Search in sources :

Example 1 with NAECertificate

use of com.ingrian.security.nae.NAECertificate in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPCertificateSample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 3) {
        usage();
    }
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    KMIPSession session = null;
    try {
        // create NAE Session: pass in Key Manager user name and password
        session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
        // create certificate managed object ParameterSpec
        NAEParameterSpec spec = new NAEParameterSpec(args[2], 1024, (KMIPAttributes) null, session);
        // import the certificate
        byte[] c = Hex.decodeHex(certBytes.toCharArray());
        NAECertificate.importCertificate(c, null, spec);
        // query the certificate attributes via KMIP
        session.getUID(args[2]);
        Set<String> attrNames = session.listKMIPAttributes(args[2]);
        System.out.println("Attributes: " + attrNames);
        NAECertificate cert = new NAECertificate(args[2], session);
        KMIPAttributes getAttributes = new KMIPAttributes();
        getAttributes.add(KMIPAttribute.CertificateIdentifier);
        getAttributes.add(KMIPAttribute.ObjectType);
        getAttributes.add(KMIPAttribute.CertificateIssuer);
        getAttributes.add(KMIPAttribute.CertificateType);
        getAttributes.add(KMIPAttribute.CertificateSubject);
        KMIPAttributes gotAttributes = cert.getKMIPAttributes(getAttributes);
        KMIPCertificateIdentifier certIdentifier = gotAttributes.getCertificateIdentifier();
        KMIPCertificateSubject subject = gotAttributes.getCertificateSubject();
        KMIPCertificateTypes certType = gotAttributes.getCertificateType();
        KMIPCertificateIssuer issuer = gotAttributes.getCertificateIssuer();
        ObjectTypes ot = gotAttributes.getObjectType();
        if (ot != null) {
            System.out.println("Object Type KMIP Attribute: " + ot.getPrintName());
        } else {
            System.err.println("Object Type KMIP Attribute is null.");
        }
        if (certType != null) {
            System.out.println("Certificate Type KMIP Attribute: " + certType.getPrintName());
        } else {
            System.err.println("Certificate Type KMIP Attribute is null.");
        }
        if (certIdentifier == null) {
            System.err.println("Certificate Identifier KMIP Attribute is null.");
        } else {
            System.out.println("Certificate Identifier KMIP Attribute:");
            System.out.println("\tIssuer = " + certIdentifier.getIssuer());
            System.out.println("\tSerial Number" + certIdentifier.getSerialNumber());
        }
        if (issuer == null) {
            System.err.println("Certificate Issuer is null.");
        } else {
            System.out.println("Certificate Issuer:");
            System.out.println("\tIssuer Distinguished Name = " + issuer.getCertificateIssuerDistinguishedName());
            if (issuer.getCertificateIssuerAlternativeName() != null) {
                System.out.println("\tIssuer Alternative Name = " + issuer.getCertificateIssuerAlternativeName());
            }
        }
        if (subject == null) {
            System.err.println("Certificate Subject is null.");
        } else {
            System.out.println("Certificate Subject:");
            System.out.println("\tSubject Distinguished Name = " + subject.getCertificateSubjectDistinguishedName());
            if (subject.getCertificateSubjectAlternativeName() != null) {
                System.out.println("\tSubject Alternative Name = " + subject.getCertificateSubjectAlternativeName());
            }
        }
        // now export() a copy of the certificate back from the Key Manager
        byte[] exportedCert = cert.certificateExport();
        // compare the original and exported bytes
        if ((exportedCert != null) && Arrays.equals(Hex.decodeHex(certBytes.toCharArray()), exportedCert))
            System.out.println("Exported Certificate material equals original");
        else {
            System.out.println("Uh-oh!");
        }
        // print the bytes
        System.out.println("original: " + certBytes.toUpperCase());
        System.out.println("exported: " + TTLVUtil.toHexString(exportedCert));
        // delete the test cert and close the session
        cert.delete();
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        e.printStackTrace();
    } finally {
        if (session != null)
            session.closeSession();
    }
}
Also used : NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec) KMIPAttributes(com.ingrian.security.nae.KMIPAttributes) KMIPCertificateIssuer(com.ingrian.security.nae.KMIPCertificateIssuer) NAECertificate(com.ingrian.security.nae.NAECertificate) KMIPCertificateIdentifier(com.ingrian.security.nae.KMIPCertificateIdentifier) KMIPCertificateTypes(com.ingrian.security.nae.KMIPCertificateTypes) ObjectTypes(com.ingrian.internal.kmip.api.ObjectType.ObjectTypes) NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate) IngrianProvider(com.ingrian.security.nae.IngrianProvider) KMIPSession(com.ingrian.security.nae.KMIPSession) KMIPCertificateSubject(com.ingrian.security.nae.KMIPCertificateSubject)

Example 2 with NAECertificate

use of com.ingrian.security.nae.NAECertificate in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPLocateSample method main.

public static void main(String[] args) throws Exception {
    if (args.length < 2) {
        usage();
    }
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    KMIPSession session = null;
    try {
        // create NAE Session: pass in NAE Client Certificate clicnt key and keystore password
        session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
        // This set holds the managed object unique identifiers (UIDs)
        Set<String> managedObjectIdentifiers;
        // Locate keys with crypto algorithm = aes and crypto length = 256
        KMIPAttributes queryAttributes = new KMIPAttributes();
        /* 
             * IMPORTANT-In case of locate by name it is compulsory to pass argument for keyName as below 
             *  [-Name locateKeyName] where locateKeyName will be value of userInput.
             * */
        if (args.length > 3) {
            if (args[2] != null && "-Name".equals(args[2])) {
                queryAttributes.add(new Attribute(KMIPAttribute.Name, args[3]));
            }
        }
        // Have the session locate the keys matching the queryAttributes:
        managedObjectIdentifiers = session.locate(queryAttributes);
        // loop through the UIDs of the matching managed objects
        System.out.println("Total Keys: " + managedObjectIdentifiers.size());
        for (String uid : managedObjectIdentifiers) {
            System.out.println("Managed object Unique Identifier: " + uid);
            // get the objects as Java client NAEKeys or KMIPSecretData objects
            // (Note: Secret Data doesn't have KMIP attributes of
            // algorithm or length, and will not be found by this query,
            // but is included here for completeness.
            byte[] keyMaterial = null;
            Object managedObject = session.getManagedObject(uid);
            // not a key
            if (managedObject == null)
                continue;
            if (managedObject instanceof NAEPublicKey) {
                System.out.println(((NAEPublicKey) managedObject).getName());
                keyMaterial = ((NAEKey) managedObject).export();
            } else if (managedObject instanceof NAEPrivateKey) {
                System.out.println(((NAEPrivateKey) managedObject).getName());
                keyMaterial = ((NAEKey) managedObject).export();
            } else if (managedObject instanceof NAESecretKey) {
                System.out.println(((NAESecretKey) managedObject).getName());
                keyMaterial = ((NAEKey) managedObject).export();
            } else if (managedObject instanceof KMIPSecretData) {
                System.out.println(((KMIPSecretData) managedObject).getName());
                keyMaterial = ((KMIPSecretData) managedObject).export();
            } else if (managedObject instanceof NAECertificate) {
                System.out.println(((NAECertificate) managedObject).getName());
                keyMaterial = ((NAECertificate) managedObject).certificateExport();
            }
            System.out.println("Key Material = " + TTLVUtil.toHexString(keyMaterial));
        }
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        e.printStackTrace();
    } finally {
        if (session != null)
            session.closeSession();
    }
}
Also used : KMIPAttributes(com.ingrian.security.nae.KMIPAttributes) NAEKey(com.ingrian.security.nae.NAEKey) NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey) Attribute(com.ingrian.internal.kmip.api.Attribute) KMIPAttribute(com.ingrian.security.nae.KMIPAttributeNames.KMIPAttribute) NAESecretKey(com.ingrian.security.nae.NAESecretKey) NAECertificate(com.ingrian.security.nae.NAECertificate) NAEPublicKey(com.ingrian.security.nae.NAEPublicKey) KMIPSecretData(com.ingrian.security.nae.KMIPSecretData) NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate) IngrianProvider(com.ingrian.security.nae.IngrianProvider) KMIPSession(com.ingrian.security.nae.KMIPSession)

Example 3 with NAECertificate

use of com.ingrian.security.nae.NAECertificate in project CipherTrust_Application_Protection by thalescpl-io.

the class CertSample method main.

public static void main(String[] args) throws Exception {
    if (args.length < 5) {
        System.err.println("Usage: java CertSample user password fileName certName caName pkcs12Password (pkcs12Password can be null if cert data is in PKCS#1 format).");
        System.exit(-1);
    }
    String username = args[0];
    String password = args[1];
    String fileName = args[2];
    String certName = args[3];
    String caName = args[4];
    String pkcs12Pass = null;
    if (args.length == 6)
        pkcs12Pass = args[5];
    NAESession session = null;
    try {
        // create NAE Session: pass in Key Manager user name and password
        session = NAESession.getSession(username, password.toCharArray());
        // import the certificate with corresponding private key
        // from the file to Key Manager
        FileInputStream fis = new FileInputStream(fileName);
        byte[] certData = new byte[fis.available()];
        fis.read(certData);
        fis.close();
        NAEParameterSpec spec = new NAEParameterSpec(certName, true, true, session);
        // If cert data is in PKCS#1 format, pass in 'null' for password
        NAECertificate.importCertificate(certData, null, spec);
        // if cert data is in PKCS#12 format, pass in password
        // NAECertificate.importCertificate(certData, pkcs12Pass.toCharArray(), spec);
        // export back this certificate and its private key
        NAECertificate cert = new NAECertificate(certName, session);
        byte[] exportCertKeyData = cert.export("PEM-PKCS#8", null);
        // export back this certificate (without private key)
        byte[] exportCertData = cert.certificateExport();
        // get cert info from the Key Manager
        if (cert.isDeletable())
            System.out.println("Cert deletable");
        System.out.println("Algorithm: " + cert.getAlgorithm());
        // delete the certificate from the Key Manager
        cert.delete();
        // export CA certificate and its cert chain (if present)
        byte[] exportCAData = NAECertificate.CACertificateExport(caName, session);
    } catch (Exception e) {
        e.printStackTrace();
        System.out.println("Exception " + e.getMessage());
    } finally {
        if (session != null)
            session.closeSession();
    }
}
Also used : NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec) NAECertificate(com.ingrian.security.nae.NAECertificate) NAESession(com.ingrian.security.nae.NAESession) FileInputStream(java.io.FileInputStream)

Example 4 with NAECertificate

use of com.ingrian.security.nae.NAECertificate in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPCertLocateSample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 3) {
        usage();
    }
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    KMIPSession session = null;
    try {
        // create NAE Session: pass in NAE Client Certificate clicnt key and keystore password
        session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
        // import the certificate
        NAEParameterSpec spec = new NAEParameterSpec(args[2], 1024, (KMIPAttributes) null, session);
        byte[] c = Hex.decodeHex(certBytes.toCharArray());
        NAECertificate.importCertificate(c, null, spec);
        // This set holds the managed object unique identifiers (UIDs)
        Set<String> managedObjectIdentifiers;
        // Locate managed objects with ObjectType Certificate and crypto length = 2048
        // and Issuer Distinguished Name = "CN=KMIP,OU=OASIS,O=TEST,C=US"
        // by adding the KMIPAttribute name and the value to a KMIPAttributes
        // object
        KMIPAttributes queryAttributes = new KMIPAttributes();
        queryAttributes.add(KMIPAttribute.CryptographicLength, 2048);
        queryAttributes.add(KMIPAttribute.ObjectType, ObjectType.ObjectTypes.Certificate);
        // Have the session locate the keys matching the queryAttributes:
        managedObjectIdentifiers = session.locate(queryAttributes);
        System.out.println("Managed objects with attributes rsa, 2048:");
        for (String uid : managedObjectIdentifiers) {
            System.out.println("Managed object Unique Identifier: " + uid);
            // get the objects as Java client NAEKeys or KMIPSecretData objects
            // (Note: Secret Data doesn't have KMIP attributes of
            // algorithm or length, and will not be found by this query,
            // but is included here for completeness.
            Object managedObject = session.getManagedObject(uid);
            if (managedObject instanceof KMIPTemplate)
                break;
            if (managedObject instanceof NAEPublicKey)
                System.out.println(((NAEPublicKey) managedObject).getName());
            else if (managedObject instanceof NAEPrivateKey)
                System.out.println(((NAEPrivateKey) managedObject).getName());
            else if (managedObject instanceof NAESecretKey)
                System.out.println(((NAESecretKey) managedObject).getName());
            else if (managedObject instanceof KMIPSecretData) {
                System.out.println(((KMIPSecretData) managedObject).getName());
            } else if (managedObject instanceof NAECertificate) {
                System.out.println("Object is a certificate");
                System.out.println(((NAECertificate) managedObject).getName());
            }
        }
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        e.printStackTrace();
    } finally {
        if (session != null)
            session.closeSession();
    }
}
Also used : NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec) KMIPAttributes(com.ingrian.security.nae.KMIPAttributes) NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey) NAESecretKey(com.ingrian.security.nae.NAESecretKey) NAECertificate(com.ingrian.security.nae.NAECertificate) NAEPublicKey(com.ingrian.security.nae.NAEPublicKey) KMIPSecretData(com.ingrian.security.nae.KMIPSecretData) NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate) IngrianProvider(com.ingrian.security.nae.IngrianProvider) KMIPSession(com.ingrian.security.nae.KMIPSession) KMIPTemplate(com.ingrian.security.nae.KMIPTemplate)

Aggregations

NAECertificate (com.ingrian.security.nae.NAECertificate)4 IngrianProvider (com.ingrian.security.nae.IngrianProvider)3 KMIPAttributes (com.ingrian.security.nae.KMIPAttributes)3 KMIPSession (com.ingrian.security.nae.KMIPSession)3 NAEClientCertificate (com.ingrian.security.nae.NAEClientCertificate)3 NAEParameterSpec (com.ingrian.security.nae.NAEParameterSpec)3 KMIPSecretData (com.ingrian.security.nae.KMIPSecretData)2 NAEPrivateKey (com.ingrian.security.nae.NAEPrivateKey)2 NAEPublicKey (com.ingrian.security.nae.NAEPublicKey)2 NAESecretKey (com.ingrian.security.nae.NAESecretKey)2 Attribute (com.ingrian.internal.kmip.api.Attribute)1 ObjectTypes (com.ingrian.internal.kmip.api.ObjectType.ObjectTypes)1 KMIPAttribute (com.ingrian.security.nae.KMIPAttributeNames.KMIPAttribute)1 KMIPCertificateIdentifier (com.ingrian.security.nae.KMIPCertificateIdentifier)1 KMIPCertificateIssuer (com.ingrian.security.nae.KMIPCertificateIssuer)1 KMIPCertificateSubject (com.ingrian.security.nae.KMIPCertificateSubject)1 KMIPCertificateTypes (com.ingrian.security.nae.KMIPCertificateTypes)1 KMIPTemplate (com.ingrian.security.nae.KMIPTemplate)1 NAEKey (com.ingrian.security.nae.NAEKey)1 NAESession (com.ingrian.security.nae.NAESession)1