Search in sources :

Example 11 with IngrianProvider

use of com.ingrian.security.nae.IngrianProvider in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPGetDateRangeSample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 4) {
        usage();
    }
    // set the dates
    start = Calendar.getInstance();
    end = Calendar.getInstance();
    try {
        start.setTime((Date) inputDateFormat.parse(args[2]));
        end.setTime((Date) inputDateFormat.parse(args[3]));
        ;
    } catch (ParseException pe) {
        System.err.println("Problem parsing date argument");
        System.err.println(pe.getMessage());
        usage();
    }
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    KMIPSession session = null;
    try {
        // Create session to KMIP port based on authentication by an NAEClientCertificate
        session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
        // KMIPAttribute set to hold unique Key Manager identifiers for located keys
        Set<String> managedObjectIdentifiers;
        // This instance of KMIPAttributes will be used as the KMIP attributes and
        // values to be searched for. Note that the date range is indicated by
        // addding two InitialDate attributes to the locateAttributes
        KMIPAttributes locateAttributes = new KMIPAttributes();
        locateAttributes.add(KMIPAttribute.CryptographicAlgorithm, Algorithm.rsa);
        locateAttributes.add(KMIPAttribute.InitialDate, 0, start);
        locateAttributes.add(KMIPAttribute.InitialDate, 1, end);
        // This instance of KMIPAttributes will specify the set of KMIP attributes
        // to be returned from the Key Manager
        KMIPAttributes getAttributes = new KMIPAttributes();
        getAttributes.add(KMIPAttribute.ApplicationSpecificInformation);
        // implied null value
        getAttributes.add(KMIPAttribute.CryptographicAlgorithm);
        getAttributes.add(KMIPAttribute.CryptographicLength);
        getAttributes.add(KMIPAttribute.ObjectType);
        getAttributes.add(KMIPAttribute.ContactInformation);
        getAttributes.add(KMIPAttribute.Digest);
        getAttributes.add(KMIPAttribute.InitialDate);
        getAttributes.add(KMIPAttribute.Link);
        getAttributes.add(KMIPAttribute.ObjectGroup);
        // Locate the keys with matching attributes
        managedObjectIdentifiers = session.locate(locateAttributes);
        if (managedObjectIdentifiers != null) {
            System.out.println("\n\nFound " + managedObjectIdentifiers.size() + " managed objects matching key Locate criteria.");
            System.out.println("\n\nKeys with attribute rsa and initial date between " + outputDateFormat.format(start.getTime()) + " and " + outputDateFormat.format(end.getTime()));
            // for each object found, query all the non-custom attributes
            for (String uid : managedObjectIdentifiers) {
                System.out.println("\n\nManaged Object UniqueIdentifier: \t" + uid);
                Object managedObject = session.getManagedObject(uid);
                // not a key
                if (managedObject == null)
                    continue;
                if ((managedObject instanceof NAEPublicKey) || (managedObject instanceof NAEPrivateKey) || (managedObject instanceof NAESecretKey)) {
                    NAEKey key;
                    if (managedObject instanceof NAEPublicKey)
                        key = (NAEPublicKey) managedObject;
                    else if (managedObject instanceof NAEPrivateKey)
                        key = (NAEPrivateKey) managedObject;
                    else
                        key = (NAESecretKey) managedObject;
                    System.out.println("\tName: \t" + key.getName());
                    KMIPAttributes returnedAttributes = getAttrs(key, getAttributes);
                    printKeyInfo(returnedAttributes);
                } else if (managedObject instanceof KMIPSecretData) {
                    System.out.println(((KMIPSecretData) managedObject).getName());
                }
            }
        }
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        e.printStackTrace();
    } finally {
        if (session != null)
            session.closeSession();
    }
}
Also used : KMIPAttributes(com.ingrian.security.nae.KMIPAttributes) NAEKey(com.ingrian.security.nae.NAEKey) NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey) NAESecretKey(com.ingrian.security.nae.NAESecretKey) NAEPublicKey(com.ingrian.security.nae.NAEPublicKey) KMIPSecretData(com.ingrian.security.nae.KMIPSecretData) NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate) NAEException(com.ingrian.security.nae.NAEException) ParseException(java.text.ParseException) IngrianProvider(com.ingrian.security.nae.IngrianProvider) KMIPSession(com.ingrian.security.nae.KMIPSession) ParseException(java.text.ParseException)

Example 12 with IngrianProvider

use of com.ingrian.security.nae.IngrianProvider in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPCertificateSample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 3) {
        usage();
    }
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    KMIPSession session = null;
    try {
        // create NAE Session: pass in Key Manager user name and password
        session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
        // create certificate managed object ParameterSpec
        NAEParameterSpec spec = new NAEParameterSpec(args[2], 1024, (KMIPAttributes) null, session);
        // import the certificate
        byte[] c = Hex.decodeHex(certBytes.toCharArray());
        NAECertificate.importCertificate(c, null, spec);
        // query the certificate attributes via KMIP
        session.getUID(args[2]);
        Set<String> attrNames = session.listKMIPAttributes(args[2]);
        System.out.println("Attributes: " + attrNames);
        NAECertificate cert = new NAECertificate(args[2], session);
        KMIPAttributes getAttributes = new KMIPAttributes();
        getAttributes.add(KMIPAttribute.CertificateIdentifier);
        getAttributes.add(KMIPAttribute.ObjectType);
        getAttributes.add(KMIPAttribute.CertificateIssuer);
        getAttributes.add(KMIPAttribute.CertificateType);
        getAttributes.add(KMIPAttribute.CertificateSubject);
        KMIPAttributes gotAttributes = cert.getKMIPAttributes(getAttributes);
        KMIPCertificateIdentifier certIdentifier = gotAttributes.getCertificateIdentifier();
        KMIPCertificateSubject subject = gotAttributes.getCertificateSubject();
        KMIPCertificateTypes certType = gotAttributes.getCertificateType();
        KMIPCertificateIssuer issuer = gotAttributes.getCertificateIssuer();
        ObjectTypes ot = gotAttributes.getObjectType();
        if (ot != null) {
            System.out.println("Object Type KMIP Attribute: " + ot.getPrintName());
        } else {
            System.err.println("Object Type KMIP Attribute is null.");
        }
        if (certType != null) {
            System.out.println("Certificate Type KMIP Attribute: " + certType.getPrintName());
        } else {
            System.err.println("Certificate Type KMIP Attribute is null.");
        }
        if (certIdentifier == null) {
            System.err.println("Certificate Identifier KMIP Attribute is null.");
        } else {
            System.out.println("Certificate Identifier KMIP Attribute:");
            System.out.println("\tIssuer = " + certIdentifier.getIssuer());
            System.out.println("\tSerial Number" + certIdentifier.getSerialNumber());
        }
        if (issuer == null) {
            System.err.println("Certificate Issuer is null.");
        } else {
            System.out.println("Certificate Issuer:");
            System.out.println("\tIssuer Distinguished Name = " + issuer.getCertificateIssuerDistinguishedName());
            if (issuer.getCertificateIssuerAlternativeName() != null) {
                System.out.println("\tIssuer Alternative Name = " + issuer.getCertificateIssuerAlternativeName());
            }
        }
        if (subject == null) {
            System.err.println("Certificate Subject is null.");
        } else {
            System.out.println("Certificate Subject:");
            System.out.println("\tSubject Distinguished Name = " + subject.getCertificateSubjectDistinguishedName());
            if (subject.getCertificateSubjectAlternativeName() != null) {
                System.out.println("\tSubject Alternative Name = " + subject.getCertificateSubjectAlternativeName());
            }
        }
        // now export() a copy of the certificate back from the Key Manager
        byte[] exportedCert = cert.certificateExport();
        // compare the original and exported bytes
        if ((exportedCert != null) && Arrays.equals(Hex.decodeHex(certBytes.toCharArray()), exportedCert))
            System.out.println("Exported Certificate material equals original");
        else {
            System.out.println("Uh-oh!");
        }
        // print the bytes
        System.out.println("original: " + certBytes.toUpperCase());
        System.out.println("exported: " + TTLVUtil.toHexString(exportedCert));
        // delete the test cert and close the session
        cert.delete();
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        e.printStackTrace();
    } finally {
        if (session != null)
            session.closeSession();
    }
}
Also used : NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec) KMIPAttributes(com.ingrian.security.nae.KMIPAttributes) KMIPCertificateIssuer(com.ingrian.security.nae.KMIPCertificateIssuer) NAECertificate(com.ingrian.security.nae.NAECertificate) KMIPCertificateIdentifier(com.ingrian.security.nae.KMIPCertificateIdentifier) KMIPCertificateTypes(com.ingrian.security.nae.KMIPCertificateTypes) ObjectTypes(com.ingrian.internal.kmip.api.ObjectType.ObjectTypes) NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate) IngrianProvider(com.ingrian.security.nae.IngrianProvider) KMIPSession(com.ingrian.security.nae.KMIPSession) KMIPCertificateSubject(com.ingrian.security.nae.KMIPCertificateSubject)

Example 13 with IngrianProvider

use of com.ingrian.security.nae.IngrianProvider in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPDeleteAttributeSample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 2) {
        usage();
    }
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    KMIPSession session = null;
    try {
        // create NAE Session: pass in NAE client certificate information - client key and
        // keystore password
        session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
        /* This Set<String> collection will hold the unique identifiers of the keys
             * matching the criteria (algorithm = RSA, length=2048
             */
        Set<String> managedObjectIdentifiers;
        /* this KMIPAttributes object will contain the KMIPAttribute(s) and the
             * values to match for the keys being searched for on the server
             * 
             */
        KMIPAttributes locateAttributes = new KMIPAttributes();
        // add CryptographicAlgorithm and length to the attributes to be matched
        locateAttributes.add(KMIPAttribute.CryptographicAlgorithm, Algorithm.rsa);
        locateAttributes.add(KMIPAttribute.CryptographicLength, 2048);
        /* Add a custom KMIP integer attribute at index 0 with the value 1 */
        locateAttributes.add("x-int1", 0, 1);
        /* this is also the sole attribute to be deleted. */
        KMIPAttributes deleteAttributes = new KMIPAttributes();
        deleteAttributes.add("x-int1", 0, 1);
        /* Locate all RSA keys with a length of 2048 and x-int1 = 1 */
        managedObjectIdentifiers = session.locate(locateAttributes);
        if (managedObjectIdentifiers != null) {
            System.out.println("\n\nFound " + managedObjectIdentifiers.size() + " managed objects matching criteria.");
            System.out.println("\n\nKeys with attributes rsa, 2048 and custom attribute x-int=1");
            for (String uid : managedObjectIdentifiers) {
                System.out.println("\n\nManaged Object UniqueIdentifier: \t" + uid);
                Object thingee = session.getManagedObject(uid);
                /* Convert each key into the proper type of object
                     * representing the managed key */
                if ((thingee instanceof NAEPublicKey) || (thingee instanceof NAEPrivateKey) || (thingee instanceof NAESecretKey)) {
                    NAEKey key;
                    if (thingee instanceof NAEPublicKey)
                        key = (NAEPublicKey) thingee;
                    else if (thingee instanceof NAEPrivateKey)
                        key = (NAEPrivateKey) thingee;
                    else
                        key = (NAESecretKey) thingee;
                    System.out.println("\tName: \t" + key.getName());
                    /* delete the x-int1 attribute */
                    key.deleteKMIPAttributes(deleteAttributes);
                }
            }
        }
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        e.printStackTrace();
    } finally {
        if (session != null)
            session.closeSession();
    }
}
Also used : KMIPAttributes(com.ingrian.security.nae.KMIPAttributes) NAEKey(com.ingrian.security.nae.NAEKey) NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey) NAESecretKey(com.ingrian.security.nae.NAESecretKey) NAEPublicKey(com.ingrian.security.nae.NAEPublicKey) NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate) IngrianProvider(com.ingrian.security.nae.IngrianProvider) KMIPSession(com.ingrian.security.nae.KMIPSession)

Example 14 with IngrianProvider

use of com.ingrian.security.nae.IngrianProvider in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPGetCustomAttribute method main.

public static void main(String[] args) throws Exception {
    if (args.length != 4) {
        usage();
    }
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    KMIPSession session = null;
    try {
        // Create session to KMIP port based on authentication by an
        // NAEClientCertificate
        session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
        // KMIPAttribute set to hold unique Key Manager identifiers for
        // located keys
        Set<String> managedObjectIdentifiers;
        // This instance of KMIPAttributes will be used as the KMIP
        // attributes and
        // values to be searched for
        KMIPAttributes locateAttributes = new KMIPAttributes();
        locateAttributes.add(KMIPAttribute.CryptographicAlgorithm, Algorithm.rsa);
        locateAttributes.add(KMIPAttribute.CryptographicLength, 2048);
        // This instance of KMIPAttributes will specify the set of KMIP
        // attributes
        // to be returned from the Key Manager
        // KMIPAttributes addAttributes = new KMIPAttributes();
        // addAttributes.add("x-String", 1, "Hello");
        KMIPAttributes getAttributes = new KMIPAttributes();
        getAttributes.add(KMIPAttribute.ApplicationSpecificInformation);
        // implied
        getAttributes.add(KMIPAttribute.CryptographicAlgorithm);
        // null
        // value
        getAttributes.add(KMIPAttribute.CryptographicLength);
        getAttributes.add(KMIPAttribute.ObjectType);
        getAttributes.add(KMIPAttribute.ContactInformation);
        getAttributes.add(KMIPAttribute.Digest);
        getAttributes.add(KMIPAttribute.InitialDate);
        getAttributes.add(KMIPAttribute.Link);
        getAttributes.add(KMIPAttribute.ObjectGroup);
        String custattrib = args[3];
        if (custattrib.contains("#")) {
            String[] attrs = custattrib.split("#");
            for (String atr : attrs) {
                getAttributes.add(atr);
            }
        } else {
            getAttributes.add(custattrib);
        }
        // Locate the keys with matching attributes
        managedObjectIdentifiers = session.locate(locateAttributes);
        if (managedObjectIdentifiers != null) {
            // for each object found, query all the non-custom attributes
            for (String uid : managedObjectIdentifiers) {
                Object serverManagedObject = session.getManagedObject(uid);
                if (serverManagedObject == null)
                    // not a key
                    continue;
                if (isKey(serverManagedObject)) {
                    // NAEKey is the superclass of public/private and secret
                    // keys
                    NAEKey key;
                    if (serverManagedObject instanceof NAEPublicKey)
                        key = (NAEPublicKey) serverManagedObject;
                    else if (serverManagedObject instanceof NAEPrivateKey)
                        key = (NAEPrivateKey) serverManagedObject;
                    else
                        key = (NAESecretKey) serverManagedObject;
                    locateAttributes.getAttributes();
                    // retrieve and print the key's attributes
                    if (key.getName().equals(args[2])) {
                        // key.addKMIPAttributes(addAttributes);
                        System.out.println("\tName: \t" + key.getName());
                        KMIPAttributes returnedAttributes = getAttrs(key, getAttributes);
                        // printKeyInfo(returnedAttributes);
                        printCustomAttribute(returnedAttributes);
                    }
                } else if (serverManagedObject instanceof KMIPSecretData) {
                    // KMIPSecretData managed objects do not inherit from
                    // NAEKey
                    // coerce to a KMIPSecretData and print the name of the
                    // object
                    System.out.println(((KMIPSecretData) serverManagedObject).getName());
                }
            }
        }
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        e.printStackTrace();
    } finally {
        if (session != null)
            session.closeSession();
    }
}
Also used : KMIPAttributes(com.ingrian.security.nae.KMIPAttributes) NAEKey(com.ingrian.security.nae.NAEKey) NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey) NAEPublicKey(com.ingrian.security.nae.NAEPublicKey) KMIPSecretData(com.ingrian.security.nae.KMIPSecretData) NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate) NAEException(com.ingrian.security.nae.NAEException) IngrianProvider(com.ingrian.security.nae.IngrianProvider) KMIPSession(com.ingrian.security.nae.KMIPSession)

Example 15 with IngrianProvider

use of com.ingrian.security.nae.IngrianProvider in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPGetSample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 2) {
        usage();
    }
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    KMIPSession session = null;
    try {
        // Create session to KMIP port based on authentication by an NAEClientCertificate
        session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
        // KMIPAttribute set to hold unique Key Manager identifiers for located keys
        Set<String> managedObjectIdentifiers;
        // This instance of KMIPAttributes will be used as the KMIP attributes and
        // values to be searched for
        KMIPAttributes locateAttributes = new KMIPAttributes();
        locateAttributes.add(KMIPAttribute.CryptographicAlgorithm, Algorithm.rsa);
        locateAttributes.add(KMIPAttribute.CryptographicLength, 2048);
        // This instance of KMIPAttributes will specify the set of KMIP attributes
        // to be returned from the Key Manager
        KMIPAttributes getAttributes = new KMIPAttributes();
        getAttributes.add(KMIPAttribute.ApplicationSpecificInformation);
        // implied null value
        getAttributes.add(KMIPAttribute.CryptographicAlgorithm);
        getAttributes.add(KMIPAttribute.CryptographicLength);
        getAttributes.add(KMIPAttribute.ObjectType);
        getAttributes.add(KMIPAttribute.ContactInformation);
        getAttributes.add(KMIPAttribute.Digest);
        getAttributes.add(KMIPAttribute.InitialDate);
        getAttributes.add(KMIPAttribute.Link);
        getAttributes.add(KMIPAttribute.ObjectGroup);
        // Locate the keys with matching attributes
        managedObjectIdentifiers = session.locate(locateAttributes);
        if (managedObjectIdentifiers != null) {
            System.out.println("\n\nFound " + managedObjectIdentifiers.size() + " managed objects matching key Locate criteria.");
            System.out.println("\n\nKeys with attributes rsa, 2048 and their attibutes");
            // for each object found, query all the non-custom attributes
            for (String uid : managedObjectIdentifiers) {
                System.out.println("\n\nManaged Object UniqueIdentifier: \t" + uid);
                Object serverManagedObject = session.getManagedObject(uid);
                // not a key
                if (serverManagedObject == null)
                    continue;
                if (isKey(serverManagedObject)) {
                    // NAEKey is the superclass of public/private and secret keys
                    NAEKey key;
                    if (serverManagedObject instanceof NAEPublicKey)
                        key = (NAEPublicKey) serverManagedObject;
                    else if (serverManagedObject instanceof NAEPrivateKey)
                        key = (NAEPrivateKey) serverManagedObject;
                    else
                        key = (NAESecretKey) serverManagedObject;
                    System.out.println("\tName: \t" + key.getName());
                    // retrieve and print the key's attributes
                    KMIPAttributes returnedAttributes = getAttrs(key, getAttributes);
                    printKeyInfo(returnedAttributes);
                } else if (serverManagedObject instanceof KMIPSecretData) {
                    // KMIPSecretData managed objects do not inherit from NAEKey
                    // coerce to a KMIPSecretData and print the name of the object
                    System.out.println(((KMIPSecretData) serverManagedObject).getName());
                }
            }
        }
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        e.printStackTrace();
    } finally {
        if (session != null)
            session.closeSession();
    }
}
Also used : KMIPAttributes(com.ingrian.security.nae.KMIPAttributes) NAEKey(com.ingrian.security.nae.NAEKey) NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey) NAEPublicKey(com.ingrian.security.nae.NAEPublicKey) KMIPSecretData(com.ingrian.security.nae.KMIPSecretData) NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate) NAEException(com.ingrian.security.nae.NAEException) IngrianProvider(com.ingrian.security.nae.IngrianProvider) KMIPSession(com.ingrian.security.nae.KMIPSession)

Aggregations

IngrianProvider (com.ingrian.security.nae.IngrianProvider)45 NAESession (com.ingrian.security.nae.NAESession)27 NAEKey (com.ingrian.security.nae.NAEKey)25 KMIPSession (com.ingrian.security.nae.KMIPSession)19 NAEClientCertificate (com.ingrian.security.nae.NAEClientCertificate)19 Provider (java.security.Provider)19 NAEParameterSpec (com.ingrian.security.nae.NAEParameterSpec)17 NAEPrivateKey (com.ingrian.security.nae.NAEPrivateKey)17 NAEPublicKey (com.ingrian.security.nae.NAEPublicKey)17 KMIPAttributes (com.ingrian.security.nae.KMIPAttributes)16 KeyGenerator (javax.crypto.KeyGenerator)11 Cipher (javax.crypto.Cipher)10 NAEException (com.ingrian.security.nae.NAEException)9 KMIPSecretData (com.ingrian.security.nae.KMIPSecretData)8 NAESecretKey (com.ingrian.security.nae.NAESecretKey)8 SecretKey (javax.crypto.SecretKey)8 IvParameterSpec (javax.crypto.spec.IvParameterSpec)7 NAESecureRandom (com.ingrian.security.nae.NAESecureRandom)6 KeyPair (java.security.KeyPair)6 NAEPermission (com.ingrian.security.nae.NAEPermission)5