use of com.ingrian.security.nae.NAEClientCertificate in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPModifySample method main.
public static void main(String[] args) throws Exception {
if (args.length != 2) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
// get the list of all registered JCE providers
Provider[] providers = Security.getProviders();
for (int i = 0; i < providers.length; i++) System.out.println(providers[i].getInfo());
KMIPSession session = null;
try {
// create a KMIPSession: pass in NAE client X.509 key and keyStore password
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// create key KMIPAttribute object with a list of attributes to match
Set<String> managedObjectIdentifiers;
KMIPAttributes locateAttributes = new KMIPAttributes();
locateAttributes.add(KMIPAttribute.CryptographicAlgorithm, Algorithm.rsa);
locateAttributes.add(KMIPAttribute.CryptographicLength, 2048);
KMIPAttributes getAttributes = new KMIPAttributes();
getAttributes.add(KMIPAttribute.Name);
managedObjectIdentifiers = session.locate(locateAttributes);
if (managedObjectIdentifiers != null) {
System.out.println("\n\nFound " + managedObjectIdentifiers.size() + " managed objects matching criteria.");
System.out.println("\n\nKeys with attributes rsa, 2048 and object group");
for (String uid : managedObjectIdentifiers) {
System.out.println("\n\nManaged Object UniqueIdentifier: \t" + uid);
Object managedObject = session.getManagedObject(uid);
// not a key
if (managedObject == null)
continue;
if ((managedObject instanceof NAEPublicKey) || (managedObject instanceof NAEPrivateKey) || (managedObject instanceof NAESecretKey)) {
NAEKey key;
if (managedObject instanceof NAEPublicKey)
key = (NAEPublicKey) managedObject;
else if (managedObject instanceof NAEPrivateKey)
key = (NAEPrivateKey) managedObject;
else
key = (NAESecretKey) managedObject;
System.out.println("\tName: \t" + key.getName());
// Retrieve a KMIP attribute - in this case, Name.
KMIPAttributes returnedAttributes = key.getKMIPAttributes(getAttributes);
KMIPNameAttribute name = returnedAttributes.getNameAttribute();
System.out.println("Name attribute: " + name.getNameValue().getNameValue());
// Modify the Application Specific Information for this key - if it has any
KMIPAttributes modAttributes = new KMIPAttributes();
String ts = timestamp();
modAttributes.add(new KMIPApplicationSpecificInformation("namespace-" + ts, ts), 0);
try {
// throws NAE error if the key does not already have attribute being modified
key.modifyKMIPAttributes(modAttributes);
} catch (NAEException nae) {
if (!nae.getMessage().contains("Object does not have the specified attribute"))
throw nae;
}
} else if (managedObject instanceof KMIPSecretData) {
System.out.println(((KMIPSecretData) managedObject).getName());
}
}
}
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
use of com.ingrian.security.nae.NAEClientCertificate in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPBatchSample method main.
public static void main(String[] args) throws Exception {
KMIPSession session = null;
int keyLength = 256;
if (args.length != 3) {
usage();
}
String keyName = args[2];
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
try {
// create KMIP Session - specify client X.509 certificate and keystore password
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// create key custom attributes
session.startBatching();
System.out.println("Batching set to " + session.isBatching());
for (int i = 0; i < 10; i++) {
/* create a secret key using JCE key generator */
NAEParameterSpec spec = new NAEParameterSpec(keyName + "-" + i, keyLength, (KMIPAttributes) null, session);
KeyGenerator kg = KeyGenerator.getInstance("AES", "IngrianProvider");
kg.init(spec);
kg.generateKey();
}
KMIPBatchResults kbr = session.flushBatch();
for (KMIPBatchItemResult batchResult : kbr.values()) {
if (batchResult.getStatus() == Statuses.Success) {
System.out.println(batchResult.getOperation().getPrintName() + " : " + batchResult.getStatus().getPrintName());
System.out.println("UIDs affected: " + batchResult.getUIDs());
} else {
System.out.println(batchResult.getOperation().getPrintName() + " OPERATION FAILED: " + batchResult.getStatusMessage());
}
}
System.out.println("Batching set to " + session.isBatching());
// the KMIPsession is now not in batching mode. KMIP Operations will be sent
// to the server when the line of code is executed. Operations are shown
// which add, modify, or delete attributes in one request, with the KMIP CADP for JAVA
// session utilizing KMIP batching implicitly based on sets of UIDs
KMIPAttributes queryAttributes = new KMIPAttributes();
queryAttributes.add(KMIPAttribute.CryptographicAlgorithm, Algorithm.aes);
queryAttributes.add(KMIPAttribute.CryptographicLength, 256);
// Have the session locate the keys matching the queryAttributes:
Set<String> managedObjectIdentifiers = session.locate(queryAttributes);
// loop through the UIDs of the matching managed objects
KMIPAttributes addAttrs = new KMIPAttributes();
addAttrs.add(KMIPAttribute.ContactInformation, 0, "Contact Information");
for (String uid : managedObjectIdentifiers) {
System.out.println("Managed object Unique Identifier: " + uid);
// get the objects as Java client NAEKeys or KMIPSecretData objects
// (Note: Secret Data doesn't have KMIP attributes of
// algorithm or length, and will not be found by this query,
// but is included here for completeness.
Object managedObject = session.getManagedObject(uid);
if (managedObject instanceof NAESecretKey) {
NAESecretKey nsk = (NAESecretKey) managedObject;
nsk.refreshKMIPInfo();
if (nsk.getName().startsWith("KMIPBatch")) {
System.out.println(((NAESecretKey) managedObject).getName());
}
nsk.addKMIPAttributes(addAttrs);
}
}
waitForInput();
KMIPAttributes modAttrs = new KMIPAttributes();
modAttrs.add(KMIPAttribute.ContactInformation, 0, "Modified Contact Information");
Set<String> modUIDs = session.modifyAllAttributes(managedObjectIdentifiers, modAttrs);
System.out.println("Modified " + modUIDs.size() + " attributes in a single request.");
waitForInput();
Set<String> delUIDs = session.deleteAll(new ArrayList<String>(managedObjectIdentifiers));
System.out.println("Deleted " + delUIDs.size() + " managed objects in a single request.");
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
use of com.ingrian.security.nae.NAEClientCertificate in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPCertLocateSample method main.
public static void main(String[] args) throws Exception {
if (args.length != 3) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession session = null;
try {
// create NAE Session: pass in NAE Client Certificate clicnt key and keystore password
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// import the certificate
NAEParameterSpec spec = new NAEParameterSpec(args[2], 1024, (KMIPAttributes) null, session);
byte[] c = Hex.decodeHex(certBytes.toCharArray());
NAECertificate.importCertificate(c, null, spec);
// This set holds the managed object unique identifiers (UIDs)
Set<String> managedObjectIdentifiers;
// Locate managed objects with ObjectType Certificate and crypto length = 2048
// and Issuer Distinguished Name = "CN=KMIP,OU=OASIS,O=TEST,C=US"
// by adding the KMIPAttribute name and the value to a KMIPAttributes
// object
KMIPAttributes queryAttributes = new KMIPAttributes();
queryAttributes.add(KMIPAttribute.CryptographicLength, 2048);
queryAttributes.add(KMIPAttribute.ObjectType, ObjectType.ObjectTypes.Certificate);
// Have the session locate the keys matching the queryAttributes:
managedObjectIdentifiers = session.locate(queryAttributes);
System.out.println("Managed objects with attributes rsa, 2048:");
for (String uid : managedObjectIdentifiers) {
System.out.println("Managed object Unique Identifier: " + uid);
// get the objects as Java client NAEKeys or KMIPSecretData objects
// (Note: Secret Data doesn't have KMIP attributes of
// algorithm or length, and will not be found by this query,
// but is included here for completeness.
Object managedObject = session.getManagedObject(uid);
if (managedObject instanceof KMIPTemplate)
break;
if (managedObject instanceof NAEPublicKey)
System.out.println(((NAEPublicKey) managedObject).getName());
else if (managedObject instanceof NAEPrivateKey)
System.out.println(((NAEPrivateKey) managedObject).getName());
else if (managedObject instanceof NAESecretKey)
System.out.println(((NAESecretKey) managedObject).getName());
else if (managedObject instanceof KMIPSecretData) {
System.out.println(((KMIPSecretData) managedObject).getName());
} else if (managedObject instanceof NAECertificate) {
System.out.println("Object is a certificate");
System.out.println(((NAECertificate) managedObject).getName());
}
}
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
use of com.ingrian.security.nae.NAEClientCertificate in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPDatesAndStatesSample method main.
public static void main(String[] args) throws Exception {
String keyName = null;
int keyLength = 256;
if (args.length != 3) {
usage();
}
keyName = args[2];
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession session = null;
try {
// create KMIP Session - specify client X.509 certificate and keystore password
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// create key custom attributes
NAEKey key = null;
deleteIfExists(keyName, session, key);
/* create a secret key using JCE key generator */
NAEParameterSpec spec = new NAEParameterSpec(keyName, keyLength, (KMIPAttributes) null, session);
KeyGenerator kg = KeyGenerator.getInstance("AES", "IngrianProvider");
kg.init(spec);
SecretKey secretKey = kg.generateKey();
System.out.println("Created new key " + ((NAEKey) secretKey).getName());
/* cast to NAEKey and list the default attribute names */
Set<String> defaultAttributes = ((NAEKey) secretKey).listKMIPAttributes();
System.out.println(defaultAttributes);
key = ((NAEKey) secretKey);
KMIPAttributes getState = new KMIPAttributes();
getState.add(KMIPAttribute.State);
getState.add(KMIPAttribute.ActivationDate);
getState.add(KMIPAttribute.InitialDate);
getState.add(KMIPAttribute.DeactivationDate);
KMIPAttributes gotState = key.getKMIPAttributes(getState);
System.out.println("State = " + gotState.getState());
System.out.println("InitialDate = " + sdf.format(gotState.getDate(KMIPAttribute.InitialDate).getTime()));
System.out.println("ActivationDate = " + ((gotState.getDate(KMIPAttribute.ActivationDate) != null) ? sdf.format(gotState.getDate(KMIPAttribute.ActivationDate).getTime()) : "null"));
key = ((NAEKey) secretKey);
System.out.println("Activating:");
key.activate();
gotState = key.getKMIPAttributes(getState);
defaultAttributes = ((NAEKey) secretKey).listKMIPAttributes();
System.out.println(defaultAttributes);
System.out.println("State = " + gotState.getState());
System.out.println("ActivationDate = " + ((gotState.getDate(KMIPAttribute.ActivationDate) != null) ? sdf.format(gotState.getDate(KMIPAttribute.ActivationDate).getTime()) : "null"));
// now deactivate it
Calendar c = Calendar.getInstance();
c.setTimeInMillis((gotState.getDate(KMIPAttribute.ActivationDate)).getTime().getTime());
System.out.println("Deactivating as of " + sdf.format(c.getTime()));
KMIPAttributes modDates = new KMIPAttributes();
modDates.addDate(KMIPAttribute.DeactivationDate, c);
key.addKMIPAttributes(modDates);
;
defaultAttributes = ((NAEKey) secretKey).listKMIPAttributes();
System.out.println(defaultAttributes);
gotState = key.getKMIPAttributes(getState);
System.out.println("State = " + gotState.getState());
System.out.println("Dectivation Date = " + ((gotState.getDate(KMIPAttribute.DeactivationDate) != null) ? sdf.format(gotState.getDate(KMIPAttribute.ActivationDate).getTime()) : "null"));
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
use of com.ingrian.security.nae.NAEClientCertificate in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPGenKeys method main.
public static void main(String[] args) {
if (args.length != 4) {
usage();
}
int length = Integer.valueOf(args[3]);
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
// create KMIP Session - specify client X.509 certificate and keystore password
KMIPSession session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
KeyPair sunPair = null;
try {
// verify Key Manager supports key pair generation
if (!queryKeyGen(session)) {
System.err.println("Key Manager does not support key pair generation");
System.exit(0);
}
deleteIfNecessary(NAEKey.getPublicKey(args[2].trim() + Config.s_publicKeyGenSuffix, session));
deleteIfNecessary(NAEKey.getPrivateKey(args[2].trim() + Config.s_privateKeyGenSuffix, session));
RSAKeyPairGenerator keyGen = new RSAKeyPairGenerator();
NAEParameterSpec spec = new NAEParameterSpec(args[2].trim(), length, (KMIPAttributes) null, session);
keyGen.initialize(spec, null);
sunPair = keyGen.generateKeyPair();
PrivateKey priv = sunPair.getPrivate();
PublicKey pub = sunPair.getPublic();
NAEPrivateKey naePriv = (NAEPrivateKey) priv;
NAEPublicKey naePub = (NAEPublicKey) pub;
System.out.println("\n\n----------------------------\n");
System.out.println("Key length = " + length);
System.out.println("Private key name : " + naePriv.getName());
System.out.println("Private key format : " + naePriv.getFormat());
System.out.println("Private key algorithm : " + naePriv.getAlgorithm());
System.out.println("Private key encoded length : " + naePriv.getKeySize());
System.out.println("Public key name : " + naePub.getName());
System.out.println("Public key format : " + naePub.getFormat());
System.out.println("Public key algorithm : " + "" + naePub.getAlgorithm());
System.out.println("Public key encoded length : " + naePub.getKeySize());
/* ((NAEPrivateKey)priv).delete();
((NAEPublicKey)pub).delete();*/
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
Aggregations