Example 6 with KMIPAttributes
use of com.ingrian.security.nae.KMIPAttributes in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPGetSample method main.
public static void main(String[] args) throws Exception {
if (args.length != 2) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession session = null;
try {
// Create session to KMIP port based on authentication by an NAEClientCertificate
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// KMIPAttribute set to hold unique Key Manager identifiers for located keys
Set<String> managedObjectIdentifiers;
// This instance of KMIPAttributes will be used as the KMIP attributes and
// values to be searched for
KMIPAttributes locateAttributes = new KMIPAttributes();
locateAttributes.add(KMIPAttribute.CryptographicAlgorithm, Algorithm.rsa);
locateAttributes.add(KMIPAttribute.CryptographicLength, 2048);
// This instance of KMIPAttributes will specify the set of KMIP attributes
// to be returned from the Key Manager
KMIPAttributes getAttributes = new KMIPAttributes();
getAttributes.add(KMIPAttribute.ApplicationSpecificInformation);
// implied null value
getAttributes.add(KMIPAttribute.CryptographicAlgorithm);
getAttributes.add(KMIPAttribute.CryptographicLength);
getAttributes.add(KMIPAttribute.ObjectType);
getAttributes.add(KMIPAttribute.ContactInformation);
getAttributes.add(KMIPAttribute.Digest);
getAttributes.add(KMIPAttribute.InitialDate);
getAttributes.add(KMIPAttribute.Link);
getAttributes.add(KMIPAttribute.ObjectGroup);
// Locate the keys with matching attributes
managedObjectIdentifiers = session.locate(locateAttributes);
if (managedObjectIdentifiers != null) {
System.out.println("\n\nFound " + managedObjectIdentifiers.size() + " managed objects matching key Locate criteria.");
System.out.println("\n\nKeys with attributes rsa, 2048 and their attibutes");
// for each object found, query all the non-custom attributes
for (String uid : managedObjectIdentifiers) {
System.out.println("\n\nManaged Object UniqueIdentifier: \t" + uid);
Object serverManagedObject = session.getManagedObject(uid);
// not a key
if (serverManagedObject == null)
continue;
if (isKey(serverManagedObject)) {
// NAEKey is the superclass of public/private and secret keys
NAEKey key;
if (serverManagedObject instanceof NAEPublicKey)
key = (NAEPublicKey) serverManagedObject;
else if (serverManagedObject instanceof NAEPrivateKey)
key = (NAEPrivateKey) serverManagedObject;
else
key = (NAESecretKey) serverManagedObject;
System.out.println("\tName: \t" + key.getName());
// retrieve and print the key's attributes
KMIPAttributes returnedAttributes = getAttrs(key, getAttributes);
printKeyInfo(returnedAttributes);
} else if (serverManagedObject instanceof KMIPSecretData) {
// KMIPSecretData managed objects do not inherit from NAEKey
// coerce to a KMIPSecretData and print the name of the object
System.out.println(((KMIPSecretData) serverManagedObject).getName());
}
}
}
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
Also used :
KMIPAttributes(com.ingrian.security.nae.KMIPAttributes)
NAEKey(com.ingrian.security.nae.NAEKey)
NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey)
NAEPublicKey(com.ingrian.security.nae.NAEPublicKey)
KMIPSecretData(com.ingrian.security.nae.KMIPSecretData)
NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate)
NAEException(com.ingrian.security.nae.NAEException)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
KMIPSession(com.ingrian.security.nae.KMIPSession)
Example 7 with KMIPAttributes
use of com.ingrian.security.nae.KMIPAttributes in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPLocateSample method main.
public static void main(String[] args) throws Exception {
if (args.length < 2) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession session = null;
try {
// create NAE Session: pass in NAE Client Certificate clicnt key and keystore password
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// This set holds the managed object unique identifiers (UIDs)
Set<String> managedObjectIdentifiers;
// Locate keys with crypto algorithm = aes and crypto length = 256
KMIPAttributes queryAttributes = new KMIPAttributes();
/*
* IMPORTANT-In case of locate by name it is compulsory to pass argument for keyName as below
* [-Name locateKeyName] where locateKeyName will be value of userInput.
* */
if (args.length > 3) {
if (args[2] != null && "-Name".equals(args[2])) {
queryAttributes.add(new Attribute(KMIPAttribute.Name, args[3]));
}
}
// Have the session locate the keys matching the queryAttributes:
managedObjectIdentifiers = session.locate(queryAttributes);
// loop through the UIDs of the matching managed objects
System.out.println("Total Keys: " + managedObjectIdentifiers.size());
for (String uid : managedObjectIdentifiers) {
System.out.println("Managed object Unique Identifier: " + uid);
// get the objects as Java client NAEKeys or KMIPSecretData objects
// (Note: Secret Data doesn't have KMIP attributes of
// algorithm or length, and will not be found by this query,
// but is included here for completeness.
byte[] keyMaterial = null;
Object managedObject = session.getManagedObject(uid);
// not a key
if (managedObject == null)
continue;
if (managedObject instanceof NAEPublicKey) {
System.out.println(((NAEPublicKey) managedObject).getName());
keyMaterial = ((NAEKey) managedObject).export();
} else if (managedObject instanceof NAEPrivateKey) {
System.out.println(((NAEPrivateKey) managedObject).getName());
keyMaterial = ((NAEKey) managedObject).export();
} else if (managedObject instanceof NAESecretKey) {
System.out.println(((NAESecretKey) managedObject).getName());
keyMaterial = ((NAEKey) managedObject).export();
} else if (managedObject instanceof KMIPSecretData) {
System.out.println(((KMIPSecretData) managedObject).getName());
keyMaterial = ((KMIPSecretData) managedObject).export();
} else if (managedObject instanceof NAECertificate) {
System.out.println(((NAECertificate) managedObject).getName());
keyMaterial = ((NAECertificate) managedObject).certificateExport();
}
System.out.println("Key Material = " + TTLVUtil.toHexString(keyMaterial));
}
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
Also used :
KMIPAttributes(com.ingrian.security.nae.KMIPAttributes)
NAEKey(com.ingrian.security.nae.NAEKey)
NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey)
Attribute(com.ingrian.internal.kmip.api.Attribute)
KMIPAttribute(com.ingrian.security.nae.KMIPAttributeNames.KMIPAttribute)
NAESecretKey(com.ingrian.security.nae.NAESecretKey)
NAECertificate(com.ingrian.security.nae.NAECertificate)
NAEPublicKey(com.ingrian.security.nae.NAEPublicKey)
KMIPSecretData(com.ingrian.security.nae.KMIPSecretData)
NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
KMIPSession(com.ingrian.security.nae.KMIPSession)
Example 8 with KMIPAttributes
use of com.ingrian.security.nae.KMIPAttributes in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPKeyPairSample method main.
public static void main(String[] args) {
if (args.length != 4) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
String privateKeyName = args[2];
String publicKeyName = args[3];
KMIPSession session = null;
try {
// generate the public/private key pairs with client-side provider
KeyPairGenerator keyGen = KeyPairGenerator.getInstance(algorithm);
System.out.println("Provider: " + keyGen.getProvider().getName());
keyGen.initialize(length);
KeyPair generatedKeyPair = keyGen.generateKeyPair();
// get the key material
PrivateKey priv = generatedKeyPair.getPrivate();
PublicKey pub = generatedKeyPair.getPublic();
byte[] privKeyMaterial = priv.getEncoded();
byte[] pubKeyMaterial = pub.getEncoded();
// Register keys on the Key Manager
// create NAE Session using a client certificate
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// create a spec for the public key
KMIPAttributes initialAttributes = new KMIPAttributes();
initialAttributes.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Verify.getValue()));
NAEParameterSpec spec = new NAEParameterSpec(publicKeyName, length, (KMIPAttributes) initialAttributes, session);
// create a public key - note: names must match
NAEPublicKey naePub = NAEKey.getPublicKey(publicKeyName, session);
// register the key
String pubUID = naePub.registerKey(pubKeyMaterial, algorithm, keyFormat, spec);
// print the Key Manager unique identifier for the key
System.out.println("Created public key: " + pubUID);
// do the same for the private key
initialAttributes = new KMIPAttributes();
initialAttributes.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Sign.getValue()));
spec = new NAEParameterSpec(privateKeyName, length, (KMIPAttributes) initialAttributes, session);
NAEPrivateKey naePriv = NAEKey.getPrivateKey(privateKeyName, session);
// remove PKCS#8 header from the key material
byte[] truncatedKeyMaterial = new byte[privKeyMaterial.length - 26];
System.arraycopy(privKeyMaterial, 26, truncatedKeyMaterial, 0, privKeyMaterial.length - 26);
String privUID = naePriv.registerKey(truncatedKeyMaterial, algorithm, keyFormat, spec);
System.out.println("Created private key: " + privUID);
// Set the link attribute for the keys on the Key Manager
naePriv.link(naePub);
naePub.link(naePriv);
System.out.println("Linked keys");
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
Also used :
KeyPair(java.security.KeyPair)
KMIPAttributes(com.ingrian.security.nae.KMIPAttributes)
NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec)
PrivateKey(java.security.PrivateKey)
NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey)
NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey)
PublicKey(java.security.PublicKey)
NAEPublicKey(com.ingrian.security.nae.NAEPublicKey)
NAEPublicKey(com.ingrian.security.nae.NAEPublicKey)
KeyPairGenerator(java.security.KeyPairGenerator)
NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
KMIPSession(com.ingrian.security.nae.KMIPSession)
Example 9 with KMIPAttributes
use of com.ingrian.security.nae.KMIPAttributes in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPModifySample method main.
public static void main(String[] args) throws Exception {
if (args.length != 2) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
// get the list of all registered JCE providers
Provider[] providers = Security.getProviders();
for (int i = 0; i < providers.length; i++) System.out.println(providers[i].getInfo());
KMIPSession session = null;
try {
// create a KMIPSession: pass in NAE client X.509 key and keyStore password
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// create key KMIPAttribute object with a list of attributes to match
Set<String> managedObjectIdentifiers;
KMIPAttributes locateAttributes = new KMIPAttributes();
locateAttributes.add(KMIPAttribute.CryptographicAlgorithm, Algorithm.rsa);
locateAttributes.add(KMIPAttribute.CryptographicLength, 2048);
KMIPAttributes getAttributes = new KMIPAttributes();
getAttributes.add(KMIPAttribute.Name);
managedObjectIdentifiers = session.locate(locateAttributes);
if (managedObjectIdentifiers != null) {
System.out.println("\n\nFound " + managedObjectIdentifiers.size() + " managed objects matching criteria.");
System.out.println("\n\nKeys with attributes rsa, 2048 and object group");
for (String uid : managedObjectIdentifiers) {
System.out.println("\n\nManaged Object UniqueIdentifier: \t" + uid);
Object managedObject = session.getManagedObject(uid);
// not a key
if (managedObject == null)
continue;
if ((managedObject instanceof NAEPublicKey) || (managedObject instanceof NAEPrivateKey) || (managedObject instanceof NAESecretKey)) {
NAEKey key;
if (managedObject instanceof NAEPublicKey)
key = (NAEPublicKey) managedObject;
else if (managedObject instanceof NAEPrivateKey)
key = (NAEPrivateKey) managedObject;
else
key = (NAESecretKey) managedObject;
System.out.println("\tName: \t" + key.getName());
// Retrieve a KMIP attribute - in this case, Name.
KMIPAttributes returnedAttributes = key.getKMIPAttributes(getAttributes);
KMIPNameAttribute name = returnedAttributes.getNameAttribute();
System.out.println("Name attribute: " + name.getNameValue().getNameValue());
// Modify the Application Specific Information for this key - if it has any
KMIPAttributes modAttributes = new KMIPAttributes();
String ts = timestamp();
modAttributes.add(new KMIPApplicationSpecificInformation("namespace-" + ts, ts), 0);
try {
// throws NAE error if the key does not already have attribute being modified
key.modifyKMIPAttributes(modAttributes);
} catch (NAEException nae) {
if (!nae.getMessage().contains("Object does not have the specified attribute"))
throw nae;
}
} else if (managedObject instanceof KMIPSecretData) {
System.out.println(((KMIPSecretData) managedObject).getName());
}
}
}
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
Also used :
KMIPAttributes(com.ingrian.security.nae.KMIPAttributes)
NAEException(com.ingrian.security.nae.NAEException)
NAEKey(com.ingrian.security.nae.NAEKey)
NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey)
NAESecretKey(com.ingrian.security.nae.NAESecretKey)
NAEPublicKey(com.ingrian.security.nae.NAEPublicKey)
KMIPSecretData(com.ingrian.security.nae.KMIPSecretData)
NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate)
NAEException(com.ingrian.security.nae.NAEException)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
Provider(java.security.Provider)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
KMIPSession(com.ingrian.security.nae.KMIPSession)
KMIPApplicationSpecificInformation(com.ingrian.security.nae.KMIPApplicationSpecificInformation)
KMIPNameAttribute(com.ingrian.security.nae.KMIPNameAttribute)
Example 10 with KMIPAttributes
use of com.ingrian.security.nae.KMIPAttributes in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPBatchSample method main.
public static void main(String[] args) throws Exception {
KMIPSession session = null;
int keyLength = 256;
if (args.length != 3) {
usage();
}
String keyName = args[2];
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
try {
// create KMIP Session - specify client X.509 certificate and keystore password
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// create key custom attributes
session.startBatching();
System.out.println("Batching set to " + session.isBatching());
for (int i = 0; i < 10; i++) {
/* create a secret key using JCE key generator */
NAEParameterSpec spec = new NAEParameterSpec(keyName + "-" + i, keyLength, (KMIPAttributes) null, session);
KeyGenerator kg = KeyGenerator.getInstance("AES", "IngrianProvider");
kg.init(spec);
kg.generateKey();
}
KMIPBatchResults kbr = session.flushBatch();
for (KMIPBatchItemResult batchResult : kbr.values()) {
if (batchResult.getStatus() == Statuses.Success) {
System.out.println(batchResult.getOperation().getPrintName() + " : " + batchResult.getStatus().getPrintName());
System.out.println("UIDs affected: " + batchResult.getUIDs());
} else {
System.out.println(batchResult.getOperation().getPrintName() + " OPERATION FAILED: " + batchResult.getStatusMessage());
}
}
System.out.println("Batching set to " + session.isBatching());
// the KMIPsession is now not in batching mode. KMIP Operations will be sent
// to the server when the line of code is executed. Operations are shown
// which add, modify, or delete attributes in one request, with the KMIP CADP for JAVA
// session utilizing KMIP batching implicitly based on sets of UIDs
KMIPAttributes queryAttributes = new KMIPAttributes();
queryAttributes.add(KMIPAttribute.CryptographicAlgorithm, Algorithm.aes);
queryAttributes.add(KMIPAttribute.CryptographicLength, 256);
// Have the session locate the keys matching the queryAttributes:
Set<String> managedObjectIdentifiers = session.locate(queryAttributes);
// loop through the UIDs of the matching managed objects
KMIPAttributes addAttrs = new KMIPAttributes();
addAttrs.add(KMIPAttribute.ContactInformation, 0, "Contact Information");
for (String uid : managedObjectIdentifiers) {
System.out.println("Managed object Unique Identifier: " + uid);
// get the objects as Java client NAEKeys or KMIPSecretData objects
// (Note: Secret Data doesn't have KMIP attributes of
// algorithm or length, and will not be found by this query,
// but is included here for completeness.
Object managedObject = session.getManagedObject(uid);
if (managedObject instanceof NAESecretKey) {
NAESecretKey nsk = (NAESecretKey) managedObject;
nsk.refreshKMIPInfo();
if (nsk.getName().startsWith("KMIPBatch")) {
System.out.println(((NAESecretKey) managedObject).getName());
}
nsk.addKMIPAttributes(addAttrs);
}
}
waitForInput();
KMIPAttributes modAttrs = new KMIPAttributes();
modAttrs.add(KMIPAttribute.ContactInformation, 0, "Modified Contact Information");
Set<String> modUIDs = session.modifyAllAttributes(managedObjectIdentifiers, modAttrs);
System.out.println("Modified " + modUIDs.size() + " attributes in a single request.");
waitForInput();
Set<String> delUIDs = session.deleteAll(new ArrayList<String>(managedObjectIdentifiers));
System.out.println("Deleted " + delUIDs.size() + " managed objects in a single request.");
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
Also used :
NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec)
KMIPAttributes(com.ingrian.security.nae.KMIPAttributes)
NAESecretKey(com.ingrian.security.nae.NAESecretKey)
KMIPBatchItemResult(com.ingrian.security.nae.KMIPBatchItemResult)
NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate)
IOException(java.io.IOException)
KMIPSession(com.ingrian.security.nae.KMIPSession)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
KMIPBatchResults(com.ingrian.security.nae.KMIPBatchResults)
KeyGenerator(javax.crypto.KeyGenerator)
Aggregations
IngrianProvider (com.ingrian.security.nae.IngrianProvider)16
KMIPAttributes (com.ingrian.security.nae.KMIPAttributes)16
KMIPSession (com.ingrian.security.nae.KMIPSession)16
NAEClientCertificate (com.ingrian.security.nae.NAEClientCertificate)16
NAEKey (com.ingrian.security.nae.NAEKey)10
NAEParameterSpec (com.ingrian.security.nae.NAEParameterSpec)9
KMIPSecretData (com.ingrian.security.nae.KMIPSecretData)8
NAEPrivateKey (com.ingrian.security.nae.NAEPrivateKey)8
NAEPublicKey (com.ingrian.security.nae.NAEPublicKey)8
NAEException (com.ingrian.security.nae.NAEException)7
NAESecretKey (com.ingrian.security.nae.NAESecretKey)7
KeyGenerator (javax.crypto.KeyGenerator)4
NAECertificate (com.ingrian.security.nae.NAECertificate)3
SecretKey (javax.crypto.SecretKey)3
KeyPair (java.security.KeyPair)2
KeyPairGenerator (java.security.KeyPairGenerator)2
PublicKey (java.security.PublicKey)2
Calendar (java.util.Calendar)2
Attribute (com.ingrian.internal.kmip.api.Attribute)1
ObjectTypes (com.ingrian.internal.kmip.api.ObjectType.ObjectTypes)1
