Java Code Examples for sun.security.x509.AlgorithmId#get()

/**
 * Write the certificate file with a digital signature.
 */
private void writeSignatureBlock(Signature signature, X509Certificate publicKey,
                                 PrivateKey privateKey)
        throws IOException, GeneralSecurityException {
    SignerInfo signerInfo = new SignerInfo(
            new X500Name(publicKey.getIssuerX500Principal().getName()),
            publicKey.getSerialNumber(),
            AlgorithmId.get(DIGEST_ALGORITHM),
            AlgorithmId.get(privateKey.getAlgorithm()),
            signature.sign());
    PKCS7 pkcs7 = new PKCS7(
            new AlgorithmId[]{AlgorithmId.get(DIGEST_ALGORITHM)},
            new ContentInfo(ContentInfo.DATA_OID, null),
            new X509Certificate[]{publicKey},
            new SignerInfo[]{signerInfo});
    pkcs7.encodeSignedData(mOutputJar);
}
 

/**
 * Constructs an <code>EncryptedPrivateKeyInfo</code> from the
 * encryption algorithm parameters and the encrypted data.
 *
 * @param algParams the algorithm parameters for the encryption
 * algorithm. <code>algParams.getEncoded()</code> should return
 * the ASN.1 encoded bytes of the <code>parameters</code> field
 * of the <code>AlgorithmIdentifer</code> component of the
 * <code>EncryptedPrivateKeyInfo</code> type.
 * @param encryptedData encrypted data. The contents of
 * <code>encrypedData</code> are copied to protect against
 * subsequent modification when constructing this object.
 * @exception NullPointerException if <code>algParams</code> or
 * <code>encryptedData</code> is null.
 * @exception IllegalArgumentException if <code>encryptedData</code>
 * is empty, i.e. 0-length.
 * @exception NoSuchAlgorithmException if the specified algName of
 * the specified <code>algParams</code> parameter is not supported.
 */
public EncryptedPrivateKeyInfo(AlgorithmParameters algParams,
    byte[] encryptedData) throws NoSuchAlgorithmException {

    if (algParams == null) {
        throw new NullPointerException("algParams must be non-null");
    }
    this.algid = AlgorithmId.get(algParams);

    if (encryptedData == null) {
        throw new NullPointerException("encryptedData must be non-null");
    } else if (encryptedData.length == 0) {
        throw new IllegalArgumentException("the encryptedData " +
                                            "parameter must not be empty");
    } else {
        this.encryptedData = encryptedData.clone();
    }

    // delay the generation of ASN.1 encoding until
    // getEncoded() is called
    this.encoded = null;
}
 

/**
 * Constructs an <code>EncryptedPrivateKeyInfo</code> from the
 * encryption algorithm parameters and the encrypted data.
 *
 * @param algParams the algorithm parameters for the encryption
 * algorithm. <code>algParams.getEncoded()</code> should return
 * the ASN.1 encoded bytes of the <code>parameters</code> field
 * of the <code>AlgorithmIdentifer</code> component of the
 * <code>EncryptedPrivateKeyInfo</code> type.
 * @param encryptedData encrypted data. The contents of
 * <code>encrypedData</code> are copied to protect against
 * subsequent modification when constructing this object.
 * @exception NullPointerException if <code>algParams</code> or
 * <code>encryptedData</code> is null.
 * @exception IllegalArgumentException if <code>encryptedData</code>
 * is empty, i.e. 0-length.
 * @exception NoSuchAlgorithmException if the specified algName of
 * the specified <code>algParams</code> parameter is not supported.
 */
public EncryptedPrivateKeyInfo(AlgorithmParameters algParams,
    byte[] encryptedData) throws NoSuchAlgorithmException {

    if (algParams == null) {
        throw new NullPointerException("algParams must be non-null");
    }
    this.algid = AlgorithmId.get(algParams);

    if (encryptedData == null) {
        throw new NullPointerException("encryptedData must be non-null");
    } else if (encryptedData.length == 0) {
        throw new IllegalArgumentException("the encryptedData " +
                                            "parameter must not be empty");
    } else {
        this.encryptedData = encryptedData.clone();
    }

    // delay the generation of ASN.1 encoding until
    // getEncoded() is called
    this.encoded = null;
}
 

/**
 * Constructs an <code>EncryptedPrivateKeyInfo</code> from the
 * encryption algorithm parameters and the encrypted data.
 *
 * @param algParams the algorithm parameters for the encryption
 * algorithm. <code>algParams.getEncoded()</code> should return
 * the ASN.1 encoded bytes of the <code>parameters</code> field
 * of the <code>AlgorithmIdentifer</code> component of the
 * <code>EncryptedPrivateKeyInfo</code> type.
 * @param encryptedData encrypted data. The contents of
 * <code>encrypedData</code> are copied to protect against
 * subsequent modification when constructing this object.
 * @exception NullPointerException if <code>algParams</code> or
 * <code>encryptedData</code> is null.
 * @exception IllegalArgumentException if <code>encryptedData</code>
 * is empty, i.e. 0-length.
 * @exception NoSuchAlgorithmException if the specified algName of
 * the specified <code>algParams</code> parameter is not supported.
 */
public EncryptedPrivateKeyInfo(AlgorithmParameters algParams,
    byte[] encryptedData) throws NoSuchAlgorithmException {

    if (algParams == null) {
        throw new NullPointerException("algParams must be non-null");
    }
    this.algid = AlgorithmId.get(algParams);

    if (encryptedData == null) {
        throw new NullPointerException("encryptedData must be non-null");
    } else if (encryptedData.length == 0) {
        throw new IllegalArgumentException("the encryptedData " +
                                            "parameter must not be empty");
    } else {
        this.encryptedData = encryptedData.clone();
    }

    // delay the generation of ASN.1 encoding until
    // getEncoded() is called
    this.encoded = null;
}
 

/**
 * Constructs an <code>EncryptedPrivateKeyInfo</code> from the
 * encryption algorithm parameters and the encrypted data.
 *
 * @param algParams the algorithm parameters for the encryption
 * algorithm. <code>algParams.getEncoded()</code> should return
 * the ASN.1 encoded bytes of the <code>parameters</code> field
 * of the <code>AlgorithmIdentifer</code> component of the
 * <code>EncryptedPrivateKeyInfo</code> type.
 * @param encryptedData encrypted data. The contents of
 * <code>encrypedData</code> are copied to protect against
 * subsequent modification when constructing this object.
 * @exception NullPointerException if <code>algParams</code> or
 * <code>encryptedData</code> is null.
 * @exception IllegalArgumentException if <code>encryptedData</code>
 * is empty, i.e. 0-length.
 * @exception NoSuchAlgorithmException if the specified algName of
 * the specified <code>algParams</code> parameter is not supported.
 */
public EncryptedPrivateKeyInfo(AlgorithmParameters algParams,
    byte[] encryptedData) throws NoSuchAlgorithmException {

    if (algParams == null) {
        throw new NullPointerException("algParams must be non-null");
    }
    this.algid = AlgorithmId.get(algParams);

    if (encryptedData == null) {
        throw new NullPointerException("encryptedData must be non-null");
    } else if (encryptedData.length == 0) {
        throw new IllegalArgumentException("the encryptedData " +
                                            "parameter must not be empty");
    } else {
        this.encryptedData = encryptedData.clone();
    }

    // delay the generation of ASN.1 encoding until
    // getEncoded() is called
    this.encoded = null;
}
 

/**
 * Constructs an <code>EncryptedPrivateKeyInfo</code> from the
 * encryption algorithm parameters and the encrypted data.
 *
 * @param algParams the algorithm parameters for the encryption
 * algorithm. <code>algParams.getEncoded()</code> should return
 * the ASN.1 encoded bytes of the <code>parameters</code> field
 * of the <code>AlgorithmIdentifer</code> component of the
 * <code>EncryptedPrivateKeyInfo</code> type.
 * @param encryptedData encrypted data. The contents of
 * <code>encrypedData</code> are copied to protect against
 * subsequent modification when constructing this object.
 * @exception NullPointerException if <code>algParams</code> or
 * <code>encryptedData</code> is null.
 * @exception IllegalArgumentException if <code>encryptedData</code>
 * is empty, i.e. 0-length.
 * @exception NoSuchAlgorithmException if the specified algName of
 * the specified <code>algParams</code> parameter is not supported.
 */
public EncryptedPrivateKeyInfo(AlgorithmParameters algParams,
    byte[] encryptedData) throws NoSuchAlgorithmException {

    if (algParams == null) {
        throw new NullPointerException("algParams must be non-null");
    }
    this.algid = AlgorithmId.get(algParams);

    if (encryptedData == null) {
        throw new NullPointerException("encryptedData must be non-null");
    } else if (encryptedData.length == 0) {
        throw new IllegalArgumentException("the encryptedData " +
                                            "parameter must not be empty");
    } else {
        this.encryptedData = encryptedData.clone();
    }

    // delay the generation of ASN.1 encoding until
    // getEncoded() is called
    this.encoded = null;
}
 

/**
 * Constructs an <code>EncryptedPrivateKeyInfo</code> from the
 * encryption algorithm parameters and the encrypted data.
 *
 * @param algParams the algorithm parameters for the encryption
 * algorithm. <code>algParams.getEncoded()</code> should return
 * the ASN.1 encoded bytes of the <code>parameters</code> field
 * of the <code>AlgorithmIdentifer</code> component of the
 * <code>EncryptedPrivateKeyInfo</code> type.
 * @param encryptedData encrypted data. The contents of
 * <code>encrypedData</code> are copied to protect against
 * subsequent modification when constructing this object.
 * @exception NullPointerException if <code>algParams</code> or
 * <code>encryptedData</code> is null.
 * @exception IllegalArgumentException if <code>encryptedData</code>
 * is empty, i.e. 0-length.
 * @exception NoSuchAlgorithmException if the specified algName of
 * the specified <code>algParams</code> parameter is not supported.
 */
public EncryptedPrivateKeyInfo(AlgorithmParameters algParams,
    byte[] encryptedData) throws NoSuchAlgorithmException {

    if (algParams == null) {
        throw new NullPointerException("algParams must be non-null");
    }
    this.algid = AlgorithmId.get(algParams);

    if (encryptedData == null) {
        throw new NullPointerException("encryptedData must be non-null");
    } else if (encryptedData.length == 0) {
        throw new IllegalArgumentException("the encryptedData " +
                                            "parameter must not be empty");
    } else {
        this.encryptedData = encryptedData.clone();
    }

    // delay the generation of ASN.1 encoding until
    // getEncoded() is called
    this.encoded = null;
}
 

/**
 * Constructs a timestamp request for the supplied data.
 *
 * @param toBeTimeStamped  The data to be timestamped.
 * @param messageDigest The MessageDigest of the hash algorithm to use.
 * @throws NoSuchAlgorithmException if the hash algorithm is not supported
 */
public TSRequest(String tSAPolicyID, byte[] toBeTimeStamped, MessageDigest messageDigest)
    throws NoSuchAlgorithmException {

    this.policyId = tSAPolicyID;
    this.hashAlgorithmId = AlgorithmId.get(messageDigest.getAlgorithm());
    this.hashValue = messageDigest.digest(toBeTimeStamped);
}
 

MacData(String algName, byte[] digest, byte[] salt, int iterations)
    throws NoSuchAlgorithmException
{
    if (algName == null)
       throw new NullPointerException("the algName parameter " +
                                           "must be non-null");

    AlgorithmId algid = AlgorithmId.get(algName);
    this.digestAlgorithmName = algid.getName();
    this.digestAlgorithmParams = algid.getParameters();

    if (digest == null) {
        throw new NullPointerException("the digest " +
                                       "parameter must be non-null");
    } else if (digest.length == 0) {
        throw new IllegalArgumentException("the digest " +
                                            "parameter must not be empty");
    } else {
        this.digest = digest.clone();
    }

    this.macSalt = salt;
    this.iterations = iterations;

    // delay the generation of ASN.1 encoding until
    // getEncoded() is called
    this.encoded = null;

}
 

/**
 * Constructs a timestamp request for the supplied data.
 *
 * @param toBeTimeStamped  The data to be timestamped.
 * @param messageDigest The MessageDigest of the hash algorithm to use.
 * @throws NoSuchAlgorithmException if the hash algorithm is not supported
 */
public TSRequest(String tSAPolicyID, byte[] toBeTimeStamped, MessageDigest messageDigest)
    throws NoSuchAlgorithmException {

    this.policyId = tSAPolicyID;
    this.hashAlgorithmId = AlgorithmId.get(messageDigest.getAlgorithm());
    this.hashValue = messageDigest.digest(toBeTimeStamped);
}
 

MacData(AlgorithmParameters algParams, byte[] digest,
    byte[] salt, int iterations) throws NoSuchAlgorithmException
{
    if (algParams == null)
       throw new NullPointerException("the algParams parameter " +
                                           "must be non-null");

    AlgorithmId algid = AlgorithmId.get(algParams);
    this.digestAlgorithmName = algid.getName();
    this.digestAlgorithmParams = algid.getParameters();

    if (digest == null) {
        throw new NullPointerException("the digest " +
                                       "parameter must be non-null");
    } else if (digest.length == 0) {
        throw new IllegalArgumentException("the digest " +
                                            "parameter must not be empty");
    } else {
        this.digest = digest.clone();
    }

    this.macSalt = salt;
    this.iterations = iterations;

    // delay the generation of ASN.1 encoding until
    // getEncoded() is called
    this.encoded = null;

}
 

MacData(String algName, byte[] digest, byte[] salt, int iterations)
    throws NoSuchAlgorithmException
{
    if (algName == null)
       throw new NullPointerException("the algName parameter " +
                                           "must be non-null");

    AlgorithmId algid = AlgorithmId.get(algName);
    this.digestAlgorithmName = algid.getName();
    this.digestAlgorithmParams = algid.getParameters();

    if (digest == null) {
        throw new NullPointerException("the digest " +
                                       "parameter must be non-null");
    } else if (digest.length == 0) {
        throw new IllegalArgumentException("the digest " +
                                            "parameter must not be empty");
    } else {
        this.digest = digest.clone();
    }

    this.macSalt = salt;
    this.iterations = iterations;

    // delay the generation of ASN.1 encoding until
    // getEncoded() is called
    this.encoded = null;

}
 

public static void main(String[] args) throws Exception {

        byte[] data = "Hello".getBytes();
        X500Name n = new X500Name("cn=Me");

        CertAndKeyGen cakg = new CertAndKeyGen("RSA", "SHA256withRSA");
        cakg.generate(1024);
        X509Certificate cert = cakg.getSelfCertificate(n, 1000);

        MessageDigest md = MessageDigest.getInstance("SHA-256");
        PKCS9Attributes authed = new PKCS9Attributes(new PKCS9Attribute[]{
            new PKCS9Attribute(PKCS9Attribute.CONTENT_TYPE_OID, ContentInfo.DATA_OID),
            new PKCS9Attribute(PKCS9Attribute.MESSAGE_DIGEST_OID, md.digest(data)),
        });

        Signature s = Signature.getInstance("SHA256withRSA");
        s.initSign(cakg.getPrivateKey());
        s.update(authed.getDerEncoding());
        byte[] sig = s.sign();

        SignerInfo signerInfo = new SignerInfo(
                n,
                cert.getSerialNumber(),
                AlgorithmId.get("SHA-256"),
                authed,
                AlgorithmId.get("SHA256withRSA"),
                sig,
                null
                );

        PKCS7 pkcs7 = new PKCS7(
                new AlgorithmId[] {signerInfo.getDigestAlgorithmId()},
                new ContentInfo(data),
                new X509Certificate[] {cert},
                new SignerInfo[] {signerInfo});

        if (pkcs7.verify(signerInfo, data) == null) {
            throw new Exception("Not verified");
        }
    }
 

/**
 * Constructs a timestamp request for the supplied data.
 *
 * @param toBeTimeStamped  The data to be timestamped.
 * @param messageDigest The MessageDigest of the hash algorithm to use.
 * @throws NoSuchAlgorithmException if the hash algorithm is not supported
 */
public TSRequest(String tSAPolicyID, byte[] toBeTimeStamped, MessageDigest messageDigest)
    throws NoSuchAlgorithmException {

    this.policyId = tSAPolicyID;
    this.hashAlgorithmId = AlgorithmId.get(messageDigest.getAlgorithm());
    this.hashValue = messageDigest.digest(toBeTimeStamped);
}
 

/**
 * Returns the ASN.1 encoding of this object.
 * @return the ASN.1 encoding.
 * @exception IOException if error occurs when constructing its
 * ASN.1 encoding.
 */
public byte[] getEncoded() throws NoSuchAlgorithmException, IOException
{
    if (this.encoded != null)
        return this.encoded.clone();

    DerOutputStream out = new DerOutputStream();
    DerOutputStream tmp = new DerOutputStream();

    DerOutputStream tmp2 = new DerOutputStream();
    // encode encryption algorithm
    AlgorithmId algid = AlgorithmId.get(digestAlgorithmName);
    algid.encode(tmp2);

    // encode digest data
    tmp2.putOctetString(digest);

    tmp.write(DerValue.tag_Sequence, tmp2);

    // encode salt
    tmp.putOctetString(macSalt);

    // encode iterations
    tmp.putInteger(iterations);

    // wrap everything into a SEQUENCE
    out.write(DerValue.tag_Sequence, tmp);
    this.encoded = out.toByteArray();

    return this.encoded.clone();
}
 

/**
 * Returns the ASN.1 encoding of this object.
 * @return the ASN.1 encoding.
 * @exception IOException if error occurs when constructing its
 * ASN.1 encoding.
 */
public byte[] getEncoded() throws NoSuchAlgorithmException, IOException
{
    if (this.encoded != null)
        return this.encoded.clone();

    DerOutputStream out = new DerOutputStream();
    DerOutputStream tmp = new DerOutputStream();

    DerOutputStream tmp2 = new DerOutputStream();
    // encode encryption algorithm
    AlgorithmId algid = AlgorithmId.get(digestAlgorithmName);
    algid.encode(tmp2);

    // encode digest data
    tmp2.putOctetString(digest);

    tmp.write(DerValue.tag_Sequence, tmp2);

    // encode salt
    tmp.putOctetString(macSalt);

    // encode iterations
    tmp.putInteger(iterations);

    // wrap everything into a SEQUENCE
    out.write(DerValue.tag_Sequence, tmp);
    this.encoded = out.toByteArray();

    return this.encoded.clone();
}
 

/**
 * Assembles a PKCS #7 signed data message that optionally includes a
 * signature timestamp.
 *
 * @param signature the signature bytes
 * @param signerChain the signer's X.509 certificate chain
 * @param content the content that is signed; specify null to not include
 *        it in the PKCS7 data
 * @param signatureAlgorithm the name of the signature algorithm
 * @param tsaURI the URI of the Timestamping Authority; or null if no
 *         timestamp is requested
 * @param tSAPolicyID the TSAPolicyID of the Timestamping Authority as a
 *         numerical object identifier; or null if we leave the TSA server
 *         to choose one. This argument is only used when tsaURI is provided
 * @return the bytes of the encoded PKCS #7 signed data message
 * @throws NoSuchAlgorithmException The exception is thrown if the signature
 *         algorithm is unrecognised.
 * @throws CertificateException The exception is thrown if an error occurs
 *         while processing the signer's certificate or the TSA's
 *         certificate.
 * @throws IOException The exception is thrown if an error occurs while
 *         generating the signature timestamp or while generating the signed
 *         data message.
 */
public static byte[] generateSignedData(byte[] signature,
                                        X509Certificate[] signerChain,
                                        byte[] content,
                                        String signatureAlgorithm,
                                        URI tsaURI,
                                        String tSAPolicyID)
    throws CertificateException, IOException, NoSuchAlgorithmException
{

    // Generate the timestamp token
    PKCS9Attributes unauthAttrs = null;
    if (tsaURI != null) {
        // Timestamp the signature
        HttpTimestamper tsa = new HttpTimestamper(tsaURI);
        byte[] tsToken = generateTimestampToken(tsa, tSAPolicyID, signature);

        // Insert the timestamp token into the PKCS #7 signer info element
        // (as an unsigned attribute)
        unauthAttrs =
            new PKCS9Attributes(new PKCS9Attribute[]{
                new PKCS9Attribute(
                    PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_STR,
                    tsToken)});
    }

    // Create the SignerInfo
    X500Name issuerName =
        X500Name.asX500Name(signerChain[0].getIssuerX500Principal());
    BigInteger serialNumber = signerChain[0].getSerialNumber();
    String encAlg = AlgorithmId.getEncAlgFromSigAlg(signatureAlgorithm);
    String digAlg = AlgorithmId.getDigAlgFromSigAlg(signatureAlgorithm);
    SignerInfo signerInfo = new SignerInfo(issuerName, serialNumber,
                                           AlgorithmId.get(digAlg), null,
                                           AlgorithmId.get(encAlg),
                                           signature, unauthAttrs);

    // Create the PKCS #7 signed data message
    SignerInfo[] signerInfos = {signerInfo};
    AlgorithmId[] algorithms = {signerInfo.getDigestAlgorithmId()};
    // Include or exclude content
    ContentInfo contentInfo = (content == null)
        ? new ContentInfo(ContentInfo.DATA_OID, null)
        : new ContentInfo(content);
    PKCS7 pkcs7 = new PKCS7(algorithms, contentInfo,
                            signerChain, signerInfos);
    ByteArrayOutputStream p7out = new ByteArrayOutputStream();
    pkcs7.encodeSignedData(p7out);

    return p7out.toByteArray();
}
 

/**
 * Create the signed certificate request.  This will later be
 * retrieved in either string or binary format.
 *
 * @param subject identifies the signer (by X.500 name).
 * @param signature private key and signing algorithm to use.
 * @exception IOException on errors.
 * @exception CertificateException on certificate handling errors.
 * @exception SignatureException on signature handling errors.
 */
public void encodeAndSign(X500Name subject, Signature signature)
throws CertificateException, IOException, SignatureException {
    DerOutputStream out, scratch;
    byte[]          certificateRequestInfo;
    byte[]          sig;

    if (encoded != null)
        throw new SignatureException("request is already signed");

    this.subject = subject;

    /*
     * Encode cert request info, wrap in a sequence for signing
     */
    scratch = new DerOutputStream();
    scratch.putInteger(BigInteger.ZERO);            // PKCS #10 v1.0
    subject.encode(scratch);                        // X.500 name
    scratch.write(subjectPublicKeyInfo.getEncoded()); // public key
    attributeSet.encode(scratch);

    out = new DerOutputStream();
    out.write(DerValue.tag_Sequence, scratch);      // wrap it!
    certificateRequestInfo = out.toByteArray();
    scratch = out;

    /*
     * Sign it ...
     */
    signature.update(certificateRequestInfo, 0,
            certificateRequestInfo.length);
    sig = signature.sign();

    /*
     * Build guts of SIGNED macro
     */
    AlgorithmId algId = null;
    try {
        algId = AlgorithmId.get(signature.getAlgorithm());
    } catch (NoSuchAlgorithmException nsae) {
        throw new SignatureException(nsae);
    }
    algId.encode(scratch);     // sig algorithm
    scratch.putBitString(sig);                      // sig

    /*
     * Wrap those guts in a sequence
     */
    out = new DerOutputStream();
    out.write(DerValue.tag_Sequence, scratch);
    encoded = out.toByteArray();
}
 

/**
 * Create the signed certificate request.  This will later be
 * retrieved in either string or binary format.
 *
 * @param subject identifies the signer (by X.500 name).
 * @param signature private key and signing algorithm to use.
 * @exception IOException on errors.
 * @exception CertificateException on certificate handling errors.
 * @exception SignatureException on signature handling errors.
 */
public void encodeAndSign(X500Name subject, Signature signature)
throws CertificateException, IOException, SignatureException {
    DerOutputStream out, scratch;
    byte[]          certificateRequestInfo;
    byte[]          sig;

    if (encoded != null)
        throw new SignatureException("request is already signed");

    this.subject = subject;

    /*
     * Encode cert request info, wrap in a sequence for signing
     */
    scratch = new DerOutputStream();
    scratch.putInteger(BigInteger.ZERO);            // PKCS #10 v1.0
    subject.encode(scratch);                        // X.500 name
    scratch.write(subjectPublicKeyInfo.getEncoded()); // public key
    attributeSet.encode(scratch);

    out = new DerOutputStream();
    out.write(DerValue.tag_Sequence, scratch);      // wrap it!
    certificateRequestInfo = out.toByteArray();
    scratch = out;

    /*
     * Sign it ...
     */
    signature.update(certificateRequestInfo, 0,
            certificateRequestInfo.length);
    sig = signature.sign();
    sigAlg = signature.getAlgorithm();

    /*
     * Build guts of SIGNED macro
     */
    AlgorithmId algId = null;
    try {
        algId = AlgorithmId.get(signature.getAlgorithm());
    } catch (NoSuchAlgorithmException nsae) {
        throw new SignatureException(nsae);
    }
    algId.encode(scratch);     // sig algorithm
    scratch.putBitString(sig);                      // sig

    /*
     * Wrap those guts in a sequence
     */
    out = new DerOutputStream();
    out.write(DerValue.tag_Sequence, scratch);
    encoded = out.toByteArray();
}
 

/**
 * Constructs an <code>EncryptedPrivateKeyInfo</code> from the
 * encryption algorithm name and the encrypted data.
 *
 * <p>Note: This constructor will use null as the value of the
 * algorithm parameters. If the encryption algorithm has
 * parameters whose value is not null, a different constructor,
 * e.g. EncryptedPrivateKeyInfo(AlgorithmParameters, byte[]),
 * should be used.
 *
 * @param algName encryption algorithm name. See Appendix A in the
 * <a href=
 *   "{@docRoot}/../technotes/guides/security/crypto/CryptoSpec.html#AppA">
 * Java Cryptography Architecture Reference Guide</a>
 * for information about standard Cipher algorithm names.
 * @param encryptedData encrypted data. The contents of
 * <code>encrypedData</code> are copied to protect against subsequent
 * modification when constructing this object.
 * @exception NullPointerException if <code>algName</code> or
 * <code>encryptedData</code> is null.
 * @exception IllegalArgumentException if <code>encryptedData</code>
 * is empty, i.e. 0-length.
 * @exception NoSuchAlgorithmException if the specified algName is
 * not supported.
 */
public EncryptedPrivateKeyInfo(String algName, byte[] encryptedData)
    throws NoSuchAlgorithmException {

    if (algName == null)
            throw new NullPointerException("the algName parameter " +
                                           "must be non-null");
    this.algid = AlgorithmId.get(algName);

    if (encryptedData == null) {
        throw new NullPointerException("the encryptedData " +
                                       "parameter must be non-null");
    } else if (encryptedData.length == 0) {
        throw new IllegalArgumentException("the encryptedData " +
                                            "parameter must not be empty");
    } else {
        this.encryptedData = encryptedData.clone();
    }
    // delay the generation of ASN.1 encoding until
    // getEncoded() is called
    this.encoded = null;
}