Field Detail

• helper

  protected EnvelopedDataHelper helper

• contentHelper

  protected EnvelopedDataHelper contentHelper

• extraMappings

  protected java.util.Map extraMappings

• validateKeySize

  protected boolean validateKeySize

• unwrappedKeyMustBeEncodable

  protected boolean unwrappedKeyMustBeEncodable

Constructor Detail

• JceKeyTransRecipient

  public JceKeyTransRecipient​(java.security.PrivateKey recipientKey)

Method Detail

• setProvider

  public JceKeyTransRecipient setProvider​(java.security.Provider provider)

  Set the provider to use for key recovery and content processing.

  Parameters:

  provider - provider to use.

  Returns:

  this recipient.

• setProvider

  public JceKeyTransRecipient setProvider​(java.lang.String providerName)

  Set the provider to use for key recovery and content processing.

  Parameters:

  providerName - the name of the provider to use.

  Returns:

  this recipient.

• setAlgorithmMapping

  public JceKeyTransRecipient setAlgorithmMapping​(org.bouncycastle.asn1.ASN1ObjectIdentifier algorithm,
                                                  java.lang.String algorithmName)

  Internally algorithm ids are converted into cipher names using a lookup table. For some providers the standard lookup table won't work. Use this method to establish a specific mapping from an algorithm identifier to a specific algorithm.

  For example:

       unwrapper.setAlgorithmMapping(PKCSObjectIdentifiers.rsaEncryption, "RSA");
   

  Parameters:

  algorithm - OID of algorithm in recipient.

  algorithmName - JCE algorithm name to use.

  Returns:

  the current Recipient.

• setContentProvider

  public JceKeyTransRecipient setContentProvider​(java.security.Provider provider)

  Set the provider to use for content processing. If providerName is null a "no provider" search will be used to satisfy getInstance calls.

  Parameters:

  provider - the provider to use.

  Returns:

  this recipient.

• setMustProduceEncodableUnwrappedKey

  public JceKeyTransRecipient setMustProduceEncodableUnwrappedKey​(boolean unwrappedKeyMustBeEncodable)

  Flag that unwrapping must produce a key that will return a meaningful value from a call to Key.getEncoded(). This is important if you are using a HSM for unwrapping and using a software based provider for decrypting the content. Default value: false.

  Parameters:

  unwrappedKeyMustBeEncodable - true if getEncoded() should return key bytes, false if not necessary.

  Returns:

  this recipient.

• setContentProvider

  public JceKeyTransRecipient setContentProvider​(java.lang.String providerName)

  Set the provider to use for content processing. If providerName is null a "no provider" search will be used to satisfy getInstance calls.

  Parameters:

  providerName - the name of the provider to use.

  Returns:

  this recipient.

• setKeySizeValidation

  public JceKeyTransRecipient setKeySizeValidation​(boolean doValidate)

  Set validation of retrieved key sizes against the algorithm parameters for the encrypted key where possible - default is off.

  This setting will not have any affect if the encryption algorithm in the recipient does not specify a particular key size, or if the unwrapper is a HSM and the byte encoding of the unwrapped secret key is not available.

  Parameters:

  doValidate - true if unwrapped key's should be validated against the content encryption algorithm, false otherwise.

  Returns:

  this recipient.

• extractSecretKey

  protected java.security.Key extractSecretKey​(org.bouncycastle.asn1.x509.AlgorithmIdentifier keyEncryptionAlgorithm,
                                               org.bouncycastle.asn1.x509.AlgorithmIdentifier encryptedKeyAlgorithm,
                                               byte[] encryptedEncryptionKey)
                                        throws CMSException

  Throws:

  CMSException