org.nhindirect.stagent.cryptography.activekeyops

Class SplitProviderDirectSignedDataGenerator

java.lang.Object

org.bouncycastle.cms.CMSSignedGenerator

org.bouncycastle.cms.CMSSignedDataGenerator

org.nhindirect.stagent.cryptography.activekeyops.SplitProviderDirectSignedDataGenerator

All Implemented Interfaces:

DirectSignedDataGenerator

public class SplitProviderDirectSignedDataGenerator
extends org.bouncycastle.cms.CMSSignedDataGenerator
implements DirectSignedDataGenerator

An implementation that of the DirectSignedDataGenerator interface that allows for an optimized set of signing operations. Unlike the BouncyCastle library which performs both the calculation of the message digest and the signing of the message digiest using only one JCE provider, this implementation allows the two different operations to be split across different JCE providers. This is optimal in situations where asymmetric private key information MUST be protected by a PKCS11 token. If the sigProvider is set to the JCE provider of a PKCS11 token and the digestProvider is set to an in process JCE provider, this allows for the signing operations to be performed on the token but for the digest calculation to be performed in process. This minimizes the amount of information that needs to be sent to the PKCS11 token.

Since:

2.1

Author:

Greg Meyer

Field Summary

Fields inherited from class org.bouncycastle.cms.CMSSignedGenerator

DATA, DIGEST_GOST3411, DIGEST_MD5, DIGEST_RIPEMD128, DIGEST_RIPEMD160, DIGEST_RIPEMD256, DIGEST_SHA1, DIGEST_SHA224, DIGEST_SHA256, DIGEST_SHA384, DIGEST_SHA512, ENCRYPTION_DSA, ENCRYPTION_ECDSA, ENCRYPTION_ECGOST3410, ENCRYPTION_GOST3410, ENCRYPTION_RSA, ENCRYPTION_RSA_PSS

Constructor Summary

Constructors

Constructor and Description
SplitProviderDirectSignedDataGenerator(String sigProvider, String digestProvider) Constructor

Method Summary

Methods

Modifier and Type	Method and Description
void	addSigner(PrivateKey key, X509Certificate cert, String digestOID, org.bouncycastle.asn1.cms.AttributeTable signedAttr, org.bouncycastle.asn1.cms.AttributeTable unsignedAttr) Adds a message signer to the message.
org.bouncycastle.cms.CMSSignedData	generate(org.bouncycastle.cms.CMSProcessable content) Generates a CMSSignedData object that represents the content's digital signature.
org.bouncycastle.cms.CMSSignedData	generate(String signedContentType, org.bouncycastle.cms.CMSProcessable content, boolean encapsulate, String sigProvider, boolean addDefaultAttributes)

Methods inherited from class org.bouncycastle.cms.CMSSignedDataGenerator

addSigner, addSigner, generate, generate, generate, generateCounterSigners

Methods inherited from class org.bouncycastle.cms.CMSSignedGenerator

addAttributeCertificates, addCertificatesAndCRLs, addSigners, getGeneratedDigests

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.nhindirect.stagent.cryptography.activekeyops.DirectSignedDataGenerator

addCertificatesAndCRLs

Constructor Detail

SplitProviderDirectSignedDataGenerator

public SplitProviderDirectSignedDataGenerator(String sigProvider,
                                      String digestProvider)

Constructor

Parameters:

sigProvider - The name of the JCE provider used to perform the signing operation. If this is null or empty, the CryptoExtensions.getJCESensitiveProviderName() value will be used.

digestProvider - The name of the JCE provider used to perform the digest operation. If this is null or empty, the CryptoExtensions.getJCEProviderName() value will be used.

Method Detail

generate

public org.bouncycastle.cms.CMSSignedData generate(org.bouncycastle.cms.CMSProcessable content)
                                            throws NoSuchAlgorithmException,
                                                   NoSuchProviderException,
                                                   org.bouncycastle.cms.CMSException

Generates a CMSSignedData object that represents the content's digital signature.

Specified by:

generate in interface DirectSignedDataGenerator

Parameters:

content - The content to be signed.

Returns:

A CMSSignedData object that represents the content's digital signature.

Throws:

NoSuchAlgorithmException

NoSuchProviderException

org.bouncycastle.cms.CMSException

addSigner

public void addSigner(PrivateKey key,
             X509Certificate cert,
             String digestOID,
             org.bouncycastle.asn1.cms.AttributeTable signedAttr,
             org.bouncycastle.asn1.cms.AttributeTable unsignedAttr)
               throws IllegalArgumentException

Adds a message signer to the message.

Specified by:

addSigner in interface DirectSignedDataGenerator

Overrides:

addSigner in class org.bouncycastle.cms.CMSSignedDataGenerator

Parameters:

key - The private key used to digitally sign the message.

cert - The X.509 certificate whose public key matches up with the private key.

digestOID - The digest algorithm used to generate the message hash.

signedAttr - Signed attributes

unsignedAttr - Unsigned attributes.

Throws:

IllegalArgumentException

generate

public org.bouncycastle.cms.CMSSignedData generate(String signedContentType,
                                          org.bouncycastle.cms.CMSProcessable content,
                                          boolean encapsulate,
                                          String sigProvider,
                                          boolean addDefaultAttributes)
                                            throws NoSuchAlgorithmException,
                                                   NoSuchProviderException,
                                                   org.bouncycastle.cms.CMSException

Overrides:

generate in class org.bouncycastle.cms.CMSSignedDataGenerator

Throws:

NoSuchAlgorithmException

NoSuchProviderException

org.bouncycastle.cms.CMSException