Search in sources :

Example 1 with NAEClientCertificate

use of com.ingrian.security.nae.NAEClientCertificate in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPCreateAndEncryptSample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 5) {
        usage();
    }
    String keyName = args[4];
    int keyLength = 256;
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    KMIPSession kmipSession = null;
    NAESession naeSession = null;
    try {
        // create KMIP Session - specify client X.509 certificate and keystore password
        kmipSession = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
        // create key custom attributes
        NAEKey key;
        try {
            /* does the key exist? if so, delete it */
            /* get..Key method is merely a placeholder for a managed object 
                * with that name. */
            key = NAEKey.getSecretKey(keyName, kmipSession);
            /* getUID() will throw an exception if the key does not exist */
            if (key.getUID() != null) {
                System.out.println("Deleting key " + keyName + " with UID=" + key.getUID());
                key.delete();
            }
        } catch (NAEException missing) {
            if (missing.getMessage().equals("Key not found on server.")) {
                System.out.println("Key did not exist");
            } else
                throw missing;
        }
        /* create a secret key using KMIP JCE key generator */
        KMIPAttributes initialAttributes = new KMIPAttributes();
        initialAttributes.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Encrypt.getValue() | UsageMask.Decrypt.getValue()));
        Calendar c = Calendar.getInstance();
        initialAttributes.addDate(KMIPAttribute.ActivationDate, c);
        NAEParameterSpec spec = new NAEParameterSpec(keyName, keyLength, (KMIPAttributes) initialAttributes, kmipSession);
        KeyGenerator kg = KeyGenerator.getInstance("AES", "IngrianProvider");
        kg.init(spec);
        SecretKey secretKey = kg.generateKey();
        System.out.println("Created key " + ((NAEKey) secretKey).getName());
        /* Once created, you may operate on the KMIP key. For example, 
             * add a KMIP group attribute to the KMIP - not required, just include 
             * as a sample of KMIP operations on the key */
        KMIPAttributes ka = new KMIPAttributes();
        ka.add(KMIPAttribute.ObjectGroup, 0, "group1");
        secretKey = NAEKey.getSecretKey(keyName);
        NAESecretKey sk = NAEKey.getSecretKey(keyName, kmipSession);
        sk.addKMIPAttributes(ka);
        /* Now use the NAEKey created for encryption using an NAESession
             * to a Key Manager server. Essentially this is the same code as the
             * SecretKeyEncryptionSample.java program
             * Nothing new is required to use the KMIP-created key on the 
             * Key Manager server.
             */
        // create NAE XML Session: pass in NAE user name and password
        naeSession = NAESession.getSession(args[2], args[3].toCharArray());
        // Get SecretKey (just a handle to it, key data does not leave the server
        // Note: KMIP keys objects need to be re-retrieved on the XML session
        key = NAEKey.getSecretKey(keyName, naeSession);
        // get IV
        NAESecureRandom rng = new NAESecureRandom(naeSession);
        byte[] iv = new byte[16];
        rng.nextBytes(iv);
        IvParameterSpec ivSpec = new IvParameterSpec(iv);
        // get a cipher
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding", "IngrianProvider");
        // initialize cipher to encrypt.
        cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec);
        String dataToEncrypt = "2D2D2D2D2D424547494E2050455253495354454E54204346EB17960";
        System.out.println("Data to encrypt \"" + dataToEncrypt + "\"");
        // encrypt data
        byte[] outbuf = cipher.doFinal(dataToEncrypt.getBytes());
        // to decrypt data, initialize cipher to decrypt
        cipher.init(Cipher.DECRYPT_MODE, key, ivSpec);
        // decrypt data
        byte[] newbuf = cipher.doFinal(outbuf);
        System.out.println("Decrypted data  \"" + new String(newbuf) + "\"");
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        e.printStackTrace();
    } finally {
        if (kmipSession != null)
            kmipSession.closeSession();
        if (naeSession != null)
            naeSession.closeSession();
    }
}
Also used : NAEException(com.ingrian.security.nae.NAEException) KMIPAttributes(com.ingrian.security.nae.KMIPAttributes) NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec) NAEKey(com.ingrian.security.nae.NAEKey) NAESecureRandom(com.ingrian.security.nae.NAESecureRandom) Calendar(java.util.Calendar) NAESecretKey(com.ingrian.security.nae.NAESecretKey) NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate) NAEException(com.ingrian.security.nae.NAEException) IngrianProvider(com.ingrian.security.nae.IngrianProvider) KMIPSession(com.ingrian.security.nae.KMIPSession) SecretKey(javax.crypto.SecretKey) NAESecretKey(com.ingrian.security.nae.NAESecretKey) IvParameterSpec(javax.crypto.spec.IvParameterSpec) Cipher(javax.crypto.Cipher) KeyGenerator(javax.crypto.KeyGenerator) NAESession(com.ingrian.security.nae.NAESession)

Example 2 with NAEClientCertificate

use of com.ingrian.security.nae.NAEClientCertificate in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPDiscoverVersionSample method main.

public static void main(String[] args) {
    if (args.length != 2) {
        usage();
    }
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    // version array to check their support on Key Manager
    String[] checkversions = { "1.2", "1.3" };
    KMIPSession session = null;
    try {
        // initiate KMIP session
        session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
        String[] responsefromKS = session.KMIPDiscoverVersions(checkversions);
        if (null != responsefromKS && responsefromKS.length > 0)
            for (String version : responsefromKS) {
                System.out.println("version supported on Key Manager " + version);
            }
    } finally {
        session.closeSession();
    }
}
Also used : NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate) IngrianProvider(com.ingrian.security.nae.IngrianProvider) KMIPSession(com.ingrian.security.nae.KMIPSession)

Example 3 with NAEClientCertificate

use of com.ingrian.security.nae.NAEClientCertificate in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPGetDateRangeSample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 4) {
        usage();
    }
    // set the dates
    start = Calendar.getInstance();
    end = Calendar.getInstance();
    try {
        start.setTime((Date) inputDateFormat.parse(args[2]));
        end.setTime((Date) inputDateFormat.parse(args[3]));
        ;
    } catch (ParseException pe) {
        System.err.println("Problem parsing date argument");
        System.err.println(pe.getMessage());
        usage();
    }
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    KMIPSession session = null;
    try {
        // Create session to KMIP port based on authentication by an NAEClientCertificate
        session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
        // KMIPAttribute set to hold unique Key Manager identifiers for located keys
        Set<String> managedObjectIdentifiers;
        // This instance of KMIPAttributes will be used as the KMIP attributes and
        // values to be searched for. Note that the date range is indicated by
        // addding two InitialDate attributes to the locateAttributes
        KMIPAttributes locateAttributes = new KMIPAttributes();
        locateAttributes.add(KMIPAttribute.CryptographicAlgorithm, Algorithm.rsa);
        locateAttributes.add(KMIPAttribute.InitialDate, 0, start);
        locateAttributes.add(KMIPAttribute.InitialDate, 1, end);
        // This instance of KMIPAttributes will specify the set of KMIP attributes
        // to be returned from the Key Manager
        KMIPAttributes getAttributes = new KMIPAttributes();
        getAttributes.add(KMIPAttribute.ApplicationSpecificInformation);
        // implied null value
        getAttributes.add(KMIPAttribute.CryptographicAlgorithm);
        getAttributes.add(KMIPAttribute.CryptographicLength);
        getAttributes.add(KMIPAttribute.ObjectType);
        getAttributes.add(KMIPAttribute.ContactInformation);
        getAttributes.add(KMIPAttribute.Digest);
        getAttributes.add(KMIPAttribute.InitialDate);
        getAttributes.add(KMIPAttribute.Link);
        getAttributes.add(KMIPAttribute.ObjectGroup);
        // Locate the keys with matching attributes
        managedObjectIdentifiers = session.locate(locateAttributes);
        if (managedObjectIdentifiers != null) {
            System.out.println("\n\nFound " + managedObjectIdentifiers.size() + " managed objects matching key Locate criteria.");
            System.out.println("\n\nKeys with attribute rsa and initial date between " + outputDateFormat.format(start.getTime()) + " and " + outputDateFormat.format(end.getTime()));
            // for each object found, query all the non-custom attributes
            for (String uid : managedObjectIdentifiers) {
                System.out.println("\n\nManaged Object UniqueIdentifier: \t" + uid);
                Object managedObject = session.getManagedObject(uid);
                // not a key
                if (managedObject == null)
                    continue;
                if ((managedObject instanceof NAEPublicKey) || (managedObject instanceof NAEPrivateKey) || (managedObject instanceof NAESecretKey)) {
                    NAEKey key;
                    if (managedObject instanceof NAEPublicKey)
                        key = (NAEPublicKey) managedObject;
                    else if (managedObject instanceof NAEPrivateKey)
                        key = (NAEPrivateKey) managedObject;
                    else
                        key = (NAESecretKey) managedObject;
                    System.out.println("\tName: \t" + key.getName());
                    KMIPAttributes returnedAttributes = getAttrs(key, getAttributes);
                    printKeyInfo(returnedAttributes);
                } else if (managedObject instanceof KMIPSecretData) {
                    System.out.println(((KMIPSecretData) managedObject).getName());
                }
            }
        }
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        e.printStackTrace();
    } finally {
        if (session != null)
            session.closeSession();
    }
}
Also used : KMIPAttributes(com.ingrian.security.nae.KMIPAttributes) NAEKey(com.ingrian.security.nae.NAEKey) NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey) NAESecretKey(com.ingrian.security.nae.NAESecretKey) NAEPublicKey(com.ingrian.security.nae.NAEPublicKey) KMIPSecretData(com.ingrian.security.nae.KMIPSecretData) NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate) NAEException(com.ingrian.security.nae.NAEException) ParseException(java.text.ParseException) IngrianProvider(com.ingrian.security.nae.IngrianProvider) KMIPSession(com.ingrian.security.nae.KMIPSession) ParseException(java.text.ParseException)

Example 4 with NAEClientCertificate

use of com.ingrian.security.nae.NAEClientCertificate in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPCertificateSample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 3) {
        usage();
    }
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    KMIPSession session = null;
    try {
        // create NAE Session: pass in Key Manager user name and password
        session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
        // create certificate managed object ParameterSpec
        NAEParameterSpec spec = new NAEParameterSpec(args[2], 1024, (KMIPAttributes) null, session);
        // import the certificate
        byte[] c = Hex.decodeHex(certBytes.toCharArray());
        NAECertificate.importCertificate(c, null, spec);
        // query the certificate attributes via KMIP
        session.getUID(args[2]);
        Set<String> attrNames = session.listKMIPAttributes(args[2]);
        System.out.println("Attributes: " + attrNames);
        NAECertificate cert = new NAECertificate(args[2], session);
        KMIPAttributes getAttributes = new KMIPAttributes();
        getAttributes.add(KMIPAttribute.CertificateIdentifier);
        getAttributes.add(KMIPAttribute.ObjectType);
        getAttributes.add(KMIPAttribute.CertificateIssuer);
        getAttributes.add(KMIPAttribute.CertificateType);
        getAttributes.add(KMIPAttribute.CertificateSubject);
        KMIPAttributes gotAttributes = cert.getKMIPAttributes(getAttributes);
        KMIPCertificateIdentifier certIdentifier = gotAttributes.getCertificateIdentifier();
        KMIPCertificateSubject subject = gotAttributes.getCertificateSubject();
        KMIPCertificateTypes certType = gotAttributes.getCertificateType();
        KMIPCertificateIssuer issuer = gotAttributes.getCertificateIssuer();
        ObjectTypes ot = gotAttributes.getObjectType();
        if (ot != null) {
            System.out.println("Object Type KMIP Attribute: " + ot.getPrintName());
        } else {
            System.err.println("Object Type KMIP Attribute is null.");
        }
        if (certType != null) {
            System.out.println("Certificate Type KMIP Attribute: " + certType.getPrintName());
        } else {
            System.err.println("Certificate Type KMIP Attribute is null.");
        }
        if (certIdentifier == null) {
            System.err.println("Certificate Identifier KMIP Attribute is null.");
        } else {
            System.out.println("Certificate Identifier KMIP Attribute:");
            System.out.println("\tIssuer = " + certIdentifier.getIssuer());
            System.out.println("\tSerial Number" + certIdentifier.getSerialNumber());
        }
        if (issuer == null) {
            System.err.println("Certificate Issuer is null.");
        } else {
            System.out.println("Certificate Issuer:");
            System.out.println("\tIssuer Distinguished Name = " + issuer.getCertificateIssuerDistinguishedName());
            if (issuer.getCertificateIssuerAlternativeName() != null) {
                System.out.println("\tIssuer Alternative Name = " + issuer.getCertificateIssuerAlternativeName());
            }
        }
        if (subject == null) {
            System.err.println("Certificate Subject is null.");
        } else {
            System.out.println("Certificate Subject:");
            System.out.println("\tSubject Distinguished Name = " + subject.getCertificateSubjectDistinguishedName());
            if (subject.getCertificateSubjectAlternativeName() != null) {
                System.out.println("\tSubject Alternative Name = " + subject.getCertificateSubjectAlternativeName());
            }
        }
        // now export() a copy of the certificate back from the Key Manager
        byte[] exportedCert = cert.certificateExport();
        // compare the original and exported bytes
        if ((exportedCert != null) && Arrays.equals(Hex.decodeHex(certBytes.toCharArray()), exportedCert))
            System.out.println("Exported Certificate material equals original");
        else {
            System.out.println("Uh-oh!");
        }
        // print the bytes
        System.out.println("original: " + certBytes.toUpperCase());
        System.out.println("exported: " + TTLVUtil.toHexString(exportedCert));
        // delete the test cert and close the session
        cert.delete();
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        e.printStackTrace();
    } finally {
        if (session != null)
            session.closeSession();
    }
}
Also used : NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec) KMIPAttributes(com.ingrian.security.nae.KMIPAttributes) KMIPCertificateIssuer(com.ingrian.security.nae.KMIPCertificateIssuer) NAECertificate(com.ingrian.security.nae.NAECertificate) KMIPCertificateIdentifier(com.ingrian.security.nae.KMIPCertificateIdentifier) KMIPCertificateTypes(com.ingrian.security.nae.KMIPCertificateTypes) ObjectTypes(com.ingrian.internal.kmip.api.ObjectType.ObjectTypes) NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate) IngrianProvider(com.ingrian.security.nae.IngrianProvider) KMIPSession(com.ingrian.security.nae.KMIPSession) KMIPCertificateSubject(com.ingrian.security.nae.KMIPCertificateSubject)

Example 5 with NAEClientCertificate

use of com.ingrian.security.nae.NAEClientCertificate in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPDeleteAttributeSample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 2) {
        usage();
    }
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    KMIPSession session = null;
    try {
        // create NAE Session: pass in NAE client certificate information - client key and
        // keystore password
        session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
        /* This Set<String> collection will hold the unique identifiers of the keys
             * matching the criteria (algorithm = RSA, length=2048
             */
        Set<String> managedObjectIdentifiers;
        /* this KMIPAttributes object will contain the KMIPAttribute(s) and the
             * values to match for the keys being searched for on the server
             * 
             */
        KMIPAttributes locateAttributes = new KMIPAttributes();
        // add CryptographicAlgorithm and length to the attributes to be matched
        locateAttributes.add(KMIPAttribute.CryptographicAlgorithm, Algorithm.rsa);
        locateAttributes.add(KMIPAttribute.CryptographicLength, 2048);
        /* Add a custom KMIP integer attribute at index 0 with the value 1 */
        locateAttributes.add("x-int1", 0, 1);
        /* this is also the sole attribute to be deleted. */
        KMIPAttributes deleteAttributes = new KMIPAttributes();
        deleteAttributes.add("x-int1", 0, 1);
        /* Locate all RSA keys with a length of 2048 and x-int1 = 1 */
        managedObjectIdentifiers = session.locate(locateAttributes);
        if (managedObjectIdentifiers != null) {
            System.out.println("\n\nFound " + managedObjectIdentifiers.size() + " managed objects matching criteria.");
            System.out.println("\n\nKeys with attributes rsa, 2048 and custom attribute x-int=1");
            for (String uid : managedObjectIdentifiers) {
                System.out.println("\n\nManaged Object UniqueIdentifier: \t" + uid);
                Object thingee = session.getManagedObject(uid);
                /* Convert each key into the proper type of object
                     * representing the managed key */
                if ((thingee instanceof NAEPublicKey) || (thingee instanceof NAEPrivateKey) || (thingee instanceof NAESecretKey)) {
                    NAEKey key;
                    if (thingee instanceof NAEPublicKey)
                        key = (NAEPublicKey) thingee;
                    else if (thingee instanceof NAEPrivateKey)
                        key = (NAEPrivateKey) thingee;
                    else
                        key = (NAESecretKey) thingee;
                    System.out.println("\tName: \t" + key.getName());
                    /* delete the x-int1 attribute */
                    key.deleteKMIPAttributes(deleteAttributes);
                }
            }
        }
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        e.printStackTrace();
    } finally {
        if (session != null)
            session.closeSession();
    }
}
Also used : KMIPAttributes(com.ingrian.security.nae.KMIPAttributes) NAEKey(com.ingrian.security.nae.NAEKey) NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey) NAESecretKey(com.ingrian.security.nae.NAESecretKey) NAEPublicKey(com.ingrian.security.nae.NAEPublicKey) NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate) IngrianProvider(com.ingrian.security.nae.IngrianProvider) KMIPSession(com.ingrian.security.nae.KMIPSession)

Aggregations

KMIPSession (com.ingrian.security.nae.KMIPSession)20 NAEClientCertificate (com.ingrian.security.nae.NAEClientCertificate)20 IngrianProvider (com.ingrian.security.nae.IngrianProvider)19 KMIPAttributes (com.ingrian.security.nae.KMIPAttributes)16 NAEKey (com.ingrian.security.nae.NAEKey)10 NAEParameterSpec (com.ingrian.security.nae.NAEParameterSpec)10 NAEPrivateKey (com.ingrian.security.nae.NAEPrivateKey)9 NAEPublicKey (com.ingrian.security.nae.NAEPublicKey)9 KMIPSecretData (com.ingrian.security.nae.KMIPSecretData)8 NAEException (com.ingrian.security.nae.NAEException)8 NAESecretKey (com.ingrian.security.nae.NAESecretKey)7 KeyGenerator (javax.crypto.KeyGenerator)4 NAECertificate (com.ingrian.security.nae.NAECertificate)3 KeyPair (java.security.KeyPair)3 PublicKey (java.security.PublicKey)3 SecretKey (javax.crypto.SecretKey)3 KeyPairGenerator (java.security.KeyPairGenerator)2 PrivateKey (java.security.PrivateKey)2 Calendar (java.util.Calendar)2 Attribute (com.ingrian.internal.kmip.api.Attribute)1