Examples with NAEException com.ingrian.security.nae.NAEException used on opensource projects

Example 1 with NAEException

use of com.ingrian.security.nae.NAEException in project CipherTrust_Application_Protection by thalescpl-io.

the class SelfSignedCertificateUtility method validateProperties.

private static void validateProperties(Map<String, String> certificateProeprties) {
    StringBuffer buffer = new StringBuffer();
    if (certificateProeprties.get("Validity") == null) {
        buffer.append("Validity");
        buffer.append(", ");
    } else {
        String days = certificateProeprties.get("Validity");
        if (Integer.valueOf(days) < 0)
            throw new NAEException("Invalid validity period: " + days);
    }
    if (certificateProeprties.get("CertPassword") == null) {
        buffer.append("CertPassword");
        buffer.append(", ");
    }
    if (certificateProeprties.get("Algorithm") == null) {
        buffer.append("Algorithm");
        buffer.append(", ");
    }
    if (certificateProeprties.get("CommonName") == null) {
        buffer.append("CommonName");
        buffer.append(", ");
    }
    if (certificateProeprties.get("CountryName") == null) {
        buffer.append("CountryName");
        buffer.append(", ");
    }
    if (buffer.length() != 0)
        throw new NAEException(buffer.toString() + " missing");
}

Example 2 with NAEException

use of com.ingrian.security.nae.NAEException in project CipherTrust_Application_Protection by thalescpl-io.

the class SelfSignedCertificateUtility method generateCertificate.

private static X509Certificate generateCertificate(PublicKey publicKey, PrivateKey privateKey, Map<String, String> certificateProeprties) throws Exception {
    String dn = makeDN(certificateProeprties);
    X509CertInfo info = new X509CertInfo();
    Date from = new Date();
    Date to = new Date(from.getTime() + Integer.valueOf(certificateProeprties.get("Validity")) * 86400000l);
    CertificateValidity interval = new CertificateValidity(from, to);
    X500Name owner = new X500Name(dn);
    boolean[] kueOk = getKeyUsgaeExtension(certificateProeprties.get("KeyUsage"));
    KeyUsageExtension kue = new KeyUsageExtension(kueOk);
    CertificateExtensions ext = new CertificateExtensions();
    ext.set(KeyUsageExtension.NAME, kue);
    info.set(X509CertInfo.VALIDITY, interval);
    BigInteger sn = new BigInteger(64, new SecureRandom());
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
    boolean justName = isJavaAtLeast(1.8);
    if (justName) {
        info.set(X509CertInfo.SUBJECT, owner);
        info.set(X509CertInfo.ISSUER, owner);
    } else {
        info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
        info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
    }
    info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    AlgorithmId algo = null;
    String provider = null;
    switch(certificateProeprties.get("Algorithm")) {
        case "SHA1WithRSA":
            break;
        case "SHA256WithRSA":
            break;
        case "SHA384WithRSA":
            break;
        case "SHA512WithRSA":
            provider = "BC";
            break;
        case "SHA1WithECDSA":
            provider = "BC";
            break;
        case "SHA224WithECDSA":
            provider = "BC";
            break;
        case "SHA256WithECDSA":
            provider = "BC";
            break;
        case "SHA384WithECDSA":
            provider = "BC";
            break;
        case "SHA512WithECDSA":
            provider = "BC";
            break;
        default:
            throw new NAEException(certificateProeprties.get("Algorithm") + " not supported.");
    }
    algo = AlgorithmId.get(certificateProeprties.get("Algorithm"));
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
    info.set(X509CertInfo.EXTENSIONS, ext);
    // Sign the cert to identify the algorithm that's used.
    X509CertImpl cert = new X509CertImpl(info);
    if (provider != null)
        cert.sign(privateKey, certificateProeprties.get("Algorithm"), provider);
    else
        cert.sign(privateKey, certificateProeprties.get("Algorithm"));
    return cert;
}

Example 3 with NAEException

use of com.ingrian.security.nae.NAEException in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPCreateAndEncryptSample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 5) {
        usage();
    }
    String keyName = args[4];
    int keyLength = 256;
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    KMIPSession kmipSession = null;
    NAESession naeSession = null;
    try {
        // create KMIP Session - specify client X.509 certificate and keystore password
        kmipSession = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
        // create key custom attributes
        NAEKey key;
        try {
            /* does the key exist? if so, delete it */
            /* get..Key method is merely a placeholder for a managed object 
                * with that name. */
            key = NAEKey.getSecretKey(keyName, kmipSession);
            /* getUID() will throw an exception if the key does not exist */
            if (key.getUID() != null) {
                System.out.println("Deleting key " + keyName + " with UID=" + key.getUID());
                key.delete();
            }
        } catch (NAEException missing) {
            if (missing.getMessage().equals("Key not found on server.")) {
                System.out.println("Key did not exist");
            } else
                throw missing;
        }
        /* create a secret key using KMIP JCE key generator */
        KMIPAttributes initialAttributes = new KMIPAttributes();
        initialAttributes.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Encrypt.getValue() | UsageMask.Decrypt.getValue()));
        Calendar c = Calendar.getInstance();
        initialAttributes.addDate(KMIPAttribute.ActivationDate, c);
        NAEParameterSpec spec = new NAEParameterSpec(keyName, keyLength, (KMIPAttributes) initialAttributes, kmipSession);
        KeyGenerator kg = KeyGenerator.getInstance("AES", "IngrianProvider");
        kg.init(spec);
        SecretKey secretKey = kg.generateKey();
        System.out.println("Created key " + ((NAEKey) secretKey).getName());
        /* Once created, you may operate on the KMIP key. For example, 
             * add a KMIP group attribute to the KMIP - not required, just include 
             * as a sample of KMIP operations on the key */
        KMIPAttributes ka = new KMIPAttributes();
        ka.add(KMIPAttribute.ObjectGroup, 0, "group1");
        secretKey = NAEKey.getSecretKey(keyName);
        NAESecretKey sk = NAEKey.getSecretKey(keyName, kmipSession);
        sk.addKMIPAttributes(ka);
        /* Now use the NAEKey created for encryption using an NAESession
             * to a Key Manager server. Essentially this is the same code as the
             * SecretKeyEncryptionSample.java program
             * Nothing new is required to use the KMIP-created key on the 
             * Key Manager server.
             */
        // create NAE XML Session: pass in NAE user name and password
        naeSession = NAESession.getSession(args[2], args[3].toCharArray());
        // Get SecretKey (just a handle to it, key data does not leave the server
        // Note: KMIP keys objects need to be re-retrieved on the XML session
        key = NAEKey.getSecretKey(keyName, naeSession);
        // get IV
        NAESecureRandom rng = new NAESecureRandom(naeSession);
        byte[] iv = new byte[16];
        rng.nextBytes(iv);
        IvParameterSpec ivSpec = new IvParameterSpec(iv);
        // get a cipher
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding", "IngrianProvider");
        // initialize cipher to encrypt.
        cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec);
        String dataToEncrypt = "2D2D2D2D2D424547494E2050455253495354454E54204346EB17960";
        System.out.println("Data to encrypt \"" + dataToEncrypt + "\"");
        // encrypt data
        byte[] outbuf = cipher.doFinal(dataToEncrypt.getBytes());
        // to decrypt data, initialize cipher to decrypt
        cipher.init(Cipher.DECRYPT_MODE, key, ivSpec);
        // decrypt data
        byte[] newbuf = cipher.doFinal(outbuf);
        System.out.println("Decrypted data  \"" + new String(newbuf) + "\"");
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        e.printStackTrace();
    } finally {
        if (kmipSession != null)
            kmipSession.closeSession();
        if (naeSession != null)
            naeSession.closeSession();
    }
}

Example 4 with NAEException

use of com.ingrian.security.nae.NAEException in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPModifySample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 2) {
        usage();
    }
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    // get the list of all registered JCE providers
    Provider[] providers = Security.getProviders();
    for (int i = 0; i < providers.length; i++) System.out.println(providers[i].getInfo());
    KMIPSession session = null;
    try {
        // create a KMIPSession: pass in NAE client X.509 key and keyStore password
        session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
        // create key KMIPAttribute object with a list of attributes to match
        Set<String> managedObjectIdentifiers;
        KMIPAttributes locateAttributes = new KMIPAttributes();
        locateAttributes.add(KMIPAttribute.CryptographicAlgorithm, Algorithm.rsa);
        locateAttributes.add(KMIPAttribute.CryptographicLength, 2048);
        KMIPAttributes getAttributes = new KMIPAttributes();
        getAttributes.add(KMIPAttribute.Name);
        managedObjectIdentifiers = session.locate(locateAttributes);
        if (managedObjectIdentifiers != null) {
            System.out.println("\n\nFound " + managedObjectIdentifiers.size() + " managed objects matching criteria.");
            System.out.println("\n\nKeys with attributes rsa, 2048 and object group");
            for (String uid : managedObjectIdentifiers) {
                System.out.println("\n\nManaged Object UniqueIdentifier: \t" + uid);
                Object managedObject = session.getManagedObject(uid);
                // not a key
                if (managedObject == null)
                    continue;
                if ((managedObject instanceof NAEPublicKey) || (managedObject instanceof NAEPrivateKey) || (managedObject instanceof NAESecretKey)) {
                    NAEKey key;
                    if (managedObject instanceof NAEPublicKey)
                        key = (NAEPublicKey) managedObject;
                    else if (managedObject instanceof NAEPrivateKey)
                        key = (NAEPrivateKey) managedObject;
                    else
                        key = (NAESecretKey) managedObject;
                    System.out.println("\tName: \t" + key.getName());
                    // Retrieve a KMIP attribute - in this case, Name.
                    KMIPAttributes returnedAttributes = key.getKMIPAttributes(getAttributes);
                    KMIPNameAttribute name = returnedAttributes.getNameAttribute();
                    System.out.println("Name attribute: " + name.getNameValue().getNameValue());
                    // Modify the Application Specific Information for this key - if it has any
                    KMIPAttributes modAttributes = new KMIPAttributes();
                    String ts = timestamp();
                    modAttributes.add(new KMIPApplicationSpecificInformation("namespace-" + ts, ts), 0);
                    try {
                        // throws NAE error if the key does not already have attribute being modified
                        key.modifyKMIPAttributes(modAttributes);
                    } catch (NAEException nae) {
                        if (!nae.getMessage().contains("Object does not have the specified attribute"))
                            throw nae;
                    }
                } else if (managedObject instanceof KMIPSecretData) {
                    System.out.println(((KMIPSecretData) managedObject).getName());
                }
            }
        }
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        e.printStackTrace();
    } finally {
        if (session != null)
            session.closeSession();
    }
}

Example 5 with NAEException

use of com.ingrian.security.nae.NAEException in project CipherTrust_Application_Protection by thalescpl-io.

the class ByokSample method checkIfJavaSupportedWrappingAlgo.

private static void checkIfJavaSupportedWrappingAlgo(String wrappingAlgo, double supportedVersion) {
    String version = System.getProperty("java.version");
    int pos = version.indexOf('.');
    pos = version.indexOf('.', pos + 1);
    Double curVer = Double.parseDouble(version.substring(0, pos));
    if (wrappingAlgo.equalsIgnoreCase("sha256") && curVer < supportedVersion)
        throw new NAEException(wrappingAlgo + " is supported by" + " Java version " + supportedVersion + " and above.");
}