Examples with NAEParameterSpec com.ingrian.security.nae.NAEParameterSpec used on opensource projects

Example 11 with NAEParameterSpec

use of com.ingrian.security.nae.NAEParameterSpec in project CipherTrust_Application_Protection by thalescpl-io.

the class CertSample method main.

public static void main(String[] args) throws Exception {
    if (args.length < 5) {
        System.err.println("Usage: java CertSample user password fileName certName caName pkcs12Password (pkcs12Password can be null if cert data is in PKCS#1 format).");
        System.exit(-1);
    }
    String username = args[0];
    String password = args[1];
    String fileName = args[2];
    String certName = args[3];
    String caName = args[4];
    String pkcs12Pass = null;
    if (args.length == 6)
        pkcs12Pass = args[5];
    NAESession session = null;
    try {
        // create NAE Session: pass in Key Manager user name and password
        session = NAESession.getSession(username, password.toCharArray());
        // import the certificate with corresponding private key
        // from the file to Key Manager
        FileInputStream fis = new FileInputStream(fileName);
        byte[] certData = new byte[fis.available()];
        fis.read(certData);
        fis.close();
        NAEParameterSpec spec = new NAEParameterSpec(certName, true, true, session);
        // If cert data is in PKCS#1 format, pass in 'null' for password
        NAECertificate.importCertificate(certData, null, spec);
        // if cert data is in PKCS#12 format, pass in password
        // NAECertificate.importCertificate(certData, pkcs12Pass.toCharArray(), spec);
        // export back this certificate and its private key
        NAECertificate cert = new NAECertificate(certName, session);
        byte[] exportCertKeyData = cert.export("PEM-PKCS#8", null);
        // export back this certificate (without private key)
        byte[] exportCertData = cert.certificateExport();
        // get cert info from the Key Manager
        if (cert.isDeletable())
            System.out.println("Cert deletable");
        System.out.println("Algorithm: " + cert.getAlgorithm());
        // delete the certificate from the Key Manager
        cert.delete();
        // export CA certificate and its cert chain (if present)
        byte[] exportCAData = NAECertificate.CACertificateExport(caName, session);
    } catch (Exception e) {
        e.printStackTrace();
        System.out.println("Exception " + e.getMessage());
    } finally {
        if (session != null)
            session.closeSession();
    }
}

Example 12 with NAEParameterSpec

use of com.ingrian.security.nae.NAEParameterSpec in project CipherTrust_Application_Protection by thalescpl-io.

the class CryptoTool method doImport.

/**
 * Imports a key to the NAE server based on the
 * input parameters and the input stream.
 * @param keyName Key name to use
 * @param algName Algorithm name to use
 * @param session NAESession
 * @param exportable Signifies whether the key is exportable
 * @param deletable Signifies whether the key is deletable
 * @param size Key size
 * @throws Exception
 * @return Returns whether the operation was successful
 */
private static boolean doImport(String keyName, String algName, NAESession session, boolean exportable, boolean deletable, int size) throws Exception {
    // error checking
    if (keyName == null) {
        System.err.println("Missing key name");
        return false;
    }
    if (algName == null) {
        System.err.println("Missing algorithm name");
        return false;
    }
    // create byte array based on input stream
    ByteArrayOutputStream bos = new ByteArrayOutputStream();
    byte[] buffer = new byte[BUFFER_LEN];
    int readBytes;
    while ((readBytes = is.read(buffer)) >= 0) {
        bos.write(buffer, 0, readBytes);
    }
    // import the key based on the parameters given
    if (!"RSA".equalsIgnoreCase(algName)) {
        NAEKey.importKey(bos.toByteArray(), algName, new NAEParameterSpec(keyName, exportable, deletable, size, session));
    } else {
        NAEKey.importKey(bos.toByteArray(), algName, new NAEParameterSpec(keyName, exportable, deletable, size, session));
    }
    os.write("Key imported OK\n".getBytes());
    return true;
}

Example 13 with NAEParameterSpec

use of com.ingrian.security.nae.NAEParameterSpec in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPBatchSample method main.

public static void main(String[] args) throws Exception {
    KMIPSession session = null;
    int keyLength = 256;
    if (args.length != 3) {
        usage();
    }
    String keyName = args[2];
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    try {
        // create KMIP Session - specify client X.509 certificate and keystore password
        session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
        // create key custom attributes
        session.startBatching();
        System.out.println("Batching set to " + session.isBatching());
        for (int i = 0; i < 10; i++) {
            /* create a secret key using JCE key generator */
            NAEParameterSpec spec = new NAEParameterSpec(keyName + "-" + i, keyLength, (KMIPAttributes) null, session);
            KeyGenerator kg = KeyGenerator.getInstance("AES", "IngrianProvider");
            kg.init(spec);
            kg.generateKey();
        }
        KMIPBatchResults kbr = session.flushBatch();
        for (KMIPBatchItemResult batchResult : kbr.values()) {
            if (batchResult.getStatus() == Statuses.Success) {
                System.out.println(batchResult.getOperation().getPrintName() + " : " + batchResult.getStatus().getPrintName());
                System.out.println("UIDs affected: " + batchResult.getUIDs());
            } else {
                System.out.println(batchResult.getOperation().getPrintName() + " OPERATION FAILED: " + batchResult.getStatusMessage());
            }
        }
        System.out.println("Batching set to " + session.isBatching());
        // the KMIPsession is now not in batching mode. KMIP Operations will be sent
        // to the server when the line of code is executed. Operations are shown
        // which add, modify, or delete attributes in one request, with the KMIP CADP for JAVA
        // session utilizing KMIP batching implicitly based on sets of UIDs
        KMIPAttributes queryAttributes = new KMIPAttributes();
        queryAttributes.add(KMIPAttribute.CryptographicAlgorithm, Algorithm.aes);
        queryAttributes.add(KMIPAttribute.CryptographicLength, 256);
        // Have the session locate the keys matching the queryAttributes:
        Set<String> managedObjectIdentifiers = session.locate(queryAttributes);
        // loop through the UIDs of the matching managed objects
        KMIPAttributes addAttrs = new KMIPAttributes();
        addAttrs.add(KMIPAttribute.ContactInformation, 0, "Contact Information");
        for (String uid : managedObjectIdentifiers) {
            System.out.println("Managed object Unique Identifier: " + uid);
            // get the objects as Java client NAEKeys or KMIPSecretData objects
            // (Note: Secret Data doesn't have KMIP attributes of
            // algorithm or length, and will not be found by this query,
            // but is included here for completeness.
            Object managedObject = session.getManagedObject(uid);
            if (managedObject instanceof NAESecretKey) {
                NAESecretKey nsk = (NAESecretKey) managedObject;
                nsk.refreshKMIPInfo();
                if (nsk.getName().startsWith("KMIPBatch")) {
                    System.out.println(((NAESecretKey) managedObject).getName());
                }
                nsk.addKMIPAttributes(addAttrs);
            }
        }
        waitForInput();
        KMIPAttributes modAttrs = new KMIPAttributes();
        modAttrs.add(KMIPAttribute.ContactInformation, 0, "Modified Contact Information");
        Set<String> modUIDs = session.modifyAllAttributes(managedObjectIdentifiers, modAttrs);
        System.out.println("Modified " + modUIDs.size() + " attributes in a single request.");
        waitForInput();
        Set<String> delUIDs = session.deleteAll(new ArrayList<String>(managedObjectIdentifiers));
        System.out.println("Deleted " + delUIDs.size() + " managed objects in a single request.");
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        e.printStackTrace();
    } finally {
        if (session != null)
            session.closeSession();
    }
}

Example 14 with NAEParameterSpec

use of com.ingrian.security.nae.NAEParameterSpec in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPCertLocateSample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 3) {
        usage();
    }
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    KMIPSession session = null;
    try {
        // create NAE Session: pass in NAE Client Certificate clicnt key and keystore password
        session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
        // import the certificate
        NAEParameterSpec spec = new NAEParameterSpec(args[2], 1024, (KMIPAttributes) null, session);
        byte[] c = Hex.decodeHex(certBytes.toCharArray());
        NAECertificate.importCertificate(c, null, spec);
        // This set holds the managed object unique identifiers (UIDs)
        Set<String> managedObjectIdentifiers;
        // Locate managed objects with ObjectType Certificate and crypto length = 2048
        // and Issuer Distinguished Name = "CN=KMIP,OU=OASIS,O=TEST,C=US"
        // by adding the KMIPAttribute name and the value to a KMIPAttributes
        // object
        KMIPAttributes queryAttributes = new KMIPAttributes();
        queryAttributes.add(KMIPAttribute.CryptographicLength, 2048);
        queryAttributes.add(KMIPAttribute.ObjectType, ObjectType.ObjectTypes.Certificate);
        // Have the session locate the keys matching the queryAttributes:
        managedObjectIdentifiers = session.locate(queryAttributes);
        System.out.println("Managed objects with attributes rsa, 2048:");
        for (String uid : managedObjectIdentifiers) {
            System.out.println("Managed object Unique Identifier: " + uid);
            // get the objects as Java client NAEKeys or KMIPSecretData objects
            // (Note: Secret Data doesn't have KMIP attributes of
            // algorithm or length, and will not be found by this query,
            // but is included here for completeness.
            Object managedObject = session.getManagedObject(uid);
            if (managedObject instanceof KMIPTemplate)
                break;
            if (managedObject instanceof NAEPublicKey)
                System.out.println(((NAEPublicKey) managedObject).getName());
            else if (managedObject instanceof NAEPrivateKey)
                System.out.println(((NAEPrivateKey) managedObject).getName());
            else if (managedObject instanceof NAESecretKey)
                System.out.println(((NAESecretKey) managedObject).getName());
            else if (managedObject instanceof KMIPSecretData) {
                System.out.println(((KMIPSecretData) managedObject).getName());
            } else if (managedObject instanceof NAECertificate) {
                System.out.println("Object is a certificate");
                System.out.println(((NAECertificate) managedObject).getName());
            }
        }
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        e.printStackTrace();
    } finally {
        if (session != null)
            session.closeSession();
    }
}

Example 15 with NAEParameterSpec

use of com.ingrian.security.nae.NAEParameterSpec in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPDatesAndStatesSample method main.

public static void main(String[] args) throws Exception {
    String keyName = null;
    int keyLength = 256;
    if (args.length != 3) {
        usage();
    }
    keyName = args[2];
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    KMIPSession session = null;
    try {
        // create KMIP Session - specify client X.509 certificate and keystore password
        session = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
        // create key custom attributes
        NAEKey key = null;
        deleteIfExists(keyName, session, key);
        /* create a secret key using JCE key generator */
        NAEParameterSpec spec = new NAEParameterSpec(keyName, keyLength, (KMIPAttributes) null, session);
        KeyGenerator kg = KeyGenerator.getInstance("AES", "IngrianProvider");
        kg.init(spec);
        SecretKey secretKey = kg.generateKey();
        System.out.println("Created new key " + ((NAEKey) secretKey).getName());
        /* cast to NAEKey and list the default attribute names */
        Set<String> defaultAttributes = ((NAEKey) secretKey).listKMIPAttributes();
        System.out.println(defaultAttributes);
        key = ((NAEKey) secretKey);
        KMIPAttributes getState = new KMIPAttributes();
        getState.add(KMIPAttribute.State);
        getState.add(KMIPAttribute.ActivationDate);
        getState.add(KMIPAttribute.InitialDate);
        getState.add(KMIPAttribute.DeactivationDate);
        KMIPAttributes gotState = key.getKMIPAttributes(getState);
        System.out.println("State = " + gotState.getState());
        System.out.println("InitialDate  = " + sdf.format(gotState.getDate(KMIPAttribute.InitialDate).getTime()));
        System.out.println("ActivationDate  = " + ((gotState.getDate(KMIPAttribute.ActivationDate) != null) ? sdf.format(gotState.getDate(KMIPAttribute.ActivationDate).getTime()) : "null"));
        key = ((NAEKey) secretKey);
        System.out.println("Activating:");
        key.activate();
        gotState = key.getKMIPAttributes(getState);
        defaultAttributes = ((NAEKey) secretKey).listKMIPAttributes();
        System.out.println(defaultAttributes);
        System.out.println("State = " + gotState.getState());
        System.out.println("ActivationDate  = " + ((gotState.getDate(KMIPAttribute.ActivationDate) != null) ? sdf.format(gotState.getDate(KMIPAttribute.ActivationDate).getTime()) : "null"));
        // now deactivate it
        Calendar c = Calendar.getInstance();
        c.setTimeInMillis((gotState.getDate(KMIPAttribute.ActivationDate)).getTime().getTime());
        System.out.println("Deactivating as of " + sdf.format(c.getTime()));
        KMIPAttributes modDates = new KMIPAttributes();
        modDates.addDate(KMIPAttribute.DeactivationDate, c);
        key.addKMIPAttributes(modDates);
        ;
        defaultAttributes = ((NAEKey) secretKey).listKMIPAttributes();
        System.out.println(defaultAttributes);
        gotState = key.getKMIPAttributes(getState);
        System.out.println("State = " + gotState.getState());
        System.out.println("Dectivation Date  = " + ((gotState.getDate(KMIPAttribute.DeactivationDate) != null) ? sdf.format(gotState.getDate(KMIPAttribute.ActivationDate).getTime()) : "null"));
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        e.printStackTrace();
    } finally {
        if (session != null)
            session.closeSession();
    }
}