use of org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential in project nhin-d by DirectProject.
the class StaticPKCS11TokenKeyStoreProtectionManagerProvider method get.
/**
* {@inheritDoc}
*/
@Override
public KeyStoreProtectionManager get() {
final String pin = GatewayConfiguration.getConfigurationParam(SecurityAndTrustMailetOptions.KEYSTORE_MGR_PIN, mailet, "");
final String keyStorePassPhraseAlias = GatewayConfiguration.getConfigurationParam(SecurityAndTrustMailetOptions.KEYSTORE_MGR_KEYSTORE_PASSPHRASE_ALIAS, mailet, "");
final String privateKeyPassPhraseAlias = GatewayConfiguration.getConfigurationParam(SecurityAndTrustMailetOptions.KEYSTORE_MGR_PRIVATE_KEY_PASSPHRASE_ALIAS, mailet, "");
final String storeType = GatewayConfiguration.getConfigurationParam(SecurityAndTrustMailetOptions.KEYSTORE_MGR_STORE_TYPE, mailet, "");
final String pkcs11Provider = GatewayConfiguration.getConfigurationParam(SecurityAndTrustMailetOptions.KEYSTORE_MGR_PKCS11_PROVIDER, mailet, "");
final String pkcs11Config = GatewayConfiguration.getConfigurationParam(SecurityAndTrustMailetOptions.KEYSTORE_MGR_PKCS11_CONFIG_FILE, mailet, "");
final String pkcs11CustomConfig = GatewayConfiguration.getConfigurationParam(SecurityAndTrustMailetOptions.KEYSTORE_MGR_PKCS11_PROVIDER_CUSTOM_CONFIG_FILE, mailet, "");
final String pkcs11CustomConfigString = GatewayConfiguration.getConfigurationParam(SecurityAndTrustMailetOptions.KEYSTORE_MGR_PKCS11_PROVIDER_CUSTOM_CONFIG_STRING, mailet, "");
final BootstrappedPKCS11Credential cred = new BootstrappedPKCS11Credential(pin);
try {
final StaticPKCS11TokenKeyStoreProtectionManager mgr = new StaticPKCS11TokenKeyStoreProtectionManager();
mgr.setCredential(cred);
mgr.setKeyStorePassPhraseAlias(keyStorePassPhraseAlias);
mgr.setPrivateKeyPassPhraseAlias(privateKeyPassPhraseAlias);
if (!StringUtils.isEmpty(storeType))
mgr.setKeyStoreType(storeType);
if (!StringUtils.isEmpty(pkcs11Provider))
mgr.setKeyStoreProviderName(pkcs11Provider);
if (!StringUtils.isEmpty(pkcs11Config))
mgr.setPcks11ConfigFile(pkcs11Config);
if (!StringUtils.isEmpty(pkcs11CustomConfig)) {
final String str = FileUtils.readFileToString(new File(pkcs11CustomConfig));
mgr.setKeyStoreSourceAsString(str);
}
if (!StringUtils.isEmpty(pkcs11CustomConfigString)) {
final InputStream str = new ByteArrayInputStream(pkcs11CustomConfigString.getBytes());
mgr.setKeyStoreSource(str);
}
mgr.initTokenStore();
return mgr;
} catch (Throwable e) {
throw new IllegalArgumentException("Failed to create key store manager.", e);
}
}
use of org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential in project nhin-d by DirectProject.
the class ConfigServiceRESTCertificateStore_getCertificateWithHSMKeyTest method getCertService.
protected ConfigServiceRESTCertificateStore getCertService() throws Exception {
if (StringUtils.isEmpty(TestUtils.setupSafeNetToken()))
return null;
final ConfigServiceRESTCertificateStore certService = new ConfigServiceRESTCertificateStore(proxy);
final PKCS11Credential cred = new BootstrappedPKCS11Credential("1Kingpuff");
final StaticPKCS11TokenKeyStoreProtectionManager mgr = new StaticPKCS11TokenKeyStoreProtectionManager(cred, "KeyStoreProtKey", "PrivKeyProtKey");
certService.setKeyStoreProectionManager(mgr);
return certService;
}
use of org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential in project nhin-d by DirectProject.
the class BaseKeyStoreManagerCertStoreTest method setUp.
@Override
public void setUp() throws Exception {
CertCacheFactory.getInstance().flushAll();
if (!StringUtils.isEmpty(TestUtils.setupSafeNetToken())) {
// clean out the token of all private keys
final PKCS11Credential cred = new BootstrappedPKCS11Credential("1Kingpuff");
final MutableKeyStoreProtectionManager mgr = new StaticPKCS11TokenKeyStoreProtectionManager(cred, "", "");
store = new CacheableKeyStoreManagerCertificateStore(mgr);
store.remove(store.getAllCertificates());
assertTrue(store.getAllCertificates().isEmpty());
}
}
use of org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential in project nhin-d by DirectProject.
the class SplitDirectRecipientInformation_getDecryptedContentTest method testGetDecryptedContent_safeNetHSMKeyEncProvider_assertDecrypted.
public void testGetDecryptedContent_safeNetHSMKeyEncProvider_assertDecrypted() throws Exception {
/**
* This test is only run if a specific SafeNet eToken Pro HSM is connected to the testing
* system. This can be modified for another specific machine and/or token.
*/
pkcs11ProvName = TestUtils.setupSafeNetToken();
if (!StringUtils.isEmpty(pkcs11ProvName)) {
final PKCS11Credential cred = new BootstrappedPKCS11Credential("1Kingpuff");
final MutableKeyStoreProtectionManager mgr = new StaticPKCS11TokenKeyStoreProtectionManager(cred, "", "");
final CacheableKeyStoreManagerCertificateStore store = new CacheableKeyStoreManagerCertificateStore(mgr);
store.add(TestUtils.getInternalCert("user1"));
// get a certificate from the key store
final KeyStore ks = KeyStore.getInstance("PKCS11");
ks.load(null, "1Kingpuff".toCharArray());
// get the decryption cert
X509CertificateEx decryptCert = null;
final Enumeration<String> aliases = ks.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
Certificate pkcs11Cert = ks.getCertificate(alias);
if (pkcs11Cert != null && pkcs11Cert instanceof X509Certificate) {
// check if there is private key
Key key = ks.getKey(alias, null);
if (key != null && key instanceof PrivateKey && CryptoExtensions.certSubjectContainsName((X509Certificate) pkcs11Cert, "user1@cerner.com")) {
decryptCert = X509CertificateEx.fromX509Certificate((X509Certificate) pkcs11Cert, (PrivateKey) key);
break;
}
}
}
final SMIMEEnveloped env = createSMIMEEnv();
final RecipientInformation recipient = (RecipientInformation) env.getRecipientInfos().getRecipients().iterator().next();
final SplitDirectRecipientInformationFactory factory = new SplitDirectRecipientInformationFactory(pkcs11ProvName, "BC");
final SplitDirectRecipientInformation recInfo = (SplitDirectRecipientInformation) factory.createInstance(recipient, env);
// this will be non-null if it works correctly
assertNotNull(recInfo.getDecryptedContent(decryptCert.getPrivateKey()));
}
}
use of org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential in project nhin-d by DirectProject.
the class ConfigServiceWSCertificateStore_getCertificateWithHSMKeyTest method getCertService.
protected ConfigServiceCertificateStore getCertService() throws Exception {
if (StringUtils.isEmpty(TestUtils.setupSafeNetToken()))
return null;
final ConfigServiceCertificateStore certService = new ConfigServiceCertificateStore(proxy);
final PKCS11Credential cred = new BootstrappedPKCS11Credential("1Kingpuff");
final StaticPKCS11TokenKeyStoreProtectionManager mgr = new StaticPKCS11TokenKeyStoreProtectionManager(cred, "KeyStoreProtKey", "PrivKeyProtKey");
certService.setKeyStoreProectionManager(mgr);
return certService;
}
Aggregations