use of com.ingrian.security.nae.NAEException in project CipherTrust_Application_Protection by thalescpl-io.
the class SelfSignedCertificateUtility method validateProperties.
private static void validateProperties(Map<String, String> certificateProeprties) {
StringBuffer buffer = new StringBuffer();
if (certificateProeprties.get("Validity") == null) {
buffer.append("Validity");
buffer.append(", ");
} else {
String days = certificateProeprties.get("Validity");
if (Integer.valueOf(days) < 0)
throw new NAEException("Invalid validity period: " + days);
}
if (certificateProeprties.get("CertPassword") == null) {
buffer.append("CertPassword");
buffer.append(", ");
}
if (certificateProeprties.get("Algorithm") == null) {
buffer.append("Algorithm");
buffer.append(", ");
}
if (certificateProeprties.get("CommonName") == null) {
buffer.append("CommonName");
buffer.append(", ");
}
if (certificateProeprties.get("CountryName") == null) {
buffer.append("CountryName");
buffer.append(", ");
}
if (buffer.length() != 0)
throw new NAEException(buffer.toString() + " missing");
}
use of com.ingrian.security.nae.NAEException in project CipherTrust_Application_Protection by thalescpl-io.
the class SelfSignedCertificateUtility method generateCertificate.
private static X509Certificate generateCertificate(PublicKey publicKey, PrivateKey privateKey, Map<String, String> certificateProeprties) throws Exception {
String dn = makeDN(certificateProeprties);
X509CertInfo info = new X509CertInfo();
Date from = new Date();
Date to = new Date(from.getTime() + Integer.valueOf(certificateProeprties.get("Validity")) * 86400000l);
CertificateValidity interval = new CertificateValidity(from, to);
X500Name owner = new X500Name(dn);
boolean[] kueOk = getKeyUsgaeExtension(certificateProeprties.get("KeyUsage"));
KeyUsageExtension kue = new KeyUsageExtension(kueOk);
CertificateExtensions ext = new CertificateExtensions();
ext.set(KeyUsageExtension.NAME, kue);
info.set(X509CertInfo.VALIDITY, interval);
BigInteger sn = new BigInteger(64, new SecureRandom());
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
boolean justName = isJavaAtLeast(1.8);
if (justName) {
info.set(X509CertInfo.SUBJECT, owner);
info.set(X509CertInfo.ISSUER, owner);
} else {
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
}
info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
AlgorithmId algo = null;
String provider = null;
switch(certificateProeprties.get("Algorithm")) {
case "SHA1WithRSA":
break;
case "SHA256WithRSA":
break;
case "SHA384WithRSA":
break;
case "SHA512WithRSA":
provider = "BC";
break;
case "SHA1WithECDSA":
provider = "BC";
break;
case "SHA224WithECDSA":
provider = "BC";
break;
case "SHA256WithECDSA":
provider = "BC";
break;
case "SHA384WithECDSA":
provider = "BC";
break;
case "SHA512WithECDSA":
provider = "BC";
break;
default:
throw new NAEException(certificateProeprties.get("Algorithm") + " not supported.");
}
algo = AlgorithmId.get(certificateProeprties.get("Algorithm"));
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
info.set(X509CertInfo.EXTENSIONS, ext);
// Sign the cert to identify the algorithm that's used.
X509CertImpl cert = new X509CertImpl(info);
if (provider != null)
cert.sign(privateKey, certificateProeprties.get("Algorithm"), provider);
else
cert.sign(privateKey, certificateProeprties.get("Algorithm"));
return cert;
}
use of com.ingrian.security.nae.NAEException in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPCreateAndEncryptSample method main.
public static void main(String[] args) throws Exception {
if (args.length != 5) {
usage();
}
String keyName = args[4];
int keyLength = 256;
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
KMIPSession kmipSession = null;
NAESession naeSession = null;
try {
// create KMIP Session - specify client X.509 certificate and keystore password
kmipSession = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// create key custom attributes
NAEKey key;
try {
/* does the key exist? if so, delete it */
/* get..Key method is merely a placeholder for a managed object
* with that name. */
key = NAEKey.getSecretKey(keyName, kmipSession);
/* getUID() will throw an exception if the key does not exist */
if (key.getUID() != null) {
System.out.println("Deleting key " + keyName + " with UID=" + key.getUID());
key.delete();
}
} catch (NAEException missing) {
if (missing.getMessage().equals("Key not found on server.")) {
System.out.println("Key did not exist");
} else
throw missing;
}
/* create a secret key using KMIP JCE key generator */
KMIPAttributes initialAttributes = new KMIPAttributes();
initialAttributes.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Encrypt.getValue() | UsageMask.Decrypt.getValue()));
Calendar c = Calendar.getInstance();
initialAttributes.addDate(KMIPAttribute.ActivationDate, c);
NAEParameterSpec spec = new NAEParameterSpec(keyName, keyLength, (KMIPAttributes) initialAttributes, kmipSession);
KeyGenerator kg = KeyGenerator.getInstance("AES", "IngrianProvider");
kg.init(spec);
SecretKey secretKey = kg.generateKey();
System.out.println("Created key " + ((NAEKey) secretKey).getName());
/* Once created, you may operate on the KMIP key. For example,
* add a KMIP group attribute to the KMIP - not required, just include
* as a sample of KMIP operations on the key */
KMIPAttributes ka = new KMIPAttributes();
ka.add(KMIPAttribute.ObjectGroup, 0, "group1");
secretKey = NAEKey.getSecretKey(keyName);
NAESecretKey sk = NAEKey.getSecretKey(keyName, kmipSession);
sk.addKMIPAttributes(ka);
/* Now use the NAEKey created for encryption using an NAESession
* to a Key Manager server. Essentially this is the same code as the
* SecretKeyEncryptionSample.java program
* Nothing new is required to use the KMIP-created key on the
* Key Manager server.
*/
// create NAE XML Session: pass in NAE user name and password
naeSession = NAESession.getSession(args[2], args[3].toCharArray());
// Get SecretKey (just a handle to it, key data does not leave the server
// Note: KMIP keys objects need to be re-retrieved on the XML session
key = NAEKey.getSecretKey(keyName, naeSession);
// get IV
NAESecureRandom rng = new NAESecureRandom(naeSession);
byte[] iv = new byte[16];
rng.nextBytes(iv);
IvParameterSpec ivSpec = new IvParameterSpec(iv);
// get a cipher
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding", "IngrianProvider");
// initialize cipher to encrypt.
cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec);
String dataToEncrypt = "2D2D2D2D2D424547494E2050455253495354454E54204346EB17960";
System.out.println("Data to encrypt \"" + dataToEncrypt + "\"");
// encrypt data
byte[] outbuf = cipher.doFinal(dataToEncrypt.getBytes());
// to decrypt data, initialize cipher to decrypt
cipher.init(Cipher.DECRYPT_MODE, key, ivSpec);
// decrypt data
byte[] newbuf = cipher.doFinal(outbuf);
System.out.println("Decrypted data \"" + new String(newbuf) + "\"");
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (kmipSession != null)
kmipSession.closeSession();
if (naeSession != null)
naeSession.closeSession();
}
}
use of com.ingrian.security.nae.NAEException in project CipherTrust_Application_Protection by thalescpl-io.
the class KMIPModifySample method main.
public static void main(String[] args) throws Exception {
if (args.length != 2) {
usage();
}
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
// get the list of all registered JCE providers
Provider[] providers = Security.getProviders();
for (int i = 0; i < providers.length; i++) System.out.println(providers[i].getInfo());
KMIPSession session = null;
try {
// create a KMIPSession: pass in NAE client X.509 key and keyStore password
session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
// create key KMIPAttribute object with a list of attributes to match
Set<String> managedObjectIdentifiers;
KMIPAttributes locateAttributes = new KMIPAttributes();
locateAttributes.add(KMIPAttribute.CryptographicAlgorithm, Algorithm.rsa);
locateAttributes.add(KMIPAttribute.CryptographicLength, 2048);
KMIPAttributes getAttributes = new KMIPAttributes();
getAttributes.add(KMIPAttribute.Name);
managedObjectIdentifiers = session.locate(locateAttributes);
if (managedObjectIdentifiers != null) {
System.out.println("\n\nFound " + managedObjectIdentifiers.size() + " managed objects matching criteria.");
System.out.println("\n\nKeys with attributes rsa, 2048 and object group");
for (String uid : managedObjectIdentifiers) {
System.out.println("\n\nManaged Object UniqueIdentifier: \t" + uid);
Object managedObject = session.getManagedObject(uid);
// not a key
if (managedObject == null)
continue;
if ((managedObject instanceof NAEPublicKey) || (managedObject instanceof NAEPrivateKey) || (managedObject instanceof NAESecretKey)) {
NAEKey key;
if (managedObject instanceof NAEPublicKey)
key = (NAEPublicKey) managedObject;
else if (managedObject instanceof NAEPrivateKey)
key = (NAEPrivateKey) managedObject;
else
key = (NAESecretKey) managedObject;
System.out.println("\tName: \t" + key.getName());
// Retrieve a KMIP attribute - in this case, Name.
KMIPAttributes returnedAttributes = key.getKMIPAttributes(getAttributes);
KMIPNameAttribute name = returnedAttributes.getNameAttribute();
System.out.println("Name attribute: " + name.getNameValue().getNameValue());
// Modify the Application Specific Information for this key - if it has any
KMIPAttributes modAttributes = new KMIPAttributes();
String ts = timestamp();
modAttributes.add(new KMIPApplicationSpecificInformation("namespace-" + ts, ts), 0);
try {
// throws NAE error if the key does not already have attribute being modified
key.modifyKMIPAttributes(modAttributes);
} catch (NAEException nae) {
if (!nae.getMessage().contains("Object does not have the specified attribute"))
throw nae;
}
} else if (managedObject instanceof KMIPSecretData) {
System.out.println(((KMIPSecretData) managedObject).getName());
}
}
}
} catch (Exception e) {
System.out.println("The Cause is " + e.getMessage() + ".");
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
use of com.ingrian.security.nae.NAEException in project CipherTrust_Application_Protection by thalescpl-io.
the class ByokSample method checkIfJavaSupportedWrappingAlgo.
private static void checkIfJavaSupportedWrappingAlgo(String wrappingAlgo, double supportedVersion) {
String version = System.getProperty("java.version");
int pos = version.indexOf('.');
pos = version.indexOf('.', pos + 1);
Double curVer = Double.parseDouble(version.substring(0, pos));
if (wrappingAlgo.equalsIgnoreCase("sha256") && curVer < supportedVersion)
throw new NAEException(wrappingAlgo + " is supported by" + " Java version " + supportedVersion + " and above.");
}
Aggregations