public static byte[] protectPKIMessageWithPBE(PKIMessage msg, String keyId, String raSecret, String digestAlgId, String macAlgId, int iterationCount) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, IOException {
if (LOG.isTraceEnabled()) {
LOG.trace(">protectPKIMessageWithPBE()");
}
// Create the PasswordBased protection of the message
PKIHeader head = msg.getHeader();
byte[] keyIdBytes;
try {
keyIdBytes = keyId.getBytes("UTF-8");
} catch (UnsupportedEncodingException e) {
keyIdBytes = keyId.getBytes();
LOG.info("UTF-8 not available, using platform default encoding for keyIdBytes.");
}
head.setSenderKID(new DEROctetString(keyIdBytes));
// SHA1
//AlgorithmIdentifier owfAlg = new AlgorithmIdentifier("1.3.14.3.2.26");
AlgorithmIdentifier owfAlg = new AlgorithmIdentifier(digestAlgId);
// iterations, usually something like 1024
DERInteger iteration = new DERInteger(iterationCount);
// HMAC/SHA1
//AlgorithmIdentifier macAlg = new AlgorithmIdentifier("1.2.840.113549.2.7");
AlgorithmIdentifier macAlg = new AlgorithmIdentifier(macAlgId);
// We need some random bytes for the nonce
byte[] saltbytes = createSenderNonce();
DEROctetString derSalt = new DEROctetString(saltbytes);
// Create the new protected return message
//String objectId = "1.2.840.113533.7.66.13" = passwordBasedMac;
String objectId = CMPObjectIdentifiers.passwordBasedMac.getId();
PBMParameter pp = new PBMParameter(derSalt, owfAlg, iteration, macAlg);
AlgorithmIdentifier pAlg = new AlgorithmIdentifier(new DERObjectIdentifier(objectId), pp);
head.setProtectionAlg(pAlg);
PKIBody body = msg.getBody();
PKIMessage ret = new PKIMessage(head, body);
// Calculate the protection bits
byte[] rasecret = raSecret.getBytes();