skc/2017.1/jni_example22_ex_kmip_22_java.html

package com.p6r.kmip;


import org.junit.*;

import static org.junit.Assert.assertEquals;

import static org.junit.Assert.assertNotEquals;


public class JniStreamingGCMKmip {


    private static final String _hostName =  "kmiptest01.p6r.com";


    @BeforeClass

    public static void oneTimeSetUp() {

        // NOOP

        System.out.println("@BeforeClass - oneTimeSetUp");

    }


    @AfterClass

    public static void oneTimeTearDown() {

        // NOOP

        System.out.println("@AfterClass - oneTimeTearDown");

    }


    @Before

    public void setUp() {

        // NOOP

        System.out.println("@Before - setUp");

    }


    @After

    public void tearDown() {

        // NOOP

        System.out.println("@After - tearDown");

    }


    @Test

    public void JNICall_streamingGCMKMIP() {

        System.out.println("@Test - JNICall-streamingGCMKMIP");


        String uid = null;

        byte[] sampleData1 = new byte[32];

        byte[] sampleData2 = new byte[50];

        byte[] IV = new byte[8];

        byte[] additionalData = new byte[20];

        byte[] correlation = null;

        P6KMIPClient kc = new P6KMIPClient();


        try {

            String libraryVersion = kc.getLibraryVersion();

            System.out.println("JNI KMIP library version: " + libraryVersion + "\n" );


            // [A] GCM encryption can optionally take additional data separate from the clear text

            for (int i = 0; i < sampleData1.length; i++) sampleData1[i] = (byte) (i + 22);

            for (int i = 0; i < sampleData2.length; i++) sampleData2[i] = (byte) (i + 19);


            for (int i = 0; i < IV.length; i++) IV[i] = (byte) (i + 2);


            additionalData[0]  = (byte)0xfe;

            additionalData[1]  = (byte)0xed;

            additionalData[2]  = (byte)0xfa;

            additionalData[3]  = (byte)0xce;

            additionalData[4]  = (byte)0xde;

            additionalData[5]  = (byte)0xad;

            additionalData[6]  = (byte)0xbe;

            additionalData[7]  = (byte)0xef;

            additionalData[8]  = (byte)0xfe;

            additionalData[9]  = (byte)0xed;

            additionalData[10] = (byte)0xfa;

            additionalData[11] = (byte)0xce;

            additionalData[12] = (byte)0xde;

            additionalData[13] = (byte)0xad;

            additionalData[14] = (byte)0xbe;

            additionalData[15] = (byte)0xef;

            additionalData[16] = (byte)0xab;

            additionalData[17] = (byte)0xad;

            additionalData[18] = (byte)0xda;

            additionalData[19] = (byte)0xd2;


            kc.initializeLibrary(P6KMIPClient.FLAGS_NONE);

            kc.open(_hostName, null);


            uid = kc.createSymmetricKey(KMIPConstants.ALG_AES, 128, (KMIPConstants.USAGE_MASK_ENCRYPT | KMIPConstants.USAGE_MASK_DECRYPT));

            System.out.println("UID of AES key for streaming GCM encryption: " + uid);


            // -> the key must be activated before we can use it on the server to do encryption

            kc.activate(uid);


            CryptoParams params = new CryptoParams();

            params.setBlockCipherMode(KMIPConstants.MODE_GCM);

            params.setTagLength(16);


            StreamHandle sh = kc.encryptGCMInit(uid, params, sampleData1, IV, additionalData);

            byte[] cipherText1 = sh.getResultdata();

            assertNotEquals(null, cipherText1);

            System.out.println("The encryptInit encrypted bytes [" + cipherText1.length + "]");

            for (int i = 0; i < cipherText1.length; i++) {

                System.out.print(cipherText1[i] + ", ");

            }

            System.out.print("\n");


            correlation = sh.getHandle();

            assertNotEquals(null, correlation);

            System.out.println("The encryptInit correlation value bytes [" + correlation.length + "]");

            for (int i = 0; i < correlation.length; i++) {

                System.out.print(correlation[i] + ", ");

            }

            System.out.print("\n");


            byte[] cipherText2 = kc.encryptUpdate(uid, sampleData2, sh.getHandle());

            assertNotEquals(null, cipherText2);

            System.out.println("\nThe encryptUpdate encrypted bytes [" + cipherText2.length + "]");

            for (int i = 0; i < cipherText2.length; i++) {

                System.out.print(cipherText2[i] + ", ");

            }

            System.out.print("\n");


            GCMData gd = kc.encryptGCMFinal(uid, sh.getHandle());

            assertNotEquals(null, gd);

            byte[] cipherText3 = gd.getResultdata();

            System.out.println("\nThe encryptFinal encrypted bytes [" + cipherText3.length + "]");

            for (int i = 0; i < cipherText3.length; i++) {

                System.out.print(cipherText3[i] + ", ");

            }

            System.out.print("\n");


            byte[] authenticatedTag = gd.getAuthenticatedTag();

            System.out.println("The authenticated encryption tag bytes [" + authenticatedTag.length + "]");

            for (int i = 0; i < authenticatedTag.length; i++) {

                System.out.print(authenticatedTag[i] + ", ");

            }

            System.out.print("\n");


            // [B] Stream decrypt back to the original but we have to include the same additional data and authenticated tag from encryption

            StreamHandle sh2 = kc.decryptGCMInit(uid, params, cipherText1, IV, additionalData, authenticatedTag);

            byte[] clearText1 = sh2.getResultdata();

            assertNotEquals(null, clearText1);

            System.out.println("\n\nThe decryptInit original bytes [" + clearText1.length + "]");

            for (int i = 0; i < clearText1.length; i++) {

                System.out.print(clearText1[i] + ", ");

            }

            System.out.print("\n");


            correlation = sh2.getHandle();

            assertNotEquals(null, correlation);

            System.out.println("The decryptInit correlation value bytes [" + correlation.length + "]");

            for (int i = 0; i < correlation.length; i++) {

                System.out.print(correlation[i] + ", ");

            }

            System.out.print("\n");


            byte[] clearText2 = kc.decryptUpdate(uid, cipherText2, sh2.getHandle());

            assertNotEquals(null, clearText2);

            System.out.println("\nThe decryptUpdate original bytes [" + clearText2.length + "]");

            for (int i = 0; i < clearText2.length; i++) {

                System.out.print(clearText2[i] + ", ");

            }

            System.out.print("\n");


            if (0 < cipherText3.length) {

                // -> possible that no data was returned on the encryptGCMFinal call

                byte[] clearText3 = kc.decryptUpdate(uid, cipherText3, sh2.getHandle());

                assertNotEquals(null, clearText3);

                System.out.println("\nThe decryptUpdate original bytes [" + clearText3.length + "]");

                for (int i = 0; i < clearText3.length; i++) {

                    System.out.print(clearText3[i] + ", ");

                }

                System.out.print("\n");

            }


            // -> NOTE: found a bug in some servers where the decrypt final fails though all the data has been decrypted

            byte[] clearText4 = kc.decryptFinal(uid, sh2.getHandle());

            assertNotEquals(null, clearText4);

            System.out.println("\nThe decryptFinal original bytes [" + clearText4.length + "]");

            for (int i = 0; i < clearText4.length; i++) {

                System.out.print(clearText4[i] + ", ");

            }

            System.out.print("\n");


            // -> an active key cannot be destroyed

            kc.revoke(uid, KMIPConstants.REVOCATION_CESSATION_OF_OPERATION, "Done with test streaming GCM crypto");

            kc.destroy(uid);


            kc.close();

            kc.freeLibrary();


        } catch (Exception e) {

            System.out.println(e.toString());

            assertEquals(0, 1);

        }

    }

}