Package org.bouncycastle.cms.jcajce
Class JceKeyTransRecipient
- java.lang.Object
-
- org.bouncycastle.cms.jcajce.JceKeyTransRecipient
-
- All Implemented Interfaces:
KeyTransRecipient,Recipient
- Direct Known Subclasses:
JceKeyTransAuthenticatedRecipient,JceKeyTransAuthEnvelopedRecipient,JceKeyTransEnvelopedRecipient
public abstract class JceKeyTransRecipient extends java.lang.Object implements KeyTransRecipient
-
-
Field Summary
Fields Modifier and Type Field Description protected EnvelopedDataHelpercontentHelperprotected java.util.MapextraMappingsprotected EnvelopedDataHelperhelperprotected booleanunwrappedKeyMustBeEncodableprotected booleanvalidateKeySize
-
Constructor Summary
Constructors Constructor Description JceKeyTransRecipient(java.security.PrivateKey recipientKey)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected java.security.KeyextractSecretKey(org.bouncycastle.asn1.x509.AlgorithmIdentifier keyEncryptionAlgorithm, org.bouncycastle.asn1.x509.AlgorithmIdentifier encryptedKeyAlgorithm, byte[] encryptedEncryptionKey)JceKeyTransRecipientsetAlgorithmMapping(org.bouncycastle.asn1.ASN1ObjectIdentifier algorithm, java.lang.String algorithmName)Internally algorithm ids are converted into cipher names using a lookup table.JceKeyTransRecipientsetContentProvider(java.lang.String providerName)Set the provider to use for content processing.JceKeyTransRecipientsetContentProvider(java.security.Provider provider)Set the provider to use for content processing.JceKeyTransRecipientsetKeySizeValidation(boolean doValidate)Set validation of retrieved key sizes against the algorithm parameters for the encrypted key where possible - default is off.JceKeyTransRecipientsetMustProduceEncodableUnwrappedKey(boolean unwrappedKeyMustBeEncodable)Flag that unwrapping must produce a key that will return a meaningful value from a call to Key.getEncoded().JceKeyTransRecipientsetProvider(java.lang.String providerName)Set the provider to use for key recovery and content processing.JceKeyTransRecipientsetProvider(java.security.Provider provider)Set the provider to use for key recovery and content processing.-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.bouncycastle.cms.KeyTransRecipient
getRecipientOperator
-
-
-
-
Field Detail
-
helper
protected EnvelopedDataHelper helper
-
contentHelper
protected EnvelopedDataHelper contentHelper
-
extraMappings
protected java.util.Map extraMappings
-
validateKeySize
protected boolean validateKeySize
-
unwrappedKeyMustBeEncodable
protected boolean unwrappedKeyMustBeEncodable
-
-
Method Detail
-
setProvider
public JceKeyTransRecipient setProvider(java.security.Provider provider)
Set the provider to use for key recovery and content processing.- Parameters:
provider- provider to use.- Returns:
- this recipient.
-
setProvider
public JceKeyTransRecipient setProvider(java.lang.String providerName)
Set the provider to use for key recovery and content processing.- Parameters:
providerName- the name of the provider to use.- Returns:
- this recipient.
-
setAlgorithmMapping
public JceKeyTransRecipient setAlgorithmMapping(org.bouncycastle.asn1.ASN1ObjectIdentifier algorithm, java.lang.String algorithmName)
Internally algorithm ids are converted into cipher names using a lookup table. For some providers the standard lookup table won't work. Use this method to establish a specific mapping from an algorithm identifier to a specific algorithm.For example:
unwrapper.setAlgorithmMapping(PKCSObjectIdentifiers.rsaEncryption, "RSA");- Parameters:
algorithm- OID of algorithm in recipient.algorithmName- JCE algorithm name to use.- Returns:
- the current Recipient.
-
setContentProvider
public JceKeyTransRecipient setContentProvider(java.security.Provider provider)
Set the provider to use for content processing. If providerName is null a "no provider" search will be used to satisfy getInstance calls.- Parameters:
provider- the provider to use.- Returns:
- this recipient.
-
setMustProduceEncodableUnwrappedKey
public JceKeyTransRecipient setMustProduceEncodableUnwrappedKey(boolean unwrappedKeyMustBeEncodable)
Flag that unwrapping must produce a key that will return a meaningful value from a call to Key.getEncoded(). This is important if you are using a HSM for unwrapping and using a software based provider for decrypting the content. Default value: false.- Parameters:
unwrappedKeyMustBeEncodable- true if getEncoded() should return key bytes, false if not necessary.- Returns:
- this recipient.
-
setContentProvider
public JceKeyTransRecipient setContentProvider(java.lang.String providerName)
Set the provider to use for content processing. If providerName is null a "no provider" search will be used to satisfy getInstance calls.- Parameters:
providerName- the name of the provider to use.- Returns:
- this recipient.
-
setKeySizeValidation
public JceKeyTransRecipient setKeySizeValidation(boolean doValidate)
Set validation of retrieved key sizes against the algorithm parameters for the encrypted key where possible - default is off.This setting will not have any affect if the encryption algorithm in the recipient does not specify a particular key size, or if the unwrapper is a HSM and the byte encoding of the unwrapped secret key is not available.
- Parameters:
doValidate- true if unwrapped key's should be validated against the content encryption algorithm, false otherwise.- Returns:
- this recipient.
-
extractSecretKey
protected java.security.Key extractSecretKey(org.bouncycastle.asn1.x509.AlgorithmIdentifier keyEncryptionAlgorithm, org.bouncycastle.asn1.x509.AlgorithmIdentifier encryptedKeyAlgorithm, byte[] encryptedEncryptionKey) throws CMSException- Throws:
CMSException
-
-