iaik.cms
Class OtherRecipientInfoValue

java.lang.Object
  extended by iaik.cms.OtherRecipientInfoValue
All Implemented Interfaces:
ASN1Type
Direct Known Subclasses:
UnknownOtherRecipientInfoValue

public abstract class OtherRecipientInfoValue
extends java.lang.Object
implements ASN1Type

Super class of OtherRecipientInfo value implementations. Any class which implements some specific OtherRecipientInfo value must be derived from this class.

The Cryptographic Message Syntax (CMS) ( RFC 5652) specifies the OtherRecipientInfo type for allowing an application to "plug-in" RecipientInfo implementations of type other than KeyTransRecipientInfo, KeyAgreeRecipientInfo, KEKRecipientInfo, or PasswordRecipientInfo:

 RecipientInfo ::= CHOICE {
   ktri KeyTransRecipientInfo,
   kari [1] KeyAgreeRecipientInfo,
   kekri [2] KEKRecipientInfo,
   pwri [3] PasswordRecipientinfo,
   ori [4] OtherRecipientInfo }
 
The OtherRecipientInfo choice is defined as an SEQUENCE of two components:
 OtherRecipientInfo ::= SEQUENCE {
   oriType OBJECT IDENTIFIER,
   oriValue ANY DEFINED BY oriType }
 
The oriValue component can have any ASN.1 representation depending on the key management technique identified by the oriType id.

An application wishing to implement some particular OtherRecipientInfo value has to extend this class and register its implementation based on the corresponding ori type id, e.g.:

 public class MyOtherRecipientInfoValue extends OtherRecipientInfoValue {
 ...
 // the ori type id:
   public static final ObjectID type = ...;
 ...
 }
 ...
 // register the implementation:
 OtherRecipientInfo.register(MyOtherRecipientInfoValue.type, MyOtherRecipientInfoValue.class);
 
OtherRecipientInfo values for which no implementation has been registered are treated as unknown ori values.

An OtherRecipientInfo value has to be wrapped into an OtherRecipientInfo before adding it to an, for instance, EnvelopedData object:

 MyOtherRecipientInfoValue oriValue = ...;
 OtherRecipientInfo ori = new OtherRecipientInfo(oriValue);
 envelopedData.addRecipientInfo(ori);
 

See Also:
RecipientInfo, OtherRecipientInfo, UnknownOtherRecipientInfoValue

Field Summary
protected  AlgorithmID keyEncryptionAlgorithm_
          The algorithm used for encrypting the content encryption key.
protected  SecurityProvider securityProvider_
          The SecurityProvider providing the required cryptographic engines.
 
Constructor Summary
OtherRecipientInfoValue()
           
 
Method Summary
abstract  javax.crypto.SecretKey decryptKey(java.security.Key key, KeyIdentifier recipientIdentifier, java.lang.String cekAlgName)
          Decrypts the encrypted content-encryption key this RecipientInfo holds for the given recipient.
abstract  void encryptKey(javax.crypto.SecretKey cek)
          Encrypts the given secret content encryption key for the recipient(s) this RecipientInfo represents.
abstract  byte[] getEncryptedKey(KeyIdentifier recipientIdentifier)
          Returns the encrypted content-encryption key for the recipient with the given keyIdentfier.
 AlgorithmID getKeyEncryptionAlgorithm()
          Returns the key-encryption algorithm used for encrypting the content-encryption key with the recipient public key.
 java.lang.String getName()
          Returns the OtherRecipientInfo type name.
abstract  KeyIdentifier[] getRecipientIdentifiers()
          Returns the key identifier(s) belonging to the recipient(s) of this RecipientInfo.
 SecurityProvider getSecurityProvider()
          Gets the SecurityProvider installed for this RecipientInfo.
abstract  ObjectID getType()
          Returns the type OID identifying the key management technique.
abstract  boolean isRecipientInfoFor(KeyIdentifier recipientIdentifier)
          Checks if this is a RecipientInfo for the recipient identified by the given key identifier.
abstract  CertificateIdentifier isRecipientInfoFor(X509Certificate recipientCertificate)
          Checks if this is a RecipientInfo for the given recipient certificate.
 void setSecurityProvider(SecurityProvider securityProvider)
          Sets the SecurityProvider for this RecipientInfo.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface iaik.asn1.ASN1Type
decode, toASN1Object
 

Field Detail

keyEncryptionAlgorithm_

protected AlgorithmID keyEncryptionAlgorithm_
The algorithm used for encrypting the content encryption key.


securityProvider_

protected SecurityProvider securityProvider_
The SecurityProvider providing the required cryptographic engines.

Constructor Detail

OtherRecipientInfoValue

public OtherRecipientInfoValue()
Method Detail

getType

public abstract ObjectID getType()
Returns the type OID identifying the key management technique.

Returns:
the type OID identifying the key management technique

getName

public java.lang.String getName()
Returns the OtherRecipientInfo type name.

Returns:
the name of the OtherRecipientInfo

encryptKey

public abstract void encryptKey(javax.crypto.SecretKey cek)
                         throws CMSException
Encrypts the given secret content encryption key for the recipient(s) this RecipientInfo represents.

Parameters:
cek - the symmetric content encryption key to encrypt
Throws:
CMSException - if the key encryption process fails for some reason (e.g. the key-encryption algortihm used by this RecipientInfo is not implemented, or the recipient key is invalid, ...)

decryptKey

public abstract javax.crypto.SecretKey decryptKey(java.security.Key key,
                                                  KeyIdentifier recipientIdentifier,
                                                  java.lang.String cekAlgName)
                                           throws CMSException,
                                                  java.security.InvalidKeyException
Decrypts the encrypted content-encryption key this RecipientInfo holds for the given recipient.

The recovered key is returned as SecretKey.

Parameters:
key - the recipient key used to decrypt the encrypted content-encryption key.
recipientIdentifier - information to be used for getting the right encrypted content encryption key for the right recipient
cekAlgName - the name of the content encryption key (e.g. "DES") to be set for the SecretKey object created by this method
Returns:
the recovered (decrypted) content encryption key as SecretKey in RAW format
Throws:
CMSException - if the key-decryption process fails for some reason (e.g. the key-encryption algorithm used by this RecipientInfo is not supported, a padding error occurs during decryption...
java.security.InvalidKeyException - if the specified private key is not valid

getEncryptedKey

public abstract byte[] getEncryptedKey(KeyIdentifier recipientIdentifier)
                                throws CMSException
Returns the encrypted content-encryption key for the recipient with the given keyIdentfier.

Parameters:
recipientIdentifier - information to be used for getting the right encrypted content encryption key for the right recipient; may be required if this RecipientInfo holds content encryption keys for more than one recipient (see KeyAgreeRecipientInfo)
Returns:
the encrypted content-encryption key for the recipient with the given key identifier
Throws:
CMSException - if no recipient with this key identifier is included

getRecipientIdentifiers

public abstract KeyIdentifier[] getRecipientIdentifiers()
Returns the key identifier(s) belonging to the recipient(s) of this RecipientInfo.

Returns:
the key identifier(s) belonging to the recipient(s) of this RecipientInfo

isRecipientInfoFor

public abstract boolean isRecipientInfoFor(KeyIdentifier recipientIdentifier)
Checks if this is a RecipientInfo for the recipient identified by the given key identifier.

Parameters:
recipientIdentifier - the key identifier belonging to the recipient we are searching for
Returns:
true if this RecipientInfo belongs to the particular recipient in mind, false if not

isRecipientInfoFor

public abstract CertificateIdentifier isRecipientInfoFor(X509Certificate recipientCertificate)
Checks if this is a RecipientInfo for the given recipient certificate.

Parameters:
recipientCertificate - the certificate of the recipient
Returns:
the CertificateIdentifier indicating that the recipient with the given certificate is the owner of this RecipientInfo, null if not

getKeyEncryptionAlgorithm

public AlgorithmID getKeyEncryptionAlgorithm()
Returns the key-encryption algorithm used for encrypting the content-encryption key with the recipient public key.

Returns:
the key-encryption AlgorithmID

setSecurityProvider

public void setSecurityProvider(SecurityProvider securityProvider)
Sets the SecurityProvider for this RecipientInfo.

This method allows to explicitly set a SecurityProvider for this RecipientInfo. If no explicit SecurityProvider is set, the default system wide installed SecurityProvider will be used for the required cryptographic operations.

Parameters:
securityProvider - the SecurityProvider to be set

getSecurityProvider

public SecurityProvider getSecurityProvider()
Gets the SecurityProvider installed for this RecipientInfo.

If no explicit SecurityProvider has been set for this object, the default system wide installed SecurityProvider will be used for the required cryptographic operations. However, this method will return null if it does not have its own SecurityProvider.

Returns:
the SecurityProvider explicitly installed for this object, or null if this object does not have its own SecurityProvider

This Javadoc may contain text parts from text parts from IETF Internet Standard specifications (see copyright note).

IAIK-CMS 5.1, (c) 2002 IAIK, (c) 2003 - 2010 SIC