public ASN1Sequence generateRecipientEncryptedKeys(
      AlgorithmIdentifier keyAgreeAlgorithm,
      AlgorithmIdentifier keyEncryptionAlgorithm,
      GenericKey contentEncryptionKey)
      throws CMSException {
    init(keyAgreeAlgorithm.getAlgorithm());

    PrivateKey senderPrivateKey = this.senderPrivateKey;

    ASN1ObjectIdentifier keyAgreementOID = keyAgreeAlgorithm.getAlgorithm();

    if (keyAgreementOID.getId().equals(CMSEnvelopedGenerator.ECMQV_SHA1KDF)) {
      senderPrivateKey =
          new MQVPrivateKeySpec(
              senderPrivateKey, ephemeralKP.getPrivate(), ephemeralKP.getPublic());
    }

    ASN1EncodableVector recipientEncryptedKeys = new ASN1EncodableVector();
    for (int i = 0; i != recipientIDs.size(); i++) {
      PublicKey recipientPublicKey = (PublicKey) recipientKeys.get(i);
      KeyAgreeRecipientIdentifier karId = (KeyAgreeRecipientIdentifier) recipientIDs.get(i);

      if (keyAgreementOID.getId().equals(CMSEnvelopedGenerator.ECMQV_SHA1KDF)) {
        recipientPublicKey = new MQVPublicKeySpec(recipientPublicKey, recipientPublicKey);
      }

      try {
        // Use key agreement to choose a wrap key for this recipient
        KeyAgreement keyAgreement = helper.createKeyAgreement(keyAgreementOID);
        keyAgreement.init(senderPrivateKey, random);
        keyAgreement.doPhase(recipientPublicKey, true);
        SecretKey keyEncryptionKey =
            keyAgreement.generateSecret(keyEncryptionAlgorithm.getAlgorithm().getId());

        // Wrap the content encryption key with the agreement key
        Cipher keyEncryptionCipher = helper.createCipher(keyEncryptionAlgorithm.getAlgorithm());

        keyEncryptionCipher.init(Cipher.WRAP_MODE, keyEncryptionKey, random);

        byte[] encryptedKeyBytes = keyEncryptionCipher.wrap(helper.getJceKey(contentEncryptionKey));

        ASN1OctetString encryptedKey = new DEROctetString(encryptedKeyBytes);

        recipientEncryptedKeys.add(new RecipientEncryptedKey(karId, encryptedKey));
      } catch (GeneralSecurityException e) {
        throw new CMSException("cannot perform agreement step: " + e.getMessage(), e);
      }
    }

    return new DERSequence(recipientEncryptedKeys);
  }
  private void rawModeTest(
      String sigName,
      ASN1ObjectIdentifier digestOID,
      PrivateKey privKey,
      PublicKey pubKey,
      SecureRandom random)
      throws Exception {
    byte[] sampleMessage = new byte[1000 + random.nextInt(100)];
    random.nextBytes(sampleMessage);

    Signature normalSig = Signature.getInstance(sigName, "BC");
    normalSig.initSign(privKey);
    normalSig.update(sampleMessage);
    byte[] normalResult = normalSig.sign();

    MessageDigest digest = MessageDigest.getInstance(digestOID.getId(), "BC");
    byte[] hash = digest.digest(sampleMessage);
    byte[] digInfo = derEncode(digestOID, hash);

    Signature rawSig = Signature.getInstance("RSA", "BC");
    rawSig.initSign(privKey);
    rawSig.update(digInfo);
    byte[] rawResult = rawSig.sign();

    if (!Arrays.areEqual(normalResult, rawResult)) {
      fail("raw mode signature differs from normal one");
    }

    rawSig.initVerify(pubKey);
    rawSig.update(digInfo);

    if (!rawSig.verify(rawResult)) {
      fail("raw mode signature verification failed");
    }
  }
  public String toString() {
    StringBuffer buf = new StringBuffer();
    String nl = System.getProperty("line.separator");

    buf.append("      userCertificate: ").append(this.getSerialNumber()).append(nl);
    buf.append("       revocationDate: ").append(this.getRevocationDate()).append(nl);
    buf.append("       certificateIssuer: ").append(this.getCertificateIssuer()).append(nl);

    Extensions extensions = c.getExtensions();

    if (extensions != null) {
      Enumeration e = extensions.oids();
      if (e.hasMoreElements()) {
        buf.append("   crlEntryExtensions:").append(nl);

        while (e.hasMoreElements()) {
          ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement();
          Extension ext = extensions.getExtension(oid);
          if (ext.getExtnValue() != null) {
            byte[] octs = ext.getExtnValue().getOctets();
            ASN1InputStream dIn = new ASN1InputStream(octs);
            buf.append("                       critical(").append(ext.isCritical()).append(") ");
            try {
              if (oid.equals(X509Extension.reasonCode)) {
                buf.append(CRLReason.getInstance(ASN1Enumerated.getInstance(dIn.readObject())))
                    .append(nl);
              } else if (oid.equals(X509Extension.certificateIssuer)) {
                buf.append("Certificate issuer: ")
                    .append(GeneralNames.getInstance(dIn.readObject()))
                    .append(nl);
              } else {
                buf.append(oid.getId());
                buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl);
              }
            } catch (Exception ex) {
              buf.append(oid.getId());
              buf.append(" value = ").append("*****").append(nl);
            }
          } else {
            buf.append(nl);
          }
        }
      }
    }

    return buf.toString();
  }
  private Set getExtensionOIDs(boolean critical) {
    Extensions extensions = c.getExtensions();

    if (extensions != null) {
      Set set = new HashSet();
      Enumeration e = extensions.oids();

      while (e.hasMoreElements()) {
        ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement();
        Extension ext = extensions.getExtension(oid);

        if (critical == ext.isCritical()) {
          set.add(oid.getId());
        }
      }

      return set;
    }

    return null;
  }