use of com.ingrian.security.nae.NAEClientCertificate in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPCreateSymmetricKeySample method main.
public static void main(String[] args) throws Exception {
String keyName = null;
int keyLength = 256;
if (args.length != 3) {
usage();
}
keyName = args[2];
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession session = null;
try {
// create KMIP Session - specify client X.509 certificate and keystore password
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
NAEKey key;
try {
/* does the key exist? if so, delete it */
/* get..Key method is merely a placeholder for a managed object
* with that name. */
key = NAEKey.getSecretKey(keyName, session);
/* getUID() will throw an exception if the key does not exist */
if (key.getUID() != null) {
// exists if Unique Identifier is not null
System.out.println("Deleting key " + keyName + " with UID=" + key.getUID());
key.delete();
}
} catch (Exception notFound) {
}
/* create a secret key on the Key Manager using JCE key generator */
KMIPAttributes initialAttributes = new KMIPAttributes();
initialAttributes.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Encrypt.getValue() | UsageMask.Decrypt.getValue()));
NAEParameterSpec spec = new NAEParameterSpec(keyName, keyLength, (KMIPAttributes) initialAttributes, session);
KeyGenerator kg = KeyGenerator.getInstance("AES", "IngrianProvider");
kg.init(spec);
SecretKey secretKey = kg.generateKey();
System.out.println("Created key " + ((NAEKey) secretKey).getName());
/* cast to NAEKey and list the default attribute names */
Set<String> defaultAttributes = ((NAEKey) secretKey).listKMIPAttributes();
System.out.println(defaultAttributes);
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
use of com.ingrian.security.nae.NAEClientCertificate in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPSecretDataGetCustomAttributeSample method main.
public static void main(String[] args) throws Exception {
if (args.length != 4) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
String secretDataName = args[2];
String custattrib = args[3];
// create NAE Session: pass in Key Manager user name and password
KMIPSession session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
KMIPAttributes getAttributes = new KMIPAttributes();
if (custattrib.contains("#")) {
String[] attrs = custattrib.split("#");
for (String atr : attrs) {
getAttributes.add(atr);
}
} else {
getAttributes.add(custattrib);
}
try {
// create the secret data object as a KMIP secret data Password type
KMIPSecretData secretDataManagedObject = new KMIPSecretData(secretDataName, KMIPSecretData.SecretDataType.Password, session);
KMIPAttributes returnedAttributes = secretDataManagedObject.getKMIPAttributes(getAttributes);
printCustomAttribute(returnedAttributes);
} catch (Exception e) {
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
use of com.ingrian.security.nae.NAEClientCertificate in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPWrapUnwrapSample method main.
public static void main(String[] args) {
if (args.length != 4) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
String wrapping_key = args[2];
String wrapped_key = args[3];
// key bytes
String wrapping_keybytes = "49E3BD09F079E4F8842F1C6620FFF6EC";
String wrapped_keybytes = "92F6355221CC38DF5F374275631C774D";
System.out.println("wrapped_keybytes Key-1 " + wrapped_keybytes);
System.out.println("wrapping_keybytes Key-2" + wrapping_keybytes);
// key specification and key wrapping data
String wrappingMethod = "Encrypt";
String uniqueIdentifier_wrappingkey = null;
String uniqueIdentifier_wrappedkey = null;
String blockCipherMode = "NISTKeyWrap";
// not required as of now
String paddingMethod = null;
// not required as of now
String hashingAlgorithm = null;
// not required as of now
String keyRoleType = null;
String encodingOption = "NoEncoding";
// initiate KMIP session
KMIPSession session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// KMIP attributes for to declare an encrypting key
KMIPAttributes initialAttribute = new KMIPAttributes();
initialAttribute.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.WrapKey.getValue() | UsageMask.UnwrapKey.getValue()));
// KMIP attribute to declare a plain key
KMIPAttributes initialAttributes2 = new KMIPAttributes();
initialAttributes2.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Encrypt.getValue() | UsageMask.Decrypt.getValue()));
NAEParameterSpec spec = new NAEParameterSpec(wrapping_key, 128, initialAttribute, (KMIPSession) session);
NAEParameterSpec spec2 = new NAEParameterSpec(wrapped_key, 128, initialAttributes2, (KMIPSession) session);
NAEKey key3 = NAEKey.getSecretKey(wrapping_key, session);
NAEKey key4 = NAEKey.getSecretKey(wrapped_key, session);
// register wrapping key
try {
uniqueIdentifier_wrappingkey = key3.registerKey(IngrianProvider.hex2ByteArray(wrapping_keybytes), algorithm, keyFormat, spec);
} catch (NAEException e) {
if (e.getMessage().contains("Key already exists")) {
System.out.println("this key already exist");
try {
// updating UID for wrapping key
uniqueIdentifier_wrappingkey = key3.getUID();
} catch (NAEException e1) {
e1.printStackTrace();
} catch (Exception e1) {
e1.printStackTrace();
}
}
}
// register wrapped key
try {
uniqueIdentifier_wrappedkey = key4.registerKey(IngrianProvider.hex2ByteArray(wrapped_keybytes), algorithm, keyFormat, spec2);
} catch (NAEException e) {
if (e.getMessage().contains("Key already exists")) {
System.out.println("this key already exist");
try {
// updating UID for wrapped key
uniqueIdentifier_wrappedkey = key4.getUID();
} catch (Exception e1) {
e1.printStackTrace();
}
}
}
// KMIP attribute to get a wrapped key
KMIPAttributes initialAttributes1 = new KMIPAttributes();
initialAttributes1.add(new KMIPKeyWrapSpecification(wrappingMethod, uniqueIdentifier_wrappingkey, blockCipherMode, paddingMethod, hashingAlgorithm, keyRoleType, encodingOption), 0);
// Getting wrapped key bytes
byte[] x = session.wrapKey(wrapped_key, initialAttributes1);
System.out.println("Encrypted key bytes Key 1 " + IngrianProvider.byteArray2Hex(x));
// KMIP attribute to register a new key using encrypted key bytes
KMIPAttributes unwrapAttribute = new KMIPAttributes();
unwrapAttribute.add(new KMIPKeyWrappingData(wrappingMethod, uniqueIdentifier_wrappingkey, blockCipherMode, paddingMethod, hashingAlgorithm, keyRoleType, encodingOption), 0);
unwrapAttribute.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Encrypt.getValue() | UsageMask.Decrypt.getValue()));
String new_unwrapkeyuid = null;
// register a new key using wrapped key bytes
try {
new_unwrapkeyuid = session.registerKey(x, algorithm, null, length, unwrapAttribute);
} catch (NAEException e) {
if (e.getMessage().contains("Key already exists"))
System.out.println("this key already exist");
}
// Getting plain key bytes of new key
System.out.println("Plain key bytes of Key-3 " + IngrianProvider.byteArray2Hex(session.getKeyBytes(new_unwrapkeyuid)));
session.closeSession();
}
use of com.ingrian.security.nae.NAEClientCertificate in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPQuerySample method main.
public static void main(String[] args) throws Exception {
if (args.length != 2) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession session = null;
try {
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// create list of Key Manager properties to query
ArrayList<Query> query = new ArrayList<Query>();
query.add(Query.QueryObjects);
query.add(Query.QueryOperations);
query.add(Query.QueryServerInformation);
/* execute the query on the session */
Map<Query, ArrayList<String>> queryResult2 = session.query(query);
/* view the results */
for (Query answer : queryResult2.keySet()) {
System.out.println(answer.getPrintName() + ": " + queryResult2.get(answer));
}
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
use of com.ingrian.security.nae.NAEClientCertificate in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPSecretDataSample method main.
public static void main(String[] args) throws Exception {
if (args.length < 2) {
usage();
}
String keyName = args.length == 3 ? args[2] : "KMIPSecretData";
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
try {
// generate the secret data (the bytes of a public key)
// For IBM Java, change the provider from "SUN/SunRsaSign" to "IBMJCE"
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", "SunRsaSign");
SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN");
keyGen.initialize(1024, random);
KeyPair keyPair = keyGen.generateKeyPair();
PublicKey pub = keyPair.getPublic();
byte[] data = pub.getEncoded();
// create NAE Session: pass in Key Manager user name and password
// KMIPSession session = KMIPSession.getSession(new NAEClientCertificate( args[0], args[1]));
// create secret data managed object ParameterSpec
KMIPAttributes initialAttributes = new KMIPAttributes();
initialAttributes.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Verify.getValue()));
NAEParameterSpec spec = new NAEParameterSpec(keyName, 1024, (KMIPAttributes) initialAttributes, session);
// create the secret data object as a KMIP secret data Password type
KMIPSecretData secretDataManagedObject = new KMIPSecretData(keyName, KMIPSecretData.SecretDataType.Password, session);
// register the secret data bytes
secretDataManagedObject.register(data, spec);
// now export() a copy of the secret data back from the Key Manager
byte[] exportedSecretData = secretDataManagedObject.export();
// compare the original and exported bytes
if ((exportedSecretData != null) && Arrays.equals(exportedSecretData, data))
System.out.println("Exported secret data equals original");
else {
System.out.println("Uh-oh!");
}
// print the bytes and close the session
System.out.println("original: " + TTLVUtil.toHexString(data));
System.out.println("exported: " + TTLVUtil.toHexString(exportedSecretData));
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
Aggregations