Package org.webpki.cbor

Class CBORSigner

java.lang.Object

org.webpki.cbor.CBORSigner

Direct Known Subclasses:

CBORAsymKeySigner, CBORHmacSigner, CBORX509Signer

public abstract class CBORSigner
extends Object

Base class for signing data.

This implementation supports signatures using CSF (CBOR Signature Format) packaging, while algorithms are derived from COSE.

Note that signer objects may be used any number of times (assuming that the same parameters are valid). They are also thread-safe.

See Also:

• CBORValidator

Method Summary

Modifier and Type	Method	Description
CBORSigner	setCloneMode(boolean flag)	Sets clone mode.
CBORSigner	setIntercepter(CBORCryptoUtils.Intercepter intercepter)	Sets optional Intercepter.
CBORSigner	setKeyId(CBORObject keyId)	Sets signature keyId.
CBORSigner	setProvider(String provider)	Sets cryptographic provider.
CBORObject	sign(CBORObject key, CBORMap mapToSign)	Signs CBOR object.

Methods inherited from class java.lang.Object

clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

setIntercepter

public CBORSigner setIntercepter(CBORCryptoUtils.Intercepter intercepter)

Sets optional Intercepter.

Parameters:

intercepter - An instance of Intercepter

Returns:

this

setKeyId

public CBORSigner setKeyId(CBORObject keyId)

Sets signature keyId. In the case the public key is not provided in the signature object, the signature key may be tied to an identifier known by the relying party. How such an identifier is used to retrieve the proper public key is up to a convention between the parties using a specific message scheme. A keyId may be a database index, a hash of the public key, a text string, or a URL pointing to a public key in PEM format.

For HMAC-signatures, a keyId or implicit key are the only ways to retrieve the proper secret key.

Note that a keyId argument of null is equivalent to the default (= no keyId).

Parameters:

keyId - Key Id or null

Returns:

this

setProvider

public CBORSigner setProvider(String provider)

Sets cryptographic provider.

Parameters:

provider - Name of provider like "BC"

Returns:

CBORSigner

setCloneMode

public CBORSigner setCloneMode(boolean flag)

Sets clone mode.

By default the sign(CBORObject, CBORMap) method overwrites the input map object.

Parameters:

flag - If true input data will be cloned

Returns:

CBORSigner

sign

public CBORObject sign(CBORObject key,
 CBORMap mapToSign)

Signs CBOR object.

Adds an enveloped CSF object (signature) to a CBOR map.

Also see setCloneMode(boolean).

Parameters:

key - Key holding the signature in the CBOR map to sign

mapToSign - CBOR map to be signed

Returns:

Signed object