Class ExtendedSignerProvider
java.lang.Object
org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignerProviderImpl
se.swedenconnect.opensaml.xmlsec.signature.support.provider.ExtendedSignerProvider
- All Implemented Interfaces:
SignerProvider
The Sun PKCS#11 crypto provider does not have support for PSS padding which makes HSM RSA-PSS signing impossible
using the standard OpenSAML signer provider (
ApacheSantuarioSignerProviderImpl). Therefore, the
ExtendedSignerProvider overrides ApacheSantuarioSignerProviderImpl with functionality that performs
the PSS padding in software and only the raw RSA encryption operation is done in the HSM. This enables RSA-PSS
signing with RSA keys in HSM even when RSA-PSS is not supported by the PKCS#11 API.- Author:
- Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)
- See Also:
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidsignObject(Signature signature) Tests if the signing key is a SUN PKCS#11 key and the signing algorithm is RSA-PSS.
-
Constructor Details
-
ExtendedSignerProvider
public ExtendedSignerProvider()Default constructor.
-
-
Method Details
-
signObject
Tests if the signing key is a SUN PKCS#11 key and the signing algorithm is RSA-PSS. If this is the case, then PSS padding is performed in software and only the raw RSA encryption operation is done in the HSM. This enables RSA-PSS signing with RSA keys in HSM even when RSA-PSS is not supported by the PKCS#11 API.- Specified by:
signObjectin interfaceSignerProvider- Overrides:
signObjectin classApacheSantuarioSignerProviderImpl- Throws:
SignatureException
-