Cipher createAsymmetricWrapper(ASN1ObjectIdentifier algorithm, Map extraAlgNames)
      throws OperatorCreationException {
    try {
      String cipherName = null;

      if (!extraAlgNames.isEmpty()) {
        cipherName = (String) extraAlgNames.get(algorithm);
      }

      if (cipherName == null) {
        cipherName = (String) asymmetricWrapperAlgNames.get(algorithm);
      }

      if (cipherName != null) {
        try {
          // this is reversed as the Sun policy files now allow unlimited strength RSA
          return helper.createCipher(cipherName);
        } catch (NoSuchAlgorithmException e) {
          // try alternate for RSA
          if (cipherName.equals("RSA/ECB/PKCS1Padding")) {
            try {
              return helper.createCipher("RSA/NONE/PKCS1Padding");
            } catch (NoSuchAlgorithmException ex) {
              // Ignore
            }
          }
          // Ignore
        }
      }

      return helper.createCipher(algorithm.getId());
    } catch (GeneralSecurityException e) {
      throw new OperatorCreationException("cannot create cipher: " + e.getMessage(), e);
    }
  }
  public Signature createRawSignature(AlgorithmIdentifier algorithm) {
    Signature sig;

    try {
      String algName = getSignatureName(algorithm);

      algName = "NONE" + algName.substring(algName.indexOf("WITH"));

      sig = helper.createSignature(algName);

      // RFC 4056
      // When the id-RSASSA-PSS algorithm identifier is used for a signature,
      // the AlgorithmIdentifier parameters field MUST contain RSASSA-PSS-params.
      /*
      Can;t do this pre-jdk1.4
                  if (algorithm.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS))
                  {
                      AlgorithmParameters params = helper.createAlgorithmParameters(algName);

                      params.init(algorithm.getParameters().toASN1Primitive().getEncoded(), "ASN.1");

                      PSSParameterSpec spec = (PSSParameterSpec)params.getParameterSpec(PSSParameterSpec.class);
                      sig.setParameter(spec);
                  }
      */
    } catch (Exception e) {
      return null;
    }

    return sig;
  }
  Cipher createSymmetricWrapper(ASN1ObjectIdentifier algorithm) throws OperatorCreationException {
    try {
      String cipherName = (String) symmetricWrapperAlgNames.get(algorithm);

      if (cipherName != null) {
        try {
          // this is reversed as the Sun policy files now allow unlimited strength RSA
          return helper.createCipher(cipherName);
        } catch (NoSuchAlgorithmException e) {
          // Ignore
        }
      }
      return helper.createCipher(algorithm.getId());
    } catch (GeneralSecurityException e) {
      throw new OperatorCreationException("cannot create cipher: " + e.getMessage(), e);
    }
  }
  Signature createSignature(AlgorithmIdentifier sigAlgId) throws GeneralSecurityException {
    Signature sig;

    try {
      sig = helper.createSignature(getSignatureName(sigAlgId));
    } catch (NoSuchAlgorithmException e) {
      //
      // try an alternate
      //
      if (oids.get(sigAlgId.getAlgorithm()) != null) {
        String signatureAlgorithm = (String) oids.get(sigAlgId.getAlgorithm());

        sig = helper.createSignature(signatureAlgorithm);
      } else {
        throw e;
      }
    }

    return sig;
  }
  MessageDigest createDigest(AlgorithmIdentifier digAlgId) throws GeneralSecurityException {
    MessageDigest dig;

    try {
      dig = helper.createDigest(getDigestAlgName(digAlgId.getAlgorithm()));
    } catch (NoSuchAlgorithmException e) {
      //
      // try an alternate
      //
      if (oids.get(digAlgId.getAlgorithm()) != null) {
        String digestAlgorithm = (String) oids.get(digAlgId.getAlgorithm());

        dig = helper.createDigest(digestAlgorithm);
      } else {
        throw e;
      }
    }

    return dig;
  }
  public X509Certificate convertCertificate(X509CertificateHolder certHolder)
      throws CertificateException {

    try {
      CertificateFactory certFact = helper.createCertificateFactory("X.509");

      return (X509Certificate)
          certFact.generateCertificate(new ByteArrayInputStream(certHolder.getEncoded()));
    } catch (IOException e) {
      throw new OpCertificateException(
          "cannot get encoded form of certificate: " + e.getMessage(), e);
    } catch (NoSuchAlgorithmException e) {
      throw new OpCertificateException("cannot create certificate factory: " + e.getMessage(), e);
    } catch (NoSuchProviderException e) {
      throw new OpCertificateException("cannot find factory provider: " + e.getMessage(), e);
    }
  }
  public OutputEncryptor build() throws OperatorCreationException {
    final AlgorithmIdentifier algID;

    salt = new byte[20];

    if (random == null) {
      random = new SecureRandom();
    }

    random.nextBytes(salt);

    try {
      this.cipher = helper.createCipher(algOID.getId());

      if (PEMUtilities.isPKCS5Scheme2(algOID)) {
        this.paramGen = helper.createAlgorithmParameterGenerator(algOID.getId());
      } else {
        this.secKeyFact = helper.createSecretKeyFactory(algOID.getId());
      }
    } catch (GeneralSecurityException e) {
      throw new OperatorCreationException(algOID + " not available: " + e.getMessage(), e);
    }

    if (PEMUtilities.isPKCS5Scheme2(algOID)) {
      params = paramGen.generateParameters();

      try {
        KeyDerivationFunc scheme =
            new KeyDerivationFunc(algOID, ASN1Primitive.fromByteArray(params.getEncoded()));
        KeyDerivationFunc func =
            new KeyDerivationFunc(
                PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(salt, iterationCount));

        ASN1EncodableVector v = new ASN1EncodableVector();

        v.add(func);
        v.add(scheme);

        algID =
            new AlgorithmIdentifier(
                PKCSObjectIdentifiers.id_PBES2, PBES2Parameters.getInstance(new DERSequence(v)));
      } catch (IOException e) {
        throw new OperatorCreationException(e.getMessage(), e);
      }

      key =
          PEMUtilities.generateSecretKeyForPKCS5Scheme2(
              algOID.getId(), password, salt, iterationCount);

      try {
        cipher.init(Cipher.ENCRYPT_MODE, key, params);
      } catch (GeneralSecurityException e) {
        throw new OperatorCreationException(e.getMessage(), e);
      }
    } else if (PEMUtilities.isPKCS12(algOID)) {
      ASN1EncodableVector v = new ASN1EncodableVector();

      v.add(new DEROctetString(salt));
      v.add(new ASN1Integer(iterationCount));

      algID = new AlgorithmIdentifier(algOID, PKCS12PBEParams.getInstance(new DERSequence(v)));

      try {
        PBEKeySpec pbeSpec = new PBEKeySpec(password);
        PBEParameterSpec defParams = new PBEParameterSpec(salt, iterationCount);

        key = secKeyFact.generateSecret(pbeSpec);

        cipher.init(Cipher.ENCRYPT_MODE, key, defParams);
      } catch (GeneralSecurityException e) {
        throw new OperatorCreationException(e.getMessage(), e);
      }
    } else {
      throw new OperatorCreationException("unknown algorithm: " + algOID, null);
    }

    return new OutputEncryptor() {
      public AlgorithmIdentifier getAlgorithmIdentifier() {
        return algID;
      }

      public OutputStream getOutputStream(OutputStream encOut) {
        return new CipherOutputStream(encOut, cipher);
      }

      public GenericKey getKey() {
        return new JceGenericKey(algID, key);
      }
    };
  }