Example 16 with NAESession
use of com.ingrian.security.nae.NAESession in project CipherTrust_Application_Protection by thalescpl-io.
the class KeyPermissionsSample method main.
public static void main(String[] args) throws Exception {
if (args.length != 4) {
System.err.println("Usage: java KeyPermissionsSample user password keyname group");
System.exit(-1);
}
String username = args[0];
String password = args[1];
String keyName = args[2];
String group = args[3];
// add Ingrian provider to the list of JCE providers
Security.addProvider(new IngrianProvider());
// get the list of all registered JCE providers
Provider[] providers = Security.getProviders();
for (int i = 0; i < providers.length; i++) System.out.println(providers[i].getInfo());
NAESession session = null;
try {
// create NAE Session: pass in NAE user name and password
session = NAESession.getSession(username, password.toCharArray());
// set the key permissions to the set of permissions granted to NAE group.
NAEPermission permission = new NAEPermission(group);
// add permission to encrypt
permission.setEncrypt(true);
// add permission to decrypt
permission.setDecrypt(true);
NAEPermission[] permissions = { permission };
// set permission for encryption decryption
// use builder pattern to make key exportable & versioned ,deletable
NAEParameterSpec naeParamSpec = new NAEParameterSpec.Builder(keyName).withSession(session).permissions(permissions).deletable(true).exportable(true).versioned(true).keylength(256).build();
KeyGenerator kg = KeyGenerator.getInstance("AES", "IngrianProvider");
kg.init(naeParamSpec);
kg.generateKey();
// retreive permissions for that key
List<NAEPermission> linkedPermissions = NAEKey.getKeyPermissions(session, keyName);
for (NAEPermission naePermission : linkedPermissions) {
System.out.println(naePermission);
}
} catch (Exception e) {
e.printStackTrace();
} finally {
if (session != null)
session.closeSession();
}
}
Also used :
NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec)
NAEPermission(com.ingrian.security.nae.NAEPermission)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
IngrianProvider(com.ingrian.security.nae.IngrianProvider)
Provider(java.security.Provider)
KeyGenerator(javax.crypto.KeyGenerator)
NAESession(com.ingrian.security.nae.NAESession)
Example 17 with NAESession
use of com.ingrian.security.nae.NAESession in project CipherTrust_Application_Protection by thalescpl-io.
the class ByokSample method wrapKeyFromKS.
private static byte[] wrapKeyFromKS(String username, String password, String aesKeyName, String wrappingKeyName, String wrappingAlgo, byte[] publicKey, String cloudName, String hash256Path) throws Exception {
String pemString = null;
if (publicKey != null) {
PemObject pemObject = new PemObject("RSA PUBLIC KEY", publicKey);
StringWriter stringWriter = new StringWriter();
PemWriter pemWriter = new PemWriter(stringWriter);
pemWriter.writeObject(pemObject);
pemWriter.close();
pemString = stringWriter.toString();
}
NAESession session = null;
try {
// create nae session
session = NAESession.getSession(username, password.toCharArray());
NAESecretKey secretKey = NAEKey.getSecretKey(aesKeyName, session);
if (isKeyNameValid(secretKey))
validateKeySize(secretKey, 256);
else {
createAES256Key(aesKeyName, session);
secretKey = NAEKey.getSecretKey(aesKeyName, session);
}
// Need not import if publicKey is null
if (publicKey != null) {
// key import spec
NAEParameterSpec rsaParamSpec = new NAEParameterSpec(wrappingKeyName, true, true, session, null);
// import the rsa public key
NAEPublicKey.importKey(pemString.getBytes("UTF-8"), "RSA", rsaParamSpec);
}
// get key handle to the imported RSA key
NAEPublicKey pubRSAKey = NAEKey.getPublicKey(wrappingKeyName, session);
// spec for key to be wrapped
NAEParameterSpec aesSpec = new NAEParameterSpec(aesKeyName, true, true, 256, session);
// setting padding format to wrap a key
aesSpec.setWrapPaddingFormat("PKCS1.5".equals(wrappingAlgo.toUpperCase()) ? WrapFormatPadding.DEFAULT : WrapFormatPadding.valueOf(wrappingAlgo.toUpperCase()));
// Init a JCE Cipher in WRAP_MODE to do the key wrapping.
Cipher cipher = Cipher.getInstance("RSA", "IngrianProvider");
cipher.init(Cipher.WRAP_MODE, pubRSAKey, aesSpec);
byte[] wrappedByte = cipher.wrap(secretKey);
// write hash
if (cloudName.equalsIgnoreCase("salesforce")) {
writeHashToTheFile(cloudName, secretKey.getKeyData(), hash256Path);
}
return wrappedByte;
} finally {
if (session != null)
session.closeSession();
}
}
Also used :
PemObject(org.bouncycastle.util.io.pem.PemObject)
NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec)
StringWriter(java.io.StringWriter)
PemWriter(org.bouncycastle.util.io.pem.PemWriter)
NAESecretKey(com.ingrian.security.nae.NAESecretKey)
NAEPublicKey(com.ingrian.security.nae.NAEPublicKey)
Cipher(javax.crypto.Cipher)
NAESession(com.ingrian.security.nae.NAESession)
Example 18 with NAESession
use of com.ingrian.security.nae.NAESession in project CipherTrust_Application_Protection by thalescpl-io.
the class CertCreationAndSignSample method main.
public static void main(String[] args) {
if (args.length != 11) {
System.out.println("Usage: java CertCreationAndSignSample username password" + " keyname -cn cnName -country countryName -ca caName" + " -expiry expiryTime");
System.exit(0);
}
String userName = args[0];
String password = args[1];
String keyName = args[2];
String cnName = null;
String country = null;
String ca = null;
int expiry = 0;
for (int i = 0; i < args.length; i++) {
if (args[i].equals("-cn")) {
cnName = args[i + 1];
} else if (args[i].equals("-country")) {
country = args[i + 1];
} else if (args[i].equals("-ca")) {
ca = args[i + 1];
} else if (args[i].equals("-expiry")) {
expiry = Integer.parseInt(args[i + 1]);
}
}
NAESession session = null;
String csrInfo = null;
try {
session = NAESession.getSession(userName, password.toCharArray());
csrInfo = createCSR(session, keyName, cnName, country);
System.out.println("Certificate signing request");
System.out.println(csrInfo);
String signedData = signedData(session, csrInfo, ca, expiry);
System.out.println("Signed certificate:");
System.out.println(signedData);
loadKeyAndCertificateInKeyStore(session, signedData, keyName, ca);
} catch (Exception e) {
e.printStackTrace();
} finally {
session.closeSession();
}
}
Also used :
NAESession(com.ingrian.security.nae.NAESession)
XMLException(com.ingrian.internal.xml.XMLException)
IOException(java.io.IOException)
Example 19 with NAESession
use of com.ingrian.security.nae.NAESession in project CipherTrust_Application_Protection by thalescpl-io.
the class CertSample method main.
public static void main(String[] args) throws Exception {
if (args.length < 5) {
System.err.println("Usage: java CertSample user password fileName certName caName pkcs12Password (pkcs12Password can be null if cert data is in PKCS#1 format).");
System.exit(-1);
}
String username = args[0];
String password = args[1];
String fileName = args[2];
String certName = args[3];
String caName = args[4];
String pkcs12Pass = null;
if (args.length == 6)
pkcs12Pass = args[5];
NAESession session = null;
try {
// create NAE Session: pass in Key Manager user name and password
session = NAESession.getSession(username, password.toCharArray());
// import the certificate with corresponding private key
// from the file to Key Manager
FileInputStream fis = new FileInputStream(fileName);
byte[] certData = new byte[fis.available()];
fis.read(certData);
fis.close();
NAEParameterSpec spec = new NAEParameterSpec(certName, true, true, session);
// If cert data is in PKCS#1 format, pass in 'null' for password
NAECertificate.importCertificate(certData, null, spec);
// if cert data is in PKCS#12 format, pass in password
// NAECertificate.importCertificate(certData, pkcs12Pass.toCharArray(), spec);
// export back this certificate and its private key
NAECertificate cert = new NAECertificate(certName, session);
byte[] exportCertKeyData = cert.export("PEM-PKCS#8", null);
// export back this certificate (without private key)
byte[] exportCertData = cert.certificateExport();
// get cert info from the Key Manager
if (cert.isDeletable())
System.out.println("Cert deletable");
System.out.println("Algorithm: " + cert.getAlgorithm());
// delete the certificate from the Key Manager
cert.delete();
// export CA certificate and its cert chain (if present)
byte[] exportCAData = NAECertificate.CACertificateExport(caName, session);
} catch (Exception e) {
e.printStackTrace();
System.out.println("Exception " + e.getMessage());
} finally {
if (session != null)
session.closeSession();
}
}
Also used :
NAEParameterSpec(com.ingrian.security.nae.NAEParameterSpec)
NAECertificate(com.ingrian.security.nae.NAECertificate)
NAESession(com.ingrian.security.nae.NAESession)
FileInputStream(java.io.FileInputStream)
Example 20 with NAESession
use of com.ingrian.security.nae.NAESession in project CipherTrust_Application_Protection by thalescpl-io.
the class SelfSignedCertificateUtility method main.
public static void main(String[] args) {
String userName = null;
String password = null;
String file = null;
String key = null;
String certPass = null;
for (int i = 0; i < args.length; i++) {
if ("-user".equals(args[i]))
userName = args[i + 1].trim();
else if ("-password".equals(args[i]))
password = args[i + 1].trim();
else if ("-key".equals(args[i]))
key = args[i + 1].trim();
else if ("-file".equals(args[i]))
file = args[i + 1].trim();
else if ("-certPass".equals(args[i]))
certPass = args[i + 1].trim();
}
if (key == null || file == null)
usage();
try {
Map<String, String> certificateProperties = readPropertiesFrom(file);
if (certPass != null)
certificateProperties.put("CertPassword", certPass);
validateProperties(certificateProperties);
NAESession session = null;
PrivateKey privateKey = null;
PublicKey publicKey = null;
try {
if (userName != null && password != null)
session = NAESession.getSession(userName, password.toCharArray());
NAEPrivateKey private1 = NAEKey.getPrivateKey(key, session);
NAEPublicKey public1 = NAEKey.getPublicKey(key, session);
privateKey = getPrivateKey(private1, certificateProperties.get("Algorithm"));
publicKey = getPublicKey(public1, certificateProperties.get("Algorithm"));
} finally {
if (session != null)
session.closeSession();
}
X509Certificate cert = generateCertificate(publicKey, privateKey, certificateProperties);
storeCertificateInPFX(privateKey, cert, certificateProperties);
System.out.println("certificate is stored successfully at " + certificateProperties.get("Destination"));
} catch (Exception e) {
e.printStackTrace();
}
}
Also used :
NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey)
PrivateKey(java.security.PrivateKey)
NAEPrivateKey(com.ingrian.security.nae.NAEPrivateKey)
NAEPublicKey(com.ingrian.security.nae.NAEPublicKey)
PublicKey(java.security.PublicKey)
NAEPublicKey(com.ingrian.security.nae.NAEPublicKey)
NAESession(com.ingrian.security.nae.NAESession)
X509Certificate(java.security.cert.X509Certificate)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
NAEException(com.ingrian.security.nae.NAEException)
IOException(java.io.IOException)
Aggregations
NAESession (com.ingrian.security.nae.NAESession)40
IngrianProvider (com.ingrian.security.nae.IngrianProvider)27
NAEKey (com.ingrian.security.nae.NAEKey)20
Provider (java.security.Provider)19
Cipher (javax.crypto.Cipher)14
NAEParameterSpec (com.ingrian.security.nae.NAEParameterSpec)11
NAEPublicKey (com.ingrian.security.nae.NAEPublicKey)10
NAEPrivateKey (com.ingrian.security.nae.NAEPrivateKey)9
KeyGenerator (javax.crypto.KeyGenerator)8
IvParameterSpec (javax.crypto.spec.IvParameterSpec)8
NAESecureRandom (com.ingrian.security.nae.NAESecureRandom)6
IOException (java.io.IOException)6
SecretKey (javax.crypto.SecretKey)6
NAECipher (com.ingrian.security.nae.NAECipher)5
NAEPermission (com.ingrian.security.nae.NAEPermission)5
NAESecretKey (com.ingrian.security.nae.NAESecretKey)5
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)4
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4
GCMParameterSpec (com.ingrian.security.nae.GCMParameterSpec)3
NAEException (com.ingrian.security.nae.NAEException)3
