org.bouncycastle.cms.jcajce
Class JceKTSKeyTransRecipient
java.lang.Object
|
+--org.bouncycastle.cms.jcajce.JceKTSKeyTransRecipient
- All Implemented Interfaces:
- KeyTransRecipient, Recipient
- Direct Known Subclasses:
- JceKTSKeyTransAuthenticatedRecipient, JceKTSKeyTransEnvelopedRecipient
- public abstract class JceKTSKeyTransRecipient
- extends java.lang.Object
- implements KeyTransRecipient
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
helper
protected EnvelopedDataHelper helper
contentHelper
protected EnvelopedDataHelper contentHelper
extraMappings
protected java.util.Map extraMappings
validateKeySize
protected boolean validateKeySize
unwrappedKeyMustBeEncodable
protected boolean unwrappedKeyMustBeEncodable
JceKTSKeyTransRecipient
public JceKTSKeyTransRecipient(java.security.PrivateKey recipientKey,
byte[] partyVInfo)
setProvider
public JceKTSKeyTransRecipient setProvider(java.security.Provider provider)
- Set the provider to use for key recovery and content processing.
- Parameters:
provider - provider to use.- Returns:
- this recipient.
setProvider
public JceKTSKeyTransRecipient setProvider(java.lang.String providerName)
- Set the provider to use for key recovery and content processing.
- Parameters:
providerName - the name of the provider to use.- Returns:
- this recipient.
setAlgorithmMapping
public JceKTSKeyTransRecipient setAlgorithmMapping(org.bouncycastle.asn1.ASN1ObjectIdentifier algorithm,
java.lang.String algorithmName)
- Internally algorithm ids are converted into cipher names using a lookup table. For some providers
the standard lookup table won't work. Use this method to establish a specific mapping from an
algorithm identifier to a specific algorithm.
For example:
unwrapper.setAlgorithmMapping(PKCSObjectIdentifiers.rsaEncryption, "RSA");
- Parameters:
algorithm - OID of algorithm in recipient.algorithmName - JCE algorithm name to use.- Returns:
- the current Recipient.
setContentProvider
public JceKTSKeyTransRecipient setContentProvider(java.security.Provider provider)
- Set the provider to use for content processing. If providerName is null a "no provider" search will be
used to satisfy getInstance calls.
- Parameters:
provider - the provider to use.- Returns:
- this recipient.
setContentProvider
public JceKTSKeyTransRecipient setContentProvider(java.lang.String providerName)
- Set the provider to use for content processing. If providerName is null a "no provider" search will be
used to satisfy getInstance calls.
- Parameters:
providerName - the name of the provider to use.- Returns:
- this recipient.
setKeySizeValidation
public JceKTSKeyTransRecipient setKeySizeValidation(boolean doValidate)
- Set validation of retrieved key sizes against the algorithm parameters for the encrypted key where possible - default is off.
This setting will not have any affect if the encryption algorithm in the recipient does not specify a particular key size, or
if the unwrapper is a HSM and the byte encoding of the unwrapped secret key is not available.
- Parameters:
doValidate - true if unwrapped key's should be validated against the content encryption algorithm, false otherwise.- Returns:
- this recipient.
extractSecretKey
protected java.security.Key extractSecretKey(org.bouncycastle.asn1.x509.AlgorithmIdentifier keyEncryptionAlgorithm,
org.bouncycastle.asn1.x509.AlgorithmIdentifier encryptedKeyAlgorithm,
byte[] encryptedEncryptionKey)
throws CMSException
getPartyVInfoFromRID
protected static byte[] getPartyVInfoFromRID(KeyTransRecipientId recipientId)
throws java.io.IOException