skc/2017.1/jni_example20_ex_kmip_20_java.html

package com.p6r.kmip;


import org.junit.*;

import static org.junit.Assert.assertEquals;

import static org.junit.Assert.assertNotEquals;


public class JniSignKmip {


    private static final String _hostName = "kmiptest01.p6r.com";


    @BeforeClass

    public static void oneTimeSetUp() {

        // NOOP

        System.out.println("@BeforeClass - oneTimeSetUp");

    }


    @AfterClass

    public static void oneTimeTearDown() {

        // NOOP

        System.out.println("@AfterClass - oneTimeTearDown");

    }


    @Before

    public void setUp() {

        // NOOP

        System.out.println("@Before - setUp");

    }


    @After

    public void tearDown() {

        // NOOP

        System.out.println("@After - tearDown");

    }


    @Test

    public void JNICall_signDigestedKMIP() {

        System.out.println("@Test - JNICall-signDigestedKMIP");


        CryptoParams params = null;

        byte[] signData = new byte[16];

        P6KMIPClient kc = new P6KMIPClient();


        try {

            kc.initializeLibrary(P6KMIPClient.FLAGS_NONE);

            kc.open(_hostName, null);


            // -> sign with the private key and verify with the public key

            KeyPairIds pi = kc.createKeyPair(KMIPConstants.ALG_RSA, 2048, KMIPConstants.USAGE_MASK_VERIFY, KMIPConstants.USAGE_MASK_SIGN);

            System.out.println("\nUID of new public key:  " + pi.getPublicKeyUID());

            System.out.println("UID of new private key: " + pi.getPrivateKeyUID());


            kc.activate(pi.getPublicKeyUID());

            kc.activate(pi.getPrivateKeyUID());


            for (int i = 0; i < signData.length; i++) {

                signData[i] = (byte) (i + 1);

            }

            SignData rawData = new SignData();

            rawData.setDigestedData(signData);


            params = new CryptoParams();

            params.setCryptoAlgorithm(KMIPConstants.ALG_RSA);


            // -> generate the signature with digested data

            byte[] signature = kc.sign(pi.getPrivateKeyUID(), params, rawData);

            assertNotEquals(signature, null);

            System.out.println("The signature bytes [" + signature.length + "]");

            for (int i = 0; i < signature.length; i++) {

                System.out.print(signature[i] + ", ");

            }

            System.out.print("\n");


            // -> verify the signature with digested data

            boolean isVerified = kc.signatureVerify(pi.getPublicKeyUID(), params, rawData, signature);

            assertEquals(isVerified, true);


            // -> show that it can fail by using data instead of digested data

            rawData = new SignData();

            rawData.setData(signData);

            isVerified = kc.signatureVerify(pi.getPublicKeyUID(), params, rawData, signature);

            // assertEquals(isVerified, false);    // some servers seem not to fail here when they should


            // -> an active key cannot be destroyed

            kc.revoke(pi.getPublicKeyUID(), KMIPConstants.REVOCATION_CESSATION_OF_OPERATION, "Done with Digested Sign Test");

            kc.revoke(pi.getPrivateKeyUID(), KMIPConstants.REVOCATION_CESSATION_OF_OPERATION, "Done with Digested Sign Test");

            kc.destroy(pi.getPublicKeyUID());

            kc.destroy(pi.getPrivateKeyUID());


            kc.close();

            kc.freeLibrary();


        } catch (Exception e) {

            System.out.println(e.toString());

            assertEquals(0, 1);

        }

    }

}