Hi Robert,
I appreciate this is older query, but we are going through backlog of older questions, in attempt to give them meaningful answers, in case of latter similar requests - sorry the reply probably did not get to you in useful timeframe.
The private key isn't directly exposed in the Gateway, however you can indirectly use it to sign documents in custom assertion via the following :
Using the SignerServices Object - CA API Gateway - 9.4 - CA Technologies Documentation
Using ServiceFinder, you can find "SignerServices" and then the "Signer" via the lookup keyId.
The "Signer" there is direct wrapper for the private key (the variable is private so you can't directly access it). But you can then use it to create a signature via the "signer.createSignature()" method.
ServiceFinder serviceFinder = (ServiceFinder) customPolicyContext.getContext().get("serviceFinder"); SignerServices signerServices= serviceFinder.lookupService(SignerServices.class); Signer signer = signerServices.createSigner(keyId); try { byte[] signature = signer.createSignature(hashAlgorithm, dataToSign); } catch (NoSuchAlgorithmException e) { // process error. } catch (InvalidKeyException e) { // process error. } catch (SignatureException e) { // process error. } catch (IOException e) { // process error. }
Hope that helps.
Cheers - Mark