Add method for setting JCA Provider to JOSEProcessor or JWSVerifier/JWEDecrypterFactory
Instead of Security.addProvider
.
Comments (7)
-
-
Right now you can set explicit JCA providers at the level of the individual JWS/JWE crypto providers.
E.g.
RSAEncrypter enc = new RSAEncrypter(pubKey); enc.getJCAContext().setSecureRandom(myRandom); enc.getJCAContext().setKeyEncryptionProvider(myKekProvider); ...
Please, take a look at this interface and let me know if that works for you, because the idea is to provide the same interface (or similar) for the factory class. Note that these factory classes are for creating JWS verifiers / JWE decryptors.
-
- changed title to Add method for setting JCA Provider to JOSEProcessor or JWSVerifier/JWEDecrypterFactory
-
Yes I think that works, but keys/certificates in a HSM would mean the signs/verifiers would also need this.
Would it be easier to expose the JCAContect on the JOSEProvider interface?
-
- changed status to open
Finally got round to this :)
-
- changed status to resolved
Hi James,
Check out the latest 4.7 release, the factory interfaces are now
JCAAware
and implementJOSEProvider
:If you think things can be improved further, just let us know.
Vladimir
-
:-)
- Log in to comment
I can see in some cases the use of a HSM will be required, thus we need a way to push the crypto functionality to various providers.