skc/2017.1/jni_example12_ex_kmip_12_java.html

package com.p6r.kmip;


import org.junit.*;

import javax.crypto.spec.SecretKeySpec;


import static org.junit.Assert.assertEquals;

import static org.junit.Assert.assertNotEquals;


public class JniWrappingKmip {


    private static final String _hostName = "kmiptest01.p6r.com";


    @BeforeClass

    public static void oneTimeSetUp() {

        // NOOP

        System.out.println("@BeforeClass - oneTimeSetUp");

    }


    @AfterClass

    public static void oneTimeTearDown() {

        // NOOP

        System.out.println("@AfterClass - oneTimeTearDown");

    }


    @Before

    public void setUp() {

        // NOOP

        System.out.println("@Before - setUp");

    }


    @After

    public void tearDown() {

        // NOOP

        System.out.println("@After - tearDown");

    }


    @Test

    public void JNICall_wrappingKMIP() {

        System.out.println("@Test - JNICall-wrappingKMIP");


        String dataKeyUID = null;

        String unwrappedKeyUID = null;

        String kekUID = null;

        TransparentSymmetricKey symKey = null;

        P6KMIPClient kc = new P6KMIPClient();


        try {

            kc.initializeLibrary(P6KMIPClient.FLAGS_NONE);

            kc.open(_hostName, null);


            // [A] Get the key to wrap and the Key Encrypting Key (KEK)

            dataKeyUID = kc.createSymmetricKey(KMIPConstants.ALG_AES, 128, (KMIPConstants.USAGE_MASK_ENCRYPT | KMIPConstants.USAGE_MASK_DECRYPT));

            System.out.println("UID of AES key to be wrapped: " + dataKeyUID);


            // -> display the original data key

            TransparentKey inTheClear = kc.getSymmetricKey(dataKeyUID);

            if (inTheClear instanceof TransparentSymmetricKey) {

                symKey = (TransparentSymmetricKey) inTheClear;

                SecretKeySpec sks = symKey.getSecretKeySpec();

                System.out.println("Secret key, algorithm: " + sks.getAlgorithm() + ", format: " + sks.getFormat() + "\n\n");

                assertEquals(sks.getAlgorithm(), "AES");


                byte[] keyMaterial = sks.getEncoded();

                System.out.println("The original key bytes [" + keyMaterial.length + "]");

                for (int i = 0; i < keyMaterial.length; i++) {

                    System.out.print(keyMaterial[i] + ", ");

                }

                System.out.print("\n");


            } else assertEquals(0, 1);


            kekUID = kc.createSymmetricKey(KMIPConstants.ALG_AES, 128, KMIPConstants.USAGE_MASK_WRAPKEY);

            System.out.println("\nUID of AES key as KEK: " + kekUID);


            // -> the key must be activated before we can use it on the server to do encryption

            kc.activate(kekUID);


            // [B] Ask the server to give us the data key wrapped in the KEK

            WrappedKey wk = kc.getWrappedKey(dataKeyUID, kekUID, KMIPConstants.MODE_NISTKEYWRAP);

            assertNotEquals(null, wk);

            byte[] cipherText = wk.getWrappedBytes();

            System.out.println("\nThe wrapped key algorithm: " + wk.getAlgorithm() + ", key length: " + wk.getKeyLength());

            System.out.println("The wrapped key bytes [" + cipherText.length + "]");

            for (int i = 0; i < cipherText.length; i++) {

                System.out.print(cipherText[i] + ", ");

            }

            System.out.print("\n");


            // [C] Now try to write it back to the server, note that many KMIP servers will not unwrap a key

            try {

                unwrappedKeyUID = kc.unwrapKey(kekUID, KMIPConstants.MODE_NISTKEYWRAP, cipherText, KMIPConstants.OBJECT_SYMMETRICKEY, KMIPConstants.ALG_AES, 128, (KMIPConstants.USAGE_MASK_ENCRYPT | KMIPConstants.USAGE_MASK_DECRYPT));

                System.out.println("\nUID of unwrapped key: " + unwrappedKeyUID);


                // -> did the server really unwrap the key?

                inTheClear = kc.getSymmetricKey(unwrappedKeyUID);

                if (inTheClear instanceof TransparentSymmetricKey) {

                    symKey = (TransparentSymmetricKey) inTheClear;

                    SecretKeySpec sks = symKey.getSecretKeySpec();

                    System.out.println("Secret key, algorithm: " + sks.getAlgorithm() + ", format: " + sks.getFormat() + "\n");

                    assertEquals(sks.getAlgorithm(), "AES");


                    byte[] keyMaterial = sks.getEncoded();

                    System.out.println("The key bytes after being unwrapped should equal the original bytes, if not then the unwrap did not work [" + keyMaterial.length + "]");

                    for (int i = 0; i < keyMaterial.length; i++) {

                        System.out.print(keyMaterial[i] + ", ");

                    }

                    System.out.print("\n");


                } else assertEquals(0, 1);

            }

            catch( Exception e ) {

                System.out.println(e.toString());

            }


            if (null != unwrappedKeyUID) kc.destroy(unwrappedKeyUID);


            // [D] An active key cannot be destroyed

            kc.revoke(kekUID, KMIPConstants.REVOCATION_CESSATION_OF_OPERATION, "Done with test 1");

            kc.destroy(kekUID);

            kc.destroy(dataKeyUID);


            kc.close();

            kc.freeLibrary();


        } catch (Exception e) {

            System.out.println(e.toString());

            assertEquals(0, 1);

        }

    }

}