use of com.ingrian.security.nae.NAEClientCertificate in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPCreateAndEncryptSample method main.
public static void main(String[] args) throws Exception {
if (args.length != 5) {
usage();
}
String keyName = args[4];
int keyLength = 256;
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession kmipSession = null;
NAESession naeSession = null;
try {
// create KMIP Session - specify client X.509 certificate and keystore password
kmipSession = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// create key custom attributes
NAEKey key;
try {
/* does the key exist? if so, delete it */
/* get..Key method is merely a placeholder for a managed object
* with that name. */
key = NAEKey.getSecretKey(keyName, kmipSession);
/* getUID() will throw an exception if the key does not exist */
if (key.getUID() != null) {
System.out.println("Deleting key " + keyName + " with UID=" + key.getUID());
key.delete();
}
} catch (NAEException missing) {
if (missing.getMessage().equals("Key not found on server.")) {
System.out.println("Key did not exist");
} else
throw missing;
}
/* create a secret key using KMIP JCE key generator */
KMIPAttributes initialAttributes = new KMIPAttributes();
initialAttributes.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Encrypt.getValue() | UsageMask.Decrypt.getValue()));
Calendar c = Calendar.getInstance();
initialAttributes.addDate(KMIPAttribute.ActivationDate, c);
NAEParameterSpec spec = new NAEParameterSpec(keyName, keyLength, (KMIPAttributes) initialAttributes, kmipSession);
KeyGenerator kg = KeyGenerator.getInstance("AES", "IngrianProvider");
kg.init(spec);
SecretKey secretKey = kg.generateKey();
System.out.println("Created key " + ((NAEKey) secretKey).getName());
/* Once created, you may operate on the KMIP key. For example,
* add a KMIP group attribute to the KMIP - not required, just include
* as a sample of KMIP operations on the key */
KMIPAttributes ka = new KMIPAttributes();
ka.add(KMIPAttribute.ObjectGroup, 0, "group1");
secretKey = NAEKey.getSecretKey(keyName);
NAESecretKey sk = NAEKey.getSecretKey(keyName, kmipSession);
sk.addKMIPAttributes(ka);
/* Now use the NAEKey created for encryption using an NAESession
* to a Key Manager server. Essentially this is the same code as the
* SecretKeyEncryptionSample.java program
* Nothing new is required to use the KMIP-created key on the
* Key Manager server.
*/
// create NAE XML Session: pass in NAE user name and password
naeSession = NAESession.getSession(args[2], args[3].toCharArray());
// Get SecretKey (just a handle to it, key data does not leave the server
// Note: KMIP keys objects need to be re-retrieved on the XML session
key = NAEKey.getSecretKey(keyName, naeSession);
// get IV
NAESecureRandom rng = new NAESecureRandom(naeSession);
byte[] iv = new byte[16];
rng.nextBytes(iv);
IvParameterSpec ivSpec = new IvParameterSpec(iv);
// get a cipher
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding", "IngrianProvider");
// initialize cipher to encrypt.
cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec);
String dataToEncrypt = "2D2D2D2D2D424547494E2050455253495354454E54204346EB17960";
System.out.println("Data to encrypt \"" + dataToEncrypt + "\"");
// encrypt data
byte[] outbuf = cipher.doFinal(dataToEncrypt.getBytes());
// to decrypt data, initialize cipher to decrypt
cipher.init(Cipher.DECRYPT_MODE, key, ivSpec);
// decrypt data
byte[] newbuf = cipher.doFinal(outbuf);
System.out.println("Decrypted data \"" + new String(newbuf) + "\"");
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (kmipSession != null)
kmipSession.closeSession();
if (naeSession != null)
naeSession.closeSession();
}
}
use of com.ingrian.security.nae.NAEClientCertificate in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPDiscoverVersionSample method main.
public static void main(String[] args) {
if (args.length != 2) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
// version array to check their support on Key Manager
String[] checkversions = { "1.2", "1.3" };
KMIPSession session = null;
try {
// initiate KMIP session
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
String[] responsefromKS = session.KMIPDiscoverVersions(checkversions);
if (null != responsefromKS && responsefromKS.length > 0)
for (String version : responsefromKS) {
System.out.println("version supported on Key Manager " + version);
}
} finally {
session.closeSession();
}
}
use of com.ingrian.security.nae.NAEClientCertificate in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPGetDateRangeSample method main.
public static void main(String[] args) throws Exception {
if (args.length != 4) {
usage();
}
// set the dates
start = Calendar.getInstance();
end = Calendar.getInstance();
try {
start.setTime((Date) inputDateFormat.parse(args[2]));
end.setTime((Date) inputDateFormat.parse(args[3]));
;
} catch (ParseException pe) {
System.err.println("Problem parsing date argument");
System.err.println(pe.getMessage());
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession session = null;
try {
// Create session to KMIP port based on authentication by an NAEClientCertificate
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// KMIPAttribute set to hold unique Key Manager identifiers for located keys
Set<String> managedObjectIdentifiers;
// This instance of KMIPAttributes will be used as the KMIP attributes and
// values to be searched for. Note that the date range is indicated by
// addding two InitialDate attributes to the locateAttributes
KMIPAttributes locateAttributes = new KMIPAttributes();
locateAttributes.add(KMIPAttribute.CryptographicAlgorithm, Algorithm.rsa);
locateAttributes.add(KMIPAttribute.InitialDate, 0, start);
locateAttributes.add(KMIPAttribute.InitialDate, 1, end);
// This instance of KMIPAttributes will specify the set of KMIP attributes
// to be returned from the Key Manager
KMIPAttributes getAttributes = new KMIPAttributes();
getAttributes.add(KMIPAttribute.ApplicationSpecificInformation);
// implied null value
getAttributes.add(KMIPAttribute.CryptographicAlgorithm);
getAttributes.add(KMIPAttribute.CryptographicLength);
getAttributes.add(KMIPAttribute.ObjectType);
getAttributes.add(KMIPAttribute.ContactInformation);
getAttributes.add(KMIPAttribute.Digest);
getAttributes.add(KMIPAttribute.InitialDate);
getAttributes.add(KMIPAttribute.Link);
getAttributes.add(KMIPAttribute.ObjectGroup);
// Locate the keys with matching attributes
managedObjectIdentifiers = session.locate(locateAttributes);
if (managedObjectIdentifiers != null) {
System.out.println("\n\nFound " + managedObjectIdentifiers.size() + " managed objects matching key Locate criteria.");
System.out.println("\n\nKeys with attribute rsa and initial date between " + outputDateFormat.format(start.getTime()) + " and " + outputDateFormat.format(end.getTime()));
// for each object found, query all the non-custom attributes
for (String uid : managedObjectIdentifiers) {
System.out.println("\n\nManaged Object UniqueIdentifier: \t" + uid);
Object managedObject = session.getManagedObject(uid);
// not a key
if (managedObject == null)
continue;
if ((managedObject instanceof NAEPublicKey) || (managedObject instanceof NAEPrivateKey) || (managedObject instanceof NAESecretKey)) {
NAEKey key;
if (managedObject instanceof NAEPublicKey)
key = (NAEPublicKey) managedObject;
else if (managedObject instanceof NAEPrivateKey)
key = (NAEPrivateKey) managedObject;
else
key = (NAESecretKey) managedObject;
System.out.println("\tName: \t" + key.getName());
KMIPAttributes returnedAttributes = getAttrs(key, getAttributes);
printKeyInfo(returnedAttributes);
} else if (managedObject instanceof KMIPSecretData) {
System.out.println(((KMIPSecretData) managedObject).getName());
}
}
}
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
use of com.ingrian.security.nae.NAEClientCertificate in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPCertificateSample method main.
public static void main(String[] args) throws Exception {
if (args.length != 3) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession session = null;
try {
// create NAE Session: pass in Key Manager user name and password
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// create certificate managed object ParameterSpec
NAEParameterSpec spec = new NAEParameterSpec(args[2], 1024, (KMIPAttributes) null, session);
// import the certificate
byte[] c = Hex.decodeHex(certBytes.toCharArray());
NAECertificate.importCertificate(c, null, spec);
// query the certificate attributes via KMIP
session.getUID(args[2]);
Set<String> attrNames = session.listKMIPAttributes(args[2]);
System.out.println("Attributes: " + attrNames);
NAECertificate cert = new NAECertificate(args[2], session);
KMIPAttributes getAttributes = new KMIPAttributes();
getAttributes.add(KMIPAttribute.CertificateIdentifier);
getAttributes.add(KMIPAttribute.ObjectType);
getAttributes.add(KMIPAttribute.CertificateIssuer);
getAttributes.add(KMIPAttribute.CertificateType);
getAttributes.add(KMIPAttribute.CertificateSubject);
KMIPAttributes gotAttributes = cert.getKMIPAttributes(getAttributes);
KMIPCertificateIdentifier certIdentifier = gotAttributes.getCertificateIdentifier();
KMIPCertificateSubject subject = gotAttributes.getCertificateSubject();
KMIPCertificateTypes certType = gotAttributes.getCertificateType();
KMIPCertificateIssuer issuer = gotAttributes.getCertificateIssuer();
ObjectTypes ot = gotAttributes.getObjectType();
if (ot != null) {
System.out.println("Object Type KMIP Attribute: " + ot.getPrintName());
} else {
System.err.println("Object Type KMIP Attribute is null.");
}
if (certType != null) {
System.out.println("Certificate Type KMIP Attribute: " + certType.getPrintName());
} else {
System.err.println("Certificate Type KMIP Attribute is null.");
}
if (certIdentifier == null) {
System.err.println("Certificate Identifier KMIP Attribute is null.");
} else {
System.out.println("Certificate Identifier KMIP Attribute:");
System.out.println("\tIssuer = " + certIdentifier.getIssuer());
System.out.println("\tSerial Number" + certIdentifier.getSerialNumber());
}
if (issuer == null) {
System.err.println("Certificate Issuer is null.");
} else {
System.out.println("Certificate Issuer:");
System.out.println("\tIssuer Distinguished Name = " + issuer.getCertificateIssuerDistinguishedName());
if (issuer.getCertificateIssuerAlternativeName() != null) {
System.out.println("\tIssuer Alternative Name = " + issuer.getCertificateIssuerAlternativeName());
}
}
if (subject == null) {
System.err.println("Certificate Subject is null.");
} else {
System.out.println("Certificate Subject:");
System.out.println("\tSubject Distinguished Name = " + subject.getCertificateSubjectDistinguishedName());
if (subject.getCertificateSubjectAlternativeName() != null) {
System.out.println("\tSubject Alternative Name = " + subject.getCertificateSubjectAlternativeName());
}
}
// now export() a copy of the certificate back from the Key Manager
byte[] exportedCert = cert.certificateExport();
// compare the original and exported bytes
if ((exportedCert != null) && Arrays.equals(Hex.decodeHex(certBytes.toCharArray()), exportedCert))
System.out.println("Exported Certificate material equals original");
else {
System.out.println("Uh-oh!");
}
// print the bytes
System.out.println("original: " + certBytes.toUpperCase());
System.out.println("exported: " + TTLVUtil.toHexString(exportedCert));
// delete the test cert and close the session
cert.delete();
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
use of com.ingrian.security.nae.NAEClientCertificate in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPDeleteAttributeSample method main.
public static void main(String[] args) throws Exception {
if (args.length != 2) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession session = null;
try {
// create NAE Session: pass in NAE client certificate information - client key and
// keystore password
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
/* This Set<String> collection will hold the unique identifiers of the keys
* matching the criteria (algorithm = RSA, length=2048
*/
Set<String> managedObjectIdentifiers;
/* this KMIPAttributes object will contain the KMIPAttribute(s) and the
* values to match for the keys being searched for on the server
*
*/
KMIPAttributes locateAttributes = new KMIPAttributes();
// add CryptographicAlgorithm and length to the attributes to be matched
locateAttributes.add(KMIPAttribute.CryptographicAlgorithm, Algorithm.rsa);
locateAttributes.add(KMIPAttribute.CryptographicLength, 2048);
/* Add a custom KMIP integer attribute at index 0 with the value 1 */
locateAttributes.add("x-int1", 0, 1);
/* this is also the sole attribute to be deleted. */
KMIPAttributes deleteAttributes = new KMIPAttributes();
deleteAttributes.add("x-int1", 0, 1);
/* Locate all RSA keys with a length of 2048 and x-int1 = 1 */
managedObjectIdentifiers = session.locate(locateAttributes);
if (managedObjectIdentifiers != null) {
System.out.println("\n\nFound " + managedObjectIdentifiers.size() + " managed objects matching criteria.");
System.out.println("\n\nKeys with attributes rsa, 2048 and custom attribute x-int=1");
for (String uid : managedObjectIdentifiers) {
System.out.println("\n\nManaged Object UniqueIdentifier: \t" + uid);
Object thingee = session.getManagedObject(uid);
/* Convert each key into the proper type of object
* representing the managed key */
if ((thingee instanceof NAEPublicKey) || (thingee instanceof NAEPrivateKey) || (thingee instanceof NAESecretKey)) {
NAEKey key;
if (thingee instanceof NAEPublicKey)
key = (NAEPublicKey) thingee;
else if (thingee instanceof NAEPrivateKey)
key = (NAEPrivateKey) thingee;
else
key = (NAESecretKey) thingee;
System.out.println("\tName: \t" + key.getName());
/* delete the x-int1 attribute */
key.deleteKMIPAttributes(deleteAttributes);
}
}
}
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
Aggregations