Example 11 with IngrianProvider
use of com.ingrian.security.nae.IngrianProvider in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPGetDateRangeSample method main.
public static void main(String[] args) throws Exception {
if (args.length != 4) {
usage();
}
// set the dates
start = Calendar.getInstance();
end = Calendar.getInstance();
try {
start.setTime((Date) inputDateFormat.parse(args[2]));
end.setTime((Date) inputDateFormat.parse(args[3]));
;
} catch (ParseException pe) {
System.err.println("Problem parsing date argument");
System.err.println(pe.getMessage());
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession session = null;
try {
// Create session to KMIP port based on authentication by an NAEClientCertificate
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// KMIPAttribute set to hold unique Key Manager identifiers for located keys
Set<String> managedObjectIdentifiers;
// This instance of KMIPAttributes will be used as the KMIP attributes and
// values to be searched for. Note that the date range is indicated by
// addding two InitialDate attributes to the locateAttributes
KMIPAttributes locateAttributes = new KMIPAttributes();
locateAttributes.add(KMIPAttribute.CryptographicAlgorithm, Algorithm.rsa);
locateAttributes.add(KMIPAttribute.InitialDate, 0, start);
locateAttributes.add(KMIPAttribute.InitialDate, 1, end);
// This instance of KMIPAttributes will specify the set of KMIP attributes
// to be returned from the Key Manager
KMIPAttributes getAttributes = new KMIPAttributes();
getAttributes.add(KMIPAttribute.ApplicationSpecificInformation);
// implied null value
getAttributes.add(KMIPAttribute.CryptographicAlgorithm);
getAttributes.add(KMIPAttribute.CryptographicLength);
getAttributes.add(KMIPAttribute.ObjectType);
getAttributes.add(KMIPAttribute.ContactInformation);
getAttributes.add(KMIPAttribute.Digest);
getAttributes.add(KMIPAttribute.InitialDate);
getAttributes.add(KMIPAttribute.Link);
getAttributes.add(KMIPAttribute.ObjectGroup);
// Locate the keys with matching attributes
managedObjectIdentifiers = session.locate(locateAttributes);
if (managedObjectIdentifiers != null) {
System.out.println("\n\nFound " + managedObjectIdentifiers.size() + " managed objects matching key Locate criteria.");
System.out.println("\n\nKeys with attribute rsa and initial date between " + outputDateFormat.format(start.getTime()) + " and " + outputDateFormat.format(end.getTime()));
// for each object found, query all the non-custom attributes
for (String uid : managedObjectIdentifiers) {
System.out.println("\n\nManaged Object UniqueIdentifier: \t" + uid);
Object managedObject = session.getManagedObject(uid);
// not a key
if (managedObject == null)
continue;
if ((managedObject instanceof NAEPublicKey) || (managedObject instanceof NAEPrivateKey) || (managedObject instanceof NAESecretKey)) {
NAEKey key;
if (managedObject instanceof NAEPublicKey)
key = (NAEPublicKey) managedObject;
else if (managedObject instanceof NAEPrivateKey)
key = (NAEPrivateKey) managedObject;
else
key = (NAESecretKey) managedObject;
System.out.println("\tName: \t" + key.getName());
KMIPAttributes returnedAttributes = getAttrs(key, getAttributes);
printKeyInfo(returnedAttributes);
} else if (managedObject instanceof KMIPSecretData) {
System.out.println(((KMIPSecretData) managedObject).getName());
}
}
}
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
Also used :
KMIPAttributes(com.ingrian.security.nae.KMIPAttributes)
NAEKey(com.ingrian.security.nae.NAEKey)
NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey)
NAESecretKey(com.ingrian.security.nae.NAESecretKey)
NAEPublicKey(com.ingrian.security.nae.NAEPublicKey)
KMIPSecretData(com.ingrian.security.nae.KMIPSecretData)
NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate)
NAEException(com.ingrian.security.nae.NAEException)
ParseException(java.text.ParseException)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
KMIPSession(com.ingrian.security.nae.KMIPSession)
ParseException(java.text.ParseException)
Example 12 with IngrianProvider
use of com.ingrian.security.nae.IngrianProvider in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPCertificateSample method main.
public static void main(String[] args) throws Exception {
if (args.length != 3) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession session = null;
try {
// create NAE Session: pass in Key Manager user name and password
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// create certificate managed object ParameterSpec
NAEParameterSpec spec = new NAEParameterSpec(args[2], 1024, (KMIPAttributes) null, session);
// import the certificate
byte[] c = Hex.decodeHex(certBytes.toCharArray());
NAECertificate.importCertificate(c, null, spec);
// query the certificate attributes via KMIP
session.getUID(args[2]);
Set<String> attrNames = session.listKMIPAttributes(args[2]);
System.out.println("Attributes: " + attrNames);
NAECertificate cert = new NAECertificate(args[2], session);
KMIPAttributes getAttributes = new KMIPAttributes();
getAttributes.add(KMIPAttribute.CertificateIdentifier);
getAttributes.add(KMIPAttribute.ObjectType);
getAttributes.add(KMIPAttribute.CertificateIssuer);
getAttributes.add(KMIPAttribute.CertificateType);
getAttributes.add(KMIPAttribute.CertificateSubject);
KMIPAttributes gotAttributes = cert.getKMIPAttributes(getAttributes);
KMIPCertificateIdentifier certIdentifier = gotAttributes.getCertificateIdentifier();
KMIPCertificateSubject subject = gotAttributes.getCertificateSubject();
KMIPCertificateTypes certType = gotAttributes.getCertificateType();
KMIPCertificateIssuer issuer = gotAttributes.getCertificateIssuer();
ObjectTypes ot = gotAttributes.getObjectType();
if (ot != null) {
System.out.println("Object Type KMIP Attribute: " + ot.getPrintName());
} else {
System.err.println("Object Type KMIP Attribute is null.");
}
if (certType != null) {
System.out.println("Certificate Type KMIP Attribute: " + certType.getPrintName());
} else {
System.err.println("Certificate Type KMIP Attribute is null.");
}
if (certIdentifier == null) {
System.err.println("Certificate Identifier KMIP Attribute is null.");
} else {
System.out.println("Certificate Identifier KMIP Attribute:");
System.out.println("\tIssuer = " + certIdentifier.getIssuer());
System.out.println("\tSerial Number" + certIdentifier.getSerialNumber());
}
if (issuer == null) {
System.err.println("Certificate Issuer is null.");
} else {
System.out.println("Certificate Issuer:");
System.out.println("\tIssuer Distinguished Name = " + issuer.getCertificateIssuerDistinguishedName());
if (issuer.getCertificateIssuerAlternativeName() != null) {
System.out.println("\tIssuer Alternative Name = " + issuer.getCertificateIssuerAlternativeName());
}
}
if (subject == null) {
System.err.println("Certificate Subject is null.");
} else {
System.out.println("Certificate Subject:");
System.out.println("\tSubject Distinguished Name = " + subject.getCertificateSubjectDistinguishedName());
if (subject.getCertificateSubjectAlternativeName() != null) {
System.out.println("\tSubject Alternative Name = " + subject.getCertificateSubjectAlternativeName());
}
}
// now export() a copy of the certificate back from the Key Manager
byte[] exportedCert = cert.certificateExport();
// compare the original and exported bytes
if ((exportedCert != null) && Arrays.equals(Hex.decodeHex(certBytes.toCharArray()), exportedCert))
System.out.println("Exported Certificate material equals original");
else {
System.out.println("Uh-oh!");
}
// print the bytes
System.out.println("original: " + certBytes.toUpperCase());
System.out.println("exported: " + TTLVUtil.toHexString(exportedCert));
// delete the test cert and close the session
cert.delete();
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
Also used :
NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec)
KMIPAttributes(com.ingrian.security.nae.KMIPAttributes)
KMIPCertificateIssuer(com.ingrian.security.nae.KMIPCertificateIssuer)
NAECertificate(com.ingrian.security.nae.NAECertificate)
KMIPCertificateIdentifier(com.ingrian.security.nae.KMIPCertificateIdentifier)
KMIPCertificateTypes(com.ingrian.security.nae.KMIPCertificateTypes)
ObjectTypes(com.ingrian.internal.kmip.api.ObjectType.ObjectTypes)
NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
KMIPSession(com.ingrian.security.nae.KMIPSession)
KMIPCertificateSubject(com.ingrian.security.nae.KMIPCertificateSubject)
Example 13 with IngrianProvider
use of com.ingrian.security.nae.IngrianProvider in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPDeleteAttributeSample method main.
public static void main(String[] args) throws Exception {
if (args.length != 2) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession session = null;
try {
// create NAE Session: pass in NAE client certificate information - client key and
// keystore password
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
/* This Set<String> collection will hold the unique identifiers of the keys
* matching the criteria (algorithm = RSA, length=2048
*/
Set<String> managedObjectIdentifiers;
/* this KMIPAttributes object will contain the KMIPAttribute(s) and the
* values to match for the keys being searched for on the server
*
*/
KMIPAttributes locateAttributes = new KMIPAttributes();
// add CryptographicAlgorithm and length to the attributes to be matched
locateAttributes.add(KMIPAttribute.CryptographicAlgorithm, Algorithm.rsa);
locateAttributes.add(KMIPAttribute.CryptographicLength, 2048);
/* Add a custom KMIP integer attribute at index 0 with the value 1 */
locateAttributes.add("x-int1", 0, 1);
/* this is also the sole attribute to be deleted. */
KMIPAttributes deleteAttributes = new KMIPAttributes();
deleteAttributes.add("x-int1", 0, 1);
/* Locate all RSA keys with a length of 2048 and x-int1 = 1 */
managedObjectIdentifiers = session.locate(locateAttributes);
if (managedObjectIdentifiers != null) {
System.out.println("\n\nFound " + managedObjectIdentifiers.size() + " managed objects matching criteria.");
System.out.println("\n\nKeys with attributes rsa, 2048 and custom attribute x-int=1");
for (String uid : managedObjectIdentifiers) {
System.out.println("\n\nManaged Object UniqueIdentifier: \t" + uid);
Object thingee = session.getManagedObject(uid);
/* Convert each key into the proper type of object
* representing the managed key */
if ((thingee instanceof NAEPublicKey) || (thingee instanceof NAEPrivateKey) || (thingee instanceof NAESecretKey)) {
NAEKey key;
if (thingee instanceof NAEPublicKey)
key = (NAEPublicKey) thingee;
else if (thingee instanceof NAEPrivateKey)
key = (NAEPrivateKey) thingee;
else
key = (NAESecretKey) thingee;
System.out.println("\tName: \t" + key.getName());
/* delete the x-int1 attribute */
key.deleteKMIPAttributes(deleteAttributes);
}
}
}
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
Also used :
KMIPAttributes(com.ingrian.security.nae.KMIPAttributes)
NAEKey(com.ingrian.security.nae.NAEKey)
NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey)
NAESecretKey(com.ingrian.security.nae.NAESecretKey)
NAEPublicKey(com.ingrian.security.nae.NAEPublicKey)
NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
KMIPSession(com.ingrian.security.nae.KMIPSession)
Example 14 with IngrianProvider
use of com.ingrian.security.nae.IngrianProvider in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPGetCustomAttribute method main.
public static void main(String[] args) throws Exception {
if (args.length != 4) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession session = null;
try {
// Create session to KMIP port based on authentication by an
// NAEClientCertificate
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// KMIPAttribute set to hold unique Key Manager identifiers for
// located keys
Set<String> managedObjectIdentifiers;
// This instance of KMIPAttributes will be used as the KMIP
// attributes and
// values to be searched for
KMIPAttributes locateAttributes = new KMIPAttributes();
locateAttributes.add(KMIPAttribute.CryptographicAlgorithm, Algorithm.rsa);
locateAttributes.add(KMIPAttribute.CryptographicLength, 2048);
// This instance of KMIPAttributes will specify the set of KMIP
// attributes
// to be returned from the Key Manager
// KMIPAttributes addAttributes = new KMIPAttributes();
// addAttributes.add("x-String", 1, "Hello");
KMIPAttributes getAttributes = new KMIPAttributes();
getAttributes.add(KMIPAttribute.ApplicationSpecificInformation);
// implied
getAttributes.add(KMIPAttribute.CryptographicAlgorithm);
// null
// value
getAttributes.add(KMIPAttribute.CryptographicLength);
getAttributes.add(KMIPAttribute.ObjectType);
getAttributes.add(KMIPAttribute.ContactInformation);
getAttributes.add(KMIPAttribute.Digest);
getAttributes.add(KMIPAttribute.InitialDate);
getAttributes.add(KMIPAttribute.Link);
getAttributes.add(KMIPAttribute.ObjectGroup);
String custattrib = args[3];
if (custattrib.contains("#")) {
String[] attrs = custattrib.split("#");
for (String atr : attrs) {
getAttributes.add(atr);
}
} else {
getAttributes.add(custattrib);
}
// Locate the keys with matching attributes
managedObjectIdentifiers = session.locate(locateAttributes);
if (managedObjectIdentifiers != null) {
// for each object found, query all the non-custom attributes
for (String uid : managedObjectIdentifiers) {
Object serverManagedObject = session.getManagedObject(uid);
if (serverManagedObject == null)
// not a key
continue;
if (isKey(serverManagedObject)) {
// NAEKey is the superclass of public/private and secret
// keys
NAEKey key;
if (serverManagedObject instanceof NAEPublicKey)
key = (NAEPublicKey) serverManagedObject;
else if (serverManagedObject instanceof NAEPrivateKey)
key = (NAEPrivateKey) serverManagedObject;
else
key = (NAESecretKey) serverManagedObject;
locateAttributes.getAttributes();
// retrieve and print the key's attributes
if (key.getName().equals(args[2])) {
// key.addKMIPAttributes(addAttributes);
System.out.println("\tName: \t" + key.getName());
KMIPAttributes returnedAttributes = getAttrs(key, getAttributes);
// printKeyInfo(returnedAttributes);
printCustomAttribute(returnedAttributes);
}
} else if (serverManagedObject instanceof KMIPSecretData) {
// KMIPSecretData managed objects do not inherit from
// NAEKey
// coerce to a KMIPSecretData and print the name of the
// object
System.out.println(((KMIPSecretData) serverManagedObject).getName());
}
}
}
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
Also used :
KMIPAttributes(com.ingrian.security.nae.KMIPAttributes)
NAEKey(com.ingrian.security.nae.NAEKey)
NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey)
NAEPublicKey(com.ingrian.security.nae.NAEPublicKey)
KMIPSecretData(com.ingrian.security.nae.KMIPSecretData)
NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate)
NAEException(com.ingrian.security.nae.NAEException)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
KMIPSession(com.ingrian.security.nae.KMIPSession)
Example 15 with IngrianProvider
use of com.ingrian.security.nae.IngrianProvider in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPGetSample method main.
public static void main(String[] args) throws Exception {
if (args.length != 2) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession session = null;
try {
// Create session to KMIP port based on authentication by an NAEClientCertificate
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// KMIPAttribute set to hold unique Key Manager identifiers for located keys
Set<String> managedObjectIdentifiers;
// This instance of KMIPAttributes will be used as the KMIP attributes and
// values to be searched for
KMIPAttributes locateAttributes = new KMIPAttributes();
locateAttributes.add(KMIPAttribute.CryptographicAlgorithm, Algorithm.rsa);
locateAttributes.add(KMIPAttribute.CryptographicLength, 2048);
// This instance of KMIPAttributes will specify the set of KMIP attributes
// to be returned from the Key Manager
KMIPAttributes getAttributes = new KMIPAttributes();
getAttributes.add(KMIPAttribute.ApplicationSpecificInformation);
// implied null value
getAttributes.add(KMIPAttribute.CryptographicAlgorithm);
getAttributes.add(KMIPAttribute.CryptographicLength);
getAttributes.add(KMIPAttribute.ObjectType);
getAttributes.add(KMIPAttribute.ContactInformation);
getAttributes.add(KMIPAttribute.Digest);
getAttributes.add(KMIPAttribute.InitialDate);
getAttributes.add(KMIPAttribute.Link);
getAttributes.add(KMIPAttribute.ObjectGroup);
// Locate the keys with matching attributes
managedObjectIdentifiers = session.locate(locateAttributes);
if (managedObjectIdentifiers != null) {
System.out.println("\n\nFound " + managedObjectIdentifiers.size() + " managed objects matching key Locate criteria.");
System.out.println("\n\nKeys with attributes rsa, 2048 and their attibutes");
// for each object found, query all the non-custom attributes
for (String uid : managedObjectIdentifiers) {
System.out.println("\n\nManaged Object UniqueIdentifier: \t" + uid);
Object serverManagedObject = session.getManagedObject(uid);
// not a key
if (serverManagedObject == null)
continue;
if (isKey(serverManagedObject)) {
// NAEKey is the superclass of public/private and secret keys
NAEKey key;
if (serverManagedObject instanceof NAEPublicKey)
key = (NAEPublicKey) serverManagedObject;
else if (serverManagedObject instanceof NAEPrivateKey)
key = (NAEPrivateKey) serverManagedObject;
else
key = (NAESecretKey) serverManagedObject;
System.out.println("\tName: \t" + key.getName());
// retrieve and print the key's attributes
KMIPAttributes returnedAttributes = getAttrs(key, getAttributes);
printKeyInfo(returnedAttributes);
} else if (serverManagedObject instanceof KMIPSecretData) {
// KMIPSecretData managed objects do not inherit from NAEKey
// coerce to a KMIPSecretData and print the name of the object
System.out.println(((KMIPSecretData) serverManagedObject).getName());
}
}
}
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
Also used :
KMIPAttributes(com.ingrian.security.nae.KMIPAttributes)
NAEKey(com.ingrian.security.nae.NAEKey)
NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey)
NAEPublicKey(com.ingrian.security.nae.NAEPublicKey)
KMIPSecretData(com.ingrian.security.nae.KMIPSecretData)
NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate)
NAEException(com.ingrian.security.nae.NAEException)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
KMIPSession(com.ingrian.security.nae.KMIPSession)
Aggregations
IngrianProvider (com.ingrian.security.nae.IngrianProvider)45
NAESession (com.ingrian.security.nae.NAESession)27
NAEKey (com.ingrian.security.nae.NAEKey)25
KMIPSession (com.ingrian.security.nae.KMIPSession)19
NAEClientCertificate (com.ingrian.security.nae.NAEClientCertificate)19
Provider (java.security.Provider)19
NAEParameterSpec (com.ingrian.security.nae.NAEParameterSpec)17
NAEPrivateKey (com.ingrian.security.nae.NAEPrivateKey)17
NAEPublicKey (com.ingrian.security.nae.NAEPublicKey)17
KMIPAttributes (com.ingrian.security.nae.KMIPAttributes)16
KeyGenerator (javax.crypto.KeyGenerator)11
Cipher (javax.crypto.Cipher)10
NAEException (com.ingrian.security.nae.NAEException)9
KMIPSecretData (com.ingrian.security.nae.KMIPSecretData)8
NAESecretKey (com.ingrian.security.nae.NAESecretKey)8
SecretKey (javax.crypto.SecretKey)8
IvParameterSpec (javax.crypto.spec.IvParameterSpec)7
NAESecureRandom (com.ingrian.security.nae.NAESecureRandom)6
KeyPair (java.security.KeyPair)6
NAEPermission (com.ingrian.security.nae.NAEPermission)5
