Example 16 with NAEClientCertificate
use of com.ingrian.security.nae.NAEClientCertificate in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPCreateSymmetricKeySample method main.
public static void main(String[] args) throws Exception {
String keyName = null;
int keyLength = 256;
if (args.length != 3) {
usage();
}
keyName = args[2];
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession session = null;
try {
// create KMIP Session - specify client X.509 certificate and keystore password
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
NAEKey key;
try {
/* does the key exist? if so, delete it */
/* get..Key method is merely a placeholder for a managed object
* with that name. */
key = NAEKey.getSecretKey(keyName, session);
/* getUID() will throw an exception if the key does not exist */
if (key.getUID() != null) {
// exists if Unique Identifier is not null
System.out.println("Deleting key " + keyName + " with UID=" + key.getUID());
key.delete();
}
} catch (Exception notFound) {
}
/* create a secret key on the Key Manager using JCE key generator */
KMIPAttributes initialAttributes = new KMIPAttributes();
initialAttributes.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Encrypt.getValue() | UsageMask.Decrypt.getValue()));
NAEParameterSpec spec = new NAEParameterSpec(keyName, keyLength, (KMIPAttributes) initialAttributes, session);
KeyGenerator kg = KeyGenerator.getInstance("AES", "IngrianProvider");
kg.init(spec);
SecretKey secretKey = kg.generateKey();
System.out.println("Created key " + ((NAEKey) secretKey).getName());
/* cast to NAEKey and list the default attribute names */
Set<String> defaultAttributes = ((NAEKey) secretKey).listKMIPAttributes();
System.out.println(defaultAttributes);
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
Also used :
KMIPAttributes(com.ingrian.security.nae.KMIPAttributes)
NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec)
SecretKey(javax.crypto.SecretKey)
NAEKey(com.ingrian.security.nae.NAEKey)
NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate)
KeyGenerator(javax.crypto.KeyGenerator)
NAEException(com.ingrian.security.nae.NAEException)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
KMIPSession(com.ingrian.security.nae.KMIPSession)
Example 17 with NAEClientCertificate
use of com.ingrian.security.nae.NAEClientCertificate in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPSecretDataGetCustomAttributeSample method main.
public static void main(String[] args) throws Exception {
if (args.length != 4) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
String secretDataName = args[2];
String custattrib = args[3];
// create NAE Session: pass in Key Manager user name and password
KMIPSession session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
KMIPAttributes getAttributes = new KMIPAttributes();
if (custattrib.contains("#")) {
String[] attrs = custattrib.split("#");
for (String atr : attrs) {
getAttributes.add(atr);
}
} else {
getAttributes.add(custattrib);
}
try {
// create the secret data object as a KMIP secret data Password type
KMIPSecretData secretDataManagedObject = new KMIPSecretData(secretDataName, KMIPSecretData.SecretDataType.Password, session);
KMIPAttributes returnedAttributes = secretDataManagedObject.getKMIPAttributes(getAttributes);
printCustomAttribute(returnedAttributes);
} catch (Exception e) {
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
Also used :
KMIPAttributes(com.ingrian.security.nae.KMIPAttributes)
KMIPSecretData(com.ingrian.security.nae.KMIPSecretData)
NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
KMIPSession(com.ingrian.security.nae.KMIPSession)
Example 18 with NAEClientCertificate
use of com.ingrian.security.nae.NAEClientCertificate in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPWrapUnwrapSample method main.
public static void main(String[] args) {
if (args.length != 4) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
String wrapping_key = args[2];
String wrapped_key = args[3];
// key bytes
String wrapping_keybytes = "49E3BD09F079E4F8842F1C6620FFF6EC";
String wrapped_keybytes = "92F6355221CC38DF5F374275631C774D";
System.out.println("wrapped_keybytes Key-1 " + wrapped_keybytes);
System.out.println("wrapping_keybytes Key-2" + wrapping_keybytes);
// key specification and key wrapping data
String wrappingMethod = "Encrypt";
String uniqueIdentifier_wrappingkey = null;
String uniqueIdentifier_wrappedkey = null;
String blockCipherMode = "NISTKeyWrap";
// not required as of now
String paddingMethod = null;
// not required as of now
String hashingAlgorithm = null;
// not required as of now
String keyRoleType = null;
String encodingOption = "NoEncoding";
// initiate KMIP session
KMIPSession session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// KMIP attributes for to declare an encrypting key
KMIPAttributes initialAttribute = new KMIPAttributes();
initialAttribute.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.WrapKey.getValue() | UsageMask.UnwrapKey.getValue()));
// KMIP attribute to declare a plain key
KMIPAttributes initialAttributes2 = new KMIPAttributes();
initialAttributes2.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Encrypt.getValue() | UsageMask.Decrypt.getValue()));
NAEParameterSpec spec = new NAEParameterSpec(wrapping_key, 128, initialAttribute, (KMIPSession) session);
NAEParameterSpec spec2 = new NAEParameterSpec(wrapped_key, 128, initialAttributes2, (KMIPSession) session);
NAEKey key3 = NAEKey.getSecretKey(wrapping_key, session);
NAEKey key4 = NAEKey.getSecretKey(wrapped_key, session);
// register wrapping key
try {
uniqueIdentifier_wrappingkey = key3.registerKey(IngrianProvider.hex2ByteArray(wrapping_keybytes), algorithm, keyFormat, spec);
} catch (NAEException e) {
if (e.getMessage().contains("Key already exists")) {
System.out.println("this key already exist");
try {
// updating UID for wrapping key
uniqueIdentifier_wrappingkey = key3.getUID();
} catch (NAEException e1) {
e1.printStackTrace();
} catch (Exception e1) {
e1.printStackTrace();
}
}
}
// register wrapped key
try {
uniqueIdentifier_wrappedkey = key4.registerKey(IngrianProvider.hex2ByteArray(wrapped_keybytes), algorithm, keyFormat, spec2);
} catch (NAEException e) {
if (e.getMessage().contains("Key already exists")) {
System.out.println("this key already exist");
try {
// updating UID for wrapped key
uniqueIdentifier_wrappedkey = key4.getUID();
} catch (Exception e1) {
e1.printStackTrace();
}
}
}
// KMIP attribute to get a wrapped key
KMIPAttributes initialAttributes1 = new KMIPAttributes();
initialAttributes1.add(new KMIPKeyWrapSpecification(wrappingMethod, uniqueIdentifier_wrappingkey, blockCipherMode, paddingMethod, hashingAlgorithm, keyRoleType, encodingOption), 0);
// Getting wrapped key bytes
byte[] x = session.wrapKey(wrapped_key, initialAttributes1);
System.out.println("Encrypted key bytes Key 1 " + IngrianProvider.byteArray2Hex(x));
// KMIP attribute to register a new key using encrypted key bytes
KMIPAttributes unwrapAttribute = new KMIPAttributes();
unwrapAttribute.add(new KMIPKeyWrappingData(wrappingMethod, uniqueIdentifier_wrappingkey, blockCipherMode, paddingMethod, hashingAlgorithm, keyRoleType, encodingOption), 0);
unwrapAttribute.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Encrypt.getValue() | UsageMask.Decrypt.getValue()));
String new_unwrapkeyuid = null;
// register a new key using wrapped key bytes
try {
new_unwrapkeyuid = session.registerKey(x, algorithm, null, length, unwrapAttribute);
} catch (NAEException e) {
if (e.getMessage().contains("Key already exists"))
System.out.println("this key already exist");
}
// Getting plain key bytes of new key
System.out.println("Plain key bytes of Key-3 " + IngrianProvider.byteArray2Hex(session.getKeyBytes(new_unwrapkeyuid)));
session.closeSession();
}
Also used :
KMIPAttributes(com.ingrian.security.nae.KMIPAttributes)
NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec)
NAEException(com.ingrian.security.nae.NAEException)
NAEKey(com.ingrian.security.nae.NAEKey)
KMIPKeyWrapSpecification(com.ingrian.security.nae.KMIPKeyWrapSpecification)
KMIPKeyWrappingData(com.ingrian.security.nae.KMIPKeyWrappingData)
NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate)
NAEException(com.ingrian.security.nae.NAEException)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
KMIPSession(com.ingrian.security.nae.KMIPSession)
Example 19 with NAEClientCertificate
use of com.ingrian.security.nae.NAEClientCertificate in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPQuerySample method main.
public static void main(String[] args) throws Exception {
if (args.length != 2) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession session = null;
try {
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// create list of Key Manager properties to query
ArrayList<Query> query = new ArrayList<Query>();
query.add(Query.QueryObjects);
query.add(Query.QueryOperations);
query.add(Query.QueryServerInformation);
/* execute the query on the session */
Map<Query, ArrayList<String>> queryResult2 = session.query(query);
/* view the results */
for (Query answer : queryResult2.keySet()) {
System.out.println(answer.getPrintName() + ": " + queryResult2.get(answer));
}
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
Also used :
Query(com.ingrian.security.nae.KMIPQueryFunction.Query)
ArrayList(java.util.ArrayList)
NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
KMIPSession(com.ingrian.security.nae.KMIPSession)
Example 20 with NAEClientCertificate
use of com.ingrian.security.nae.NAEClientCertificate in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPSecretDataSample method main.
public static void main(String[] args) throws Exception {
if (args.length < 2) {
usage();
}
String keyName = args.length == 3 ? args[2] : "KMIPSecretData";
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
try {
// generate the secret data (the bytes of a public key)
// For IBM Java, change the provider from "SUN/SunRsaSign" to "IBMJCE"
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", "SunRsaSign");
SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN");
keyGen.initialize(1024, random);
KeyPair keyPair = keyGen.generateKeyPair();
PublicKey pub = keyPair.getPublic();
byte[] data = pub.getEncoded();
// create NAE Session: pass in Key Manager user name and password
// KMIPSession session = KMIPSession.getSession(new NAEClientCertificate( args[0], args[1]));
// create secret data managed object ParameterSpec
KMIPAttributes initialAttributes = new KMIPAttributes();
initialAttributes.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Verify.getValue()));
NAEParameterSpec spec = new NAEParameterSpec(keyName, 1024, (KMIPAttributes) initialAttributes, session);
// create the secret data object as a KMIP secret data Password type
KMIPSecretData secretDataManagedObject = new KMIPSecretData(keyName, KMIPSecretData.SecretDataType.Password, session);
// register the secret data bytes
secretDataManagedObject.register(data, spec);
// now export() a copy of the secret data back from the Key Manager
byte[] exportedSecretData = secretDataManagedObject.export();
// compare the original and exported bytes
if ((exportedSecretData != null) && Arrays.equals(exportedSecretData, data))
System.out.println("Exported secret data equals original");
else {
System.out.println("Uh-oh!");
}
// print the bytes and close the session
System.out.println("original: " + TTLVUtil.toHexString(data));
System.out.println("exported: " + TTLVUtil.toHexString(exportedSecretData));
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
Also used :
KeyPair(java.security.KeyPair)
KMIPAttributes(com.ingrian.security.nae.KMIPAttributes)
NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec)
PublicKey(java.security.PublicKey)
SecureRandom(java.security.SecureRandom)
KMIPSecretData(com.ingrian.security.nae.KMIPSecretData)
KeyPairGenerator(java.security.KeyPairGenerator)
NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
KMIPSession(com.ingrian.security.nae.KMIPSession)
Aggregations
KMIPSession (com.ingrian.security.nae.KMIPSession)20
NAEClientCertificate (com.ingrian.security.nae.NAEClientCertificate)20
IngrianProvider (com.ingrian.security.nae.IngrianProvider)19
KMIPAttributes (com.ingrian.security.nae.KMIPAttributes)16
NAEKey (com.ingrian.security.nae.NAEKey)10
NAEParameterSpec (com.ingrian.security.nae.NAEParameterSpec)10
NAEPrivateKey (com.ingrian.security.nae.NAEPrivateKey)9
NAEPublicKey (com.ingrian.security.nae.NAEPublicKey)9
KMIPSecretData (com.ingrian.security.nae.KMIPSecretData)8
NAEException (com.ingrian.security.nae.NAEException)8
NAESecretKey (com.ingrian.security.nae.NAESecretKey)7
KeyGenerator (javax.crypto.KeyGenerator)4
NAECertificate (com.ingrian.security.nae.NAECertificate)3
KeyPair (java.security.KeyPair)3
PublicKey (java.security.PublicKey)3
SecretKey (javax.crypto.SecretKey)3
KeyPairGenerator (java.security.KeyPairGenerator)2
PrivateKey (java.security.PrivateKey)2
Calendar (java.util.Calendar)2
Attribute (com.ingrian.internal.kmip.api.Attribute)1
