org.bouncycastle.cms.jcajce
Class JceKEMRecipient

java.lang.Object
  |
  +--org.bouncycastle.cms.jcajce.JceKEMRecipient

All Implemented Interfaces:

KEMRecipient, Recipient

Direct Known Subclasses:

JceKEMEnvelopedRecipient

public abstract class JceKEMRecipient

extends java.lang.Object

implements KEMRecipient

Field Summary

protected EnvelopedDataHelper	contentHelper
protected java.util.Map	extraMappings
protected EnvelopedDataHelper	helper
protected boolean	unwrappedKeyMustBeEncodable
protected boolean	validateKeySize

Constructor Summary

JceKEMRecipient(java.security.PrivateKey recipientKey)

Method Summary

protected java.security.Key	extractSecretKey(org.bouncycastle.asn1.x509.AlgorithmIdentifier keyEncryptionAlgorithm, org.bouncycastle.asn1.x509.AlgorithmIdentifier encryptedKeyAlgorithm, byte[] encryptedEncryptionKey)
JceKEMRecipient	setAlgorithmMapping(org.bouncycastle.asn1.ASN1ObjectIdentifier algorithm, java.lang.String algorithmName) Internally algorithm ids are converted into cipher names using a lookup table.
JceKEMRecipient	setContentProvider(java.security.Provider provider) Set the provider to use for content processing.
JceKEMRecipient	setContentProvider(java.lang.String providerName) Set the provider to use for content processing.
JceKEMRecipient	setKeySizeValidation(boolean doValidate) Set validation of retrieved key sizes against the algorithm parameters for the encrypted key where possible - default is off.
JceKEMRecipient	setMustProduceEncodableUnwrappedKey(boolean unwrappedKeyMustBeEncodable) Flag that unwrapping must produce a key that will return a meaningful value from a call to Key.getEncoded().
JceKEMRecipient	setProvider(java.security.Provider provider) Set the provider to use for key recovery and content processing.
JceKEMRecipient	setProvider(java.lang.String providerName) Set the provider to use for key recovery and content processing.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.bouncycastle.cms.KEMRecipient

getRecipientOperator

Field Detail

helper

protected EnvelopedDataHelper helper

contentHelper

protected EnvelopedDataHelper contentHelper

extraMappings

protected java.util.Map extraMappings

validateKeySize

protected boolean validateKeySize

unwrappedKeyMustBeEncodable

protected boolean unwrappedKeyMustBeEncodable

Constructor Detail

JceKEMRecipient

public JceKEMRecipient(java.security.PrivateKey recipientKey)

Method Detail

setProvider

public JceKEMRecipient setProvider(java.security.Provider provider)

Set the provider to use for key recovery and content processing.

Parameters:

provider - provider to use.

Returns:

this recipient.

setProvider

public JceKEMRecipient setProvider(java.lang.String providerName)

Set the provider to use for key recovery and content processing.

Parameters:

providerName - the name of the provider to use.

Returns:

this recipient.

setAlgorithmMapping

public JceKEMRecipient setAlgorithmMapping(org.bouncycastle.asn1.ASN1ObjectIdentifier algorithm,
                                           java.lang.String algorithmName)

Internally algorithm ids are converted into cipher names using a lookup table. For some providers the standard lookup table won't work. Use this method to establish a specific mapping from an algorithm identifier to a specific algorithm.

For example: unwrapper.setAlgorithmMapping(PKCSObjectIdentifiers.rsaEncryption, "RSA");

Parameters:

algorithm - OID of algorithm in recipient.

algorithmName - JCE algorithm name to use.

Returns:

the current Recipient.

setContentProvider

public JceKEMRecipient setContentProvider(java.security.Provider provider)

Set the provider to use for content processing. If providerName is null a "no provider" search will be used to satisfy getInstance calls.

Parameters:

provider - the provider to use.

Returns:

this recipient.

setMustProduceEncodableUnwrappedKey

public JceKEMRecipient setMustProduceEncodableUnwrappedKey(boolean unwrappedKeyMustBeEncodable)

Flag that unwrapping must produce a key that will return a meaningful value from a call to Key.getEncoded(). This is important if you are using a HSM for unwrapping and using a software based provider for decrypting the content. Default value: false.

Parameters:

unwrappedKeyMustBeEncodable - true if getEncoded() should return key bytes, false if not necessary.

Returns:

this recipient.

setContentProvider

public JceKEMRecipient setContentProvider(java.lang.String providerName)

Set the provider to use for content processing. If providerName is null a "no provider" search will be used to satisfy getInstance calls.

Parameters:

providerName - the name of the provider to use.

Returns:

this recipient.

setKeySizeValidation

public JceKEMRecipient setKeySizeValidation(boolean doValidate)

Set validation of retrieved key sizes against the algorithm parameters for the encrypted key where possible - default is off.

This setting will not have any affect if the encryption algorithm in the recipient does not specify a particular key size, or if the unwrapper is a HSM and the byte encoding of the unwrapped secret key is not available.

Parameters:

doValidate - true if unwrapped key's should be validated against the content encryption algorithm, false otherwise.

Returns:

this recipient.

extractSecretKey

protected java.security.Key extractSecretKey(org.bouncycastle.asn1.x509.AlgorithmIdentifier keyEncryptionAlgorithm,
                                             org.bouncycastle.asn1.x509.AlgorithmIdentifier encryptedKeyAlgorithm,
                                             byte[] encryptedEncryptionKey)
                                      throws CMSException