Package net.jsign.jca
Class GoogleCloudSigningService
- java.lang.Object
-
- net.jsign.jca.GoogleCloudSigningService
-
- All Implemented Interfaces:
SigningService
public class GoogleCloudSigningService extends Object implements SigningService
Signing service using the Google Cloud Key Management API.The key alias can take one of the following forms:
- The absolute path of the key with the exact version specified: projects/first-rain-123/locations/global/keyRings/mykeyring/cryptoKeys/mykey/cryptoKeyVersions/2
- The absolute path of the key without the version specified, the first version enabled will be used: projects/first-rain-123/locations/global/keyRings/mykeyring/cryptoKeys/mykey
- The path of the key relatively to the keyring with the version specified: mykey/cryptoKeyVersions/2
- The path of the key relatively to the keyring without the version specified: mykey
When the version of the key is specified, it's also possible to append the algorithm of the key, this saves a round-trip and reduces the risk of hitting a read request limit when signing a large number of files: mykey/cryptoKeyVersions/2:ECDSA
- Since:
- 4.0
- See Also:
- Cloud Key Management Service (KMS) API
-
-
Constructor Summary
Constructors Constructor Description GoogleCloudSigningService(String keyring, String token, Function<String,Certificate[]> certificateStore)Creates a new Google Cloud signing service.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description List<String>aliases()Returns the certificate aliases available.Certificate[]getCertificateChain(String alias)Returns the certificate chain for the alias specified.StringgetName()Returns the name of the service.SigningServicePrivateKeygetPrivateKey(String alias)Returns the private key for the certificate alias specified.byte[]sign(SigningServicePrivateKey privateKey, String algorithm, byte[] data)Sign the data with the private key specified.
-
-
-
Constructor Detail
-
GoogleCloudSigningService
public GoogleCloudSigningService(String keyring, String token, Function<String,Certificate[]> certificateStore)
Creates a new Google Cloud signing service.- Parameters:
keyring- the path of the keyring (for example projects/first-rain-123/locations/global/keyRings/mykeyring)token- the Google Cloud API access tokencertificateStore- provides the certificate chain for the keys
-
-
Method Detail
-
getName
public String getName()
Description copied from interface:SigningServiceReturns the name of the service.- Specified by:
getNamein interfaceSigningService
-
aliases
public List<String> aliases() throws KeyStoreException
Description copied from interface:SigningServiceReturns the certificate aliases available.- Specified by:
aliasesin interfaceSigningService- Throws:
KeyStoreException
-
getCertificateChain
public Certificate[] getCertificateChain(String alias)
Description copied from interface:SigningServiceReturns the certificate chain for the alias specified.- Specified by:
getCertificateChainin interfaceSigningService- Parameters:
alias- the name of the certificate
-
getPrivateKey
public SigningServicePrivateKey getPrivateKey(String alias) throws UnrecoverableKeyException
Description copied from interface:SigningServiceReturns the private key for the certificate alias specified.- Specified by:
getPrivateKeyin interfaceSigningService- Parameters:
alias- the name of the certificate- Throws:
UnrecoverableKeyException
-
sign
public byte[] sign(SigningServicePrivateKey privateKey, String algorithm, byte[] data) throws GeneralSecurityException
Description copied from interface:SigningServiceSign the data with the private key specified.- Specified by:
signin interfaceSigningService- Parameters:
privateKey- the private keyalgorithm- the signing algorithm (for example SHA256withRSA)data- the data to be signed- Throws:
GeneralSecurityException
-
-