Search in sources :

Example 11 with NAEClientCertificate

use of com.ingrian.security.nae.NAEClientCertificate in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPModifySample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 2) {
        usage();
    }
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    // get the list of all registered JCE providers
    Provider[] providers = Security.getProviders();
    for (int i = 0; i < providers.length; i++) System.out.println(providers[i].getInfo());
    KMIPSession session = null;
    try {
        // create a KMIPSession: pass in NAE client X.509 key and keyStore password
        session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
        // create key KMIPAttribute object with a list of attributes to match
        Set<String> managedObjectIdentifiers;
        KMIPAttributes locateAttributes = new KMIPAttributes();
        locateAttributes.add(KMIPAttribute.CryptographicAlgorithm, Algorithm.rsa);
        locateAttributes.add(KMIPAttribute.CryptographicLength, 2048);
        KMIPAttributes getAttributes = new KMIPAttributes();
        getAttributes.add(KMIPAttribute.Name);
        managedObjectIdentifiers = session.locate(locateAttributes);
        if (managedObjectIdentifiers != null) {
            System.out.println("\n\nFound " + managedObjectIdentifiers.size() + " managed objects matching criteria.");
            System.out.println("\n\nKeys with attributes rsa, 2048 and object group");
            for (String uid : managedObjectIdentifiers) {
                System.out.println("\n\nManaged Object UniqueIdentifier: \t" + uid);
                Object managedObject = session.getManagedObject(uid);
                // not a key
                if (managedObject == null)
                    continue;
                if ((managedObject instanceof NAEPublicKey) || (managedObject instanceof NAEPrivateKey) || (managedObject instanceof NAESecretKey)) {
                    NAEKey key;
                    if (managedObject instanceof NAEPublicKey)
                        key = (NAEPublicKey) managedObject;
                    else if (managedObject instanceof NAEPrivateKey)
                        key = (NAEPrivateKey) managedObject;
                    else
                        key = (NAESecretKey) managedObject;
                    System.out.println("\tName: \t" + key.getName());
                    // Retrieve a KMIP attribute - in this case, Name.
                    KMIPAttributes returnedAttributes = key.getKMIPAttributes(getAttributes);
                    KMIPNameAttribute name = returnedAttributes.getNameAttribute();
                    System.out.println("Name attribute: " + name.getNameValue().getNameValue());
                    // Modify the Application Specific Information for this key - if it has any
                    KMIPAttributes modAttributes = new KMIPAttributes();
                    String ts = timestamp();
                    modAttributes.add(new KMIPApplicationSpecificInformation("namespace-" + ts, ts), 0);
                    try {
                        // throws NAE error if the key does not already have attribute being modified
                        key.modifyKMIPAttributes(modAttributes);
                    } catch (NAEException nae) {
                        if (!nae.getMessage().contains("Object does not have the specified attribute"))
                            throw nae;
                    }
                } else if (managedObject instanceof KMIPSecretData) {
                    System.out.println(((KMIPSecretData) managedObject).getName());
                }
            }
        }
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        e.printStackTrace();
    } finally {
        if (session != null)
            session.closeSession();
    }
}
Also used : KMIPAttributes(com.ingrian.security.nae.KMIPAttributes) NAEException(com.ingrian.security.nae.NAEException) NAEKey(com.ingrian.security.nae.NAEKey) NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey) NAESecretKey(com.ingrian.security.nae.NAESecretKey) NAEPublicKey(com.ingrian.security.nae.NAEPublicKey) KMIPSecretData(com.ingrian.security.nae.KMIPSecretData) NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate) NAEException(com.ingrian.security.nae.NAEException) IngrianProvider(com.ingrian.security.nae.IngrianProvider) Provider(java.security.Provider) IngrianProvider(com.ingrian.security.nae.IngrianProvider) KMIPSession(com.ingrian.security.nae.KMIPSession) KMIPApplicationSpecificInformation(com.ingrian.security.nae.KMIPApplicationSpecificInformation) KMIPNameAttribute(com.ingrian.security.nae.KMIPNameAttribute)

Example 12 with NAEClientCertificate

use of com.ingrian.security.nae.NAEClientCertificate in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPBatchSample method main.

public static void main(String[] args) throws Exception {
    KMIPSession session = null;
    int keyLength = 256;
    if (args.length != 3) {
        usage();
    }
    String keyName = args[2];
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    try {
        // create KMIP Session - specify client X.509 certificate and keystore password
        session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
        // create key custom attributes
        session.startBatching();
        System.out.println("Batching set to " + session.isBatching());
        for (int i = 0; i < 10; i++) {
            /* create a secret key using JCE key generator */
            NAEParameterSpec spec = new NAEParameterSpec(keyName + "-" + i, keyLength, (KMIPAttributes) null, session);
            KeyGenerator kg = KeyGenerator.getInstance("AES", "IngrianProvider");
            kg.init(spec);
            kg.generateKey();
        }
        KMIPBatchResults kbr = session.flushBatch();
        for (KMIPBatchItemResult batchResult : kbr.values()) {
            if (batchResult.getStatus() == Statuses.Success) {
                System.out.println(batchResult.getOperation().getPrintName() + " : " + batchResult.getStatus().getPrintName());
                System.out.println("UIDs affected: " + batchResult.getUIDs());
            } else {
                System.out.println(batchResult.getOperation().getPrintName() + " OPERATION FAILED: " + batchResult.getStatusMessage());
            }
        }
        System.out.println("Batching set to " + session.isBatching());
        // the KMIPsession is now not in batching mode. KMIP Operations will be sent
        // to the server when the line of code is executed. Operations are shown
        // which add, modify, or delete attributes in one request, with the KMIP CADP for JAVA
        // session utilizing KMIP batching implicitly based on sets of UIDs
        KMIPAttributes queryAttributes = new KMIPAttributes();
        queryAttributes.add(KMIPAttribute.CryptographicAlgorithm, Algorithm.aes);
        queryAttributes.add(KMIPAttribute.CryptographicLength, 256);
        // Have the session locate the keys matching the queryAttributes:
        Set<String> managedObjectIdentifiers = session.locate(queryAttributes);
        // loop through the UIDs of the matching managed objects
        KMIPAttributes addAttrs = new KMIPAttributes();
        addAttrs.add(KMIPAttribute.ContactInformation, 0, "Contact Information");
        for (String uid : managedObjectIdentifiers) {
            System.out.println("Managed object Unique Identifier: " + uid);
            // get the objects as Java client NAEKeys or KMIPSecretData objects
            // (Note: Secret Data doesn't have KMIP attributes of
            // algorithm or length, and will not be found by this query,
            // but is included here for completeness.
            Object managedObject = session.getManagedObject(uid);
            if (managedObject instanceof NAESecretKey) {
                NAESecretKey nsk = (NAESecretKey) managedObject;
                nsk.refreshKMIPInfo();
                if (nsk.getName().startsWith("KMIPBatch")) {
                    System.out.println(((NAESecretKey) managedObject).getName());
                }
                nsk.addKMIPAttributes(addAttrs);
            }
        }
        waitForInput();
        KMIPAttributes modAttrs = new KMIPAttributes();
        modAttrs.add(KMIPAttribute.ContactInformation, 0, "Modified Contact Information");
        Set<String> modUIDs = session.modifyAllAttributes(managedObjectIdentifiers, modAttrs);
        System.out.println("Modified " + modUIDs.size() + " attributes in a single request.");
        waitForInput();
        Set<String> delUIDs = session.deleteAll(new ArrayList<String>(managedObjectIdentifiers));
        System.out.println("Deleted " + delUIDs.size() + " managed objects in a single request.");
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        e.printStackTrace();
    } finally {
        if (session != null)
            session.closeSession();
    }
}
Also used : NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec) KMIPAttributes(com.ingrian.security.nae.KMIPAttributes) NAESecretKey(com.ingrian.security.nae.NAESecretKey) KMIPBatchItemResult(com.ingrian.security.nae.KMIPBatchItemResult) NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate) IOException(java.io.IOException) KMIPSession(com.ingrian.security.nae.KMIPSession) IngrianProvider(com.ingrian.security.nae.IngrianProvider) KMIPBatchResults(com.ingrian.security.nae.KMIPBatchResults) KeyGenerator(javax.crypto.KeyGenerator)

Example 13 with NAEClientCertificate

use of com.ingrian.security.nae.NAEClientCertificate in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPCertLocateSample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 3) {
        usage();
    }
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    KMIPSession session = null;
    try {
        // create NAE Session: pass in NAE Client Certificate clicnt key and keystore password
        session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
        // import the certificate
        NAEParameterSpec spec = new NAEParameterSpec(args[2], 1024, (KMIPAttributes) null, session);
        byte[] c = Hex.decodeHex(certBytes.toCharArray());
        NAECertificate.importCertificate(c, null, spec);
        // This set holds the managed object unique identifiers (UIDs)
        Set<String> managedObjectIdentifiers;
        // Locate managed objects with ObjectType Certificate and crypto length = 2048
        // and Issuer Distinguished Name = "CN=KMIP,OU=OASIS,O=TEST,C=US"
        // by adding the KMIPAttribute name and the value to a KMIPAttributes
        // object
        KMIPAttributes queryAttributes = new KMIPAttributes();
        queryAttributes.add(KMIPAttribute.CryptographicLength, 2048);
        queryAttributes.add(KMIPAttribute.ObjectType, ObjectType.ObjectTypes.Certificate);
        // Have the session locate the keys matching the queryAttributes:
        managedObjectIdentifiers = session.locate(queryAttributes);
        System.out.println("Managed objects with attributes rsa, 2048:");
        for (String uid : managedObjectIdentifiers) {
            System.out.println("Managed object Unique Identifier: " + uid);
            // get the objects as Java client NAEKeys or KMIPSecretData objects
            // (Note: Secret Data doesn't have KMIP attributes of
            // algorithm or length, and will not be found by this query,
            // but is included here for completeness.
            Object managedObject = session.getManagedObject(uid);
            if (managedObject instanceof KMIPTemplate)
                break;
            if (managedObject instanceof NAEPublicKey)
                System.out.println(((NAEPublicKey) managedObject).getName());
            else if (managedObject instanceof NAEPrivateKey)
                System.out.println(((NAEPrivateKey) managedObject).getName());
            else if (managedObject instanceof NAESecretKey)
                System.out.println(((NAESecretKey) managedObject).getName());
            else if (managedObject instanceof KMIPSecretData) {
                System.out.println(((KMIPSecretData) managedObject).getName());
            } else if (managedObject instanceof NAECertificate) {
                System.out.println("Object is a certificate");
                System.out.println(((NAECertificate) managedObject).getName());
            }
        }
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        e.printStackTrace();
    } finally {
        if (session != null)
            session.closeSession();
    }
}
Also used : NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec) KMIPAttributes(com.ingrian.security.nae.KMIPAttributes) NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey) NAESecretKey(com.ingrian.security.nae.NAESecretKey) NAECertificate(com.ingrian.security.nae.NAECertificate) NAEPublicKey(com.ingrian.security.nae.NAEPublicKey) KMIPSecretData(com.ingrian.security.nae.KMIPSecretData) NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate) IngrianProvider(com.ingrian.security.nae.IngrianProvider) KMIPSession(com.ingrian.security.nae.KMIPSession) KMIPTemplate(com.ingrian.security.nae.KMIPTemplate)

Example 14 with NAEClientCertificate

use of com.ingrian.security.nae.NAEClientCertificate in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPDatesAndStatesSample method main.

public static void main(String[] args) throws Exception {
    String keyName = null;
    int keyLength = 256;
    if (args.length != 3) {
        usage();
    }
    keyName = args[2];
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    KMIPSession session = null;
    try {
        // create KMIP Session - specify client X.509 certificate and keystore password
        session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
        // create key custom attributes
        NAEKey key = null;
        deleteIfExists(keyName, session, key);
        /* create a secret key using JCE key generator */
        NAEParameterSpec spec = new NAEParameterSpec(keyName, keyLength, (KMIPAttributes) null, session);
        KeyGenerator kg = KeyGenerator.getInstance("AES", "IngrianProvider");
        kg.init(spec);
        SecretKey secretKey = kg.generateKey();
        System.out.println("Created new key " + ((NAEKey) secretKey).getName());
        /* cast to NAEKey and list the default attribute names */
        Set<String> defaultAttributes = ((NAEKey) secretKey).listKMIPAttributes();
        System.out.println(defaultAttributes);
        key = ((NAEKey) secretKey);
        KMIPAttributes getState = new KMIPAttributes();
        getState.add(KMIPAttribute.State);
        getState.add(KMIPAttribute.ActivationDate);
        getState.add(KMIPAttribute.InitialDate);
        getState.add(KMIPAttribute.DeactivationDate);
        KMIPAttributes gotState = key.getKMIPAttributes(getState);
        System.out.println("State = " + gotState.getState());
        System.out.println("InitialDate  = " + sdf.format(gotState.getDate(KMIPAttribute.InitialDate).getTime()));
        System.out.println("ActivationDate  = " + ((gotState.getDate(KMIPAttribute.ActivationDate) != null) ? sdf.format(gotState.getDate(KMIPAttribute.ActivationDate).getTime()) : "null"));
        key = ((NAEKey) secretKey);
        System.out.println("Activating:");
        key.activate();
        gotState = key.getKMIPAttributes(getState);
        defaultAttributes = ((NAEKey) secretKey).listKMIPAttributes();
        System.out.println(defaultAttributes);
        System.out.println("State = " + gotState.getState());
        System.out.println("ActivationDate  = " + ((gotState.getDate(KMIPAttribute.ActivationDate) != null) ? sdf.format(gotState.getDate(KMIPAttribute.ActivationDate).getTime()) : "null"));
        // now deactivate it
        Calendar c = Calendar.getInstance();
        c.setTimeInMillis((gotState.getDate(KMIPAttribute.ActivationDate)).getTime().getTime());
        System.out.println("Deactivating as of " + sdf.format(c.getTime()));
        KMIPAttributes modDates = new KMIPAttributes();
        modDates.addDate(KMIPAttribute.DeactivationDate, c);
        key.addKMIPAttributes(modDates);
        ;
        defaultAttributes = ((NAEKey) secretKey).listKMIPAttributes();
        System.out.println(defaultAttributes);
        gotState = key.getKMIPAttributes(getState);
        System.out.println("State = " + gotState.getState());
        System.out.println("Dectivation Date  = " + ((gotState.getDate(KMIPAttribute.DeactivationDate) != null) ? sdf.format(gotState.getDate(KMIPAttribute.ActivationDate).getTime()) : "null"));
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        e.printStackTrace();
    } finally {
        if (session != null)
            session.closeSession();
    }
}
Also used : NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec) KMIPAttributes(com.ingrian.security.nae.KMIPAttributes) NAEKey(com.ingrian.security.nae.NAEKey) Calendar(java.util.Calendar) NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate) IngrianProvider(com.ingrian.security.nae.IngrianProvider) KMIPSession(com.ingrian.security.nae.KMIPSession) SecretKey(javax.crypto.SecretKey) KeyGenerator(javax.crypto.KeyGenerator)

Example 15 with NAEClientCertificate

use of com.ingrian.security.nae.NAEClientCertificate in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPGenKeys method main.

public static void main(String[] args) {
    if (args.length != 4) {
        usage();
    }
    int length = Integer.valueOf(args[3]);
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    // create KMIP Session - specify client X.509 certificate and keystore password
    KMIPSession session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
    KeyPair sunPair = null;
    try {
        // verify Key Manager supports key pair generation
        if (!queryKeyGen(session)) {
            System.err.println("Key Manager does not support key pair generation");
            System.exit(0);
        }
        deleteIfNecessary(NAEKey.getPublicKey(args[2].trim() + Config.s_publicKeyGenSuffix, session));
        deleteIfNecessary(NAEKey.getPrivateKey(args[2].trim() + Config.s_privateKeyGenSuffix, session));
        RSAKeyPairGenerator keyGen = new RSAKeyPairGenerator();
        NAEParameterSpec spec = new NAEParameterSpec(args[2].trim(), length, (KMIPAttributes) null, session);
        keyGen.initialize(spec, null);
        sunPair = keyGen.generateKeyPair();
        PrivateKey priv = sunPair.getPrivate();
        PublicKey pub = sunPair.getPublic();
        NAEPrivateKey naePriv = (NAEPrivateKey) priv;
        NAEPublicKey naePub = (NAEPublicKey) pub;
        System.out.println("\n\n----------------------------\n");
        System.out.println("Key length = " + length);
        System.out.println("Private key name           : " + naePriv.getName());
        System.out.println("Private key format         : " + naePriv.getFormat());
        System.out.println("Private key algorithm      : " + naePriv.getAlgorithm());
        System.out.println("Private key encoded length : " + naePriv.getKeySize());
        System.out.println("Public key name            : " + naePub.getName());
        System.out.println("Public key format          : " + naePub.getFormat());
        System.out.println("Public key algorithm      : " + "" + naePub.getAlgorithm());
        System.out.println("Public key encoded length  : " + naePub.getKeySize());
    /* ((NAEPrivateKey)priv).delete();
            ((NAEPublicKey)pub).delete();*/
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        e.printStackTrace();
    } finally {
        if (session != null)
            session.closeSession();
    }
}
Also used : KeyPair(java.security.KeyPair) NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec) PrivateKey(java.security.PrivateKey) NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey) NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey) PublicKey(java.security.PublicKey) NAEPublicKey(com.ingrian.security.nae.NAEPublicKey) RSAKeyPairGenerator(com.ingrian.security.nae.RSAKeyPairGenerator) NAEPublicKey(com.ingrian.security.nae.NAEPublicKey) NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate) NAEException(com.ingrian.security.nae.NAEException) IngrianProvider(com.ingrian.security.nae.IngrianProvider) KMIPSession(com.ingrian.security.nae.KMIPSession)

Aggregations

KMIPSession (com.ingrian.security.nae.KMIPSession)20 NAEClientCertificate (com.ingrian.security.nae.NAEClientCertificate)20 IngrianProvider (com.ingrian.security.nae.IngrianProvider)19 KMIPAttributes (com.ingrian.security.nae.KMIPAttributes)16 NAEKey (com.ingrian.security.nae.NAEKey)10 NAEParameterSpec (com.ingrian.security.nae.NAEParameterSpec)10 NAEPrivateKey (com.ingrian.security.nae.NAEPrivateKey)9 NAEPublicKey (com.ingrian.security.nae.NAEPublicKey)9 KMIPSecretData (com.ingrian.security.nae.KMIPSecretData)8 NAEException (com.ingrian.security.nae.NAEException)8 NAESecretKey (com.ingrian.security.nae.NAESecretKey)7 KeyGenerator (javax.crypto.KeyGenerator)4 NAECertificate (com.ingrian.security.nae.NAECertificate)3 KeyPair (java.security.KeyPair)3 PublicKey (java.security.PublicKey)3 SecretKey (javax.crypto.SecretKey)3 KeyPairGenerator (java.security.KeyPairGenerator)2 PrivateKey (java.security.PrivateKey)2 Calendar (java.util.Calendar)2 Attribute (com.ingrian.internal.kmip.api.Attribute)1