org.bouncycastle.cms.KeyAgreeRecipientInfoGenerator Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of bcpkix-jdk15to18 Show documentation
Show all versions of bcpkix-jdk15to18 Show documentation
The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.
package org.bouncycastle.cms;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.cms.KeyAgreeRecipientInfo;
import org.bouncycastle.asn1.cms.OriginatorIdentifierOrKey;
import org.bouncycastle.asn1.cms.OriginatorPublicKey;
import org.bouncycastle.asn1.cms.RecipientInfo;
import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
import org.bouncycastle.asn1.cryptopro.Gost2814789KeyWrapParameters;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.operator.GenericKey;
public abstract class KeyAgreeRecipientInfoGenerator
implements RecipientInfoGenerator
{
private ASN1ObjectIdentifier keyAgreementOID;
private ASN1ObjectIdentifier keyEncryptionOID;
private SubjectPublicKeyInfo originatorKeyInfo;
protected KeyAgreeRecipientInfoGenerator(ASN1ObjectIdentifier keyAgreementOID, SubjectPublicKeyInfo originatorKeyInfo, ASN1ObjectIdentifier keyEncryptionOID)
{
this.originatorKeyInfo = originatorKeyInfo;
this.keyAgreementOID = keyAgreementOID;
this.keyEncryptionOID = keyEncryptionOID;
}
public RecipientInfo generate(GenericKey contentEncryptionKey)
throws CMSException
{
OriginatorIdentifierOrKey originator = new OriginatorIdentifierOrKey(
createOriginatorPublicKey(originatorKeyInfo));
AlgorithmIdentifier keyEncAlg;
if (CMSUtils.isDES(keyEncryptionOID.getId()) || keyEncryptionOID.equals(PKCSObjectIdentifiers.id_alg_CMSRC2wrap))
{
keyEncAlg = new AlgorithmIdentifier(keyEncryptionOID, DERNull.INSTANCE);
}
else if (CMSUtils.isGOST(keyAgreementOID))
{
keyEncAlg = new AlgorithmIdentifier(keyEncryptionOID, new Gost2814789KeyWrapParameters(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_A_ParamSet));
}
else
{
keyEncAlg = new AlgorithmIdentifier(keyEncryptionOID);
}
AlgorithmIdentifier keyAgreeAlg = new AlgorithmIdentifier(keyAgreementOID, keyEncAlg);
ASN1Sequence recipients = generateRecipientEncryptedKeys(keyAgreeAlg, keyEncAlg, contentEncryptionKey);
byte[] userKeyingMaterial = getUserKeyingMaterial(keyAgreeAlg);
if (userKeyingMaterial != null)
{
return new RecipientInfo(new KeyAgreeRecipientInfo(originator, new DEROctetString(userKeyingMaterial),
keyAgreeAlg, recipients));
}
else
{
return new RecipientInfo(new KeyAgreeRecipientInfo(originator, null, keyAgreeAlg, recipients));
}
}
protected OriginatorPublicKey createOriginatorPublicKey(SubjectPublicKeyInfo originatorKeyInfo)
{
return new OriginatorPublicKey(
originatorKeyInfo.getAlgorithm(),
originatorKeyInfo.getPublicKeyData().getBytes());
}
protected abstract ASN1Sequence generateRecipientEncryptedKeys(AlgorithmIdentifier keyAgreeAlgorithm, AlgorithmIdentifier keyEncAlgorithm, GenericKey contentEncryptionKey)
throws CMSException;
protected abstract byte[] getUserKeyingMaterial(AlgorithmIdentifier keyAgreeAlgorithm)
throws CMSException;
}