Example 1 with NAECertificate
use of com.ingrian.security.nae.NAECertificate in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPCertificateSample method main.
public static void main(String[] args) throws Exception {
if (args.length != 3) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession session = null;
try {
// create NAE Session: pass in Key Manager user name and password
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// create certificate managed object ParameterSpec
NAEParameterSpec spec = new NAEParameterSpec(args[2], 1024, (KMIPAttributes) null, session);
// import the certificate
byte[] c = Hex.decodeHex(certBytes.toCharArray());
NAECertificate.importCertificate(c, null, spec);
// query the certificate attributes via KMIP
session.getUID(args[2]);
Set<String> attrNames = session.listKMIPAttributes(args[2]);
System.out.println("Attributes: " + attrNames);
NAECertificate cert = new NAECertificate(args[2], session);
KMIPAttributes getAttributes = new KMIPAttributes();
getAttributes.add(KMIPAttribute.CertificateIdentifier);
getAttributes.add(KMIPAttribute.ObjectType);
getAttributes.add(KMIPAttribute.CertificateIssuer);
getAttributes.add(KMIPAttribute.CertificateType);
getAttributes.add(KMIPAttribute.CertificateSubject);
KMIPAttributes gotAttributes = cert.getKMIPAttributes(getAttributes);
KMIPCertificateIdentifier certIdentifier = gotAttributes.getCertificateIdentifier();
KMIPCertificateSubject subject = gotAttributes.getCertificateSubject();
KMIPCertificateTypes certType = gotAttributes.getCertificateType();
KMIPCertificateIssuer issuer = gotAttributes.getCertificateIssuer();
ObjectTypes ot = gotAttributes.getObjectType();
if (ot != null) {
System.out.println("Object Type KMIP Attribute: " + ot.getPrintName());
} else {
System.err.println("Object Type KMIP Attribute is null.");
}
if (certType != null) {
System.out.println("Certificate Type KMIP Attribute: " + certType.getPrintName());
} else {
System.err.println("Certificate Type KMIP Attribute is null.");
}
if (certIdentifier == null) {
System.err.println("Certificate Identifier KMIP Attribute is null.");
} else {
System.out.println("Certificate Identifier KMIP Attribute:");
System.out.println("\tIssuer = " + certIdentifier.getIssuer());
System.out.println("\tSerial Number" + certIdentifier.getSerialNumber());
}
if (issuer == null) {
System.err.println("Certificate Issuer is null.");
} else {
System.out.println("Certificate Issuer:");
System.out.println("\tIssuer Distinguished Name = " + issuer.getCertificateIssuerDistinguishedName());
if (issuer.getCertificateIssuerAlternativeName() != null) {
System.out.println("\tIssuer Alternative Name = " + issuer.getCertificateIssuerAlternativeName());
}
}
if (subject == null) {
System.err.println("Certificate Subject is null.");
} else {
System.out.println("Certificate Subject:");
System.out.println("\tSubject Distinguished Name = " + subject.getCertificateSubjectDistinguishedName());
if (subject.getCertificateSubjectAlternativeName() != null) {
System.out.println("\tSubject Alternative Name = " + subject.getCertificateSubjectAlternativeName());
}
}
// now export() a copy of the certificate back from the Key Manager
byte[] exportedCert = cert.certificateExport();
// compare the original and exported bytes
if ((exportedCert != null) && Arrays.equals(Hex.decodeHex(certBytes.toCharArray()), exportedCert))
System.out.println("Exported Certificate material equals original");
else {
System.out.println("Uh-oh!");
}
// print the bytes
System.out.println("original: " + certBytes.toUpperCase());
System.out.println("exported: " + TTLVUtil.toHexString(exportedCert));
// delete the test cert and close the session
cert.delete();
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
Also used :
NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec)
KMIPAttributes(com.ingrian.security.nae.KMIPAttributes)
KMIPCertificateIssuer(com.ingrian.security.nae.KMIPCertificateIssuer)
NAECertificate(com.ingrian.security.nae.NAECertificate)
KMIPCertificateIdentifier(com.ingrian.security.nae.KMIPCertificateIdentifier)
KMIPCertificateTypes(com.ingrian.security.nae.KMIPCertificateTypes)
ObjectTypes(com.ingrian.internal.kmip.api.ObjectType.ObjectTypes)
NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
KMIPSession(com.ingrian.security.nae.KMIPSession)
KMIPCertificateSubject(com.ingrian.security.nae.KMIPCertificateSubject)
Example 2 with NAECertificate
use of com.ingrian.security.nae.NAECertificate in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPLocateSample method main.
public static void main(String[] args) throws Exception {
if (args.length < 2) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession session = null;
try {
// create NAE Session: pass in NAE Client Certificate clicnt key and keystore password
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// This set holds the managed object unique identifiers (UIDs)
Set<String> managedObjectIdentifiers;
// Locate keys with crypto algorithm = aes and crypto length = 256
KMIPAttributes queryAttributes = new KMIPAttributes();
/*
* IMPORTANT-In case of locate by name it is compulsory to pass argument for keyName as below
* [-Name locateKeyName] where locateKeyName will be value of userInput.
* */
if (args.length > 3) {
if (args[2] != null && "-Name".equals(args[2])) {
queryAttributes.add(new Attribute(KMIPAttribute.Name, args[3]));
}
}
// Have the session locate the keys matching the queryAttributes:
managedObjectIdentifiers = session.locate(queryAttributes);
// loop through the UIDs of the matching managed objects
System.out.println("Total Keys: " + managedObjectIdentifiers.size());
for (String uid : managedObjectIdentifiers) {
System.out.println("Managed object Unique Identifier: " + uid);
// get the objects as Java client NAEKeys or KMIPSecretData objects
// (Note: Secret Data doesn't have KMIP attributes of
// algorithm or length, and will not be found by this query,
// but is included here for completeness.
byte[] keyMaterial = null;
Object managedObject = session.getManagedObject(uid);
// not a key
if (managedObject == null)
continue;
if (managedObject instanceof NAEPublicKey) {
System.out.println(((NAEPublicKey) managedObject).getName());
keyMaterial = ((NAEKey) managedObject).export();
} else if (managedObject instanceof NAEPrivateKey) {
System.out.println(((NAEPrivateKey) managedObject).getName());
keyMaterial = ((NAEKey) managedObject).export();
} else if (managedObject instanceof NAESecretKey) {
System.out.println(((NAESecretKey) managedObject).getName());
keyMaterial = ((NAEKey) managedObject).export();
} else if (managedObject instanceof KMIPSecretData) {
System.out.println(((KMIPSecretData) managedObject).getName());
keyMaterial = ((KMIPSecretData) managedObject).export();
} else if (managedObject instanceof NAECertificate) {
System.out.println(((NAECertificate) managedObject).getName());
keyMaterial = ((NAECertificate) managedObject).certificateExport();
}
System.out.println("Key Material = " + TTLVUtil.toHexString(keyMaterial));
}
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
Also used :
KMIPAttributes(com.ingrian.security.nae.KMIPAttributes)
NAEKey(com.ingrian.security.nae.NAEKey)
NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey)
Attribute(com.ingrian.internal.kmip.api.Attribute)
KMIPAttribute(com.ingrian.security.nae.KMIPAttributeNames.KMIPAttribute)
NAESecretKey(com.ingrian.security.nae.NAESecretKey)
NAECertificate(com.ingrian.security.nae.NAECertificate)
NAEPublicKey(com.ingrian.security.nae.NAEPublicKey)
KMIPSecretData(com.ingrian.security.nae.KMIPSecretData)
NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
KMIPSession(com.ingrian.security.nae.KMIPSession)
Example 3 with NAECertificate
use of com.ingrian.security.nae.NAECertificate in project CipherTrust_Application_Protection by thalescpl-io.
the class CertSample method main.
public static void main(String[] args) throws Exception {
if (args.length < 5) {
System.err.println("Usage: java CertSample user password fileName certName caName pkcs12Password (pkcs12Password can be null if cert data is in PKCS#1 format).");
System.exit(-1);
}
String username = args[0];
String password = args[1];
String fileName = args[2];
String certName = args[3];
String caName = args[4];
String pkcs12Pass = null;
if (args.length == 6)
pkcs12Pass = args[5];
NAESession session = null;
try {
// create NAE Session: pass in Key Manager user name and password
session = NAESession.getSession(username, password.toCharArray());
// import the certificate with corresponding private key
// from the file to Key Manager
FileInputStream fis = new FileInputStream(fileName);
byte[] certData = new byte[fis.available()];
fis.read(certData);
fis.close();
NAEParameterSpec spec = new NAEParameterSpec(certName, true, true, session);
// If cert data is in PKCS#1 format, pass in 'null' for password
NAECertificate.importCertificate(certData, null, spec);
// if cert data is in PKCS#12 format, pass in password
// NAECertificate.importCertificate(certData, pkcs12Pass.toCharArray(), spec);
// export back this certificate and its private key
NAECertificate cert = new NAECertificate(certName, session);
byte[] exportCertKeyData = cert.export("PEM-PKCS#8", null);
// export back this certificate (without private key)
byte[] exportCertData = cert.certificateExport();
// get cert info from the Key Manager
if (cert.isDeletable())
System.out.println("Cert deletable");
System.out.println("Algorithm: " + cert.getAlgorithm());
// delete the certificate from the Key Manager
cert.delete();
// export CA certificate and its cert chain (if present)
byte[] exportCAData = NAECertificate.CACertificateExport(caName, session);
} catch (Exception e) {
e.printStackTrace();
System.out.println("Exception " + e.getMessage());
} finally {
if (session != null)
session.closeSession();
}
}
Also used :
NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec)
NAECertificate(com.ingrian.security.nae.NAECertificate)
NAESession(com.ingrian.security.nae.NAESession)
FileInputStream(java.io.FileInputStream)
Example 4 with NAECertificate
use of com.ingrian.security.nae.NAECertificate in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPCertLocateSample method main.
public static void main(String[] args) throws Exception {
if (args.length != 3) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession session = null;
try {
// create NAE Session: pass in NAE Client Certificate clicnt key and keystore password
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// import the certificate
NAEParameterSpec spec = new NAEParameterSpec(args[2], 1024, (KMIPAttributes) null, session);
byte[] c = Hex.decodeHex(certBytes.toCharArray());
NAECertificate.importCertificate(c, null, spec);
// This set holds the managed object unique identifiers (UIDs)
Set<String> managedObjectIdentifiers;
// Locate managed objects with ObjectType Certificate and crypto length = 2048
// and Issuer Distinguished Name = "CN=KMIP,OU=OASIS,O=TEST,C=US"
// by adding the KMIPAttribute name and the value to a KMIPAttributes
// object
KMIPAttributes queryAttributes = new KMIPAttributes();
queryAttributes.add(KMIPAttribute.CryptographicLength, 2048);
queryAttributes.add(KMIPAttribute.ObjectType, ObjectType.ObjectTypes.Certificate);
// Have the session locate the keys matching the queryAttributes:
managedObjectIdentifiers = session.locate(queryAttributes);
System.out.println("Managed objects with attributes rsa, 2048:");
for (String uid : managedObjectIdentifiers) {
System.out.println("Managed object Unique Identifier: " + uid);
// get the objects as Java client NAEKeys or KMIPSecretData objects
// (Note: Secret Data doesn't have KMIP attributes of
// algorithm or length, and will not be found by this query,
// but is included here for completeness.
Object managedObject = session.getManagedObject(uid);
if (managedObject instanceof KMIPTemplate)
break;
if (managedObject instanceof NAEPublicKey)
System.out.println(((NAEPublicKey) managedObject).getName());
else if (managedObject instanceof NAEPrivateKey)
System.out.println(((NAEPrivateKey) managedObject).getName());
else if (managedObject instanceof NAESecretKey)
System.out.println(((NAESecretKey) managedObject).getName());
else if (managedObject instanceof KMIPSecretData) {
System.out.println(((KMIPSecretData) managedObject).getName());
} else if (managedObject instanceof NAECertificate) {
System.out.println("Object is a certificate");
System.out.println(((NAECertificate) managedObject).getName());
}
}
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
Also used :
NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec)
KMIPAttributes(com.ingrian.security.nae.KMIPAttributes)
NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey)
NAESecretKey(com.ingrian.security.nae.NAESecretKey)
NAECertificate(com.ingrian.security.nae.NAECertificate)
NAEPublicKey(com.ingrian.security.nae.NAEPublicKey)
KMIPSecretData(com.ingrian.security.nae.KMIPSecretData)
NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
KMIPSession(com.ingrian.security.nae.KMIPSession)
KMIPTemplate(com.ingrian.security.nae.KMIPTemplate)
Aggregations
NAECertificate (com.ingrian.security.nae.NAECertificate)4
IngrianProvider (com.ingrian.security.nae.IngrianProvider)3
KMIPAttributes (com.ingrian.security.nae.KMIPAttributes)3
KMIPSession (com.ingrian.security.nae.KMIPSession)3
NAEClientCertificate (com.ingrian.security.nae.NAEClientCertificate)3
NAEParameterSpec (com.ingrian.security.nae.NAEParameterSpec)3
KMIPSecretData (com.ingrian.security.nae.KMIPSecretData)2
NAEPrivateKey (com.ingrian.security.nae.NAEPrivateKey)2
NAEPublicKey (com.ingrian.security.nae.NAEPublicKey)2
NAESecretKey (com.ingrian.security.nae.NAESecretKey)2
Attribute (com.ingrian.internal.kmip.api.Attribute)1
ObjectTypes (com.ingrian.internal.kmip.api.ObjectType.ObjectTypes)1
KMIPAttribute (com.ingrian.security.nae.KMIPAttributeNames.KMIPAttribute)1
KMIPCertificateIdentifier (com.ingrian.security.nae.KMIPCertificateIdentifier)1
KMIPCertificateIssuer (com.ingrian.security.nae.KMIPCertificateIssuer)1
KMIPCertificateSubject (com.ingrian.security.nae.KMIPCertificateSubject)1
KMIPCertificateTypes (com.ingrian.security.nae.KMIPCertificateTypes)1
KMIPTemplate (com.ingrian.security.nae.KMIPTemplate)1
NAEKey (com.ingrian.security.nae.NAEKey)1
NAESession (com.ingrian.security.nae.NAESession)1
