Search in sources :

Example 1 with BootstrappedPKCS11Credential

use of org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential in project nhin-d by DirectProject.

the class StaticPKCS11TokenKeyStoreProtectionManagerProvider method get.

/**
	 * {@inheritDoc}
	 */
@Override
public KeyStoreProtectionManager get() {
    final String pin = GatewayConfiguration.getConfigurationParam(SecurityAndTrustMailetOptions.KEYSTORE_MGR_PIN, mailet, "");
    final String keyStorePassPhraseAlias = GatewayConfiguration.getConfigurationParam(SecurityAndTrustMailetOptions.KEYSTORE_MGR_KEYSTORE_PASSPHRASE_ALIAS, mailet, "");
    final String privateKeyPassPhraseAlias = GatewayConfiguration.getConfigurationParam(SecurityAndTrustMailetOptions.KEYSTORE_MGR_PRIVATE_KEY_PASSPHRASE_ALIAS, mailet, "");
    final String storeType = GatewayConfiguration.getConfigurationParam(SecurityAndTrustMailetOptions.KEYSTORE_MGR_STORE_TYPE, mailet, "");
    final String pkcs11Provider = GatewayConfiguration.getConfigurationParam(SecurityAndTrustMailetOptions.KEYSTORE_MGR_PKCS11_PROVIDER, mailet, "");
    final String pkcs11Config = GatewayConfiguration.getConfigurationParam(SecurityAndTrustMailetOptions.KEYSTORE_MGR_PKCS11_CONFIG_FILE, mailet, "");
    final String pkcs11CustomConfig = GatewayConfiguration.getConfigurationParam(SecurityAndTrustMailetOptions.KEYSTORE_MGR_PKCS11_PROVIDER_CUSTOM_CONFIG_FILE, mailet, "");
    final String pkcs11CustomConfigString = GatewayConfiguration.getConfigurationParam(SecurityAndTrustMailetOptions.KEYSTORE_MGR_PKCS11_PROVIDER_CUSTOM_CONFIG_STRING, mailet, "");
    final BootstrappedPKCS11Credential cred = new BootstrappedPKCS11Credential(pin);
    try {
        final StaticPKCS11TokenKeyStoreProtectionManager mgr = new StaticPKCS11TokenKeyStoreProtectionManager();
        mgr.setCredential(cred);
        mgr.setKeyStorePassPhraseAlias(keyStorePassPhraseAlias);
        mgr.setPrivateKeyPassPhraseAlias(privateKeyPassPhraseAlias);
        if (!StringUtils.isEmpty(storeType))
            mgr.setKeyStoreType(storeType);
        if (!StringUtils.isEmpty(pkcs11Provider))
            mgr.setKeyStoreProviderName(pkcs11Provider);
        if (!StringUtils.isEmpty(pkcs11Config))
            mgr.setPcks11ConfigFile(pkcs11Config);
        if (!StringUtils.isEmpty(pkcs11CustomConfig)) {
            final String str = FileUtils.readFileToString(new File(pkcs11CustomConfig));
            mgr.setKeyStoreSourceAsString(str);
        }
        if (!StringUtils.isEmpty(pkcs11CustomConfigString)) {
            final InputStream str = new ByteArrayInputStream(pkcs11CustomConfigString.getBytes());
            mgr.setKeyStoreSource(str);
        }
        mgr.initTokenStore();
        return mgr;
    } catch (Throwable e) {
        throw new IllegalArgumentException("Failed to create key store manager.", e);
    }
}
Also used : ByteArrayInputStream(java.io.ByteArrayInputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) StaticPKCS11TokenKeyStoreProtectionManager(org.nhindirect.common.crypto.impl.StaticPKCS11TokenKeyStoreProtectionManager) BootstrappedPKCS11Credential(org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential) File(java.io.File)

Example 2 with BootstrappedPKCS11Credential

use of org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential in project nhin-d by DirectProject.

the class ConfigServiceRESTCertificateStore_getCertificateWithHSMKeyTest method getCertService.

protected ConfigServiceRESTCertificateStore getCertService() throws Exception {
    if (StringUtils.isEmpty(TestUtils.setupSafeNetToken()))
        return null;
    final ConfigServiceRESTCertificateStore certService = new ConfigServiceRESTCertificateStore(proxy);
    final PKCS11Credential cred = new BootstrappedPKCS11Credential("1Kingpuff");
    final StaticPKCS11TokenKeyStoreProtectionManager mgr = new StaticPKCS11TokenKeyStoreProtectionManager(cred, "KeyStoreProtKey", "PrivKeyProtKey");
    certService.setKeyStoreProectionManager(mgr);
    return certService;
}
Also used : PKCS11Credential(org.nhindirect.common.crypto.PKCS11Credential) BootstrappedPKCS11Credential(org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential) StaticPKCS11TokenKeyStoreProtectionManager(org.nhindirect.common.crypto.impl.StaticPKCS11TokenKeyStoreProtectionManager) BootstrappedPKCS11Credential(org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential)

Example 3 with BootstrappedPKCS11Credential

use of org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential in project nhin-d by DirectProject.

the class BaseKeyStoreManagerCertStoreTest method setUp.

@Override
public void setUp() throws Exception {
    CertCacheFactory.getInstance().flushAll();
    if (!StringUtils.isEmpty(TestUtils.setupSafeNetToken())) {
        // clean out the token of all private keys
        final PKCS11Credential cred = new BootstrappedPKCS11Credential("1Kingpuff");
        final MutableKeyStoreProtectionManager mgr = new StaticPKCS11TokenKeyStoreProtectionManager(cred, "", "");
        store = new CacheableKeyStoreManagerCertificateStore(mgr);
        store.remove(store.getAllCertificates());
        assertTrue(store.getAllCertificates().isEmpty());
    }
}
Also used : PKCS11Credential(org.nhindirect.common.crypto.PKCS11Credential) BootstrappedPKCS11Credential(org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential) MutableKeyStoreProtectionManager(org.nhindirect.common.crypto.MutableKeyStoreProtectionManager) StaticPKCS11TokenKeyStoreProtectionManager(org.nhindirect.common.crypto.impl.StaticPKCS11TokenKeyStoreProtectionManager) BootstrappedPKCS11Credential(org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential)

Example 4 with BootstrappedPKCS11Credential

use of org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential in project nhin-d by DirectProject.

the class SplitDirectRecipientInformation_getDecryptedContentTest method testGetDecryptedContent_safeNetHSMKeyEncProvider_assertDecrypted.

public void testGetDecryptedContent_safeNetHSMKeyEncProvider_assertDecrypted() throws Exception {
    /**
         * This test is only run if a specific SafeNet eToken Pro HSM is connected to the testing 
         * system.  This can be modified for another specific machine and/or token.
         */
    pkcs11ProvName = TestUtils.setupSafeNetToken();
    if (!StringUtils.isEmpty(pkcs11ProvName)) {
        final PKCS11Credential cred = new BootstrappedPKCS11Credential("1Kingpuff");
        final MutableKeyStoreProtectionManager mgr = new StaticPKCS11TokenKeyStoreProtectionManager(cred, "", "");
        final CacheableKeyStoreManagerCertificateStore store = new CacheableKeyStoreManagerCertificateStore(mgr);
        store.add(TestUtils.getInternalCert("user1"));
        // get a certificate from the key store
        final KeyStore ks = KeyStore.getInstance("PKCS11");
        ks.load(null, "1Kingpuff".toCharArray());
        // get the decryption cert
        X509CertificateEx decryptCert = null;
        final Enumeration<String> aliases = ks.aliases();
        while (aliases.hasMoreElements()) {
            String alias = aliases.nextElement();
            Certificate pkcs11Cert = ks.getCertificate(alias);
            if (pkcs11Cert != null && pkcs11Cert instanceof X509Certificate) {
                // check if there is private key
                Key key = ks.getKey(alias, null);
                if (key != null && key instanceof PrivateKey && CryptoExtensions.certSubjectContainsName((X509Certificate) pkcs11Cert, "user1@cerner.com")) {
                    decryptCert = X509CertificateEx.fromX509Certificate((X509Certificate) pkcs11Cert, (PrivateKey) key);
                    break;
                }
            }
        }
        final SMIMEEnveloped env = createSMIMEEnv();
        final RecipientInformation recipient = (RecipientInformation) env.getRecipientInfos().getRecipients().iterator().next();
        final SplitDirectRecipientInformationFactory factory = new SplitDirectRecipientInformationFactory(pkcs11ProvName, "BC");
        final SplitDirectRecipientInformation recInfo = (SplitDirectRecipientInformation) factory.createInstance(recipient, env);
        // this will be non-null if it works correctly
        assertNotNull(recInfo.getDecryptedContent(decryptCert.getPrivateKey()));
    }
}
Also used : PKCS11Credential(org.nhindirect.common.crypto.PKCS11Credential) BootstrappedPKCS11Credential(org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential) PrivateKey(java.security.PrivateKey) KeyStore(java.security.KeyStore) SMIMEEnveloped(org.bouncycastle.mail.smime.SMIMEEnveloped) X509Certificate(java.security.cert.X509Certificate) CacheableKeyStoreManagerCertificateStore(org.nhindirect.stagent.cert.impl.CacheableKeyStoreManagerCertificateStore) RecipientInformation(org.bouncycastle.cms.RecipientInformation) X509CertificateEx(org.nhindirect.stagent.cert.X509CertificateEx) MutableKeyStoreProtectionManager(org.nhindirect.common.crypto.MutableKeyStoreProtectionManager) StaticPKCS11TokenKeyStoreProtectionManager(org.nhindirect.common.crypto.impl.StaticPKCS11TokenKeyStoreProtectionManager) BootstrappedPKCS11Credential(org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential) Key(java.security.Key) PrivateKey(java.security.PrivateKey) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 5 with BootstrappedPKCS11Credential

use of org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential in project nhin-d by DirectProject.

the class ConfigServiceWSCertificateStore_getCertificateWithHSMKeyTest method getCertService.

protected ConfigServiceCertificateStore getCertService() throws Exception {
    if (StringUtils.isEmpty(TestUtils.setupSafeNetToken()))
        return null;
    final ConfigServiceCertificateStore certService = new ConfigServiceCertificateStore(proxy);
    final PKCS11Credential cred = new BootstrappedPKCS11Credential("1Kingpuff");
    final StaticPKCS11TokenKeyStoreProtectionManager mgr = new StaticPKCS11TokenKeyStoreProtectionManager(cred, "KeyStoreProtKey", "PrivKeyProtKey");
    certService.setKeyStoreProectionManager(mgr);
    return certService;
}
Also used : PKCS11Credential(org.nhindirect.common.crypto.PKCS11Credential) BootstrappedPKCS11Credential(org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential) StaticPKCS11TokenKeyStoreProtectionManager(org.nhindirect.common.crypto.impl.StaticPKCS11TokenKeyStoreProtectionManager) BootstrappedPKCS11Credential(org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential)

Aggregations

BootstrappedPKCS11Credential (org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential)7 StaticPKCS11TokenKeyStoreProtectionManager (org.nhindirect.common.crypto.impl.StaticPKCS11TokenKeyStoreProtectionManager)7 PKCS11Credential (org.nhindirect.common.crypto.PKCS11Credential)5 MutableKeyStoreProtectionManager (org.nhindirect.common.crypto.MutableKeyStoreProtectionManager)3 ByteArrayInputStream (java.io.ByteArrayInputStream)2 InputStream (java.io.InputStream)2 Key (java.security.Key)2 KeyStore (java.security.KeyStore)2 PrivateKey (java.security.PrivateKey)2 Certificate (java.security.cert.Certificate)2 X509Certificate (java.security.cert.X509Certificate)2 X509CertificateEx (org.nhindirect.stagent.cert.X509CertificateEx)2 CacheableKeyStoreManagerCertificateStore (org.nhindirect.stagent.cert.impl.CacheableKeyStoreManagerCertificateStore)2 BufferedReader (java.io.BufferedReader)1 Console (java.io.Console)1 File (java.io.File)1 IOException (java.io.IOException)1 InputStreamReader (java.io.InputStreamReader)1 RecipientInformation (org.bouncycastle.cms.RecipientInformation)1 SMIMEEnveloped (org.bouncycastle.mail.smime.SMIMEEnveloped)1