Package org.webpki.cbor

Class CBORSigner<T extends CBORSigner<?>>

java.lang.Object

org.webpki.cbor.CBORSigner<T>

Direct Known Subclasses:

CBORAsymKeySigner, CBORHmacSigner, CBORX509Signer

public abstract class CBORSigner<T extends CBORSigner<?>>
extends Object

Base class for signing data.

This implementation supports signatures using CSF (CBOR Signature Format) packaging, while algorithms are derived from COSE.

Note that signer objects may be used any number of times (assuming that the same parameters are valid). They are also thread-safe.

See Also:

• CBORValidator

Method Summary

Modifier and Type	Method	Description
T	setCloneMode(boolean flag)	Set clone mode.
T	setIntercepter(CBORCryptoUtils.Intercepter intercepter)	Set optional Intercepter.
T	setKeyId(CBORObject keyId)	Set signature keyId.
T	setProvider(String provider)	Set cryptographic provider.
CBORObject	sign(CBORObject key, CBORMap mapToSign)	Sign CBOR object.

Methods inherited from class java.lang.Object

clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

setIntercepter

public T setIntercepter(CBORCryptoUtils.Intercepter intercepter)

Set optional Intercepter.

Parameters:

intercepter - An instance of Intercepter

Returns:

this of subclass

setKeyId

public T setKeyId(CBORObject keyId)

Set signature keyId. In the case the public key is not provided in the signature object, the signature key may be tied to an identifier known by the relying party. How such an identifier is used to retrieve the proper public key is up to a convention between the parties using a specific message scheme. A keyId may be a database index, a hash of the public key, a text string, or a URL pointing to a public key in PEM format.

For HMAC-signatures, a keyId or implicit key are the only ways to retrieve the proper secret key.

Note that a keyId argument of null is equivalent to the default (= no keyId).

Parameters:

keyId - Key Id or null

Returns:

this of subclass

setProvider

public T setProvider(String provider)

Set cryptographic provider.

Parameters:

provider - Name of provider like "BC"

Returns:

this of subclass

setCloneMode

public T setCloneMode(boolean flag)

Set clone mode.

By default the sign(CBORObject, CBORMap) method overwrites the input map object.

Parameters:

flag - If true input data will be cloned

Returns:

this of subclass

sign

public CBORObject sign(CBORObject key,
 CBORMap mapToSign)

Sign CBOR object.

Adds an enveloped CSF object (signature) to a CBOR map.

Also see setCloneMode(boolean).

Parameters:

key - Key holding the signature in the CBOR map to sign

mapToSign - CBOR map to be signed

Returns:

Signed object