Search in sources :

Example 6 with NAEClientCertificate

use of com.ingrian.security.nae.NAEClientCertificate in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPEncryptAndDecrypt method main.

public static void main(String[] args) {
    if (args.length < 6) {
        checkUsage();
    }
    String certAlias = args[0];
    String certPassword = args[1];
    String keyName = args[2];
    int tagLength = Integer.parseInt(args[3]);
    /**
     * Note: For AES-GCM algorithm, same combination of nonce (IV) and key must not be reused
     * during encryption/decryption operations.
     */
    String iv = args[4];
    String data = args[5];
    KMIPSession session = null;
    try {
        // opening a valid kmip session
        session = KMIPSession.getSession(new NAEClientCertificate(certAlias, certPassword.toCharArray()));
        // taking instance for GCM. Check KMIPCipher Javadoc for rest of algorithm
        KMIPCipher cipher = KMIPCipher.getInstance("AES/GCM/NoPadding");
        // creating a spec for GCM. Check KMIPGCMSpec Javadoc for valid values
        KMIPGCMSpec spec = new KMIPGCMSpec(tagLength, iv.getBytes());
        // initializing kmip cipher with the given key name, spec and session
        // in encrypt mode. Can pass UID in place of keyname. Check other
        // overloaded methods.
        cipher.init(KMIPCipher.ENCRYPT_MODE, keyName, spec, session);
        // Perform cipher operation and return the result in KMIPCryptoResult
        // object. This object also consist of IV in case iv is not passed
        // in other algos.
        KMIPCryptoResult result = cipher.doFinal(data.getBytes());
        // encrypted result in hex
        System.out.println(IngrianProvider.byteArray2Hex(result.getData()));
        // taking GCM cipher instance for decryption. Check KMIPCipher Javadoc
        // for rest of algorithm
        KMIPCipher deCipher = KMIPCipher.getInstance("AES/GCM/NoPadding");
        // initializing kmip cipher with the given key name, spec and session
        // in decrypt mode. Can pass UID in place of keyname in other
        // overloaded methods.
        deCipher.init(KMIPCipher.DECRYPT_MODE, keyName, spec, session);
        // returns decrypted result
        KMIPCryptoResult decResult = deCipher.doFinal(result.getData());
        // printing decryption result.
        System.out.println(new String(decResult.getData()));
    } catch (Exception e) {
        e.printStackTrace();
    } finally {
        session.closeSession();
    }
}
Also used : KMIPCryptoResult(com.ingrian.internal.kmip.api.crypto.KMIPCryptoResult) KMIPCipher(com.ingrian.internal.kmip.api.crypto.KMIPCipher) NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate) KMIPSession(com.ingrian.security.nae.KMIPSession) KMIPGCMSpec(com.ingrian.internal.kmip.api.crypto.KMIPGCMSpec)

Example 7 with NAEClientCertificate

use of com.ingrian.security.nae.NAEClientCertificate in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPGetCustomAttribute method main.

public static void main(String[] args) throws Exception {
    if (args.length != 4) {
        usage();
    }
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    KMIPSession session = null;
    try {
        // Create session to KMIP port based on authentication by an
        // NAEClientCertificate
        session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
        // KMIPAttribute set to hold unique Key Manager identifiers for
        // located keys
        Set<String> managedObjectIdentifiers;
        // This instance of KMIPAttributes will be used as the KMIP
        // attributes and
        // values to be searched for
        KMIPAttributes locateAttributes = new KMIPAttributes();
        locateAttributes.add(KMIPAttribute.CryptographicAlgorithm, Algorithm.rsa);
        locateAttributes.add(KMIPAttribute.CryptographicLength, 2048);
        // This instance of KMIPAttributes will specify the set of KMIP
        // attributes
        // to be returned from the Key Manager
        // KMIPAttributes addAttributes = new KMIPAttributes();
        // addAttributes.add("x-String", 1, "Hello");
        KMIPAttributes getAttributes = new KMIPAttributes();
        getAttributes.add(KMIPAttribute.ApplicationSpecificInformation);
        // implied
        getAttributes.add(KMIPAttribute.CryptographicAlgorithm);
        // null
        // value
        getAttributes.add(KMIPAttribute.CryptographicLength);
        getAttributes.add(KMIPAttribute.ObjectType);
        getAttributes.add(KMIPAttribute.ContactInformation);
        getAttributes.add(KMIPAttribute.Digest);
        getAttributes.add(KMIPAttribute.InitialDate);
        getAttributes.add(KMIPAttribute.Link);
        getAttributes.add(KMIPAttribute.ObjectGroup);
        String custattrib = args[3];
        if (custattrib.contains("#")) {
            String[] attrs = custattrib.split("#");
            for (String atr : attrs) {
                getAttributes.add(atr);
            }
        } else {
            getAttributes.add(custattrib);
        }
        // Locate the keys with matching attributes
        managedObjectIdentifiers = session.locate(locateAttributes);
        if (managedObjectIdentifiers != null) {
            // for each object found, query all the non-custom attributes
            for (String uid : managedObjectIdentifiers) {
                Object serverManagedObject = session.getManagedObject(uid);
                if (serverManagedObject == null)
                    // not a key
                    continue;
                if (isKey(serverManagedObject)) {
                    // NAEKey is the superclass of public/private and secret
                    // keys
                    NAEKey key;
                    if (serverManagedObject instanceof NAEPublicKey)
                        key = (NAEPublicKey) serverManagedObject;
                    else if (serverManagedObject instanceof NAEPrivateKey)
                        key = (NAEPrivateKey) serverManagedObject;
                    else
                        key = (NAESecretKey) serverManagedObject;
                    locateAttributes.getAttributes();
                    // retrieve and print the key's attributes
                    if (key.getName().equals(args[2])) {
                        // key.addKMIPAttributes(addAttributes);
                        System.out.println("\tName: \t" + key.getName());
                        KMIPAttributes returnedAttributes = getAttrs(key, getAttributes);
                        // printKeyInfo(returnedAttributes);
                        printCustomAttribute(returnedAttributes);
                    }
                } else if (serverManagedObject instanceof KMIPSecretData) {
                    // KMIPSecretData managed objects do not inherit from
                    // NAEKey
                    // coerce to a KMIPSecretData and print the name of the
                    // object
                    System.out.println(((KMIPSecretData) serverManagedObject).getName());
                }
            }
        }
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        e.printStackTrace();
    } finally {
        if (session != null)
            session.closeSession();
    }
}
Also used : KMIPAttributes(com.ingrian.security.nae.KMIPAttributes) NAEKey(com.ingrian.security.nae.NAEKey) NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey) NAEPublicKey(com.ingrian.security.nae.NAEPublicKey) KMIPSecretData(com.ingrian.security.nae.KMIPSecretData) NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate) NAEException(com.ingrian.security.nae.NAEException) IngrianProvider(com.ingrian.security.nae.IngrianProvider) KMIPSession(com.ingrian.security.nae.KMIPSession)

Example 8 with NAEClientCertificate

use of com.ingrian.security.nae.NAEClientCertificate in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPGetSample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 2) {
        usage();
    }
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    KMIPSession session = null;
    try {
        // Create session to KMIP port based on authentication by an NAEClientCertificate
        session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
        // KMIPAttribute set to hold unique Key Manager identifiers for located keys
        Set<String> managedObjectIdentifiers;
        // This instance of KMIPAttributes will be used as the KMIP attributes and
        // values to be searched for
        KMIPAttributes locateAttributes = new KMIPAttributes();
        locateAttributes.add(KMIPAttribute.CryptographicAlgorithm, Algorithm.rsa);
        locateAttributes.add(KMIPAttribute.CryptographicLength, 2048);
        // This instance of KMIPAttributes will specify the set of KMIP attributes
        // to be returned from the Key Manager
        KMIPAttributes getAttributes = new KMIPAttributes();
        getAttributes.add(KMIPAttribute.ApplicationSpecificInformation);
        // implied null value
        getAttributes.add(KMIPAttribute.CryptographicAlgorithm);
        getAttributes.add(KMIPAttribute.CryptographicLength);
        getAttributes.add(KMIPAttribute.ObjectType);
        getAttributes.add(KMIPAttribute.ContactInformation);
        getAttributes.add(KMIPAttribute.Digest);
        getAttributes.add(KMIPAttribute.InitialDate);
        getAttributes.add(KMIPAttribute.Link);
        getAttributes.add(KMIPAttribute.ObjectGroup);
        // Locate the keys with matching attributes
        managedObjectIdentifiers = session.locate(locateAttributes);
        if (managedObjectIdentifiers != null) {
            System.out.println("\n\nFound " + managedObjectIdentifiers.size() + " managed objects matching key Locate criteria.");
            System.out.println("\n\nKeys with attributes rsa, 2048 and their attibutes");
            // for each object found, query all the non-custom attributes
            for (String uid : managedObjectIdentifiers) {
                System.out.println("\n\nManaged Object UniqueIdentifier: \t" + uid);
                Object serverManagedObject = session.getManagedObject(uid);
                // not a key
                if (serverManagedObject == null)
                    continue;
                if (isKey(serverManagedObject)) {
                    // NAEKey is the superclass of public/private and secret keys
                    NAEKey key;
                    if (serverManagedObject instanceof NAEPublicKey)
                        key = (NAEPublicKey) serverManagedObject;
                    else if (serverManagedObject instanceof NAEPrivateKey)
                        key = (NAEPrivateKey) serverManagedObject;
                    else
                        key = (NAESecretKey) serverManagedObject;
                    System.out.println("\tName: \t" + key.getName());
                    // retrieve and print the key's attributes
                    KMIPAttributes returnedAttributes = getAttrs(key, getAttributes);
                    printKeyInfo(returnedAttributes);
                } else if (serverManagedObject instanceof KMIPSecretData) {
                    // KMIPSecretData managed objects do not inherit from NAEKey
                    // coerce to a KMIPSecretData and print the name of the object
                    System.out.println(((KMIPSecretData) serverManagedObject).getName());
                }
            }
        }
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        e.printStackTrace();
    } finally {
        if (session != null)
            session.closeSession();
    }
}
Also used : KMIPAttributes(com.ingrian.security.nae.KMIPAttributes) NAEKey(com.ingrian.security.nae.NAEKey) NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey) NAEPublicKey(com.ingrian.security.nae.NAEPublicKey) KMIPSecretData(com.ingrian.security.nae.KMIPSecretData) NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate) NAEException(com.ingrian.security.nae.NAEException) IngrianProvider(com.ingrian.security.nae.IngrianProvider) KMIPSession(com.ingrian.security.nae.KMIPSession)

Example 9 with NAEClientCertificate

use of com.ingrian.security.nae.NAEClientCertificate in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPLocateSample method main.

public static void main(String[] args) throws Exception {
    if (args.length < 2) {
        usage();
    }
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    KMIPSession session = null;
    try {
        // create NAE Session: pass in NAE Client Certificate clicnt key and keystore password
        session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
        // This set holds the managed object unique identifiers (UIDs)
        Set<String> managedObjectIdentifiers;
        // Locate keys with crypto algorithm = aes and crypto length = 256
        KMIPAttributes queryAttributes = new KMIPAttributes();
        /* 
             * IMPORTANT-In case of locate by name it is compulsory to pass argument for keyName as below 
             *  [-Name locateKeyName] where locateKeyName will be value of userInput.
             * */
        if (args.length > 3) {
            if (args[2] != null && "-Name".equals(args[2])) {
                queryAttributes.add(new Attribute(KMIPAttribute.Name, args[3]));
            }
        }
        // Have the session locate the keys matching the queryAttributes:
        managedObjectIdentifiers = session.locate(queryAttributes);
        // loop through the UIDs of the matching managed objects
        System.out.println("Total Keys: " + managedObjectIdentifiers.size());
        for (String uid : managedObjectIdentifiers) {
            System.out.println("Managed object Unique Identifier: " + uid);
            // get the objects as Java client NAEKeys or KMIPSecretData objects
            // (Note: Secret Data doesn't have KMIP attributes of
            // algorithm or length, and will not be found by this query,
            // but is included here for completeness.
            byte[] keyMaterial = null;
            Object managedObject = session.getManagedObject(uid);
            // not a key
            if (managedObject == null)
                continue;
            if (managedObject instanceof NAEPublicKey) {
                System.out.println(((NAEPublicKey) managedObject).getName());
                keyMaterial = ((NAEKey) managedObject).export();
            } else if (managedObject instanceof NAEPrivateKey) {
                System.out.println(((NAEPrivateKey) managedObject).getName());
                keyMaterial = ((NAEKey) managedObject).export();
            } else if (managedObject instanceof NAESecretKey) {
                System.out.println(((NAESecretKey) managedObject).getName());
                keyMaterial = ((NAEKey) managedObject).export();
            } else if (managedObject instanceof KMIPSecretData) {
                System.out.println(((KMIPSecretData) managedObject).getName());
                keyMaterial = ((KMIPSecretData) managedObject).export();
            } else if (managedObject instanceof NAECertificate) {
                System.out.println(((NAECertificate) managedObject).getName());
                keyMaterial = ((NAECertificate) managedObject).certificateExport();
            }
            System.out.println("Key Material = " + TTLVUtil.toHexString(keyMaterial));
        }
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        e.printStackTrace();
    } finally {
        if (session != null)
            session.closeSession();
    }
}
Also used : KMIPAttributes(com.ingrian.security.nae.KMIPAttributes) NAEKey(com.ingrian.security.nae.NAEKey) NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey) Attribute(com.ingrian.internal.kmip.api.Attribute) KMIPAttribute(com.ingrian.security.nae.KMIPAttributeNames.KMIPAttribute) NAESecretKey(com.ingrian.security.nae.NAESecretKey) NAECertificate(com.ingrian.security.nae.NAECertificate) NAEPublicKey(com.ingrian.security.nae.NAEPublicKey) KMIPSecretData(com.ingrian.security.nae.KMIPSecretData) NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate) IngrianProvider(com.ingrian.security.nae.IngrianProvider) KMIPSession(com.ingrian.security.nae.KMIPSession)

Example 10 with NAEClientCertificate

use of com.ingrian.security.nae.NAEClientCertificate in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPKeyPairSample method main.

public static void main(String[] args) {
    if (args.length != 4) {
        usage();
    }
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    String privateKeyName = args[2];
    String publicKeyName = args[3];
    KMIPSession session = null;
    try {
        // generate the public/private key pairs with client-side provider
        KeyPairGenerator keyGen = KeyPairGenerator.getInstance(algorithm);
        System.out.println("Provider: " + keyGen.getProvider().getName());
        keyGen.initialize(length);
        KeyPair generatedKeyPair = keyGen.generateKeyPair();
        // get the key material
        PrivateKey priv = generatedKeyPair.getPrivate();
        PublicKey pub = generatedKeyPair.getPublic();
        byte[] privKeyMaterial = priv.getEncoded();
        byte[] pubKeyMaterial = pub.getEncoded();
        // Register keys on the Key Manager
        // create NAE Session using a client certificate
        session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
        // create a spec for the public key
        KMIPAttributes initialAttributes = new KMIPAttributes();
        initialAttributes.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Verify.getValue()));
        NAEParameterSpec spec = new NAEParameterSpec(publicKeyName, length, (KMIPAttributes) initialAttributes, session);
        // create a public key - note: names must match
        NAEPublicKey naePub = NAEKey.getPublicKey(publicKeyName, session);
        // register the key
        String pubUID = naePub.registerKey(pubKeyMaterial, algorithm, keyFormat, spec);
        // print the Key Manager unique identifier for the key
        System.out.println("Created public key: " + pubUID);
        // do the same for the private key
        initialAttributes = new KMIPAttributes();
        initialAttributes.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Sign.getValue()));
        spec = new NAEParameterSpec(privateKeyName, length, (KMIPAttributes) initialAttributes, session);
        NAEPrivateKey naePriv = NAEKey.getPrivateKey(privateKeyName, session);
        // remove PKCS#8 header from the key material
        byte[] truncatedKeyMaterial = new byte[privKeyMaterial.length - 26];
        System.arraycopy(privKeyMaterial, 26, truncatedKeyMaterial, 0, privKeyMaterial.length - 26);
        String privUID = naePriv.registerKey(truncatedKeyMaterial, algorithm, keyFormat, spec);
        System.out.println("Created private key: " + privUID);
        // Set the link attribute for the keys on the Key Manager
        naePriv.link(naePub);
        naePub.link(naePriv);
        System.out.println("Linked keys");
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        e.printStackTrace();
    } finally {
        if (session != null)
            session.closeSession();
    }
}
Also used : KeyPair(java.security.KeyPair) KMIPAttributes(com.ingrian.security.nae.KMIPAttributes) NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec) PrivateKey(java.security.PrivateKey) NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey) NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey) PublicKey(java.security.PublicKey) NAEPublicKey(com.ingrian.security.nae.NAEPublicKey) NAEPublicKey(com.ingrian.security.nae.NAEPublicKey) KeyPairGenerator(java.security.KeyPairGenerator) NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate) IngrianProvider(com.ingrian.security.nae.IngrianProvider) KMIPSession(com.ingrian.security.nae.KMIPSession)

Aggregations

KMIPSession (com.ingrian.security.nae.KMIPSession)20 NAEClientCertificate (com.ingrian.security.nae.NAEClientCertificate)20 IngrianProvider (com.ingrian.security.nae.IngrianProvider)19 KMIPAttributes (com.ingrian.security.nae.KMIPAttributes)16 NAEKey (com.ingrian.security.nae.NAEKey)10 NAEParameterSpec (com.ingrian.security.nae.NAEParameterSpec)10 NAEPrivateKey (com.ingrian.security.nae.NAEPrivateKey)9 NAEPublicKey (com.ingrian.security.nae.NAEPublicKey)9 KMIPSecretData (com.ingrian.security.nae.KMIPSecretData)8 NAEException (com.ingrian.security.nae.NAEException)8 NAESecretKey (com.ingrian.security.nae.NAESecretKey)7 KeyGenerator (javax.crypto.KeyGenerator)4 NAECertificate (com.ingrian.security.nae.NAECertificate)3 KeyPair (java.security.KeyPair)3 PublicKey (java.security.PublicKey)3 SecretKey (javax.crypto.SecretKey)3 KeyPairGenerator (java.security.KeyPairGenerator)2 PrivateKey (java.security.PrivateKey)2 Calendar (java.util.Calendar)2 Attribute (com.ingrian.internal.kmip.api.Attribute)1