Example 1 with StaticPKCS11TokenKeyStoreProtectionManager
use of org.nhindirect.common.crypto.impl.StaticPKCS11TokenKeyStoreProtectionManager in project nhin-d by DirectProject.
the class BaseKeyStoreManagerCertStoreTest method setUp.
@Override
public void setUp() throws Exception {
CertCacheFactory.getInstance().flushAll();
if (!StringUtils.isEmpty(TestUtils.setupSafeNetToken())) {
// clean out the token of all private keys
final PKCS11Credential cred = new BootstrappedPKCS11Credential("1Kingpuff");
final MutableKeyStoreProtectionManager mgr = new StaticPKCS11TokenKeyStoreProtectionManager(cred, "", "");
store = new CacheableKeyStoreManagerCertificateStore(mgr);
store.remove(store.getAllCertificates());
assertTrue(store.getAllCertificates().isEmpty());
}
}
Also used :
PKCS11Credential(org.nhindirect.common.crypto.PKCS11Credential)
BootstrappedPKCS11Credential(org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential)
MutableKeyStoreProtectionManager(org.nhindirect.common.crypto.MutableKeyStoreProtectionManager)
StaticPKCS11TokenKeyStoreProtectionManager(org.nhindirect.common.crypto.impl.StaticPKCS11TokenKeyStoreProtectionManager)
BootstrappedPKCS11Credential(org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential)
Example 2 with StaticPKCS11TokenKeyStoreProtectionManager
use of org.nhindirect.common.crypto.impl.StaticPKCS11TokenKeyStoreProtectionManager in project nhin-d by DirectProject.
the class SplitDirectRecipientInformation_getDecryptedContentTest method testGetDecryptedContent_safeNetHSMKeyEncProvider_assertDecrypted.
public void testGetDecryptedContent_safeNetHSMKeyEncProvider_assertDecrypted() throws Exception {
/**
* This test is only run if a specific SafeNet eToken Pro HSM is connected to the testing
* system. This can be modified for another specific machine and/or token.
*/
pkcs11ProvName = TestUtils.setupSafeNetToken();
if (!StringUtils.isEmpty(pkcs11ProvName)) {
final PKCS11Credential cred = new BootstrappedPKCS11Credential("1Kingpuff");
final MutableKeyStoreProtectionManager mgr = new StaticPKCS11TokenKeyStoreProtectionManager(cred, "", "");
final CacheableKeyStoreManagerCertificateStore store = new CacheableKeyStoreManagerCertificateStore(mgr);
store.add(TestUtils.getInternalCert("user1"));
// get a certificate from the key store
final KeyStore ks = KeyStore.getInstance("PKCS11");
ks.load(null, "1Kingpuff".toCharArray());
// get the decryption cert
X509CertificateEx decryptCert = null;
final Enumeration<String> aliases = ks.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
Certificate pkcs11Cert = ks.getCertificate(alias);
if (pkcs11Cert != null && pkcs11Cert instanceof X509Certificate) {
// check if there is private key
Key key = ks.getKey(alias, null);
if (key != null && key instanceof PrivateKey && CryptoExtensions.certSubjectContainsName((X509Certificate) pkcs11Cert, "user1@cerner.com")) {
decryptCert = X509CertificateEx.fromX509Certificate((X509Certificate) pkcs11Cert, (PrivateKey) key);
break;
}
}
}
final SMIMEEnveloped env = createSMIMEEnv();
final RecipientInformation recipient = (RecipientInformation) env.getRecipientInfos().getRecipients().iterator().next();
final SplitDirectRecipientInformationFactory factory = new SplitDirectRecipientInformationFactory(pkcs11ProvName, "BC");
final SplitDirectRecipientInformation recInfo = (SplitDirectRecipientInformation) factory.createInstance(recipient, env);
// this will be non-null if it works correctly
assertNotNull(recInfo.getDecryptedContent(decryptCert.getPrivateKey()));
}
}
Also used :
PKCS11Credential(org.nhindirect.common.crypto.PKCS11Credential)
BootstrappedPKCS11Credential(org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential)
PrivateKey(java.security.PrivateKey)
KeyStore(java.security.KeyStore)
SMIMEEnveloped(org.bouncycastle.mail.smime.SMIMEEnveloped)
X509Certificate(java.security.cert.X509Certificate)
CacheableKeyStoreManagerCertificateStore(org.nhindirect.stagent.cert.impl.CacheableKeyStoreManagerCertificateStore)
RecipientInformation(org.bouncycastle.cms.RecipientInformation)
X509CertificateEx(org.nhindirect.stagent.cert.X509CertificateEx)
MutableKeyStoreProtectionManager(org.nhindirect.common.crypto.MutableKeyStoreProtectionManager)
StaticPKCS11TokenKeyStoreProtectionManager(org.nhindirect.common.crypto.impl.StaticPKCS11TokenKeyStoreProtectionManager)
BootstrappedPKCS11Credential(org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 3 with StaticPKCS11TokenKeyStoreProtectionManager
use of org.nhindirect.common.crypto.impl.StaticPKCS11TokenKeyStoreProtectionManager in project nhin-d by DirectProject.
the class StaticPKCS11TokenKeyStoreProtectionManagerProvider method get.
/**
* {@inheritDoc}
*/
@Override
public KeyStoreProtectionManager get() {
final String pin = GatewayConfiguration.getConfigurationParam(SecurityAndTrustMailetOptions.KEYSTORE_MGR_PIN, mailet, "");
final String keyStorePassPhraseAlias = GatewayConfiguration.getConfigurationParam(SecurityAndTrustMailetOptions.KEYSTORE_MGR_KEYSTORE_PASSPHRASE_ALIAS, mailet, "");
final String privateKeyPassPhraseAlias = GatewayConfiguration.getConfigurationParam(SecurityAndTrustMailetOptions.KEYSTORE_MGR_PRIVATE_KEY_PASSPHRASE_ALIAS, mailet, "");
final String storeType = GatewayConfiguration.getConfigurationParam(SecurityAndTrustMailetOptions.KEYSTORE_MGR_STORE_TYPE, mailet, "");
final String pkcs11Provider = GatewayConfiguration.getConfigurationParam(SecurityAndTrustMailetOptions.KEYSTORE_MGR_PKCS11_PROVIDER, mailet, "");
final String pkcs11Config = GatewayConfiguration.getConfigurationParam(SecurityAndTrustMailetOptions.KEYSTORE_MGR_PKCS11_CONFIG_FILE, mailet, "");
final String pkcs11CustomConfig = GatewayConfiguration.getConfigurationParam(SecurityAndTrustMailetOptions.KEYSTORE_MGR_PKCS11_PROVIDER_CUSTOM_CONFIG_FILE, mailet, "");
final String pkcs11CustomConfigString = GatewayConfiguration.getConfigurationParam(SecurityAndTrustMailetOptions.KEYSTORE_MGR_PKCS11_PROVIDER_CUSTOM_CONFIG_STRING, mailet, "");
final BootstrappedPKCS11Credential cred = new BootstrappedPKCS11Credential(pin);
try {
final StaticPKCS11TokenKeyStoreProtectionManager mgr = new StaticPKCS11TokenKeyStoreProtectionManager();
mgr.setCredential(cred);
mgr.setKeyStorePassPhraseAlias(keyStorePassPhraseAlias);
mgr.setPrivateKeyPassPhraseAlias(privateKeyPassPhraseAlias);
if (!StringUtils.isEmpty(storeType))
mgr.setKeyStoreType(storeType);
if (!StringUtils.isEmpty(pkcs11Provider))
mgr.setKeyStoreProviderName(pkcs11Provider);
if (!StringUtils.isEmpty(pkcs11Config))
mgr.setPcks11ConfigFile(pkcs11Config);
if (!StringUtils.isEmpty(pkcs11CustomConfig)) {
final String str = FileUtils.readFileToString(new File(pkcs11CustomConfig));
mgr.setKeyStoreSourceAsString(str);
}
if (!StringUtils.isEmpty(pkcs11CustomConfigString)) {
final InputStream str = new ByteArrayInputStream(pkcs11CustomConfigString.getBytes());
mgr.setKeyStoreSource(str);
}
mgr.initTokenStore();
return mgr;
} catch (Throwable e) {
throw new IllegalArgumentException("Failed to create key store manager.", e);
}
}
Also used :
ByteArrayInputStream(java.io.ByteArrayInputStream)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
StaticPKCS11TokenKeyStoreProtectionManager(org.nhindirect.common.crypto.impl.StaticPKCS11TokenKeyStoreProtectionManager)
BootstrappedPKCS11Credential(org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential)
File(java.io.File)
Example 4 with StaticPKCS11TokenKeyStoreProtectionManager
use of org.nhindirect.common.crypto.impl.StaticPKCS11TokenKeyStoreProtectionManager in project nhin-d by DirectProject.
the class ConfigServiceRESTCertificateStore_getCertificateWithHSMKeyTest method getCertService.
protected ConfigServiceRESTCertificateStore getCertService() throws Exception {
if (StringUtils.isEmpty(TestUtils.setupSafeNetToken()))
return null;
final ConfigServiceRESTCertificateStore certService = new ConfigServiceRESTCertificateStore(proxy);
final PKCS11Credential cred = new BootstrappedPKCS11Credential("1Kingpuff");
final StaticPKCS11TokenKeyStoreProtectionManager mgr = new StaticPKCS11TokenKeyStoreProtectionManager(cred, "KeyStoreProtKey", "PrivKeyProtKey");
certService.setKeyStoreProectionManager(mgr);
return certService;
}
Also used :
PKCS11Credential(org.nhindirect.common.crypto.PKCS11Credential)
BootstrappedPKCS11Credential(org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential)
StaticPKCS11TokenKeyStoreProtectionManager(org.nhindirect.common.crypto.impl.StaticPKCS11TokenKeyStoreProtectionManager)
BootstrappedPKCS11Credential(org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential)
Example 5 with StaticPKCS11TokenKeyStoreProtectionManager
use of org.nhindirect.common.crypto.impl.StaticPKCS11TokenKeyStoreProtectionManager in project nhin-d by DirectProject.
the class PKCS11SecretKeyManager method tokenLogin.
public static MutableKeyStoreProtectionManager tokenLogin() throws CryptoException {
try {
//System.console();
final Console cons = null;
char[] passwd = null;
if (cons != null) {
passwd = cons.readPassword("[%s]", "Enter hardware token password: ");
java.util.Arrays.fill(passwd, ' ');
} else {
System.out.print("Enter hardware token password: ");
final BufferedReader reader = new BufferedReader(new InputStreamReader(System.in));
passwd = reader.readLine().toCharArray();
}
final BootstrappedPKCS11Credential cred = new BootstrappedPKCS11Credential(new String(passwd));
final StaticPKCS11TokenKeyStoreProtectionManager loginMgr = new StaticPKCS11TokenKeyStoreProtectionManager();
loginMgr.setCredential(cred);
loginMgr.setKeyStoreProviderName(providerName);
if (!StringUtils.isEmpty(keyStoreType))
loginMgr.setKeyStoreType(keyStoreType);
if (!StringUtils.isEmpty(keyStoreSource)) {
InputStream str = new ByteArrayInputStream(keyStoreSource.getBytes());
loginMgr.setKeyStoreSource(str);
}
if (!StringUtils.isEmpty(pkcs11ProviderCfg))
loginMgr.setPcks11ConfigFile(pkcs11ProviderCfg);
loginMgr.initTokenStore();
return loginMgr;
} catch (Exception e) {
throw new RuntimeException("Error getting password.", e);
}
}
Also used :
InputStreamReader(java.io.InputStreamReader)
ByteArrayInputStream(java.io.ByteArrayInputStream)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
StaticPKCS11TokenKeyStoreProtectionManager(org.nhindirect.common.crypto.impl.StaticPKCS11TokenKeyStoreProtectionManager)
Console(java.io.Console)
BufferedReader(java.io.BufferedReader)
BootstrappedPKCS11Credential(org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential)
IOException(java.io.IOException)
CryptoException(org.nhindirect.common.crypto.exceptions.CryptoException)
Aggregations
BootstrappedPKCS11Credential (org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential)7
StaticPKCS11TokenKeyStoreProtectionManager (org.nhindirect.common.crypto.impl.StaticPKCS11TokenKeyStoreProtectionManager)7
PKCS11Credential (org.nhindirect.common.crypto.PKCS11Credential)5
MutableKeyStoreProtectionManager (org.nhindirect.common.crypto.MutableKeyStoreProtectionManager)3
ByteArrayInputStream (java.io.ByteArrayInputStream)2
InputStream (java.io.InputStream)2
Key (java.security.Key)2
KeyStore (java.security.KeyStore)2
PrivateKey (java.security.PrivateKey)2
Certificate (java.security.cert.Certificate)2
X509Certificate (java.security.cert.X509Certificate)2
X509CertificateEx (org.nhindirect.stagent.cert.X509CertificateEx)2
CacheableKeyStoreManagerCertificateStore (org.nhindirect.stagent.cert.impl.CacheableKeyStoreManagerCertificateStore)2
BufferedReader (java.io.BufferedReader)1
Console (java.io.Console)1
File (java.io.File)1
IOException (java.io.IOException)1
InputStreamReader (java.io.InputStreamReader)1
RecipientInformation (org.bouncycastle.cms.RecipientInformation)1
SMIMEEnveloped (org.bouncycastle.mail.smime.SMIMEEnveloped)1
