Examples with NAEException com.ingrian.security.nae.NAEException used on opensource projects

Example 6 with NAEException

use of com.ingrian.security.nae.NAEException in project CipherTrust_Application_Protection by thalescpl-io.

the class ByokSample method validateInput.

private static void validateInput(Map<String, String> inputs) {
    StringBuilder errorMsg = new StringBuilder();
    String cloudName = inputs.get("cloudName").toLowerCase();
    if (!cloudName.equals("aws") && !cloudName.equals("salesforce") && !cloudName.equals("googlecloud"))
        errorMsg.append("cloud " + cloudName + "  not supported" + "\n");
    if (inputs.get("userName") == null)
        errorMsg.append("username not provided" + "\n");
    if (inputs.get("password") == null)
        errorMsg.append("password not provided" + "\n");
    if (inputs.get("aesKeyName") == null)
        errorMsg.append("key name not provided" + "\n");
    if (inputs.get("wrappedKeyPath") == null)
        errorMsg.append("wrapped key path not provided" + "\n");
    if (inputs.get("wrappingAlgo") == null)
        errorMsg.append("wrapping algoname not provided");
    if (inputs.get("wrappingKeyName") == null && "pkcs1.5".equals(inputs.get("wrappingAlgo").toLowerCase()))
        errorMsg.append("wrapped key name not provided" + "\n");
    if (inputs.get("hash256Path") == null) {
        if (cloudName.equalsIgnoreCase("salesforce"))
            errorMsg.append("hash256Path is mandatory for salesforce cloud");
    }
    if (inputs.get("outputFormat") != null) {
        String format = inputs.get("outputFormat");
        if (!"default".equals(format.toLowerCase()) && !"base64".equals(format.toLowerCase()))
            errorMsg.append(format + " is not supported.");
        if (!"base64".equals(format.toLowerCase()) && (cloudName.equalsIgnoreCase("salesforce") || cloudName.equalsIgnoreCase("googlecloud")))
            errorMsg.append("only base64 format is support in salesforce");
    }
    if (inputs.get("wrappingAlgo") != null) {
        String wrappingAlgo = inputs.get("wrappingAlgo");
        if ((cloudName.equalsIgnoreCase("salesforce") || cloudName.equalsIgnoreCase("googleCloud")) && !wrappingAlgo.equalsIgnoreCase("SHA1")) {
            errorMsg.append("only SHA1 wrapping Algorithm support for selected cloud");
        }
    }
    if (errorMsg.length() != 0)
        throw new NAEException(errorMsg.toString());
}

Example 7 with NAEException

use of com.ingrian.security.nae.NAEException in project CipherTrust_Application_Protection by thalescpl-io.

the class ByokSample method readPublicKeyFromcloudFile.

private static byte[] readPublicKeyFromcloudFile(String publicKeyPath) {
    byte[] parsedByte = null;
    PublicKey publicKey;
    try {
        publicKey = readPublicKeyFromFile(publicKeyPath);
        byte[] pubBytes = publicKey.getEncoded();
        SubjectPublicKeyInfo spkInfo = SubjectPublicKeyInfo.getInstance(pubBytes);
        ASN1Primitive primitive = spkInfo.parsePublicKey();
        if (primitive != null)
            return primitive.getEncoded();
    } catch (Exception e) {
        throw new NAEException("Unable to read public key from public key path" + e.getMessage());
    }
    return parsedByte;
}

Example 8 with NAEException

use of com.ingrian.security.nae.NAEException in project CipherTrust_Application_Protection by thalescpl-io.

the class CryptoTool method doEncryptGCM.

private static boolean doEncryptGCM(String keyName, String algName, byte[] iv, NAESession session, String authTagLength, String aad, String inFile, String outFile) throws Exception {
    Key key = NAEKey.getSecretKey(keyName, session);
    boolean isAADSpecified = false;
    if ((null != aad) && !EMPTYSTRING.equals(aad)) {
        isAADSpecified = true;
    }
    Integer authtaglength = Integer.parseInt(authTagLength);
    if (authtaglength == null) {
        System.err.println("Unknown AuthTagLength");
    }
    NAECipher cipher = NAECipher.getNAECipherInstance("AES/GCM/NoPadding", "IngrianProvider");
    if (isAADSpecified) {
        byte[] aadBytes = IngrianProvider.hex2ByteArray(aad);
        GCMParameterSpec gcmSpec = new GCMParameterSpec(authtaglength.intValue(), iv, aadBytes);
        try {
            cipher.init(Cipher.ENCRYPT_MODE, key, gcmSpec);
        } catch (InvalidAlgorithmParameterException e) {
            throw new NAEException("Encrypt: failed - " + e.getMessage());
        } catch (InvalidKeyException e) {
            throw e;
        }
    } else {
        try {
            GCMParameterSpec gcmSpec = new GCMParameterSpec(authtaglength.intValue(), iv);
            cipher.init(Cipher.ENCRYPT_MODE, key, gcmSpec);
        } catch (InvalidKeyException e) {
            throw e;
        } catch (InvalidAlgorithmParameterException e) {
            throw e;
        }
    }
    String result = null;
    inputscanner = new Scanner(is);
    result = inputscanner.nextLine();
    if (inFile != null && outFile != null) {
        NAEAESGCMCipher gcm = cipher.get_spi();
        gcm.update(inFile, outFile, 1024, cipher);
    } else {
        while (EMPTYSTRING.equals(result)) result = inputscanner.hasNext() ? inputscanner.nextLine() : null;
        os.writeBytes(IngrianProvider.byteArray2Hex(cipher.doFinal(result.getBytes())));
    }
    return true;
}

Example 9 with NAEException

use of com.ingrian.security.nae.NAEException in project CipherTrust_Application_Protection by thalescpl-io.

the class CryptoTool method doDecryptGCM.

private static boolean doDecryptGCM(String keyName, String algName, byte[] iv, NAESession session, String authTagLength, String aad, String inFile, String outFile) throws Exception {
    Key key = NAEKey.getSecretKey(keyName, session);
    boolean isAADSpecified = false;
    if ((null != aad) && !EMPTYSTRING.equals(aad)) {
        isAADSpecified = true;
    }
    Integer authtaglength = Integer.parseInt(authTagLength);
    if (authtaglength == null) {
        System.err.println("Unknown AuthTagLength");
    }
    NAECipher cipher = NAECipher.getNAECipherInstance("AES/GCM/NoPadding", "IngrianProvider");
    if (isAADSpecified) {
        byte[] aadBytes = IngrianProvider.hex2ByteArray(aad);
        GCMParameterSpec gcmSpec = new GCMParameterSpec(authtaglength.intValue(), iv, aadBytes);
        try {
            cipher.init(Cipher.DECRYPT_MODE, key, gcmSpec);
        } catch (InvalidAlgorithmParameterException e) {
            throw new NAEException("Decrypt: failed - " + e.getMessage());
        // e.printStackTrace();
        } catch (InvalidKeyException e) {
            throw e;
        }
    } else {
        try {
            GCMParameterSpec gcmSpec = new GCMParameterSpec(authtaglength.intValue(), iv);
            cipher.init(Cipher.DECRYPT_MODE, key, gcmSpec);
        } catch (InvalidKeyException e) {
            throw e;
        } catch (InvalidAlgorithmParameterException e) {
            throw e;
        }
    }
    inputscanner = new Scanner(is);
    String result = inputscanner.nextLine();
    if (inFile != null && outFile != null) {
        NAEAESGCMCipher gcm = cipher.get_spi();
        gcm.update(inFile, outFile, 1024, cipher);
    } else {
        while (EMPTYSTRING.equals(result.trim())) result = inputscanner.hasNext() ? inputscanner.nextLine() : null;
        os.write(cipher.doFinal(IngrianProvider.hex2ByteArray(result)));
    }
    return true;
}

Example 10 with NAEException

use of com.ingrian.security.nae.NAEException in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPWrapUnwrapSample method main.

public static void main(String[] args) {
    if (args.length != 4) {
        usage();
    }
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    String wrapping_key = args[2];
    String wrapped_key = args[3];
    // key bytes
    String wrapping_keybytes = "49E3BD09F079E4F8842F1C6620FFF6EC";
    String wrapped_keybytes = "92F6355221CC38DF5F374275631C774D";
    System.out.println("wrapped_keybytes Key-1 " + wrapped_keybytes);
    System.out.println("wrapping_keybytes Key-2" + wrapping_keybytes);
    // key specification and key wrapping data
    String wrappingMethod = "Encrypt";
    String uniqueIdentifier_wrappingkey = null;
    String uniqueIdentifier_wrappedkey = null;
    String blockCipherMode = "NISTKeyWrap";
    // not required as of now
    String paddingMethod = null;
    // not required as of now
    String hashingAlgorithm = null;
    // not required as of now
    String keyRoleType = null;
    String encodingOption = "NoEncoding";
    // initiate KMIP session
    KMIPSession session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
    // KMIP attributes for to declare an encrypting key
    KMIPAttributes initialAttribute = new KMIPAttributes();
    initialAttribute.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.WrapKey.getValue() | UsageMask.UnwrapKey.getValue()));
    // KMIP attribute to declare a plain key
    KMIPAttributes initialAttributes2 = new KMIPAttributes();
    initialAttributes2.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Encrypt.getValue() | UsageMask.Decrypt.getValue()));
    NAEParameterSpec spec = new NAEParameterSpec(wrapping_key, 128, initialAttribute, (KMIPSession) session);
    NAEParameterSpec spec2 = new NAEParameterSpec(wrapped_key, 128, initialAttributes2, (KMIPSession) session);
    NAEKey key3 = NAEKey.getSecretKey(wrapping_key, session);
    NAEKey key4 = NAEKey.getSecretKey(wrapped_key, session);
    // register wrapping key
    try {
        uniqueIdentifier_wrappingkey = key3.registerKey(IngrianProvider.hex2ByteArray(wrapping_keybytes), algorithm, keyFormat, spec);
    } catch (NAEException e) {
        if (e.getMessage().contains("Key already exists")) {
            System.out.println("this key already exist");
            try {
                // updating UID for wrapping key
                uniqueIdentifier_wrappingkey = key3.getUID();
            } catch (NAEException e1) {
                e1.printStackTrace();
            } catch (Exception e1) {
                e1.printStackTrace();
            }
        }
    }
    // register wrapped key
    try {
        uniqueIdentifier_wrappedkey = key4.registerKey(IngrianProvider.hex2ByteArray(wrapped_keybytes), algorithm, keyFormat, spec2);
    } catch (NAEException e) {
        if (e.getMessage().contains("Key already exists")) {
            System.out.println("this key already exist");
            try {
                // updating UID for wrapped key
                uniqueIdentifier_wrappedkey = key4.getUID();
            } catch (Exception e1) {
                e1.printStackTrace();
            }
        }
    }
    // KMIP attribute to get a wrapped key
    KMIPAttributes initialAttributes1 = new KMIPAttributes();
    initialAttributes1.add(new KMIPKeyWrapSpecification(wrappingMethod, uniqueIdentifier_wrappingkey, blockCipherMode, paddingMethod, hashingAlgorithm, keyRoleType, encodingOption), 0);
    // Getting wrapped key bytes
    byte[] x = session.wrapKey(wrapped_key, initialAttributes1);
    System.out.println("Encrypted key bytes Key 1 " + IngrianProvider.byteArray2Hex(x));
    // KMIP attribute to register a new key using encrypted key bytes
    KMIPAttributes unwrapAttribute = new KMIPAttributes();
    unwrapAttribute.add(new KMIPKeyWrappingData(wrappingMethod, uniqueIdentifier_wrappingkey, blockCipherMode, paddingMethod, hashingAlgorithm, keyRoleType, encodingOption), 0);
    unwrapAttribute.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Encrypt.getValue() | UsageMask.Decrypt.getValue()));
    String new_unwrapkeyuid = null;
    // register a new key using wrapped key bytes
    try {
        new_unwrapkeyuid = session.registerKey(x, algorithm, null, length, unwrapAttribute);
    } catch (NAEException e) {
        if (e.getMessage().contains("Key already exists"))
            System.out.println("this key already exist");
    }
    // Getting plain key bytes of new key
    System.out.println("Plain key bytes of Key-3 " + IngrianProvider.byteArray2Hex(session.getKeyBytes(new_unwrapkeyuid)));
    session.closeSession();
}