if (bag.getMacData() != null) // check the mac code
{
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
BEROutputStream berOut = new BEROutputStream(bOut);
MacData mData = bag.getMacData();
DigestInfo dInfo = mData.getMac();
AlgorithmIdentifier algId = dInfo.getAlgorithmId();
byte[] salt = mData.getSalt();
int itCount = mData.getIterationCount().intValue();
berOut.writeObject(info);
byte[] data = ((ASN1OctetString)info.getContent()).getOctets();
try
{
Mac mac = Mac.getInstance(algId.getObjectId().getId(), "BC");
SecretKeyFactory keyFact = SecretKeyFactory.getInstance(algId.getObjectId().getId(), "BC");
PBEParameterSpec defParams = new PBEParameterSpec(salt, itCount);
PBEKeySpec pbeSpec = new PBEKeySpec(password);
mac.init(keyFact.generateSecret(pbeSpec), defParams);
mac.update(data);
byte[] res = mac.doFinal();
byte[] dig = dInfo.getDigest();
if (res.length != dInfo.getDigest().length)
{
throw new IOException("PKCS12 key store mac invalid - wrong password or corrupted file.");
}
boolean okay = true;
for (int i = 0; i != res.length; i++)
{
if (res[i] != dig[i])
{
if (password.length != 0) // may be dodgey zero password
{
throw new IOException("PKCS12 key store mac invalid - wrong password or corrupted file.");
}
else
{
okay = false;
break;
}
}
}
//
// may be incorrect zero length password
//
if (!okay)
{
SecretKey k = keyFact.generateSecret(pbeSpec);
((JCEPBEKey)k).setTryWrongPKCS12Zero(true);
mac.init(k, defParams);
mac.update(data);
res = mac.doFinal();
dig = dInfo.getDigest();
for (int i = 0; i != res.length; i++)
{
if (res[i] != dig[i])
{