Package se.digg.dgc.signatures.impl
Class DefaultDGCSigner
- java.lang.Object
-
- se.digg.dgc.signatures.impl.DefaultDGCSigner
-
-
Constructor Summary
Constructors Constructor Description DefaultDGCSigner(PrivateKey signerKey, X509Certificate signerCertificate)Constructor.DefaultDGCSigner(PkiCredential signerCredential)Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description StringgetSignerCountry()Gets the ISO-3166 country code of the signer (issuer).InstantgetSignerExpiration()Gets the point in time when this signer's certificate expires.voidsetAlgorithmIdentifier(SignatureAlgorithm algorithmIdentifier)Assigns the algorithm to use.voidsetIncludeCoseTag(boolean includeCoseTag)Whether to include the Cose_Sign1 message tag in the resulting encoding.voidsetIncludeCwtTag(boolean includeCwtTag)Sets whether to include the CWT message tag.voidsetSecurityProvider(Provider securityProvider)Assigns a specific Java Security Provider that should be used when signing.byte[]sign(byte[] dccPayload, Instant expiration)Creates a CWT including the CBOR encoded DCC payload and signs it.
-
-
-
Constructor Detail
-
DefaultDGCSigner
public DefaultDGCSigner(PrivateKey signerKey, X509Certificate signerCertificate) throws CertificateException
Constructor.- Parameters:
signerKey- the signer keysignerCertificate- the certificate holding the public key corresponding to the signer key- Throws:
CertificateException- for certificate decoding errors
-
DefaultDGCSigner
public DefaultDGCSigner(PkiCredential signerCredential) throws CertificateException
Constructor.- Parameters:
signerCredential- the signer credential- Throws:
CertificateException- for certificate decoding errors
-
-
Method Detail
-
sign
public byte[] sign(byte[] dccPayload, Instant expiration) throws SignatureExceptionCreates a CWT including the CBOR encoded DCC payload and signs it.Note: It is the caller's responsibility to ensure that the validity of the issued DCC does not exceed the validity of the signer's certificate (see
DGCSigner.getSignerExpiration()).- Specified by:
signin interfaceDGCSigner- Parameters:
dccPayload- the CBOR encoding of the DCC payloadexpiration- the expiration time for the DCC- Returns:
- the CBOR encoding of the signed CWT holding the DCC payload
- Throws:
SignatureException- for signature errors
-
getSignerExpiration
public Instant getSignerExpiration()
Gets the point in time when this signer's certificate expires. For maximum interoperability, the validity of a DCC should not stretch beyond this time.- Specified by:
getSignerExpirationin interfaceDGCSigner- Returns:
- the signer certificate expiration time
-
getSignerCountry
public String getSignerCountry()
Gets the ISO-3166 country code of the signer (issuer).- Specified by:
getSignerCountryin interfaceDGCSigner- Returns:
- the country code of the signer
-
setAlgorithmIdentifier
public void setAlgorithmIdentifier(SignatureAlgorithm algorithmIdentifier)
Assigns the algorithm to use.SignatureAlgorithm.ES256is the default for EC keys andSignatureAlgorithm.PS256is the default for RSA keys.- Parameters:
algorithmIdentifier- the algorithm to use
-
setSecurityProvider
public void setSecurityProvider(Provider securityProvider)
Assigns a specific Java Security Provider that should be used when signing. If not assigned, a default provider will be used.- Parameters:
securityProvider- the security provider
-
setIncludeCoseTag
public void setIncludeCoseTag(boolean includeCoseTag)
Whether to include the Cose_Sign1 message tag in the resulting encoding. The default istrue.See RFC8152.
- Parameters:
includeCoseTag- whether to include the Cose_Sign1 message tag
-
setIncludeCwtTag
public void setIncludeCwtTag(boolean includeCwtTag)
Sets whether to include the CWT message tag. The default isfalse.See section 6, or RFC8392.
- Parameters:
includeCwtTag- whether to include the CWT message tag
-
-