOException(
                                                 "attempt to add existing attribute with different value");
                                         }
                                     }
                                     else
                                     {
                                        bagAttr.setBagAttribute(aOidattr);
                                    }
                                }
                                if (aOid.equals())
                                {
                                    alias = ((DERBMPString)attr).getString();
                                    .put(aliasprivKey);
                                }
                                else if (aOid.equals())
                                {
                                    localId = (ASN1OctetString)attr;
                                }
                            }
                            String name = new String(Hex.encode(localId.getOctets()));
                            if (alias == null)
                            {
                                .put(nameprivKey);
                            }
                            else
                            {
                                .put(aliasname);
                            }
                        }
                        else if (b.getBagId().equals())
                        {
                            org.bouncycastle.asn1.pkcs.PrivateKeyInfo kInfo = org.bouncycastle.asn1.pkcs.PrivateKeyInfo.getInstance(b.getBagValue());
                            PrivateKey privKey = BouncyCastleProvider.getPrivateKey(kInfo);
                            //
                            // set the attributes on the key
                            //
                            PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier)privKey;
                            String alias = null;
                            ASN1OctetString localId = null;
                            Enumeration e = b.getBagAttributes().getObjects();
                            while (e.hasMoreElements())
                            {
                                ASN1Sequence sq = ASN1Sequence.getInstance(e.nextElement());
                                ASN1ObjectIdentifier aOid = ASN1ObjectIdentifier.getInstance(sq.getObjectAt(0));
                                ASN1Set attrSet = ASN1Set.getInstance(sq.getObjectAt(1));
                                ASN1Primitive attr = null;
                                if (attrSet.size() > 0)
                                {
                                    attr = (ASN1Primitive)attrSet.getObjectAt(0);
                                    ASN1Encodable existing = bagAttr.getBagAttribute(aOid);
                                    if (existing != null)
                                    {
                                        // OK, but the value has to be the same