Search in sources :

Example 11 with NAESession

use of com.ingrian.security.nae.NAESession in project CipherTrust_Application_Protection by thalescpl-io.

the class CertSigningSample method main.

public static void main(String[] args) {
    if (args.length != 8) {
        System.out.println("Usage: java CertSigningSample userName password " + "-csr csrFilePath" + "-ca caName" + " -expiry expiryTime");
        System.exit(0);
    }
    String userName = args[0];
    String password = args[1];
    String ca = null;
    String csrFilePath = null;
    int expiry = 0;
    for (int i = 0; i < args.length; i++) {
        if (args[i].equals("-ca")) {
            ca = args[i + 1];
        } else if (args[i].equals("-expiry")) {
            expiry = Integer.parseInt(args[i + 1]);
        } else if (args[i].equals("-csr")) {
            csrFilePath = args[i + 1];
        }
    }
    NAESession session = null;
    try {
        session = NAESession.getSession(userName, password.toCharArray());
        String signedData = signedData(session, csrFilePath, ca, expiry);
        System.out.println("Signed certificate:");
        System.out.println(signedData);
    } catch (Exception e) {
        e.printStackTrace();
    } finally {
        if (session != null)
            session.closeSession();
    }
}
Also used : NAESession(com.ingrian.security.nae.NAESession) XMLException(com.ingrian.internal.xml.XMLException) IOException(java.io.IOException)

Example 12 with NAESession

use of com.ingrian.security.nae.NAESession in project CipherTrust_Application_Protection by thalescpl-io.

the class AdminRequestSample method main.

public static void main(String[] args) {
    System.out.println("Sample : AdminRequestSample\n" + "Admin Request Options :\n" + "1.Create a new user\n" + "2.Create a new group\n" + "3.Add user to  group\n" + "4.Delete user from group\n" + "5.Delete group\n" + "6.Delete user\n" + "7.Get user information\n" + "8.Get all users information\n" + "9.Get group information\n" + "10.Get all group information\n" + "11.Modify User Custom Attributes\n" + "12.Exit\n");
    int option = 0;
    NAESession session = null;
    try {
        System.out.print("Enter admin user-name:");
        String adminUser = sc.next();
        System.out.print("Enter admin password:");
        String adminPassword = sc.next();
        session = NAESession.getSession(adminUser, adminPassword.toCharArray());
        NAEAdminRequestProcessor processor = new NAEAdminRequestProcessor(session);
        do {
            System.out.print("\nPlease select one of option to perform:");
            option = sc.nextInt();
            switch(option) {
                case 1:
                    createUser(processor);
                    break;
                case 2:
                    createGroup(processor);
                    break;
                case 3:
                    addUserToGroup(processor);
                    break;
                case 4:
                    deleteUserToGroup(processor);
                    break;
                case 5:
                    deleteGroup(processor);
                    break;
                case 6:
                    deleteUser(processor);
                    break;
                case 7:
                    getUserInfo(processor);
                    break;
                case 8:
                    getAllUserInfo(processor);
                    break;
                case 9:
                    getGroupInfo(processor);
                    break;
                case 10:
                    getAllGroupInfo(processor);
                    break;
                case 11:
                    modifyUserCustomAttrs(processor);
                    break;
                default:
                    System.out.println("exit..");
                    break;
            }
        } while (option <= 10);
    } catch (Exception e) {
        e.printStackTrace();
    } finally {
        if (session != null)
            session.closeSession();
    }
}
Also used : NAEAdminRequestProcessor(com.ingrian.security.nae.NAEAdminRequestProcessor) NAESession(com.ingrian.security.nae.NAESession)

Example 13 with NAESession

use of com.ingrian.security.nae.NAESession in project CipherTrust_Application_Protection by thalescpl-io.

the class KMIPCreateAndEncryptSample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 5) {
        usage();
    }
    String keyName = args[4];
    int keyLength = 256;
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    KMIPSession kmipSession = null;
    NAESession naeSession = null;
    try {
        // create KMIP Session - specify client X.509 certificate and keystore password
        kmipSession = KMIPSession.getSession(new NAEClientCertificate(args[0], args[1].toCharArray()));
        // create key custom attributes
        NAEKey key;
        try {
            /* does the key exist? if so, delete it */
            /* get..Key method is merely a placeholder for a managed object 
                * with that name. */
            key = NAEKey.getSecretKey(keyName, kmipSession);
            /* getUID() will throw an exception if the key does not exist */
            if (key.getUID() != null) {
                System.out.println("Deleting key " + keyName + " with UID=" + key.getUID());
                key.delete();
            }
        } catch (NAEException missing) {
            if (missing.getMessage().equals("Key not found on server.")) {
                System.out.println("Key did not exist");
            } else
                throw missing;
        }
        /* create a secret key using KMIP JCE key generator */
        KMIPAttributes initialAttributes = new KMIPAttributes();
        initialAttributes.add(KMIPAttribute.CryptographicUsageMask, (int) (UsageMask.Encrypt.getValue() | UsageMask.Decrypt.getValue()));
        Calendar c = Calendar.getInstance();
        initialAttributes.addDate(KMIPAttribute.ActivationDate, c);
        NAEParameterSpec spec = new NAEParameterSpec(keyName, keyLength, (KMIPAttributes) initialAttributes, kmipSession);
        KeyGenerator kg = KeyGenerator.getInstance("AES", "IngrianProvider");
        kg.init(spec);
        SecretKey secretKey = kg.generateKey();
        System.out.println("Created key " + ((NAEKey) secretKey).getName());
        /* Once created, you may operate on the KMIP key. For example, 
             * add a KMIP group attribute to the KMIP - not required, just include 
             * as a sample of KMIP operations on the key */
        KMIPAttributes ka = new KMIPAttributes();
        ka.add(KMIPAttribute.ObjectGroup, 0, "group1");
        secretKey = NAEKey.getSecretKey(keyName);
        NAESecretKey sk = NAEKey.getSecretKey(keyName, kmipSession);
        sk.addKMIPAttributes(ka);
        /* Now use the NAEKey created for encryption using an NAESession
             * to a Key Manager server. Essentially this is the same code as the
             * SecretKeyEncryptionSample.java program
             * Nothing new is required to use the KMIP-created key on the 
             * Key Manager server.
             */
        // create NAE XML Session: pass in NAE user name and password
        naeSession = NAESession.getSession(args[2], args[3].toCharArray());
        // Get SecretKey (just a handle to it, key data does not leave the server
        // Note: KMIP keys objects need to be re-retrieved on the XML session
        key = NAEKey.getSecretKey(keyName, naeSession);
        // get IV
        NAESecureRandom rng = new NAESecureRandom(naeSession);
        byte[] iv = new byte[16];
        rng.nextBytes(iv);
        IvParameterSpec ivSpec = new IvParameterSpec(iv);
        // get a cipher
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding", "IngrianProvider");
        // initialize cipher to encrypt.
        cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec);
        String dataToEncrypt = "2D2D2D2D2D424547494E2050455253495354454E54204346EB17960";
        System.out.println("Data to encrypt \"" + dataToEncrypt + "\"");
        // encrypt data
        byte[] outbuf = cipher.doFinal(dataToEncrypt.getBytes());
        // to decrypt data, initialize cipher to decrypt
        cipher.init(Cipher.DECRYPT_MODE, key, ivSpec);
        // decrypt data
        byte[] newbuf = cipher.doFinal(outbuf);
        System.out.println("Decrypted data  \"" + new String(newbuf) + "\"");
    } catch (Exception e) {
        System.out.println("The Cause is " + e.getMessage() + ".");
        e.printStackTrace();
    } finally {
        if (kmipSession != null)
            kmipSession.closeSession();
        if (naeSession != null)
            naeSession.closeSession();
    }
}
Also used : NAEException(com.ingrian.security.nae.NAEException) KMIPAttributes(com.ingrian.security.nae.KMIPAttributes) NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec) NAEKey(com.ingrian.security.nae.NAEKey) NAESecureRandom(com.ingrian.security.nae.NAESecureRandom) Calendar(java.util.Calendar) NAESecretKey(com.ingrian.security.nae.NAESecretKey) NAEClientCertificate(com.ingrian.security.nae.NAEClientCertificate) NAEException(com.ingrian.security.nae.NAEException) IngrianProvider(com.ingrian.security.nae.IngrianProvider) KMIPSession(com.ingrian.security.nae.KMIPSession) SecretKey(javax.crypto.SecretKey) NAESecretKey(com.ingrian.security.nae.NAESecretKey) IvParameterSpec(javax.crypto.spec.IvParameterSpec) Cipher(javax.crypto.Cipher) KeyGenerator(javax.crypto.KeyGenerator) NAESession(com.ingrian.security.nae.NAESession)

Example 14 with NAESession

use of com.ingrian.security.nae.NAESession in project CipherTrust_Application_Protection by thalescpl-io.

the class HKDFSecretKeySample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 7) {
        System.err.println("Usage: java HKDFSecretKeySample user password masterKeyName aesKeyName_1 aesKeyName_2 hmacKeyName_1 hmacKeyName_2 ");
        System.exit(-1);
    /*
			 * Usage description: 
			 * masterKeyName: Master key to create the AES and Hmac keys. 
			 * aesKeyName_1 and aesKeyName_2: AES key names to be created. These are used to determine that their key data is same 
			 * using Encryption/Decryption operation.  
			 * hmacKeyName_1 and hmacKeyName_2: Hmac key names to be created. These are used to determine that their key data is same
			 * using MAC/MACVerify operation. 
			 * 
			 */
    }
    String username = args[0];
    String password = args[1];
    String masterKeyName = args[2];
    String aesKeyName_1 = args[3];
    String aesKeyName_2 = args[4];
    String hmacKeyName_1 = args[5];
    String hmacKeyName_2 = args[6];
    // Add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    String dataToMac = "2D2D2D2D2D424547494E2050455253495354454E54204346EB17960";
    NAESession session = null;
    try {
        // Creates NAE Session: pass in NAE user name and password
        session = NAESession.getSession(username, password.toCharArray());
        byte[] salt = "010203".getBytes();
        byte[] info = "010203".getBytes();
        int size = 256;
        // Creates HKDFParameterSpec for AES key which is deletable and exportable using a master key that is available on Key Manager
        HKDFParameterSpec aesSpec = new HKDFParameterSpec(aesKeyName_1, size, masterKeyName, salt, info, session, DerivationAlgo.SHA256);
        KeyGenerator kg = KeyGenerator.getInstance("AES", "IngrianProvider");
        // Initializes key generator with parameter spec to generate the AES key
        kg.init(aesSpec);
        // Creates AES Key on Key Manager
        NAEKey nae_key_aes_1 = (NAEKey) kg.generateKey();
        System.out.println("AES Key: " + aesKeyName_1 + " generated Successfully");
        // Creates HKDFParameterSpec for AES key which is deletable and exportable using a master key that is available on Key Manager
        HKDFParameterSpec aesSpec_2 = new HKDFParameterSpec(aesKeyName_2, size, masterKeyName, salt, info, session, DerivationAlgo.SHA256);
        // Initializes key generator with parameter spec to generate the AES key
        kg.init(aesSpec_2);
        // Creates AES Key on Key Manager
        NAEKey nae_key_aes_2 = (NAEKey) kg.generateKey();
        System.out.println("AES Key: " + aesKeyName_2 + " generated Successfully");
        // Below code illustrates that two keys created using HKDF have same key data using Encryption/Decryption operation
        String dataToEncrypt = "2D2D2D2D2D424547494E2050455253495354454E54204346EB17960";
        // Note: HKDF generates same key data on Key Manager but they have different default IV
        // That is why we are passing the external iv when using AES in CBC mode
        byte[] iv = "1234567812345678".getBytes();
        IvParameterSpec ivSpec = new IvParameterSpec(iv);
        // Get a cipher
        Cipher encryptCipher = Cipher.getInstance("AES/CBC/PKCS5Padding", "IngrianProvider");
        // Initialize cipher to encrypt
        encryptCipher.init(Cipher.ENCRYPT_MODE, nae_key_aes_1, ivSpec);
        // Encrypt data
        byte[] outbuf = encryptCipher.doFinal(dataToEncrypt.getBytes());
        // Get a cipher for decryption
        Cipher decryptCipher = Cipher.getInstance("AES/CBC/PKCS5Padding", "IngrianProvider");
        // To decrypt data, initialize cipher to decrypt
        decryptCipher.init(Cipher.DECRYPT_MODE, nae_key_aes_2, ivSpec);
        // Decrypt data
        byte[] newbuf = decryptCipher.doFinal(outbuf);
        if (dataToEncrypt.equals(new String(newbuf))) {
            System.out.println("AES keys generated have same key data.");
        } else {
            System.out.println("AES keys generated doesn't have same key data, Hence deleting both keys from Key Manager.");
            nae_key_aes_1.delete();
            nae_key_aes_2.delete();
        }
        // Below code illustrates that two keys created using HKDF have same key data using MAC/MACVerify operation
        // Creates HKDFParameterSpec for HmacSHA256 key which is deletable and exportable using a master key that is available on Key Manager
        HKDFParameterSpec hamcSpec_1 = new HKDFParameterSpec(hmacKeyName_1, size, masterKeyName, salt, info, session, DerivationAlgo.SHA256);
        KeyGenerator kg1 = KeyGenerator.getInstance("HmacSHA256", "IngrianProvider");
        // Initializes key generator with parameter spec to generate the HmacSHA256 key
        kg1.init(hamcSpec_1);
        // Creates HmacSHA256 key on Key Manager
        NAEKey nae_key_hmac_1 = (NAEKey) kg1.generateKey();
        System.out.println("Hmac Key: " + hmacKeyName_1 + " generated Successfully");
        // Creates HKDFParameterSpec for HmacSHA256 key which is deletable and exportable using a master key that is available on Key Manager
        HKDFParameterSpec hamcSpec_2 = new HKDFParameterSpec(hmacKeyName_2, size, masterKeyName, salt, info, session, DerivationAlgo.SHA256);
        // Initializes key generator with parameter spec to generate the HmacSHA256 key
        kg1.init(hamcSpec_2);
        // To illustrate two key bytes generated by HKDF are same
        // Creates HmacSHA256 key on Key Manager
        NAEKey nae_key_hmac_2 = (NAEKey) kg1.generateKey();
        System.out.println("Hmac Key: " + hmacKeyName_2 + " generated Successfully");
        // Creates MAC instance to get the message authentication code using first key
        Mac mac = Mac.getInstance("HmacSHA256", "IngrianProvider");
        mac.init(nae_key_hmac_1);
        byte[] macValue = mac.doFinal(dataToMac.getBytes());
        // Creates MAC instance to verify the message authentication code using second key
        Mac macV = Mac.getInstance("HmacSHA256Verify", "IngrianProvider");
        macV.init(nae_key_hmac_2, new MACValue(macValue));
        byte[] result = macV.doFinal(dataToMac.getBytes());
        // Check verification result
        if (result.length != 1 || result[0] != 1) {
            System.out.println("HMAC256 keys generated doesn't have same key data, Hence deleting both keys from Key Manager.");
            nae_key_hmac_1.delete();
            nae_key_hmac_2.delete();
        } else {
            System.out.println("HMAC256 Keys generated have same key data.");
        }
    } catch (Exception e) {
        e.printStackTrace();
        throw e;
    } finally {
        if (session != null)
            // Close NAESession
            session.closeSession();
    }
}
Also used : NAEKey(com.ingrian.security.nae.NAEKey) HKDFParameterSpec(com.ingrian.security.nae.HKDFParameterSpec) Mac(javax.crypto.Mac) IngrianProvider(com.ingrian.security.nae.IngrianProvider) MACValue(com.ingrian.security.nae.MACValue) IvParameterSpec(javax.crypto.spec.IvParameterSpec) Cipher(javax.crypto.Cipher) KeyGenerator(javax.crypto.KeyGenerator) NAESession(com.ingrian.security.nae.NAESession)

Example 15 with NAESession

use of com.ingrian.security.nae.NAESession in project CipherTrust_Application_Protection by thalescpl-io.

the class RSAKeySample method main.

public static void main(String[] args) throws Exception {
    if (args.length != 4) {
        System.err.println("Usage: java RSAKeySample user password keyname group");
        System.exit(-1);
    }
    String username = args[0];
    String password = args[1];
    String keyName = args[2];
    String group = args[3];
    // add Ingrian provider to the list of JCE providers
    Security.addProvider(new IngrianProvider());
    // get the list of all registered JCE providers
    Provider[] providers = Security.getProviders();
    for (int i = 0; i < providers.length; i++) System.out.println(providers[i].getInfo());
    NAESession session = null;
    try {
        // create NAE Session: pass in Key Manager user name and password
        session = NAESession.getSession(username, password.toCharArray());
        // Configure the key permissions to be granted to NAE group.
        NAEPermission permission = new NAEPermission(group);
        // add permission to sign
        permission.setSign(true);
        // add permission to verify signature
        permission.setSignV(true);
        NAEPermission[] permissions = { permission };
        // create key pair which is exportable and deletable
        // key owner is Key Manager user, default key length 1024 bits and
        // permissions granted to sign and verify
        NAEParameterSpec rsaParamSpec = new NAEParameterSpec(keyName, true, true, session, permissions);
        KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "IngrianProvider");
        kpg.initialize(rsaParamSpec);
        KeyPair pair = kpg.generateKeyPair();
        // Get public key data from Key Manager
        NAEPublicKey pubKey = NAEKey.getPublicKey(keyName, session);
        byte[] pubKeyData = pubKey.export();
        System.out.println("Exported public key: " + pubKey.getName());
        // Export private key data (contains both public and private key data)
        NAEPrivateKey privKey = NAEKey.getPrivateKey(keyName, session);
        byte[] privKeyData = privKey.export();
        // Delete the key pair from Key Manager
        pubKey.delete();
        // Import the key pair back to the Key Manager
        // key pair name is keyName+"Dup", keys are exportable and not deletable
        NAEParameterSpec spec_dup = new NAEParameterSpec(keyName + "Dup", true, false, session);
        // private key contains both public and private key data
        privKey.importKey(privKeyData, "RSA", spec_dup);
        System.out.println("Imported key data; Duplicate Key pair " + privKey.getName() + " is created on NAE Server.");
        // Export private key data in PKCS#8 format and create JCE key
        NAEPrivateKey prKey = NAEKey.getPrivateKey(keyName + "Dup", session);
        PrivateKey jcePrivateKey = prKey.exportJCEKey();
        // Export public key data in PKCS#5 format and create JCE key
        NAEPublicKey publKey = NAEKey.getPublicKey(keyName + "Dup", session);
        PublicKey jcePublicKey = publKey.exportJCEKey();
    } catch (Exception e) {
        e.printStackTrace();
        throw e;
    } finally {
        if (session != null)
            // Close NAESession
            session.closeSession();
    }
}
Also used : NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec) KeyPair(java.security.KeyPair) NAEPermission(com.ingrian.security.nae.NAEPermission) PrivateKey(java.security.PrivateKey) NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey) NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey) PublicKey(java.security.PublicKey) NAEPublicKey(com.ingrian.security.nae.NAEPublicKey) NAEPublicKey(com.ingrian.security.nae.NAEPublicKey) KeyPairGenerator(java.security.KeyPairGenerator) IngrianProvider(com.ingrian.security.nae.IngrianProvider) Provider(java.security.Provider) IngrianProvider(com.ingrian.security.nae.IngrianProvider) NAESession(com.ingrian.security.nae.NAESession)

Aggregations

NAESession (com.ingrian.security.nae.NAESession)40 IngrianProvider (com.ingrian.security.nae.IngrianProvider)27 NAEKey (com.ingrian.security.nae.NAEKey)20 Provider (java.security.Provider)19 Cipher (javax.crypto.Cipher)14 NAEParameterSpec (com.ingrian.security.nae.NAEParameterSpec)11 NAEPublicKey (com.ingrian.security.nae.NAEPublicKey)10 NAEPrivateKey (com.ingrian.security.nae.NAEPrivateKey)9 KeyGenerator (javax.crypto.KeyGenerator)8 IvParameterSpec (javax.crypto.spec.IvParameterSpec)8 NAESecureRandom (com.ingrian.security.nae.NAESecureRandom)6 IOException (java.io.IOException)6 SecretKey (javax.crypto.SecretKey)6 NAECipher (com.ingrian.security.nae.NAECipher)5 NAEPermission (com.ingrian.security.nae.NAEPermission)5 NAESecretKey (com.ingrian.security.nae.NAESecretKey)5 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)4 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 GCMParameterSpec (com.ingrian.security.nae.GCMParameterSpec)3 NAEException (com.ingrian.security.nae.NAEException)3