ccrypto-java 0.1.0 → 0.2.0

data/lib/ccrypto/java/engines/hkdf_engine.rb

@@ -7,45 +7,99 @@ module Ccrypto
       include DataConversion
       include TR::CondUtils
 
+      class HKDFEngineError < StandardError; end
+
+      class HKDFSupportedDigest
+        include InMemoryRecord
+        def initialize
+          #define_search_key(:algo)
+        end
+      end
+
+      def self.supported_hkdf_configs
+        if ENV[Java::ENV_PROBE_DIGEST_KEY] == "true"
+          @_supportedHkdf = HKDFSupportedDigest.new
+        else
+          @_supportedHkdf = HKDFSupportedDigest.load_from_storage("supported_hkdf")
+        end
+
+        if @_supportedHkdf.empty?
+          @_supportedHkdf = HKDFSupportedDigest.new
+          Ccrypto::Java::DigestEngine.supported.each do |dig|
+            bcDig = Ccrypto::Java::DigestEngine.to_bc_digest_inst(dig)
+            if not bcDig.nil?
+              logger.debug "Digest #{dig.inspect} has BC instance #{bcDig}"
+              conf = Ccrypto::HKDFConfig.new
+              conf.digest = dig
+              conf.provider_config = { bc_digest: bcDig }
+              @_supportedHkdf.register(conf, { tag_under: :calgo, tag_value: dig.algo })
+            end
+          end
+          @_supportedHkdf.save_to_storage("supported_hkdf")
+        end
+
+        @_supportedHkdf
+      end
+
+      def self.find_hkdf_config_by_digest(algo)
+        supported_hkdf_configs.find({ calgo: algo })
+      end
+
+      private
+      def self.logger
+        Ccrypto::Java.logger(:cj_hkdf_eng_c)
+      end
+
+      public
       def initialize(*args, &block)
         @config = args.first
 
-        raise KDFEngineException, "KDF config is expected. Given #{@config}" if not @config.is_a?(Ccrypto::KDFConfig)
+        raise KDFEngineException, "HKDF config is expected. Given #{@config}" if not @config.is_a?(Ccrypto::HKDFConfig)
         raise KDFEngineException, "Output bit length (outBitLength) value is not given or not a positive value (#{@config.outBitLength})" if is_empty?(@config.outBitLength) or @config.outBitLength <= 0
 
-
-        @config.salt = SecureRandom.random_bytes(16) if is_empty?(@config.salt)
       end
 
       def derive(input, output = :binary)
         begin
 
+          logger.debug "HKDF config : #{@config.inspect}"
+
           case @config.digest
-          when :sha1
-            dig = org.bouncycastle.crypto.digests.SHA1Digest.new
-          when :sha224
-            dig = org.bouncycastle.crypto.digests.SHA224Digest.new
-          when :sha256
-            dig = org.bouncycastle.crypto.digests.SHA256Digest.new
-          when :sha384
-            dig = org.bouncycastle.crypto.digests.SHA384Digest.new
-          when :sha512
-            dig = org.bouncycastle.crypto.digests.SHA512Digest.new
-          when :sha3_224
-            dig = org.bouncycastle.crypto.digests.SHA3Digest.new(224)
-          when :sha3_256
-            dig = org.bouncycastle.crypto.digests.SHA3Digest.new(256)
-          when :sha3_384
-            dig = org.bouncycastle.crypto.digests.SHA3Digest.new(384)
-          when :sha3_512
-            dig = org.bouncycastle.crypto.digests.SHA3Digest.new(512)
+          when Symbol, String
+            hkdfConf = self.class.find_hkdf_config_by_digest(@config.digest)
+            raise HKDFEngineError, "Unsupported digest '#{@config.digest}'" if is_empty?(hkdfConf)
+            digest = hkdfConf.first.digest
+          when Ccrypto::DigestConfig
+            digest = @config.digest
           else
-            raise KDFEngineException, "Digest #{@config.digest} not supported"
+            raise HKDFEngineError, "Unsupported digest '#{@config.digest}'"
+          end
+
+          logger.debug "Digest for HKDF : #{digest.inspect}"
+
+          begin
+            dig = Ccrypto::Java::DigestEngine.instance(digest) 
+          rescue Exception => ex
+            raise KDFEngineException, "Failed to initialize digest engine. Error was : #{ex}"
           end
 
+          #bcDigest = Ccrypto::Java::DigestEngine.to_bc_digest_inst(digest.provider_config[:algo_name])
+          #raise KDFEngineException, "Digest '#{digest.algo}' not supported. Please report to library owner for further verification" if bcDigest.nil?
+
+          bcDigest = eval(@config.provider_config[:bc_digest])
+
+          # https://soatok.blog/2021/11/17/understanding-hkdf/
+          # info field should be the randomness entrophy compare to salt
+          # HKDf can have fix or null salt but better have additional info for each purposes
           @config.info = "" if @config.info.nil?
 
-          hkdf = org.bouncycastle.crypto.generators.HKDFBytesGenerator.new(dig)
+          logger.debug "Salt length : #{@config.salt.nil? ? "0" : @config.salt.length}"
+          logger.debug "Info length : #{@config.info.nil? ? "0" : @config.info.length}"
+          logger.debug "Digest : #{bcDigest}"
+
+          logger.warn "Salt is empty!" if is_empty?(@config.salt)
+
+          hkdf = org.bouncycastle.crypto.generators.HKDFBytesGenerator.new(bcDigest)
           hkdfParam = org.bouncycastle.crypto.params.HKDFParameters.new(to_java_bytes(input), to_java_bytes(@config.salt) ,to_java_bytes(@config.info))
           hkdf.init(hkdfParam)
 
@@ -67,6 +121,11 @@ module Ccrypto
         
       end
 
+      private
+      def logger
+        Ccrypto::Java.logger(:cj_hkdf_eng)
+      end
+
     end
   end
 end

data/lib/ccrypto/java/engines/hmac_engine.rb

@@ -7,23 +7,110 @@ module Ccrypto
       include TR::CondUtils
       include DataConversion
 
-      include TeLogger::TeLogHelper
-      teLogger_tag :j_hmac
+      class HMACEngineError < StandardError; end
 
+      class SupportedHMACList
+        include InMemoryRecord
+        def initialize
+          #define_search_key(:algo)
+        end
+      end
+
+      def self.supported_hmac
+        
+        if @supported.nil?
+          @supported = SupportedHMACList.new
+          Ccrypto::Java::DigestEngine.supported.each do |v|
+            begin
+              prov = v.provider_config[:jceProvider]
+              digestAlgo = v.provider_config[:algo_name]
+              if digestAlgo =~ /^SHA-/
+                digestAlgo = digestAlgo.gsub("-","")
+              end
+              algo = "HMAC#{digestAlgo}"
+              if not_empty?(prov)
+                logger.debug "Initializing HMAC algo '#{algo}' with provider '#{prov}'" 
+                javax.crypto.Mac.getInstance(algo, prov)
+              else
+                logger.debug "Initializing HMAC algo '#{algo}' with null provider" 
+                javax.crypto.Mac.getInstance(algo)
+              end
+
+              conf = Ccrypto::HMACConfig.new(v.dup)
+              conf.provider_config = { hmac_algo: algo, jce_provider: prov }
+              @supported.register(conf, { tag_under: :algo, tag_value: digestAlgo })
+              #@supported[algo] = conf
+            rescue Exception => ex
+              logger.debug "HMAC algo '#{algo}' failed. Error was : #{ex.message}"
+              #logger.error ex.backtrace.join("\n")
+            end
+          end
+        end
+
+        @supported
+
+      end
+      class << self
+        alias_method :supported_hmac_configs, :supported_hmac
+      end
+
+      def self.find_supported_hmac_by_digest(digest)
+        case digest
+        when Symbol, String
+          supported_hmac.find( algo: digest )
+        when Ccrypto::DigestConfig
+          supported_hmac.select { |hm| hm.digest_config.algo.to_s.downcase == digest.algo.to_s.downcase }
+        else
+          raise HMACEngineException, "Unsupported parameter for digest. Expected Ccrypto::DigestConfig, symbol or string. Got '#{digest.class}'"
+        end
+      end
+
+      def self.default_hmac_digest_algo
+        primary = find_supported_hmac_by_digest_algo("sha3-256").first
+        if is_empty?(primary)
+          secondary = find_supported_hmac_by_digest_algo("sha256").first
+          if is_empty?(secondary)
+            first = supported_hmac.values.first
+            logger.debug "Both SHA3-256 and SHA256 are not supported. Default to '#{first.inspect}'"
+            first
+          else
+            secondary
+          end
+        else
+          primary
+        end
+      end
+
+      private
+      def self.logger
+        Ccrypto::Java.logger(:hmac_eng_c) 
+      end
+
+      public
       def initialize(*args, &block)
         @config = args.first
 
+        logger.debug "HMAC Config : #{@config.inspect}"
+
         raise HMACEngineException, "HMAC config is expected" if not @config.is_a?(Ccrypto::HMACConfig) 
 
-        raise HMACEngineException, "Signing key is required" if is_empty?(@config.key)
-        raise HMACEngineException, "Secret key as signing key is required. Given #{@config.key.class}" if not @config.key.is_a?(Ccrypto::SecretKey)
+        raise HMACEngineException, "Signing key is required" if is_empty?(@config.ccrypto_key)
+        raise HMACEngineException, "Ccrypto:SecretKey is required. Given #{@config.ccrypto_key.class}" if not @config.ccrypto_key.is_a?(Ccrypto::SecretKey)
 
-        teLogger.debug "Config : #{@config.inspect}"
         begin
-          macAlgo = to_jce_spec(@config)
-          teLogger.debug "Mac algo : #{macAlgo}"
-          @hmac = javax.crypto.Mac.getInstance(to_jce_spec(@config))
-          @hmac.init(@config.key.to_jce_secret_key)
+          macAlgo = @config.provider_config[:hmac_algo]
+          prov = @config.provider_config[:jce_provider]
+          if not_empty?(prov)
+            logger.debug "Mac algo : #{macAlgo} with provider '#{prov}'"
+            @hmac = javax.crypto.Mac.getInstance(macAlgo, prov)
+          else
+            logger.debug "Mac algo : #{macAlgo} with null provider"
+            @hmac = javax.crypto.Mac.getInstance(macAlgo)
+          end
+
+          logger.debug "Initialize the Mac with ccrypto_key"
+          @hmac.init(@config.ccrypto_key.native_key)
+
         rescue Exception => ex
           raise HMACEngineException, ex
         end
@@ -54,22 +141,10 @@ module Ccrypto
 
 
       private
-      def to_jce_spec(config)
-        res = []
-        res << "HMAC"
-
-        salgo = config.digest.to_s
-        if salgo =~ /_/
-          res << salgo.gsub("_","-").upcase
-        else
-          res << salgo.upcase
-        end
-       
-        res.join
-
+      def logger
+        Ccrypto::Java.logger(:hmac_eng)
       end
 
-
     end
   end
 end

data/lib/ccrypto/java/engines/pbkdf2_engine.rb

@@ -3,43 +3,104 @@ require_relative '../data_conversion'
 
 module Ccrypto
   module Java
-    
+
     class PBKDF2Engine
       include TR::CondUtils
       include DataConversion
 
+      class PBKDF2EngineException < KDFEngineException; end
+
+      class SupportedPBKDF2HMAC
+        include Ccrypto::InMemoryRecord
+      end
+
+      def self.supported_pbkdf2_digests
+
+        if @supportedHmac.nil?
+          @supportedHmac = SupportedPBKDF2HMAC.load("cj_pbkdf2")
+          logger.debug "supported hmac : #{@supportedHmac.empty?}"
+          if @supportedHmac.empty?
+            HMACEngine.supported_hmac_configs.each do |hm|
+              begin
+                algo = "PBKDF2With#{hm.provider_config[:hmac_algo]}"
+                prov = hm.provider_config[:jce_provider]
+                javax.crypto.SecretKeyFactory.getInstance(algo, prov)
+
+                logger.debug "PBKDF2 algo #{algo} is good"
+                hm.provider_config[:hmac_algo] = algo
+                logger.debug "Registering PBKDF2 config #{hm.inspect}"
+                @supportedHmac.register(hm, { tag_under: :algo, tag_value: hm.digest_config.algo })
+                #@supportedHmac[algo] = hm
+              rescue Exception => ex
+                logger.debug "HMAC algo #{algo} failed with PBKDF2 with error #{ex}"
+              end
+            end
+            @supportedHmac.save("cj_pbkdf2")
+          end
+        end
+        @supportedHmac
+
+      end
+
+      def self.find_supported_hmac_by_digest(algo)
+        supported_pbkdf2_digests.find( algo: algo )
+      end
+
+      private
+      def self.logger
+        Ccrypto::Java.logger(:pbkdf2_eng_c)
+      end
+
+      public
       def initialize(*args, &block)
         @config = args.first
 
-        raise KDFEngineException, "KDF config is expected. Given #{@config}" if not @config.is_a?(Ccrypto::PBKDF2Config)
-        raise KDFEngineException, "Output bit length (outBitLength) value is not given or not a positive value (#{@config.outBitLength})" if is_empty?(@config.outBitLength) or @config.outBitLength <= 0
+        raise PBKDF2EngineException, "KDF config is expected. Given #{@config}" if not @config.is_a?(Ccrypto::PBKDF2Config)
+        raise PBKDF2EngineException, "Output bit length (outBitLength) value is not given or not a positive value (#{@config.outBitLength})" if is_empty?(@config.outBitLength) or @config.outBitLength <= 0
 
-        raise KDFEngineException, "Digest algo is not supported. Given #{@config.digest}, supported: #{supported_digest.join(", ")}" if not @config.digest.nil? and not is_digest_supported?(@config.digest)
+        if is_empty?(@config.digest)
+          @config.digest = default_digest
+        else
 
-        @config.digest = default_digest if is_empty?(@config.digest)
+          case @config.digest
+          when String, Symbol
+            dig = self.class.find_supported_hmac_by_digest(@config.digest)
+            raise PBKDF2EngineException, "Cannot find digest '#{@config.digest}'" if is_empty?(dig)
+            logger.warn "More than 1 result for supported hmac by digest found. Found #{dig.length}" if dig.length > 1
+            @config.digest = dig.first
+
+          when Ccrypto::HMACConfig
+
+          else
+            raise PBKDF2EngineException, "HMACConfig is expected instead got '#{@config.digest.class}'"
+
+          end
+
+          raise PBKDF2EngineException, "HMACConfig is required to be provider initialized HMACConfig. Please get the HMACConfig via the supported_hmac from PBKDF2" if is_empty?(@config.digest.provider_config[:hmac_algo]) 
+        end
+
+        #@config.salt = SecureRandom.random_bytes(16) if is_empty?(@config.salt)
 
-        @config.salt = SecureRandom.random_bytes(16) if is_empty?(@config.salt)
       end
 
       def derive(input, output = :binary)
-        
+      
+        cinput = java.lang.String.new(to_java_bytes(input))
+
+        #raise KDFEngineException, "Given input is not a String" if not input.is_a?(String)
+
         begin
 
-          case input
-          when String
-            if input.ascii_only?
-              pass = input.to_java.toCharArray
-            else
-              pass = to_hex(to_java_bytes(input)).to_java.toCharArray
-            end
-          when ::Java::byte[]
-            pass = to_hex(to_java_bytes(input)).to_java.toCharArray
+          algo = @config.digest.provider_config[:hmac_algo]
+          prov = @config.digest.provider_config[:jce_provider]
+          if not_empty?(prov)
+            skf = javax.crypto.SecretKeyFactory.getInstance(algo, prov)
           else
-            raise KDFEngineException, "Input type '#{input.class}' cannot convert to char array"
+            skf = javax.crypto.SecretKeyFactory.getInstance(algo)
           end
 
-          skf = javax.crypto.SecretKeyFactory.getInstance("PBKDF2WithHMAC#{@config.digest.upcase}",JCEProvider::DEFProv)
-          keySpec = javax.crypto.spec.PBEKeySpec.new(pass.to_java, to_java_bytes(@config.salt), @config.iter, @config.outBitLength)
+          # Java API 1st parameter is char[]
+          keySpec = javax.crypto.spec.PBEKeySpec.new(cinput.to_java.toCharArray, to_java_bytes(@config.salt), @config.iter, @config.outBitLength)
 
           sk = skf.generateSecret(keySpec)
           out = sk.encoded
@@ -60,24 +121,12 @@ module Ccrypto
       end
 
       def default_digest
-        :sha256
+        self.class.find_supported_hmac_by_digest("sha256").first
       end
 
       private
       def logger
-        if @logger.nil?
-          @logger = TeLogger::Tlogger.new
-          @logger.tag = :j_pbkdf2
-        end
-        @logger
-      end
-
-      def is_digest_supported?(dig)
-        supported_digest.include?(dig)
-      end
-
-      def supported_digest
-        [:sha1, :sha256, :sha224, :sha384, :sha512]
+        Ccrypto::Java.logger(:pbkdf2_eng)
       end
 
       

data/lib/ccrypto/java/engines/pkcs7_engine.rb

@@ -10,9 +10,6 @@ module Ccrypto
       include TR::CondUtils
       include DataConversion
 
-      include TeLogger::TeLogHelper
-      teLogger_tag :j_p7
-
       def initialize(config)
         raise PKCS7EngineException, "Ccrypto::PKCS7Config is expected. Given #{config}" if not config.is_a?(Ccrypto::PKCS7Config)
         @config = config
@@ -94,16 +91,16 @@ module Ccrypto
         begin
 
           if attached
-            teLogger.debug "Initiated attached sign"
+            logger.debug "Initiated attached sign"
           else
-            teLogger.debug "Initiated detached sign"
+            logger.debug "Initiated detached sign"
           end
 
           sos = gen.open(os, attached)
 
           case val
           when java.io.InputStream
-            teLogger.debug "InputStream data-to-be-signed detected"
+            logger.debug "InputStream data-to-be-signed detected"
             buf = ::Java::Byte[readBufSize].new
             read = 0
             processed = 0
@@ -113,7 +110,7 @@ module Ccrypto
               block.call(:processed, processed) if block
             end
           else
-            teLogger.debug "Byte array data-to-be-signed detected"
+            logger.debug "Byte array data-to-be-signed detected"
             ba = to_java_bytes(val)
             if ba.is_a?(::Java::byte[])
               sos.write(ba)
@@ -155,28 +152,28 @@ module Ccrypto
         case srcData
         when java.io.File
           data = org.bouncycastle.cms.CMSProcessableFile.new(val)
-          teLogger.debug "Given original data is a java.io.File"
+          logger.debug "Given original data is a java.io.File"
         else
           if not_empty?(srcData)
             ba = to_java_bytes(srcData)
             if ba.is_a?(::Java::byte[])
               data = org.bouncycastle.cms.CMSProcessableByteArray.new(ba)
-              teLogger.debug "Given original data is a byte array"
+              logger.debug "Given original data is a byte array"
             else
               raise PKCS7EngineException, "Failed to read original data. Given #{srcData}"
             end
           else
-            teLogger.debug "Original data for signing is not given."
+            logger.debug "Original data for signing is not given."
           end
         end
 
         case val
         when java.io.InputStream
           if data.nil?
-            teLogger.debug "Attached signature with java.io.InputStream signature detected during verification"
+            logger.debug "Attached signature with java.io.InputStream signature detected during verification"
             signed = org.bouncycastle.cms.CMSSignedData.new(val)
           else
-            teLogger.debug "Detached signature with java.io.InputStream signature detected during verification"
+            logger.debug "Detached signature with java.io.InputStream signature detected during verification"
             signed = org.bouncycastle.cms.CMSSignedData.new(data, val)
           end
         else
@@ -184,10 +181,10 @@ module Ccrypto
             ba = to_java_bytes(val)
             if ba.is_a?(::Java::byte[])
               if data.nil?
-                teLogger.debug "Attached signature with byte array signature detected during verification"
+                logger.debug "Attached signature with byte array signature detected during verification"
                 signed = org.bouncycastle.cms.CMSSignedData.new(ba)
               else
-                teLogger.debug "Detached signature with byte array signature detected during verification"
+                logger.debug "Detached signature with byte array signature detected during verification"
                 signed = org.bouncycastle.cms.CMSSignedData.new(data, ba)
               end
             else
@@ -211,27 +208,27 @@ module Ccrypto
               if block
                 certVerified = block.call(:verify_certificate, c)
                 if certVerified.nil?
-                  teLogger.debug "Certificate with subject #{c.subject} / Issuer : #{c.issuer} / SN : #{c.serial_number.to_s(16)} passed through (no checking by application)"
+                  logger.debug "Certificate with subject #{c.subject} / Issuer : #{c.issuer} / SN : #{c.serial_number.to_s(16)} passed through (no checking by application)"
                   certVerified = true
                 elsif is_bool?(certVerified)
                   if certVerified
-                    teLogger.debug "Certificate with subject #{c.subject} / Issuer : #{c.issuer} / SN : #{c.serial_number.to_s(16)} accepted by application"
+                    logger.debug "Certificate with subject #{c.subject} / Issuer : #{c.issuer} / SN : #{c.serial_number.to_s(16)} accepted by application"
                   else
-                    teLogger.debug "Certificate with subject #{c.subject} / Issuer : #{c.issuer} / SN : #{c.serial_number.to_s(16)} rejected by application"
+                    logger.debug "Certificate with subject #{c.subject} / Issuer : #{c.issuer} / SN : #{c.serial_number.to_s(16)} rejected by application"
                   end
                 else
-                  teLogger.debug "Certificate with subject #{c.subject} / Issuer : #{c.issuer} / SN : #{c.serial_number.to_s(16)} passed through (no checking by application. Given #{certVerified})"
+                  logger.debug "Certificate with subject #{c.subject} / Issuer : #{c.issuer} / SN : #{c.serial_number.to_s(16)} passed through (no checking by application. Given #{certVerified})"
                 end
               else
-                teLogger.debug "Certificate with subject #{c.subject} / Issuer : #{c.issuer} / SN : #{c.serial_number.to_s(16)} passed through (no checking by application)"
+                logger.debug "Certificate with subject #{c.subject} / Issuer : #{c.issuer} / SN : #{c.serial_number.to_s(16)} passed through (no checking by application)"
               end
 
               if certVerified
 
-                teLogger.debug "Verifing signature against certificate '#{c.subject}'"
+                logger.debug "Verifing signature against certificate '#{c.subject}'"
                 verifier = org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder.new.setProvider(prov).build(c)
                 if signer.verify(verifier)
-                  teLogger.debug "Signer with #{c.subject} verified!"
+                  logger.debug "Signer with #{c.subject} verified!"
                   if block
                     block.call(:verification_result, true)
                     if data.nil?
@@ -242,19 +239,19 @@ module Ccrypto
                   signatureVerified = true
 
                 else
-                  teLogger.debug "Signer with #{c.subject} failed. Retry with subsequent certificate"
+                  logger.debug "Signer with #{c.subject} failed. Retry with subsequent certificate"
                   signatureVerified = false
                 end
 
               end
             rescue ::Java::OrgBouncycastleCms::CMSSignerDigestMismatchException => ex
-              teLogger.error "Signer digest mismatch exception : #{ex.message}" 
+              logger.error "Signer digest mismatch exception : #{ex.message}" 
               signatureVerified = false
               break
             rescue Exception => ex
-              teLogger.error ex
-              teLogger.error ex.message
-              teLogger.error ex.backtrace.join("\n")
+              logger.error ex
+              logger.error ex.message
+              logger.error ex.backtrace.join("\n")
             end
           end
           # end certs.getMatches
@@ -278,7 +275,7 @@ module Ccrypto
         intBufSize = 1024000
         if block
           cipher = block.call(:cipher)
-          teLogger.debug "Application given cipher #{cipher}"
+          logger.debug "Application given cipher #{cipher}"
 
           prov = block.call(:jce_provider)
           intBufSize = block.call(:int_buffer_size)
@@ -288,7 +285,17 @@ module Ccrypto
           end
         end
 
-        cipher = Ccrypto::DirectCipherConfig.new({ algo: :aes, keysize: 256, mode: :cbc }) if cipher.nil?
+        if cipher.nil?
+          cipher = CipherEngine.get_cipher_config(:aes, 256, :cbc)
+          if not_empty?(cipher)
+            cipher = cipher.first
+          else
+            raise PKCS7EngineException, "Not able to get AES/256/CBC from CipherEngine"
+          end
+        end
+
+
+        #cipher = Ccrypto::DirectCipherConfig.new({ algo: :aes, keysize: 256, mode: :cbc }) if cipher.nil?
         prov =  Ccrypto::Java::JCEProvider::DEFProv if is_empty?(prov)
         intBufSize = 1024000 if is_empty?(intBufSize)
 
@@ -381,7 +388,7 @@ module Ccrypto
             encIs = r.getContentStream(kt).getContentStream
           rescue Exception => ex
             lastEx = ex
-            teLogger.debug "Got exception : #{ex.message}. Retry with another envelope"
+            logger.debug "Got exception : #{ex.message}. Retry with another envelope"
             next
           end
 
@@ -432,10 +439,10 @@ module Ccrypto
 
         case obj
         when java.security.Certificate
-          teLogger.debug "Given recipient info is java.security.Certificate"
+          logger.debug "Given recipient info is java.security.Certificate"
           org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator.new(obj).setProvider(prov)
         when Ccrypto::X509Cert
-          teLogger.debug "Given recipient info is Ccrypto::X509Cert"
+          logger.debug "Given recipient info is Ccrypto::X509Cert"
           org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator.new(obj.nativeX509).setProvider(prov)
         else
           raise PKCS7EngineException, "Unknown object to conver to CMS recipient info. Given #{obj}"
@@ -483,9 +490,10 @@ module Ccrypto
       end  # to_cms_recipient_info
 
       def cipher_to_bc_cms_algo(cipher)
+        p cipher
         case cipher
         when Ccrypto::CipherConfig
-          case cipher.algo
+          case cipher.algo.downcase.to_sym
           when :seed
             eval("org.bouncycastle.cms.CMSAlgorithm::#{cipher.algo.to_s.upcase}_#{cipher.mode.to_s.upcase}")
           else
@@ -549,8 +557,11 @@ module Ccrypto
         #  raise GcryptoBcCms::Error, "Unsupported object for decryption recipient object conversion '#{obj.class}'"
         #end
 
-      end
+       end
 
+       def logger
+        Ccrypto::Java.logger(:pkcs7_eng)
+       end
      
     end