Package org.bouncycastle.cms.jcajce

Class JceKTSKeyTransRecipient

    • Field Detail

      • extraMappings

        protected java.util.Map extraMappings

      • validateKeySize

        protected boolean validateKeySize

      • unwrappedKeyMustBeEncodable

        protected boolean unwrappedKeyMustBeEncodable

    • Constructor Detail

      • JceKTSKeyTransRecipient

        public JceKTSKeyTransRecipient​(java.security.PrivateKey recipientKey,
                               byte[] partyVInfo)

    • Method Detail

      • setProvider

        public JceKTSKeyTransRecipient setProvider​(java.security.Provider provider)
        Set the provider to use for key recovery and content processing.
        Parameters:
        provider - provider to use.
        Returns:
        this recipient.

      • setProvider

        public JceKTSKeyTransRecipient setProvider​(java.lang.String providerName)
        Set the provider to use for key recovery and content processing.
        Parameters:
        providerName - the name of the provider to use.
        Returns:
        this recipient.

      • setAlgorithmMapping

        public JceKTSKeyTransRecipient setAlgorithmMapping​(org.bouncycastle.asn1.ASN1ObjectIdentifier algorithm,
                                                   java.lang.String algorithmName)
        Internally algorithm ids are converted into cipher names using a lookup table. For some providers the standard lookup table won't work. Use this method to establish a specific mapping from an algorithm identifier to a specific algorithm.

        For example: 

             unwrapper.setAlgorithmMapping(PKCSObjectIdentifiers.rsaEncryption, "RSA");
        Parameters:
        algorithm - OID of algorithm in recipient.
        algorithmName - JCE algorithm name to use.
        Returns:
        the current Recipient.

      • setContentProvider

        public JceKTSKeyTransRecipient setContentProvider​(java.security.Provider provider)
        Set the provider to use for content processing. If providerName is null a "no provider" search will be used to satisfy getInstance calls.
        Parameters:
        provider - the provider to use.
        Returns:
        this recipient.

      • setContentProvider

        public JceKTSKeyTransRecipient setContentProvider​(java.lang.String providerName)
        Set the provider to use for content processing. If providerName is null a "no provider" search will be used to satisfy getInstance calls.
        Parameters:
        providerName - the name of the provider to use.
        Returns:
        this recipient.

      • setKeySizeValidation

        public JceKTSKeyTransRecipient setKeySizeValidation​(boolean doValidate)
        Set validation of retrieved key sizes against the algorithm parameters for the encrypted key where possible - default is off.

        This setting will not have any affect if the encryption algorithm in the recipient does not specify a particular key size, or if the unwrapper is a HSM and the byte encoding of the unwrapped secret key is not available.

        Parameters:
        doValidate - true if unwrapped key's should be validated against the content encryption algorithm, false otherwise.
        Returns:
        this recipient.

      • extractSecretKey

        protected java.security.Key extractSecretKey​(org.bouncycastle.asn1.x509.AlgorithmIdentifier keyEncryptionAlgorithm,
                                             org.bouncycastle.asn1.x509.AlgorithmIdentifier encryptedKeyAlgorithm,
                                             byte[] encryptedEncryptionKey)
                                      throws CMSException
        Throws:
        CMSException

      • getPartyVInfoFromRID

        protected static byte[] getPartyVInfoFromRID​(KeyTransRecipientId recipientId)
                                      throws java.io.IOException
        Throws:
        java.io.IOException