Class ExtendedSignerProvider
java.lang.Object
org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignerProviderImpl
se.swedenconnect.opensaml.xmlsec.signature.support.provider.ExtendedSignerProvider
- All Implemented Interfaces:
org.opensaml.xmlsec.signature.support.SignerProvider
public class ExtendedSignerProvider
extends org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignerProviderImpl
The Sun PKCS#11 crypto provider does not have support for PSS padding which makes HSM RSA-PSS signing impossible
using the standard OpenSAML signer provider (
ApacheSantuarioSignerProviderImpl
). Therefore, the
ExtendedSignerProvider
overrides ApacheSantuarioSignerProviderImpl
with functionality that performs
the PSS padding in software and only the raw RSA encryption operation is done in the HSM. This enables RSA-PSS
signing with RSA keys in HSM even when RSA-PSS is not supported by the PKCS#11 API.- Author:
- Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)
- See Also:
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
signObject
(org.opensaml.xmlsec.signature.Signature signature) Tests if the signing key is a SUN PKCS#11 key and the signing algorithm is RSA-PSS.
-
Constructor Details
-
ExtendedSignerProvider
public ExtendedSignerProvider()Default constructor.
-
-
Method Details
-
signObject
public void signObject(@Nonnull org.opensaml.xmlsec.signature.Signature signature) throws org.opensaml.xmlsec.signature.support.SignatureException Tests if the signing key is a SUN PKCS#11 key and the signing algorithm is RSA-PSS. If this is the case, then PSS padding is performed in software and only the raw RSA encryption operation is done in the HSM. This enables RSA-PSS signing with RSA keys in HSM even when RSA-PSS is not supported by the PKCS#11 API.- Specified by:
signObject
in interfaceorg.opensaml.xmlsec.signature.support.SignerProvider
- Overrides:
signObject
in classorg.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignerProviderImpl
- Throws:
org.opensaml.xmlsec.signature.support.SignatureException
-