use of com.ingrian.security.nae.KMIPAttributes in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPCertLocateSample method main.
public static void main(String[] args) throws Exception {
if (args.length != 3) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession session = null;
try {
// create NAE Session: pass in NAE Client Certificate clicnt key and keystore password
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// import the certificate
NAEParameterSpec spec = new NAEParameterSpec(args[2], 1024, (KMIPAttributes) null, session);
byte[] c = Hex.decodeHex(certBytes.toCharArray());
NAECertificate.importCertificate(c, null, spec);
// This set holds the managed object unique identifiers (UIDs)
Set<String> managedObjectIdentifiers;
// Locate managed objects with ObjectType Certificate and crypto length = 2048
// and Issuer Distinguished Name = "CN=KMIP,OU=OASIS,O=TEST,C=US"
// by adding the KMIPAttribute name and the value to a KMIPAttributes
// object
KMIPAttributes queryAttributes = new KMIPAttributes();
queryAttributes.add(KMIPAttribute.CryptographicLength, 2048);
queryAttributes.add(KMIPAttribute.ObjectType, ObjectType.ObjectTypes.Certificate);
// Have the session locate the keys matching the queryAttributes:
managedObjectIdentifiers = session.locate(queryAttributes);
System.out.println("Managed objects with attributes rsa, 2048:");
for (String uid : managedObjectIdentifiers) {
System.out.println("Managed object Unique Identifier: " + uid);
// get the objects as Java client NAEKeys or KMIPSecretData objects
// (Note: Secret Data doesn't have KMIP attributes of
// algorithm or length, and will not be found by this query,
// but is included here for completeness.
Object managedObject = session.getManagedObject(uid);
if (managedObject instanceof KMIPTemplate)
break;
if (managedObject instanceof NAEPublicKey)
System.out.println(((NAEPublicKey) managedObject).getName());
else if (managedObject instanceof NAEPrivateKey)
System.out.println(((NAEPrivateKey) managedObject).getName());
else if (managedObject instanceof NAESecretKey)
System.out.println(((NAESecretKey) managedObject).getName());
else if (managedObject instanceof KMIPSecretData) {
System.out.println(((KMIPSecretData) managedObject).getName());
} else if (managedObject instanceof NAECertificate) {
System.out.println("Object is a certificate");
System.out.println(((NAECertificate) managedObject).getName());
}
}
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
use of com.ingrian.security.nae.KMIPAttributes in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPDatesAndStatesSample method main.
public static void main(String[] args) throws Exception {
String keyName = null;
int keyLength = 256;
if (args.length != 3) {
usage();
}
keyName = args[2];
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession session = null;
try {
// create KMIP Session - specify client X.509 certificate and keystore password
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// create key custom attributes
NAEKey key = null;
deleteIfExists(keyName, session, key);
/* create a secret key using JCE key generator */
NAEParameterSpec spec = new NAEParameterSpec(keyName, keyLength, (KMIPAttributes) null, session);
KeyGenerator kg = KeyGenerator.getInstance("AES", "IngrianProvider");
kg.init(spec);
SecretKey secretKey = kg.generateKey();
System.out.println("Created new key " + ((NAEKey) secretKey).getName());
/* cast to NAEKey and list the default attribute names */
Set<String> defaultAttributes = ((NAEKey) secretKey).listKMIPAttributes();
System.out.println(defaultAttributes);
key = ((NAEKey) secretKey);
KMIPAttributes getState = new KMIPAttributes();
getState.add(KMIPAttribute.State);
getState.add(KMIPAttribute.ActivationDate);
getState.add(KMIPAttribute.InitialDate);
getState.add(KMIPAttribute.DeactivationDate);
KMIPAttributes gotState = key.getKMIPAttributes(getState);
System.out.println("State = " + gotState.getState());
System.out.println("InitialDate = " + sdf.format(gotState.getDate(KMIPAttribute.InitialDate).getTime()));
System.out.println("ActivationDate = " + ((gotState.getDate(KMIPAttribute.ActivationDate) != null) ? sdf.format(gotState.getDate(KMIPAttribute.ActivationDate).getTime()) : "null"));
key = ((NAEKey) secretKey);
System.out.println("Activating:");
key.activate();
gotState = key.getKMIPAttributes(getState);
defaultAttributes = ((NAEKey) secretKey).listKMIPAttributes();
System.out.println(defaultAttributes);
System.out.println("State = " + gotState.getState());
System.out.println("ActivationDate = " + ((gotState.getDate(KMIPAttribute.ActivationDate) != null) ? sdf.format(gotState.getDate(KMIPAttribute.ActivationDate).getTime()) : "null"));
// now deactivate it
Calendar c = Calendar.getInstance();
c.setTimeInMillis((gotState.getDate(KMIPAttribute.ActivationDate)).getTime().getTime());
System.out.println("Deactivating as of " + sdf.format(c.getTime()));
KMIPAttributes modDates = new KMIPAttributes();
modDates.addDate(KMIPAttribute.DeactivationDate, c);
key.addKMIPAttributes(modDates);
;
defaultAttributes = ((NAEKey) secretKey).listKMIPAttributes();
System.out.println(defaultAttributes);
gotState = key.getKMIPAttributes(getState);
System.out.println("State = " + gotState.getState());
System.out.println("Dectivation Date = " + ((gotState.getDate(KMIPAttribute.DeactivationDate) != null) ? sdf.format(gotState.getDate(KMIPAttribute.ActivationDate).getTime()) : "null"));
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
use of com.ingrian.security.nae.KMIPAttributes in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPCreateSymmetricKeySample method main.
public static void main(String[] args) throws Exception {
String keyName = null;
int keyLength = 256;
if (args.length != 3) {
usage();
}
keyName = args[2];
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession session = null;
try {
// create KMIP Session - specify client X.509 certificate and keystore password
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
NAEKey key;
try {
/* does the key exist? if so, delete it */
/* get..Key method is merely a placeholder for a managed object
* with that name. */
key = NAEKey.getSecretKey(keyName, session);
/* getUID() will throw an exception if the key does not exist */
if (key.getUID() != null) {
// exists if Unique Identifier is not null
System.out.println("Deleting key " + keyName + " with UID=" + key.getUID());
key.delete();
}
} catch (Exception notFound) {
}
/* create a secret key on the Key Manager using JCE key generator */
KMIPAttributes initialAttributes = new KMIPAttributes();
initialAttributes.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Encrypt.getValue() | UsageMask.Decrypt.getValue()));
NAEParameterSpec spec = new NAEParameterSpec(keyName, keyLength, (KMIPAttributes) initialAttributes, session);
KeyGenerator kg = KeyGenerator.getInstance("AES", "IngrianProvider");
kg.init(spec);
SecretKey secretKey = kg.generateKey();
System.out.println("Created key " + ((NAEKey) secretKey).getName());
/* cast to NAEKey and list the default attribute names */
Set<String> defaultAttributes = ((NAEKey) secretKey).listKMIPAttributes();
System.out.println(defaultAttributes);
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
use of com.ingrian.security.nae.KMIPAttributes in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPSecretDataGetCustomAttributeSample method main.
public static void main(String[] args) throws Exception {
if (args.length != 4) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
String secretDataName = args[2];
String custattrib = args[3];
// create NAE Session: pass in Key Manager user name and password
KMIPSession session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
KMIPAttributes getAttributes = new KMIPAttributes();
if (custattrib.contains("#")) {
String[] attrs = custattrib.split("#");
for (String atr : attrs) {
getAttributes.add(atr);
}
} else {
getAttributes.add(custattrib);
}
try {
// create the secret data object as a KMIP secret data Password type
KMIPSecretData secretDataManagedObject = new KMIPSecretData(secretDataName, KMIPSecretData.SecretDataType.Password, session);
KMIPAttributes returnedAttributes = secretDataManagedObject.getKMIPAttributes(getAttributes);
printCustomAttribute(returnedAttributes);
} catch (Exception e) {
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
use of com.ingrian.security.nae.KMIPAttributes in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPWrapUnwrapSample method main.
public static void main(String[] args) {
if (args.length != 4) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
String wrapping_key = args[2];
String wrapped_key = args[3];
// key bytes
String wrapping_keybytes = "49E3BD09F079E4F8842F1C6620FFF6EC";
String wrapped_keybytes = "92F6355221CC38DF5F374275631C774D";
System.out.println("wrapped_keybytes Key-1 " + wrapped_keybytes);
System.out.println("wrapping_keybytes Key-2" + wrapping_keybytes);
// key specification and key wrapping data
String wrappingMethod = "Encrypt";
String uniqueIdentifier_wrappingkey = null;
String uniqueIdentifier_wrappedkey = null;
String blockCipherMode = "NISTKeyWrap";
// not required as of now
String paddingMethod = null;
// not required as of now
String hashingAlgorithm = null;
// not required as of now
String keyRoleType = null;
String encodingOption = "NoEncoding";
// initiate KMIP session
KMIPSession session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// KMIP attributes for to declare an encrypting key
KMIPAttributes initialAttribute = new KMIPAttributes();
initialAttribute.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.WrapKey.getValue() | UsageMask.UnwrapKey.getValue()));
// KMIP attribute to declare a plain key
KMIPAttributes initialAttributes2 = new KMIPAttributes();
initialAttributes2.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Encrypt.getValue() | UsageMask.Decrypt.getValue()));
NAEParameterSpec spec = new NAEParameterSpec(wrapping_key, 128, initialAttribute, (KMIPSession) session);
NAEParameterSpec spec2 = new NAEParameterSpec(wrapped_key, 128, initialAttributes2, (KMIPSession) session);
NAEKey key3 = NAEKey.getSecretKey(wrapping_key, session);
NAEKey key4 = NAEKey.getSecretKey(wrapped_key, session);
// register wrapping key
try {
uniqueIdentifier_wrappingkey = key3.registerKey(IngrianProvider.hex2ByteArray(wrapping_keybytes), algorithm, keyFormat, spec);
} catch (NAEException e) {
if (e.getMessage().contains("Key already exists")) {
System.out.println("this key already exist");
try {
// updating UID for wrapping key
uniqueIdentifier_wrappingkey = key3.getUID();
} catch (NAEException e1) {
e1.printStackTrace();
} catch (Exception e1) {
e1.printStackTrace();
}
}
}
// register wrapped key
try {
uniqueIdentifier_wrappedkey = key4.registerKey(IngrianProvider.hex2ByteArray(wrapped_keybytes), algorithm, keyFormat, spec2);
} catch (NAEException e) {
if (e.getMessage().contains("Key already exists")) {
System.out.println("this key already exist");
try {
// updating UID for wrapped key
uniqueIdentifier_wrappedkey = key4.getUID();
} catch (Exception e1) {
e1.printStackTrace();
}
}
}
// KMIP attribute to get a wrapped key
KMIPAttributes initialAttributes1 = new KMIPAttributes();
initialAttributes1.add(new KMIPKeyWrapSpecification(wrappingMethod, uniqueIdentifier_wrappingkey, blockCipherMode, paddingMethod, hashingAlgorithm, keyRoleType, encodingOption), 0);
// Getting wrapped key bytes
byte[] x = session.wrapKey(wrapped_key, initialAttributes1);
System.out.println("Encrypted key bytes Key 1 " + IngrianProvider.byteArray2Hex(x));
// KMIP attribute to register a new key using encrypted key bytes
KMIPAttributes unwrapAttribute = new KMIPAttributes();
unwrapAttribute.add(new KMIPKeyWrappingData(wrappingMethod, uniqueIdentifier_wrappingkey, blockCipherMode, paddingMethod, hashingAlgorithm, keyRoleType, encodingOption), 0);
unwrapAttribute.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Encrypt.getValue() | UsageMask.Decrypt.getValue()));
String new_unwrapkeyuid = null;
// register a new key using wrapped key bytes
try {
new_unwrapkeyuid = session.registerKey(x, algorithm, null, length, unwrapAttribute);
} catch (NAEException e) {
if (e.getMessage().contains("Key already exists"))
System.out.println("this key already exist");
}
// Getting plain key bytes of new key
System.out.println("Plain key bytes of Key-3 " + IngrianProvider.byteArray2Hex(session.getKeyBytes(new_unwrapkeyuid)));
session.closeSession();
}
Aggregations