Developer's Guide
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
JniPKCS12Kmip.java
package com.p6r.kmip;
import org.junit.*;
import sun.security.tools.keytool.CertAndKeyGen;
import sun.security.x509.X500Name;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Enumeration;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotEquals;
public class JniPKCS12Kmip {
private static final String _hostName = "kmiptest01.p6r.com";
@BeforeClass
public static void oneTimeSetUp() {
// NOOP
System.out.println("@BeforeClass - oneTimeSetUp");
}
@AfterClass
public static void oneTimeTearDown() {
// NOOP
System.out.println("@AfterClass - oneTimeTearDown");
}
@Before
public void setUp() {
// NOOP
System.out.println("@Before - setUp");
}
@After
public void tearDown() {
// NOOP
System.out.println("@After - tearDown");
}
@Test
public void JNICall_PKCS12KMIP() {
System.out.println("@Test - JNICall-PKCS12KMIP");
String[] attribute = null;
byte[] secretData = new byte[8];
P6KMIPClient kc = new P6KMIPClient();
secretData[0] = 0x70;
secretData[1] = 0x61;
secretData[2] = 0x73;
secretData[3] = 0x73;
secretData[4] = 0x77;
secretData[5] = 0x6f;
secretData[6] = 0x72;
secretData[7] = 0x64;
try {
kc.initializeLibrary(P6KMIPClient.FLAGS_NONE);
kc.open(_hostName, null);
// [A] First place the "password" for the PKCS#12 object on the server
String secretUID = kc.registerSecretData(KMIPConstants.USAGE_MASK_DERIVEKEY, secretData);
System.out.println("Successfully put secret data on the KMIP server: " + secretUID);
// -> both keys must be in the activate state to use it to derive another key
kc.activate(secretUID);
attribute = kc.getAttribute(secretUID, "State");
assertEquals(attribute[0], "Active");
System.out.println("UID of new secret data: " + secretUID + ", State = " + attribute[0]);
// [B] Lets wrap a certificate and a private key both in the PKCS#12 object
CertAndKeyGen gen = new CertAndKeyGen("RSA", "SHA1WithRSA");
gen.generate(1024);
X509Certificate cert = gen.getSelfCertificate(new X500Name("CN=ROOT"), (long) 365 * 24 * 3600);
PrivateKey prvKey = gen.getPrivateKey();
byte[] certBytes = cert.getEncoded();
byte[] privateKeyBytes = prvKey.getEncoded();
PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(privateKeyBytes);
String certUID = kc.registerCertificate(KMIPConstants.USAGE_MASK_SIGN, certBytes);
System.out.println("\nSuccessfully put the cert on the KMIP server: " + certUID);
// [C] Put a private key into the returned P12 object
String privUID = kc.registerPrivateKey(KMIPConstants.ALG_RSA, 1024, (KMIPConstants.USAGE_MASK_DECRYPT | KMIPConstants.USAGE_MASK_ENCRYPT), null, privateKeySpec.getEncoded());
System.out.println("\nUID of registered RSA private key: " + privUID);
assertNotEquals(privUID, null);
// -> place a Link attribute on the secret data that will be used as the P12 object's password
StructAttribute complex = new StructAttribute();
complex = new StructAttribute();
complex.setAttributeName("Link");
complex.setEnumeration(KMIPConstants.LINK_PKCS12PASSWORD);
complex.setAttributeValue(secretUID);
kc.addStructAttribute(privUID, complex);
// -> place a link to the matching certificate so it can also be added to the PKCS#12 object
complex = new StructAttribute();
complex.setAttributeName("Link");
complex.setEnumeration(KMIPConstants.LINK_PKCS12CERT);
complex.setAttributeValue(certUID);
kc.addStructAttribute(privUID, complex);
// [D] Ask the server to return the key in a P12 encoding
byte[] p12Blob = kc.getP12Object(privUID);
System.out.println("\nSuccessfully got the PKCS#12 object from the KMIP server");
assertNotEquals(p12Blob, null);
// -> load the PKCS#12 object into a Java keystore
InputStream p12Stream = new ByteArrayInputStream(p12Blob);
String password = new String(secretData);
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(p12Stream, password.toCharArray());
System.out.println("Number of keystore entries: " + keyStore.size());
Enumeration<String> contents = keyStore.aliases();
for (Enumeration<String> e = contents; e.hasMoreElements();) {
String alias = e.nextElement();
System.out.println("Keystore element: " + alias + ", is certificate: " + keyStore.isCertificateEntry(alias) + ", or is key: " + keyStore.isKeyEntry(alias));
}
kc.revoke(secretUID, KMIPConstants.REVOCATION_CESSATION_OF_OPERATION, "Done with test P12");
kc.destroy(secretUID);
kc.destroy(certUID);
kc.destroy(privUID);
// [E] Try to reload the PKCS#12 blob back into the KMIP server
String prvKey2UID = kc.registerP12Object( "alias44", (KMIPConstants.USAGE_MASK_DECRYPT | KMIPConstants.USAGE_MASK_ENCRYPT), p12Blob);
System.out.println("\nUID of RSA private key via registering PKCS#12 object: " + prvKey2UID);
System.out.println("\nShow ALL attributes associated with the PKCS#12 loaded private key");
attribute = kc.getAllAttributes(prvKey2UID);
assertNotEquals(attribute, null);
for( int i=0; i < attribute.length; i++ ) {
System.out.println( "attribute " + i + "> " + attribute[i]);
}
kc.destroy(prvKey2UID);
kc.close();
kc.freeLibrary();
} catch (Exception e) {
// -> we shoud not get here
System.out.println(e.toString());
assertEquals(0, 1);
}
}
}