Java Code Examples for sun.security.util.DerOutputStream#putInteger()

/**
 * Sign all the data thus far updated. The signature is formatted
 * according to the Canonical Encoding Rules, returned as a DER
 * sequence of Integer, r and s.
 *
 * @return a signature block formatted according to the Canonical
 * Encoding Rules.
 *
 * @exception SignatureException if the signature object was not
 * properly initialized, or if another exception occurs.
 *
 * @see sun.security.DSA#engineUpdate
 * @see sun.security.DSA#engineVerify
 */
protected byte[] engineSign() throws SignatureException {
    BigInteger k = generateK(presetQ);
    BigInteger r = generateR(presetP, presetQ, presetG, k);
    BigInteger s = generateS(presetX, presetQ, r, k);

    try {
        DerOutputStream outseq = new DerOutputStream(100);
        outseq.putInteger(r);
        outseq.putInteger(s);
        DerValue result = new DerValue(DerValue.tag_Sequence,
                                       outseq.toByteArray());

        return result.toByteArray();

    } catch (IOException e) {
        throw new SignatureException("error encoding signature");
    }
}
 

/**
 * Sign all the data thus far updated. The signature is formatted
 * according to the Canonical Encoding Rules, returned as a DER
 * sequence of Integer, r and s.
 *
 * @return a signature block formatted according to the Canonical
 * Encoding Rules.
 *
 * @exception SignatureException if the signature object was not
 * properly initialized, or if another exception occurs.
 *
 * @see sun.security.DSA#engineUpdate
 * @see sun.security.DSA#engineVerify
 */
protected byte[] engineSign() throws SignatureException {
    BigInteger k = generateK(presetQ);
    BigInteger r = generateR(presetP, presetQ, presetG, k);
    BigInteger s = generateS(presetX, presetQ, r, k);

    try {
        DerOutputStream outseq = new DerOutputStream(100);
        outseq.putInteger(r);
        outseq.putInteger(s);
        DerValue result = new DerValue(DerValue.tag_Sequence,
                                       outseq.toByteArray());

        return result.toByteArray();

    } catch (IOException e) {
        throw new SignatureException("error encoding signature");
    }
}
 

/**
 * Sign all the data thus far updated. The signature is formatted
 * according to the Canonical Encoding Rules, returned as a DER
 * sequence of Integer, r and s.
 *
 * @return a signature block formatted according to the Canonical
 * Encoding Rules.
 *
 * @exception SignatureException if the signature object was not
 * properly initialized, or if another exception occurs.
 *
 * @see sun.security.DSA#engineUpdate
 * @see sun.security.DSA#engineVerify
 */
protected byte[] engineSign() throws SignatureException {
    BigInteger k = generateK(presetQ);
    BigInteger r = generateR(presetP, presetQ, presetG, k);
    BigInteger s = generateS(presetX, presetQ, r, k);

    try {
        DerOutputStream outseq = new DerOutputStream(100);
        outseq.putInteger(r);
        outseq.putInteger(s);
        DerValue result = new DerValue(DerValue.tag_Sequence,
                                       outseq.toByteArray());

        return result.toByteArray();

    } catch (IOException e) {
        throw new SignatureException("error encoding signature");
    }
}
 

/**
 * Returns the ASN.1 encoding of this object.
 * @return the ASN.1 encoding.
 * @exception IOException if error occurs when constructing its
 * ASN.1 encoding.
 */
public byte[] getEncoded() throws NoSuchAlgorithmException, IOException
{
    if (this.encoded != null)
        return this.encoded.clone();

    DerOutputStream out = new DerOutputStream();
    DerOutputStream tmp = new DerOutputStream();

    DerOutputStream tmp2 = new DerOutputStream();
    // encode encryption algorithm
    AlgorithmId algid = AlgorithmId.get(digestAlgorithmName);
    algid.encode(tmp2);

    // encode digest data
    tmp2.putOctetString(digest);

    tmp.write(DerValue.tag_Sequence, tmp2);

    // encode salt
    tmp.putOctetString(macSalt);

    // encode iterations
    tmp.putInteger(iterations);

    // wrap everything into a SEQUENCE
    out.write(DerValue.tag_Sequence, tmp);
    this.encoded = out.toByteArray();

    return this.encoded.clone();
}
 

public byte[] encode() throws IOException {

        DerOutputStream request = new DerOutputStream();

        // encode version
        request.putInteger(version);

        // encode messageImprint
        DerOutputStream messageImprint = new DerOutputStream();
        hashAlgorithmId.encode(messageImprint);
        messageImprint.putOctetString(hashValue);
        request.write(DerValue.tag_Sequence, messageImprint);

        // encode optional elements

        if (policyId != null) {
            request.putOID(new ObjectIdentifier(policyId));
        }
        if (nonce != null) {
            request.putInteger(nonce);
        }
        if (returnCertificate) {
            request.putBoolean(true);
        }

        DerOutputStream out = new DerOutputStream();
        out.write(DerValue.tag_Sequence, request);
        return out.toByteArray();
    }
 

public byte[] encode() throws IOException {

        DerOutputStream request = new DerOutputStream();

        // encode version
        request.putInteger(version);

        // encode messageImprint
        DerOutputStream messageImprint = new DerOutputStream();
        hashAlgorithmId.encode(messageImprint);
        messageImprint.putOctetString(hashValue);
        request.write(DerValue.tag_Sequence, messageImprint);

        // encode optional elements

        if (policyId != null) {
            request.putOID(new ObjectIdentifier(policyId));
        }
        if (nonce != null) {
            request.putInteger(nonce);
        }
        if (returnCertificate) {
            request.putBoolean(true);
        }

        DerOutputStream out = new DerOutputStream();
        out.write(DerValue.tag_Sequence, request);
        return out.toByteArray();
    }
 

protected byte[] engineGetEncoded() throws IOException {
    DerOutputStream out = new DerOutputStream();
    DerOutputStream bytes = new DerOutputStream();

    bytes.putInteger(p);
    bytes.putInteger(q);
    bytes.putInteger(g);
    out.write(DerValue.tag_Sequence, bytes);
    return out.toByteArray();
}
 

/**
 * Returns the ASN.1 encoding of this object.
 * @return the ASN.1 encoding.
 * @exception IOException if error occurs when constructing its
 * ASN.1 encoding.
 */
public byte[] getEncoded() throws NoSuchAlgorithmException, IOException
{
    if (this.encoded != null)
        return this.encoded.clone();

    DerOutputStream out = new DerOutputStream();
    DerOutputStream tmp = new DerOutputStream();

    DerOutputStream tmp2 = new DerOutputStream();
    // encode encryption algorithm
    AlgorithmId algid = AlgorithmId.get(digestAlgorithmName);
    algid.encode(tmp2);

    // encode digest data
    tmp2.putOctetString(digest);

    tmp.write(DerValue.tag_Sequence, tmp2);

    // encode salt
    tmp.putOctetString(macSalt);

    // encode iterations
    tmp.putInteger(iterations);

    // wrap everything into a SEQUENCE
    out.write(DerValue.tag_Sequence, tmp);
    this.encoded = out.toByteArray();

    return this.encoded.clone();
}
 

/**
 * Returns the ASN.1 encoding of this object.
 * @return the ASN.1 encoding.
 * @exception IOException if error occurs when constructing its
 * ASN.1 encoding.
 */
public byte[] getEncoded() throws NoSuchAlgorithmException, IOException
{
    if (this.encoded != null)
        return this.encoded.clone();

    DerOutputStream out = new DerOutputStream();
    DerOutputStream tmp = new DerOutputStream();

    DerOutputStream tmp2 = new DerOutputStream();
    // encode encryption algorithm
    AlgorithmId algid = AlgorithmId.get(digestAlgorithmName);
    algid.encode(tmp2);

    // encode digest data
    tmp2.putOctetString(digest);

    tmp.write(DerValue.tag_Sequence, tmp2);

    // encode salt
    tmp.putOctetString(macSalt);

    // encode iterations
    tmp.putInteger(iterations);

    // wrap everything into a SEQUENCE
    out.write(DerValue.tag_Sequence, tmp);
    this.encoded = out.toByteArray();

    return this.encoded.clone();
}
 

/**
 * DER encode this object onto an output stream.
 * Implements the {@code DerEncoder} interface.
 *
 * @param out
 * the output stream on which to write the DER encoding.
 *
 * @exception IOException on encoding error.
 */
public void derEncode(OutputStream out) throws IOException {
    DerOutputStream seq = new DerOutputStream();
    seq.putInteger(version);
    DerOutputStream issuerAndSerialNumber = new DerOutputStream();
    issuerName.encode(issuerAndSerialNumber);
    issuerAndSerialNumber.putInteger(certificateSerialNumber);
    seq.write(DerValue.tag_Sequence, issuerAndSerialNumber);

    digestAlgorithmId.encode(seq);

    // encode authenticated attributes if there are any
    if (authenticatedAttributes != null)
        authenticatedAttributes.encode((byte)0xA0, seq);

    digestEncryptionAlgorithmId.encode(seq);

    seq.putOctetString(encryptedDigest);

    // encode unauthenticated attributes if there are any
    if (unauthenticatedAttributes != null)
        unauthenticatedAttributes.encode((byte)0xA1, seq);

    DerOutputStream tmp = new DerOutputStream();
    tmp.write(DerValue.tag_Sequence, seq);

    out.write(tmp.toByteArray());
}
 

protected byte[] engineGetEncoded() throws IOException {
    DerOutputStream out = new DerOutputStream();
    DerOutputStream bytes = new DerOutputStream();

    bytes.putInteger(p);
    bytes.putInteger(q);
    bytes.putInteger(g);
    out.write(DerValue.tag_Sequence, bytes);
    return out.toByteArray();
}
 

public byte[] encode() throws IOException {

        DerOutputStream request = new DerOutputStream();

        // encode version
        request.putInteger(version);

        // encode messageImprint
        DerOutputStream messageImprint = new DerOutputStream();
        hashAlgorithmId.encode(messageImprint);
        messageImprint.putOctetString(hashValue);
        request.write(DerValue.tag_Sequence, messageImprint);

        // encode optional elements

        if (policyId != null) {
            request.putOID(new ObjectIdentifier(policyId));
        }
        if (nonce != null) {
            request.putInteger(nonce);
        }
        if (returnCertificate) {
            request.putBoolean(true);
        }

        DerOutputStream out = new DerOutputStream();
        out.write(DerValue.tag_Sequence, request);
        return out.toByteArray();
    }
 

public byte[] encode() throws IOException {

        DerOutputStream request = new DerOutputStream();

        // encode version
        request.putInteger(version);

        // encode messageImprint
        DerOutputStream messageImprint = new DerOutputStream();
        hashAlgorithmId.encode(messageImprint);
        messageImprint.putOctetString(hashValue);
        request.write(DerValue.tag_Sequence, messageImprint);

        // encode optional elements

        if (policyId != null) {
            request.putOID(new ObjectIdentifier(policyId));
        }
        if (nonce != null) {
            request.putInteger(nonce);
        }
        if (returnCertificate) {
            request.putBoolean(true);
        }

        DerOutputStream out = new DerOutputStream();
        out.write(DerValue.tag_Sequence, request);
        return out.toByteArray();
    }
 

private void encodeThis() throws IOException {
    DerOutputStream out = new DerOutputStream();
    out.putInteger(skipCerts);
    this.extensionValue = out.toByteArray();
}
 

/**
 * Stores this keystore to the given output stream, and protects its
 * integrity with the given password.
 *
 * @param stream the output stream to which this keystore is written.
 * @param password the password to generate the keystore integrity check
 *
 * @exception IOException if there was an I/O problem with data
 * @exception NoSuchAlgorithmException if the appropriate data integrity
 * algorithm could not be found
 * @exception CertificateException if any of the certificates included in
 * the keystore data could not be stored
 */
public synchronized void engineStore(OutputStream stream, char[] password)
    throws IOException, NoSuchAlgorithmException, CertificateException
{
    // password is mandatory when storing
    if (password == null) {
       throw new IllegalArgumentException("password can't be null");
    }

    // -- Create PFX
    DerOutputStream pfx = new DerOutputStream();

    // PFX version (always write the latest version)
    DerOutputStream version = new DerOutputStream();
    version.putInteger(VERSION_3);
    byte[] pfxVersion = version.toByteArray();
    pfx.write(pfxVersion);

    // -- Create AuthSafe
    DerOutputStream authSafe = new DerOutputStream();

    // -- Create ContentInfos
    DerOutputStream authSafeContentInfo = new DerOutputStream();

    // -- create safeContent Data ContentInfo
    if (privateKeyCount > 0 || secretKeyCount > 0) {

        if (debug != null) {
            debug.println("Storing " + (privateKeyCount + secretKeyCount) +
                " protected key(s) in a PKCS#7 data content-type");
        }

        byte[] safeContentData = createSafeContent();
        ContentInfo dataContentInfo = new ContentInfo(safeContentData);
        dataContentInfo.encode(authSafeContentInfo);
    }

    // -- create EncryptedContentInfo
    if (certificateCount > 0) {

        if (debug != null) {
            debug.println("Storing " + certificateCount +
                " certificate(s) in a PKCS#7 encryptedData content-type");
        }

        byte[] encrData = createEncryptedData(password);
        ContentInfo encrContentInfo =
            new ContentInfo(ContentInfo.ENCRYPTED_DATA_OID,
                            new DerValue(encrData));
        encrContentInfo.encode(authSafeContentInfo);
    }

    // wrap as SequenceOf ContentInfos
    DerOutputStream cInfo = new DerOutputStream();
    cInfo.write(DerValue.tag_SequenceOf, authSafeContentInfo);
    byte[] authenticatedSafe = cInfo.toByteArray();

    // Create Encapsulated ContentInfo
    ContentInfo contentInfo = new ContentInfo(authenticatedSafe);
    contentInfo.encode(authSafe);
    byte[] authSafeData = authSafe.toByteArray();
    pfx.write(authSafeData);

    // -- MAC
    byte[] macData = calculateMac(password, authenticatedSafe);
    pfx.write(macData);

    // write PFX to output stream
    DerOutputStream pfxout = new DerOutputStream();
    pfxout.write(DerValue.tag_Sequence, pfx);
    byte[] pfxData = pfxout.toByteArray();
    stream.write(pfxData);
    stream.flush();
}
 

/**
 * Stores this keystore to the given output stream, and protects its
 * integrity with the given password.
 *
 * @param stream the output stream to which this keystore is written.
 * @param password the password to generate the keystore integrity check
 *
 * @exception IOException if there was an I/O problem with data
 * @exception NoSuchAlgorithmException if the appropriate data integrity
 * algorithm could not be found
 * @exception CertificateException if any of the certificates included in
 * the keystore data could not be stored
 */
public synchronized void engineStore(OutputStream stream, char[] password)
    throws IOException, NoSuchAlgorithmException, CertificateException
{
    // password is mandatory when storing
    if (password == null) {
       throw new IllegalArgumentException("password can't be null");
    }

    // -- Create PFX
    DerOutputStream pfx = new DerOutputStream();

    // PFX version (always write the latest version)
    DerOutputStream version = new DerOutputStream();
    version.putInteger(VERSION_3);
    byte[] pfxVersion = version.toByteArray();
    pfx.write(pfxVersion);

    // -- Create AuthSafe
    DerOutputStream authSafe = new DerOutputStream();

    // -- Create ContentInfos
    DerOutputStream authSafeContentInfo = new DerOutputStream();

    // -- create safeContent Data ContentInfo
    if (privateKeyCount > 0 || secretKeyCount > 0) {

        if (debug != null) {
            debug.println("Storing " + (privateKeyCount + secretKeyCount) +
                " protected key(s) in a PKCS#7 data content-type");
        }

        byte[] safeContentData = createSafeContent();
        ContentInfo dataContentInfo = new ContentInfo(safeContentData);
        dataContentInfo.encode(authSafeContentInfo);
    }

    // -- create EncryptedContentInfo
    if (certificateCount > 0) {

        if (debug != null) {
            debug.println("Storing " + certificateCount +
                " certificate(s) in a PKCS#7 encryptedData content-type");
        }

        byte[] encrData = createEncryptedData(password);
        ContentInfo encrContentInfo =
            new ContentInfo(ContentInfo.ENCRYPTED_DATA_OID,
                            new DerValue(encrData));
        encrContentInfo.encode(authSafeContentInfo);
    }

    // wrap as SequenceOf ContentInfos
    DerOutputStream cInfo = new DerOutputStream();
    cInfo.write(DerValue.tag_SequenceOf, authSafeContentInfo);
    byte[] authenticatedSafe = cInfo.toByteArray();

    // Create Encapsulated ContentInfo
    ContentInfo contentInfo = new ContentInfo(authenticatedSafe);
    contentInfo.encode(authSafe);
    byte[] authSafeData = authSafe.toByteArray();
    pfx.write(authSafeData);

    // -- MAC
    byte[] macData = calculateMac(password, authenticatedSafe);
    pfx.write(macData);

    // write PFX to output stream
    DerOutputStream pfxout = new DerOutputStream();
    pfxout.write(DerValue.tag_Sequence, pfx);
    byte[] pfxData = pfxout.toByteArray();
    stream.write(pfxData);
    stream.flush();
}
 

private void encodeThis() throws IOException {
    DerOutputStream out = new DerOutputStream();
    out.putInteger(skipCerts);
    this.extensionValue = out.toByteArray();
}
 

/**
 * Stores this keystore to the given output stream, and protects its
 * integrity with the given password.
 *
 * @param stream the output stream to which this keystore is written.
 * @param password the password to generate the keystore integrity check
 *
 * @exception IOException if there was an I/O problem with data
 * @exception NoSuchAlgorithmException if the appropriate data integrity
 * algorithm could not be found
 * @exception CertificateException if any of the certificates included in
 * the keystore data could not be stored
 */
public synchronized void engineStore(OutputStream stream, char[] password)
    throws IOException, NoSuchAlgorithmException, CertificateException
{
    // password is mandatory when storing
    if (password == null) {
       throw new IllegalArgumentException("password can't be null");
    }

    // -- Create PFX
    DerOutputStream pfx = new DerOutputStream();

    // PFX version (always write the latest version)
    DerOutputStream version = new DerOutputStream();
    version.putInteger(VERSION_3);
    byte[] pfxVersion = version.toByteArray();
    pfx.write(pfxVersion);

    // -- Create AuthSafe
    DerOutputStream authSafe = new DerOutputStream();

    // -- Create ContentInfos
    DerOutputStream authSafeContentInfo = new DerOutputStream();

    // -- create safeContent Data ContentInfo
    if (privateKeyCount > 0 || secretKeyCount > 0) {

        if (debug != null) {
            debug.println("Storing " + (privateKeyCount + secretKeyCount) +
                " protected key(s) in a PKCS#7 data");
        }

        byte[] safeContentData = createSafeContent();
        ContentInfo dataContentInfo = new ContentInfo(safeContentData);
        dataContentInfo.encode(authSafeContentInfo);
    }

    // -- create EncryptedContentInfo
    if (certificateCount > 0) {

        if (debug != null) {
            debug.println("Storing " + certificateCount +
                " certificate(s) in a PKCS#7 encryptedData");
        }

        byte[] encrData = createEncryptedData(password);
        ContentInfo encrContentInfo =
            new ContentInfo(ContentInfo.ENCRYPTED_DATA_OID,
                            new DerValue(encrData));
        encrContentInfo.encode(authSafeContentInfo);
    }

    // wrap as SequenceOf ContentInfos
    DerOutputStream cInfo = new DerOutputStream();
    cInfo.write(DerValue.tag_SequenceOf, authSafeContentInfo);
    byte[] authenticatedSafe = cInfo.toByteArray();

    // Create Encapsulated ContentInfo
    ContentInfo contentInfo = new ContentInfo(authenticatedSafe);
    contentInfo.encode(authSafe);
    byte[] authSafeData = authSafe.toByteArray();
    pfx.write(authSafeData);

    // -- MAC
    byte[] macData = calculateMac(password, authenticatedSafe);
    pfx.write(macData);

    // write PFX to output stream
    DerOutputStream pfxout = new DerOutputStream();
    pfxout.write(DerValue.tag_Sequence, pfx);
    byte[] pfxData = pfxout.toByteArray();
    stream.write(pfxData);
    stream.flush();
}
 

/**
 * Stores this keystore to the given output stream, and protects its
 * integrity with the given password.
 *
 * @param stream the output stream to which this keystore is written.
 * @param password the password to generate the keystore integrity check
 *
 * @exception IOException if there was an I/O problem with data
 * @exception NoSuchAlgorithmException if the appropriate data integrity
 * algorithm could not be found
 * @exception CertificateException if any of the certificates included in
 * the keystore data could not be stored
 */
public synchronized void engineStore(OutputStream stream, char[] password)
    throws IOException, NoSuchAlgorithmException, CertificateException
{
    // password is mandatory when storing
    if (password == null) {
       throw new IllegalArgumentException("password can't be null");
    }

    // -- Create PFX
    DerOutputStream pfx = new DerOutputStream();

    // PFX version (always write the latest version)
    DerOutputStream version = new DerOutputStream();
    version.putInteger(VERSION_3);
    byte[] pfxVersion = version.toByteArray();
    pfx.write(pfxVersion);

    // -- Create AuthSafe
    DerOutputStream authSafe = new DerOutputStream();

    // -- Create ContentInfos
    DerOutputStream authSafeContentInfo = new DerOutputStream();

    // -- create safeContent Data ContentInfo
    if (privateKeyCount > 0 || secretKeyCount > 0) {

        if (debug != null) {
            debug.println("Storing " + (privateKeyCount + secretKeyCount) +
                " protected key(s) in a PKCS#7 data content-type");
        }

        byte[] safeContentData = createSafeContent();
        ContentInfo dataContentInfo = new ContentInfo(safeContentData);
        dataContentInfo.encode(authSafeContentInfo);
    }

    // -- create EncryptedContentInfo
    if (certificateCount > 0) {

        if (debug != null) {
            debug.println("Storing " + certificateCount +
                " certificate(s) in a PKCS#7 encryptedData content-type");
        }

        byte[] encrData = createEncryptedData(password);
        ContentInfo encrContentInfo =
            new ContentInfo(ContentInfo.ENCRYPTED_DATA_OID,
                            new DerValue(encrData));
        encrContentInfo.encode(authSafeContentInfo);
    }

    // wrap as SequenceOf ContentInfos
    DerOutputStream cInfo = new DerOutputStream();
    cInfo.write(DerValue.tag_SequenceOf, authSafeContentInfo);
    byte[] authenticatedSafe = cInfo.toByteArray();

    // Create Encapsulated ContentInfo
    ContentInfo contentInfo = new ContentInfo(authenticatedSafe);
    contentInfo.encode(authSafe);
    byte[] authSafeData = authSafe.toByteArray();
    pfx.write(authSafeData);

    // -- MAC
    byte[] macData = calculateMac(password, authenticatedSafe);
    pfx.write(macData);

    // write PFX to output stream
    DerOutputStream pfxout = new DerOutputStream();
    pfxout.write(DerValue.tag_Sequence, pfx);
    byte[] pfxData = pfxout.toByteArray();
    stream.write(pfxData);
    stream.flush();
}
 

/**
 * Stores this keystore to the given output stream, and protects its
 * integrity with the given password.
 *
 * @param stream the output stream to which this keystore is written.
 * @param password the password to generate the keystore integrity check
 *
 * @exception IOException if there was an I/O problem with data
 * @exception NoSuchAlgorithmException if the appropriate data integrity
 * algorithm could not be found
 * @exception CertificateException if any of the certificates included in
 * the keystore data could not be stored
 */
public synchronized void engineStore(OutputStream stream, char[] password)
    throws IOException, NoSuchAlgorithmException, CertificateException
{
    // password is mandatory when storing
    if (password == null) {
       throw new IllegalArgumentException("password can't be null");
    }

    // -- Create PFX
    DerOutputStream pfx = new DerOutputStream();

    // PFX version (always write the latest version)
    DerOutputStream version = new DerOutputStream();
    version.putInteger(VERSION_3);
    byte[] pfxVersion = version.toByteArray();
    pfx.write(pfxVersion);

    // -- Create AuthSafe
    DerOutputStream authSafe = new DerOutputStream();

    // -- Create ContentInfos
    DerOutputStream authSafeContentInfo = new DerOutputStream();

    // -- create safeContent Data ContentInfo
    if (privateKeyCount > 0 || secretKeyCount > 0) {

        if (debug != null) {
            debug.println("Storing " + (privateKeyCount + secretKeyCount) +
                " protected key(s) in a PKCS#7 data");
        }

        byte[] safeContentData = createSafeContent();
        ContentInfo dataContentInfo = new ContentInfo(safeContentData);
        dataContentInfo.encode(authSafeContentInfo);
    }

    // -- create EncryptedContentInfo
    if (certificateCount > 0) {

        if (debug != null) {
            debug.println("Storing " + certificateCount +
                " certificate(s) in a PKCS#7 encryptedData");
        }

        byte[] encrData = createEncryptedData(password);
        ContentInfo encrContentInfo =
            new ContentInfo(ContentInfo.ENCRYPTED_DATA_OID,
                            new DerValue(encrData));
        encrContentInfo.encode(authSafeContentInfo);
    }

    // wrap as SequenceOf ContentInfos
    DerOutputStream cInfo = new DerOutputStream();
    cInfo.write(DerValue.tag_SequenceOf, authSafeContentInfo);
    byte[] authenticatedSafe = cInfo.toByteArray();

    // Create Encapsulated ContentInfo
    ContentInfo contentInfo = new ContentInfo(authenticatedSafe);
    contentInfo.encode(authSafe);
    byte[] authSafeData = authSafe.toByteArray();
    pfx.write(authSafeData);

    // -- MAC
    byte[] macData = calculateMac(password, authenticatedSafe);
    pfx.write(macData);

    // write PFX to output stream
    DerOutputStream pfxout = new DerOutputStream();
    pfxout.write(DerValue.tag_Sequence, pfx);
    byte[] pfxData = pfxout.toByteArray();
    stream.write(pfxData);
    stream.flush();
}