下面列出了java.security.PKCS12Attribute#sun.security.util.DerValue 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
/**
* Create the extension from its DER encoded value and criticality.
*
* @param critical true if the extension is to be treated as critical.
* @param value an array of DER encoded bytes of the actual value.
* @exception ClassCastException if value is not an array of bytes
* @exception IOException on error.
*/
public CertificatePoliciesExtension(Boolean critical, Object value)
throws IOException {
this.extensionId = PKIXExtensions.CertificatePolicies_Id;
this.critical = critical.booleanValue();
this.extensionValue = (byte[]) value;
DerValue val = new DerValue(this.extensionValue);
if (val.tag != DerValue.tag_Sequence) {
throw new IOException("Invalid encoding for " +
"CertificatePoliciesExtension.");
}
certPolicies = new ArrayList<PolicyInformation>();
while (val.data.available() != 0) {
DerValue seq = val.data.getDerValue();
PolicyInformation policy = new PolicyInformation(seq);
certPolicies.add(policy);
}
}
/**
* Create an instance of PolicyInformation, decoding from
* the passed DerValue.
*
* @param val the DerValue to construct the PolicyInformation from.
* @exception IOException on decoding errors.
*/
public PolicyInformation(DerValue val) throws IOException {
if (val.tag != DerValue.tag_Sequence) {
throw new IOException("Invalid encoding of PolicyInformation");
}
policyIdentifier = new CertificatePolicyId(val.data.getDerValue());
if (val.data.available() != 0) {
policyQualifiers = new LinkedHashSet<PolicyQualifierInfo>();
DerValue opt = val.data.getDerValue();
if (opt.tag != DerValue.tag_Sequence)
throw new IOException("Invalid encoding of PolicyInformation");
if (opt.data.available() == 0)
throw new IOException("No data available in policyQualifiers");
while (opt.data.available() != 0)
policyQualifiers.add(new PolicyQualifierInfo
(opt.data.getDerValue().toByteArray()));
} else {
policyQualifiers = Collections.emptySet();
}
}
/**
* Creates an instance of {@code PolicyQualifierInfo} from the
* encoded bytes. The encoded byte array is copied on construction.
*
* @param encoded a byte array containing the qualifier in DER encoding
* @exception IOException thrown if the byte array does not represent a
* valid and parsable policy qualifier
*/
public PolicyQualifierInfo(byte[] encoded) throws IOException {
mEncoded = encoded.clone();
DerValue val = new DerValue(mEncoded);
if (val.tag != DerValue.tag_Sequence)
throw new IOException("Invalid encoding for PolicyQualifierInfo");
mId = (val.data.getDerValue()).getOID().toString();
byte [] tmp = val.data.toByteArray();
if (tmp == null) {
mData = null;
} else {
mData = new byte[tmp.length];
System.arraycopy(tmp, 0, mData, 0, tmp.length);
}
}
protected void engineInit(byte[] params) throws IOException {
DerValue encodedParams = new DerValue(params);
if (encodedParams.tag != DerValue.tag_Sequence) {
throw new IOException("DSA params parsing error");
}
encodedParams.data.reset();
this.p = encodedParams.data.getBigInteger();
this.q = encodedParams.data.getBigInteger();
this.g = encodedParams.data.getBigInteger();
if (encodedParams.data.available() != 0) {
throw new IOException("encoded params have " +
encodedParams.data.available() +
" extra bytes");
}
}
/**
* Create the extension from its DER encoded value and criticality.
*
* @param critical true if the extension is to be treated as critical.
* @param value an array of DER encoded bytes of the actual value.
* @exception ClassCastException if value is not an array of bytes
* @exception IOException on error.
*/
public CertificatePoliciesExtension(Boolean critical, Object value)
throws IOException {
this.extensionId = PKIXExtensions.CertificatePolicies_Id;
this.critical = critical.booleanValue();
this.extensionValue = (byte[]) value;
DerValue val = new DerValue(this.extensionValue);
if (val.tag != DerValue.tag_Sequence) {
throw new IOException("Invalid encoding for " +
"CertificatePoliciesExtension.");
}
certPolicies = new ArrayList<PolicyInformation>();
while (val.data.available() != 0) {
DerValue seq = val.data.getDerValue();
PolicyInformation policy = new PolicyInformation(seq);
certPolicies.add(policy);
}
}
/**
* Creates the extension (also called by the subclass).
*/
protected CRLDistributionPointsExtension(ObjectIdentifier extensionId,
Boolean critical, Object value, String extensionName)
throws IOException {
this.extensionId = extensionId;
this.critical = critical.booleanValue();
if (!(value instanceof byte[])) {
throw new IOException("Illegal argument type");
}
extensionValue = (byte[])value;
DerValue val = new DerValue(extensionValue);
if (val.tag != DerValue.tag_Sequence) {
throw new IOException("Invalid encoding for " + extensionName +
" extension.");
}
distributionPoints = new ArrayList<DistributionPoint>();
while (val.data.available() != 0) {
DerValue seq = val.data.getDerValue();
DistributionPoint point = new DistributionPoint(seq);
distributionPoints.add(point);
}
this.extensionName = extensionName;
}
/**
* Create the extension from its DER encoded value and criticality.
*
* @param critical true if the extension is to be treated as critical.
* @param value an array of DER encoded bytes of the actual value.
* @exception ClassCastException if value is not an array of bytes
* @exception IOException on error.
*/
public ExtendedKeyUsageExtension(Boolean critical, Object value)
throws IOException {
this.extensionId = PKIXExtensions.ExtendedKeyUsage_Id;
this.critical = critical.booleanValue();
this.extensionValue = (byte[]) value;
DerValue val = new DerValue(this.extensionValue);
if (val.tag != DerValue.tag_Sequence) {
throw new IOException("Invalid encoding for " +
"ExtendedKeyUsageExtension.");
}
keyUsages = new Vector<ObjectIdentifier>();
while (val.data.available() != 0) {
DerValue seq = val.data.getDerValue();
ObjectIdentifier usage = seq.getOID();
keyUsages.addElement(usage);
}
}
/**
* Create the extension from the passed DER encoded value of the same.
*
* @param critical true if the extension is to be treated as critical.
* @param value Array of DER encoded bytes of the actual value.
* @exception IOException on error.
*/
public AuthorityInfoAccessExtension(Boolean critical, Object value)
throws IOException {
this.extensionId = PKIXExtensions.AuthInfoAccess_Id;
this.critical = critical.booleanValue();
if (!(value instanceof byte[])) {
throw new IOException("Illegal argument type");
}
extensionValue = (byte[])value;
DerValue val = new DerValue(extensionValue);
if (val.tag != DerValue.tag_Sequence) {
throw new IOException("Invalid encoding for " +
"AuthorityInfoAccessExtension.");
}
accessDescriptions = new ArrayList<AccessDescription>();
while (val.data.available() != 0) {
DerValue seq = val.data.getDerValue();
AccessDescription accessDescription = new AccessDescription(seq);
accessDescriptions.add(accessDescription);
}
}
/**
* Sign all the data thus far updated. The signature is formatted
* according to the Canonical Encoding Rules, returned as a DER
* sequence of Integer, r and s.
*
* @return a signature block formatted according to the Canonical
* Encoding Rules.
*
* @exception SignatureException if the signature object was not
* properly initialized, or if another exception occurs.
*
* @see sun.security.DSA#engineUpdate
* @see sun.security.DSA#engineVerify
*/
protected byte[] engineSign() throws SignatureException {
BigInteger k = generateK(presetQ);
BigInteger r = generateR(presetP, presetQ, presetG, k);
BigInteger s = generateS(presetX, presetQ, r, k);
try {
DerOutputStream outseq = new DerOutputStream(100);
outseq.putInteger(r);
outseq.putInteger(s);
DerValue result = new DerValue(DerValue.tag_Sequence,
outseq.toByteArray());
return result.toByteArray();
} catch (IOException e) {
throw new SignatureException("error encoding signature");
}
}
/**
* Creates an instance of {@code PolicyQualifierInfo} from the
* encoded bytes. The encoded byte array is copied on construction.
*
* @param encoded a byte array containing the qualifier in DER encoding
* @exception IOException thrown if the byte array does not represent a
* valid and parsable policy qualifier
*/
public PolicyQualifierInfo(byte[] encoded) throws IOException {
mEncoded = encoded.clone();
DerValue val = new DerValue(mEncoded);
if (val.tag != DerValue.tag_Sequence)
throw new IOException("Invalid encoding for PolicyQualifierInfo");
mId = (val.data.getDerValue()).getOID().toString();
byte [] tmp = val.data.toByteArray();
if (tmp == null) {
mData = null;
} else {
mData = new byte[tmp.length];
System.arraycopy(tmp, 0, mData, 0, tmp.length);
}
}
@Override
protected void decodeParameters() {
byte[] bytes = getEncoded();
if (bytes == null) {
return;
}
try {
DerInputStream in = new DerInputStream(bytes);
if (in.peekByte() == DerValue.tag_BitString) {
// Strip headers.
in.getBitString(); // Ignore: bitstring of mod + exp.
in.getBitString();
modulus = new BigInteger(in.getBitString());
in.getBitString();
publicExponent = new BigInteger(in.getBitString());
} else {
DerValue[] values = in.getSequence(2);
publicExponent = values[0].getBigInteger();
modulus = values[1].getBigInteger();
}
} catch (IOException e) {
throw new ProviderException("failed decoding public key parameters: " + e);
}
}
/**
* Make a DSA public key out of a public key and three parameters.
* The p, q, and g parameters may be null, but if so, parameters will need
* to be supplied from some other source before this key can be used in
* cryptographic operations. PKIX RFC2459bis explicitly allows DSA public
* keys without parameters, where the parameters are provided in the
* issuer's DSA public key.
*
* @param y the actual key bits
* @param p DSA parameter p, may be null if all of p, q, and g are null.
* @param q DSA parameter q, may be null if all of p, q, and g are null.
* @param g DSA parameter g, may be null if all of p, q, and g are null.
*/
public DSAPublicKey(BigInteger y, BigInteger p, BigInteger q,
BigInteger g)
throws InvalidKeyException {
this.y = y;
algid = new AlgIdDSA(p, q, g);
try {
byte[] keyArray = new DerValue(DerValue.tag_Integer,
y.toByteArray()).toByteArray();
setKey(new BitArray(keyArray.length*8, keyArray));
encode();
} catch (IOException e) {
throw new InvalidKeyException("could not DER encode y: " +
e.getMessage());
}
}
/**
* Create an instance of PolicyInformation, decoding from
* the passed DerValue.
*
* @param val the DerValue to construct the PolicyInformation from.
* @exception IOException on decoding errors.
*/
public PolicyInformation(DerValue val) throws IOException {
if (val.tag != DerValue.tag_Sequence) {
throw new IOException("Invalid encoding of PolicyInformation");
}
policyIdentifier = new CertificatePolicyId(val.data.getDerValue());
if (val.data.available() != 0) {
policyQualifiers = new LinkedHashSet<PolicyQualifierInfo>();
DerValue opt = val.data.getDerValue();
if (opt.tag != DerValue.tag_Sequence)
throw new IOException("Invalid encoding of PolicyInformation");
if (opt.data.available() == 0)
throw new IOException("No data available in policyQualifiers");
while (opt.data.available() != 0)
policyQualifiers.add(new PolicyQualifierInfo
(opt.data.getDerValue().toByteArray()));
} else {
policyQualifiers = Collections.emptySet();
}
}
/**
* Make a DSA public key out of a public key and three parameters.
* The p, q, and g parameters may be null, but if so, parameters will need
* to be supplied from some other source before this key can be used in
* cryptographic operations. PKIX RFC2459bis explicitly allows DSA public
* keys without parameters, where the parameters are provided in the
* issuer's DSA public key.
*
* @param y the actual key bits
* @param p DSA parameter p, may be null if all of p, q, and g are null.
* @param q DSA parameter q, may be null if all of p, q, and g are null.
* @param g DSA parameter g, may be null if all of p, q, and g are null.
*/
public DSAPublicKey(BigInteger y, BigInteger p, BigInteger q,
BigInteger g)
throws InvalidKeyException {
this.y = y;
algid = new AlgIdDSA(p, q, g);
try {
byte[] keyArray = new DerValue(DerValue.tag_Integer,
y.toByteArray()).toByteArray();
setKey(new BitArray(keyArray.length*8, keyArray));
encode();
} catch (IOException e) {
throw new InvalidKeyException("could not DER encode y: " +
e.getMessage());
}
}
private static PrivateKey toPrivateKey(String key)
throws NoSuchAlgorithmException, InvalidKeySpecException, IOException {
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
String content = key.replaceAll("\\n", "").replace(RsaPrivateKeyStart, "").replace(RsaPrivateKeyEnd, "");
byte[] bytes = Base64.getDecoder().decode(content);
DerInputStream derReader = new DerInputStream(bytes);
DerValue[] seq = derReader.getSequence(0);
// skip version seq[0];
BigInteger modulus = seq[1].getBigInteger();
BigInteger publicExp = seq[2].getBigInteger();
BigInteger privateExp = seq[3].getBigInteger();
BigInteger prime1 = seq[4].getBigInteger();
BigInteger prime2 = seq[5].getBigInteger();
BigInteger exp1 = seq[6].getBigInteger();
BigInteger exp2 = seq[7].getBigInteger();
BigInteger crtCoef = seq[8].getBigInteger();
RSAPrivateCrtKeySpec keySpec =
new RSAPrivateCrtKeySpec(modulus, publicExp, privateExp, prime1, prime2, exp1, exp2, crtCoef);
return keyFactory.generatePrivate(keySpec);
}
/**
* Make a DSA public key out of a public key and three parameters.
* The p, q, and g parameters may be null, but if so, parameters will need
* to be supplied from some other source before this key can be used in
* cryptographic operations. PKIX RFC2459bis explicitly allows DSA public
* keys without parameters, where the parameters are provided in the
* issuer's DSA public key.
*
* @param y the actual key bits
* @param p DSA parameter p, may be null if all of p, q, and g are null.
* @param q DSA parameter q, may be null if all of p, q, and g are null.
* @param g DSA parameter g, may be null if all of p, q, and g are null.
*/
public DSAPublicKey(BigInteger y, BigInteger p, BigInteger q,
BigInteger g)
throws InvalidKeyException {
this.y = y;
algid = new AlgIdDSA(p, q, g);
try {
byte[] keyArray = new DerValue(DerValue.tag_Integer,
y.toByteArray()).toByteArray();
setKey(new BitArray(keyArray.length*8, keyArray));
encode();
} catch (IOException e) {
throw new InvalidKeyException("could not DER encode y: " +
e.getMessage());
}
}
/**
* Sign all the data thus far updated. The signature is formatted
* according to the Canonical Encoding Rules, returned as a DER
* sequence of Integer, r and s.
*
* @return a signature block formatted according to the Canonical
* Encoding Rules.
*
* @exception SignatureException if the signature object was not
* properly initialized, or if another exception occurs.
*
* @see sun.security.DSA#engineUpdate
* @see sun.security.DSA#engineVerify
*/
protected byte[] engineSign() throws SignatureException {
BigInteger k = generateK(presetQ);
BigInteger r = generateR(presetP, presetQ, presetG, k);
BigInteger s = generateS(presetX, presetQ, r, k);
try {
DerOutputStream outseq = new DerOutputStream(100);
outseq.putInteger(r);
outseq.putInteger(s);
DerValue result = new DerValue(DerValue.tag_Sequence,
outseq.toByteArray());
return result.toByteArray();
} catch (IOException e) {
throw new SignatureException("error encoding signature");
}
}
/**
* Parse (unmarshal) a kerberostime from a DER input stream. This form
* parsing might be used when expanding a value which is part of
* a constructed sequence and uses explicitly tagged type.
*
* @exception Asn1Exception on error.
* @param data the Der input stream value, which contains
* one or more marshaled value.
* @param explicitTag tag number.
* @param optional indicates if this data field is optional
* @return an instance of KerberosTime.
*
*/
public static KerberosTime parse(
DerInputStream data, byte explicitTag, boolean optional)
throws Asn1Exception, IOException {
if ((optional) && (((byte)data.peekByte() & (byte)0x1F)!= explicitTag))
return null;
DerValue der = data.getDerValue();
if (explicitTag != (der.getTag() & (byte)0x1F)) {
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
else {
DerValue subDer = der.getData().getDerValue();
Date temp = subDer.getGeneralizedTime();
return new KerberosTime(temp.getTime(), 0);
}
}
static void checkData(X509CRLImpl c, byte[] data, BigInteger[] expected)
throws Exception {
if (c.getRevokedCertificates().size() != expected.length) {
throw new Exception("Wrong count in CRL object, now " +
c.getRevokedCertificates().size());
}
DerValue d1 = new DerValue(data);
// revokedCertificates at 5th place of TBSCertList
DerValue[] d2 = new DerInputStream(
d1.data.getSequence(0)[4].toByteArray())
.getSequence(0);
if (d2.length != expected.length) {
throw new Exception("Wrong count in raw data, now " + d2.length);
}
for (int i=0; i<d2.length; i++) {
// Serial is first in revokedCertificates entry
BigInteger bi = d2[i].data.getBigInteger();
if (!bi.equals(expected[i])) {
throw new Exception("Entry at #" + i + " is " + bi
+ ", should be " + expected[i]);
}
}
}
public void parse(byte[] bytes) throws IOException {
// Parse signingCertificate
DerValue derValue = new DerValue(bytes);
if (derValue.tag != DerValue.tag_Sequence) {
throw new IOException("Bad encoding for signingCertificate");
}
// Parse certs
DerValue[] certs = derValue.data.getSequence(1);
certId = new ESSCertId[certs.length];
for (int i = 0; i < certs.length; i++) {
certId[i] = new ESSCertId(certs[i]);
}
// Parse policies, if present
if (derValue.data.available() > 0) {
DerValue[] policies = derValue.data.getSequence(1);
for (int i = 0; i < policies.length; i++) {
// parse PolicyInformation
}
}
}
/**
* Encodes the distribution point name and writes it to the DerOutputStream.
*
* @param out the output stream.
* @exception IOException on encoding error.
*/
public void encode(DerOutputStream out) throws IOException {
DerOutputStream theChoice = new DerOutputStream();
if (fullName != null) {
fullName.encode(theChoice);
out.writeImplicit(
DerValue.createTag(DerValue.TAG_CONTEXT, true, TAG_FULL_NAME),
theChoice);
} else {
relativeName.encode(theChoice);
out.writeImplicit(
DerValue.createTag(DerValue.TAG_CONTEXT, true,
TAG_RELATIVE_NAME),
theChoice);
}
}
/**
* Creates an Oid object from its ASN.1 DER encoding. This refers to
* the full encoding including tag and length. The structure and
* encoding of Oids is defined in ISOIEC-8824 and ISOIEC-8825. This
* method is identical in functionality to its InputStream conterpart.
*
* @param data byte array containing the DER encoded oid
* @exception GSSException may be thrown when the DER encoding does not
* follow the prescribed format.
*/
public Oid(byte [] data) throws GSSException {
try {
DerValue derVal = new DerValue(data);
derEncoding = derVal.toByteArray();
oid = derVal.getOID();
} catch (IOException e) {
throw new GSSException(GSSException.FAILURE,
"Improperly formatted ASN.1 DER encoding for Oid");
}
}
/**
* Create the extension from the passed DER encoded value of the same.
*
* @param critical criticality flag to use. Must be true for this
* extension.
* @param value a byte array holding the DER-encoded extension value.
* @exception ClassCastException if value is not an array of bytes
* @exception IOException on error.
*/
public InhibitAnyPolicyExtension(Boolean critical, Object value)
throws IOException {
this.extensionId = PKIXExtensions.InhibitAnyPolicy_Id;
if (!critical.booleanValue())
throw new IOException("Criticality cannot be false for " +
"InhibitAnyPolicy");
this.critical = critical.booleanValue();
this.extensionValue = (byte[]) value;
DerValue val = new DerValue(this.extensionValue);
if (val.tag != DerValue.tag_Integer)
throw new IOException("Invalid encoding of InhibitAnyPolicy: "
+ "data not integer");
if (val.data == null)
throw new IOException("Invalid encoding of InhibitAnyPolicy: "
+ "null data");
int skipCertsValue = val.getInteger();
if (skipCertsValue < -1)
throw new IOException("Invalid value for skipCerts");
if (skipCertsValue == -1) {
this.skipCerts = Integer.MAX_VALUE;
} else {
this.skipCerts = skipCertsValue;
}
}
private PublicKey generatePublic(ECPoint point, ECParameterSpec params)
throws PKCS11Exception {
byte[] encodedParams =
ECUtil.encodeECParameterSpec(getSunECProvider(), params);
byte[] encodedPoint =
ECUtil.encodePoint(point, params.getCurve());
// Check whether the X9.63 encoding of an EC point shall be wrapped
// in an ASN.1 OCTET STRING
if (!token.config.getUseEcX963Encoding()) {
try {
encodedPoint =
new DerValue(DerValue.tag_OctetString, encodedPoint)
.toByteArray();
} catch (IOException e) {
throw new
IllegalArgumentException("Could not DER encode point", e);
}
}
CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
new CK_ATTRIBUTE(CKA_CLASS, CKO_PUBLIC_KEY),
new CK_ATTRIBUTE(CKA_KEY_TYPE, CKK_EC),
new CK_ATTRIBUTE(CKA_EC_POINT, encodedPoint),
new CK_ATTRIBUTE(CKA_EC_PARAMS, encodedParams),
};
attributes = token.getAttributes
(O_IMPORT, CKO_PUBLIC_KEY, CKK_EC, attributes);
Session session = null;
try {
session = token.getObjSession();
long keyID = token.p11.C_CreateObject(session.id(), attributes);
return P11Key.publicKey
(session, keyID, "EC", params.getCurve().getField().getFieldSize(), attributes);
} finally {
token.releaseSession(session);
}
}
public KerberosString(DerValue der) throws IOException {
if (der.tag != DerValue.tag_GeneralString) {
throw new IOException(
"KerberosString's tag is incorrect: " + der.tag);
}
s = new String(der.getDataBytes(), MSNAME?"UTF8":"ASCII");
}
private void readObject(ObjectInputStream ois)
throws IOException, ClassNotFoundException {
try {
EncryptionKey encKey = new EncryptionKey(new
DerValue((byte[])ois.readObject()));
keyType = encKey.getEType();
keyBytes = encKey.getBytes();
} catch (Asn1Exception ae) {
throw new IOException(ae.getMessage());
}
}
protected byte[] engineGetEncoded() throws IOException {
DerOutputStream out = new DerOutputStream();
DerOutputStream bytes = new DerOutputStream();
bytes.putInteger(p);
bytes.putInteger(q);
bytes.putInteger(g);
out.write(DerValue.tag_Sequence, bytes);
return out.toByteArray();
}
public byte[] encode() throws IOException {
DerOutputStream request = new DerOutputStream();
// encode version
request.putInteger(version);
// encode messageImprint
DerOutputStream messageImprint = new DerOutputStream();
hashAlgorithmId.encode(messageImprint);
messageImprint.putOctetString(hashValue);
request.write(DerValue.tag_Sequence, messageImprint);
// encode optional elements
if (policyId != null) {
request.putOID(new ObjectIdentifier(policyId));
}
if (nonce != null) {
request.putInteger(nonce);
}
if (returnCertificate) {
request.putBoolean(true);
}
DerOutputStream out = new DerOutputStream();
out.write(DerValue.tag_Sequence, request);
return out.toByteArray();
}
ESSCertId(DerValue certId) throws IOException {
// Parse certHash
certHash = certId.data.getDerValue().toByteArray();
// Parse issuerSerial, if present
if (certId.data.available() > 0) {
DerValue issuerSerial = certId.data.getDerValue();
// Parse issuer
issuer = new GeneralNames(issuerSerial.data.getDerValue());
// Parse serialNumber
serialNumber = new SerialNumber(issuerSerial.data.getDerValue());
}
}
/**
* Parses a PKCS#12 MAC data.
*/
MacData(DerInputStream derin)
throws IOException, ParsingException
{
DerValue[] macData = derin.getSequence(2);
// Parse the digest info
DerInputStream digestIn = new DerInputStream(macData[0].toByteArray());
DerValue[] digestInfo = digestIn.getSequence(2);
// Parse the DigestAlgorithmIdentifier.
AlgorithmId digestAlgorithmId = AlgorithmId.parse(digestInfo[0]);
this.digestAlgorithmName = digestAlgorithmId.getName();
this.digestAlgorithmParams = digestAlgorithmId.getParameters();
// Get the digest.
this.digest = digestInfo[1].getOctetString();
// Get the salt.
this.macSalt = macData[1].getOctetString();
// Iterations is optional. The default value is 1.
if (macData.length > 2) {
this.iterations = macData[2].getInteger();
} else {
this.iterations = 1;
}
}