Package org.bouncycastle.cms.jcajce

Class JceKeyTransRecipient

java.lang.Object

org.bouncycastle.cms.jcajce.JceKeyTransRecipient

All Implemented Interfaces:

KeyTransRecipient, Recipient

Direct Known Subclasses:

JceKeyTransAuthenticatedRecipient, JceKeyTransAuthEnvelopedRecipient, JceKeyTransEnvelopedRecipient

public abstract class JceKeyTransRecipient
extends Object
implements KeyTransRecipient

Field Summary

Fields

Modifier and Type	Field	Description
protected EnvelopedDataHelper	contentHelper
protected Map	extraMappings
protected EnvelopedDataHelper	helper
protected boolean	unwrappedKeyMustBeEncodable
protected boolean	validateKeySize

Constructor Summary

Constructors

Constructor	Description
JceKeyTransRecipient(PrivateKey recipientKey)

Method Summary

Modifier and Type	Method	Description
protected Key	extractSecretKey(org.bouncycastle.asn1.x509.AlgorithmIdentifier keyEncryptionAlgorithm, org.bouncycastle.asn1.x509.AlgorithmIdentifier encryptedKeyAlgorithm, byte[] encryptedEncryptionKey)
JceKeyTransRecipient	setAlgorithmMapping(org.bouncycastle.asn1.ASN1ObjectIdentifier algorithm, String algorithmName)	Internally algorithm ids are converted into cipher names using a lookup table.
JceKeyTransRecipient	setContentProvider(String providerName)	Set the provider to use for content processing.
JceKeyTransRecipient	setContentProvider(Provider provider)	Set the provider to use for content processing.
JceKeyTransRecipient	setKeySizeValidation(boolean doValidate)	Set validation of retrieved key sizes against the algorithm parameters for the encrypted key where possible - default is off.
JceKeyTransRecipient	setMustProduceEncodableUnwrappedKey(boolean unwrappedKeyMustBeEncodable)	Flag that unwrapping must produce a key that will return a meaningful value from a call to Key.getEncoded().
JceKeyTransRecipient	setProvider(String providerName)	Set the provider to use for key recovery and content processing.
JceKeyTransRecipient	setProvider(Provider provider)	Set the provider to use for key recovery and content processing.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.bouncycastle.cms.KeyTransRecipient

getRecipientOperator

Field Details

helper

protected EnvelopedDataHelper helper

contentHelper

protected EnvelopedDataHelper contentHelper

extraMappings

protected Map extraMappings

validateKeySize

protected boolean validateKeySize

unwrappedKeyMustBeEncodable

protected boolean unwrappedKeyMustBeEncodable

Constructor Details

JceKeyTransRecipient

public JceKeyTransRecipient(PrivateKey recipientKey)

Method Details

setProvider

public JceKeyTransRecipient setProvider(Provider provider)

Set the provider to use for key recovery and content processing.

Parameters:

provider - provider to use.

Returns:

this recipient.

setProvider

public JceKeyTransRecipient setProvider(String providerName)

Set the provider to use for key recovery and content processing.

Parameters:

providerName - the name of the provider to use.

Returns:

this recipient.

setAlgorithmMapping

public JceKeyTransRecipient setAlgorithmMapping(org.bouncycastle.asn1.ASN1ObjectIdentifier algorithm,
 String algorithmName)

Internally algorithm ids are converted into cipher names using a lookup table. For some providers the standard lookup table won't work. Use this method to establish a specific mapping from an algorithm identifier to a specific algorithm.

For example:

     unwrapper.setAlgorithmMapping(PKCSObjectIdentifiers.rsaEncryption, "RSA");
 

Parameters:

algorithm - OID of algorithm in recipient.

algorithmName - JCE algorithm name to use.

Returns:

the current Recipient.

setContentProvider

public JceKeyTransRecipient setContentProvider(Provider provider)

Set the provider to use for content processing. If providerName is null a "no provider" search will be used to satisfy getInstance calls.

Parameters:

provider - the provider to use.

Returns:

this recipient.

setMustProduceEncodableUnwrappedKey

public JceKeyTransRecipient setMustProduceEncodableUnwrappedKey(boolean unwrappedKeyMustBeEncodable)

Flag that unwrapping must produce a key that will return a meaningful value from a call to Key.getEncoded(). This is important if you are using a HSM for unwrapping and using a software based provider for decrypting the content. Default value: false.

Parameters:

unwrappedKeyMustBeEncodable - true if getEncoded() should return key bytes, false if not necessary.

Returns:

this recipient.

setContentProvider

public JceKeyTransRecipient setContentProvider(String providerName)

Set the provider to use for content processing. If providerName is null a "no provider" search will be used to satisfy getInstance calls.

Parameters:

providerName - the name of the provider to use.

Returns:

this recipient.

setKeySizeValidation

public JceKeyTransRecipient setKeySizeValidation(boolean doValidate)

Set validation of retrieved key sizes against the algorithm parameters for the encrypted key where possible - default is off.

This setting will not have any affect if the encryption algorithm in the recipient does not specify a particular key size, or if the unwrapper is a HSM and the byte encoding of the unwrapped secret key is not available.

Parameters:

doValidate - true if unwrapped key's should be validated against the content encryption algorithm, false otherwise.

Returns:

this recipient.

extractSecretKey

protected Key extractSecretKey(org.bouncycastle.asn1.x509.AlgorithmIdentifier keyEncryptionAlgorithm,
 org.bouncycastle.asn1.x509.AlgorithmIdentifier encryptedKeyAlgorithm,
 byte[] encryptedEncryptionKey)
                        throws CMSException

Throws:

CMSException