Example 11 with PKCS11Credential
use of org.nhindirect.common.crypto.PKCS11Credential in project nhin-d by DirectProject.
the class StaticPKCS11TokenKeyStoreProtectionManagerTest method testGetKeys_noKeyExists_assertNull.
@Test
public void testGetKeys_noKeyExists_assertNull() throws Exception {
final String pkcs11ProvName = TestUtils.setupSafeNetToken();
if (!StringUtils.isEmpty(pkcs11ProvName)) {
PKCS11Credential cred = new BootstrappedPKCS11Credential("1Kingpuff");
final StaticPKCS11TokenKeyStoreProtectionManager mgr = new StaticPKCS11TokenKeyStoreProtectionManager(cred, "KeyStoreProtKey", "PrivKeyProtKey");
mgr.clearKeyStoreProtectionKey();
mgr.clearPrivateKeyProtectionKey();
assertNull(mgr.getKeyStoreProtectionKey());
assertNull(mgr.getPrivateKeyProtectionKey());
}
}
Also used :
PKCS11Credential(org.nhindirect.common.crypto.PKCS11Credential)
Test(org.junit.Test)
Example 12 with PKCS11Credential
use of org.nhindirect.common.crypto.PKCS11Credential in project nhin-d by DirectProject.
the class CryptographerTest method testEncryptAndDecryptMimeEntity_hsmDecryption.
private void testEncryptAndDecryptMimeEntity_hsmDecryption(EncryptionAlgorithm encAlg) throws Exception {
OptionsManager.destroyInstance();
CryptoExtensions.registerJCEProviders();
try {
final PKCS11Credential cred = new BootstrappedPKCS11Credential("1Kingpuff");
final MutableKeyStoreProtectionManager mgr = new StaticPKCS11TokenKeyStoreProtectionManager(cred, "", "");
final CacheableKeyStoreManagerCertificateStore store = new CacheableKeyStoreManagerCertificateStore(mgr);
store.add(TestUtils.getInternalCert("user1"));
X509Certificate cert = TestUtils.getExternalCert("user1");
SMIMECryptographerImpl cryptographer = new SMIMECryptographerImpl();
cryptographer.setRecipientInformationFactory(new SplitDirectRecipientInformationFactory(pkcs11ProviderName, ""));
cryptographer.setEncryptionAlgorithm(encAlg);
MimeEntity entity = new MimeEntity();
entity.setText("Hello world.");
entity.setHeader(MimeStandard.ContentTypeHeader, "text/plain");
entity.setHeader(MimeStandard.ContentTransferEncodingHeader, "7bit");
MimeEntity encEntity = cryptographer.encrypt(entity, cert);
assertNotNull(encEntity);
// open up the pkcs11 store and find the private key
KeyStore ks = KeyStore.getInstance("PKCS11");
ks.load(null, "1Kingpuff".toCharArray());
X509CertificateEx decryptCert = null;
final Enumeration<String> aliases = ks.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
Certificate pkcs11Cert = ks.getCertificate(alias);
if (pkcs11Cert != null && pkcs11Cert instanceof X509Certificate) {
// check if there is private key
Key key = ks.getKey(alias, null);
if (key != null && key instanceof PrivateKey && CryptoExtensions.certSubjectContainsName((X509Certificate) pkcs11Cert, "user1@cerner.com")) {
decryptCert = X509CertificateEx.fromX509Certificate((X509Certificate) pkcs11Cert, (PrivateKey) key);
break;
}
}
}
MimeEntity decryEntity = cryptographer.decrypt(encEntity, decryptCert);
assertNotNull(decryEntity);
byte[] decryEntityBytes = EntitySerializer.Default.serializeToBytes(decryEntity);
byte[] entityBytes = EntitySerializer.Default.serializeToBytes(entity);
assertTrue(Arrays.equals(decryEntityBytes, entityBytes));
} finally {
System.setProperty("org.nhindirect.stagent.cryptography.JCESensitiveProviderName", "");
System.setProperty("org.nhindirect.stagent.cryptography.JCESensitiveProviderClassNames", "");
OptionsManager.destroyInstance();
}
}
Also used :
PKCS11Credential(org.nhindirect.common.crypto.PKCS11Credential)
BootstrappedPKCS11Credential(org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential)
PrivateKey(java.security.PrivateKey)
SMIMECryptographerImpl(org.nhindirect.stagent.cryptography.SMIMECryptographerImpl)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
SplitDirectRecipientInformationFactory(org.nhindirect.stagent.cryptography.activekeyops.SplitDirectRecipientInformationFactory)
CacheableKeyStoreManagerCertificateStore(org.nhindirect.stagent.cert.impl.CacheableKeyStoreManagerCertificateStore)
X509CertificateEx(org.nhindirect.stagent.cert.X509CertificateEx)
MutableKeyStoreProtectionManager(org.nhindirect.common.crypto.MutableKeyStoreProtectionManager)
StaticPKCS11TokenKeyStoreProtectionManager(org.nhindirect.common.crypto.impl.StaticPKCS11TokenKeyStoreProtectionManager)
MimeEntity(org.nhindirect.stagent.mail.MimeEntity)
BootstrappedPKCS11Credential(org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Aggregations
PKCS11Credential (org.nhindirect.common.crypto.PKCS11Credential)12
Test (org.junit.Test)7
KeyGenerator (javax.crypto.KeyGenerator)6
SecureRandom (java.security.SecureRandom)5
SecretKey (javax.crypto.SecretKey)5
BootstrappedPKCS11Credential (org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential)5
StaticPKCS11TokenKeyStoreProtectionManager (org.nhindirect.common.crypto.impl.StaticPKCS11TokenKeyStoreProtectionManager)5
Key (java.security.Key)4
KeyStore (java.security.KeyStore)3
PrivateKey (java.security.PrivateKey)3
MutableKeyStoreProtectionManager (org.nhindirect.common.crypto.MutableKeyStoreProtectionManager)3
Certificate (java.security.cert.Certificate)2
X509Certificate (java.security.cert.X509Certificate)2
Entry (java.util.Map.Entry)2
X509CertificateEx (org.nhindirect.stagent.cert.X509CertificateEx)2
CacheableKeyStoreManagerCertificateStore (org.nhindirect.stagent.cert.impl.CacheableKeyStoreManagerCertificateStore)2
File (java.io.File)1
RecipientInformation (org.bouncycastle.cms.RecipientInformation)1
SMIMEEnveloped (org.bouncycastle.mail.smime.SMIMEEnveloped)1
CryptoException (org.nhindirect.common.crypto.exceptions.CryptoException)1
