JniRegisterKmip.java

package com.p6r.kmip;

import org.junit.*;

import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotEquals;

import java.security.*;
import java.security.spec.*;


public class JniRegisterKmip {

    private static final String _hostName = "kmiptest01.p6r.com";

    @BeforeClass
    public static void oneTimeSetUp() {
        // NOOP
        System.out.println("@BeforeClass - oneTimeSetUp");
    }

    @AfterClass
    public static void oneTimeTearDown() {
        // NOOP
        System.out.println("@AfterClass - oneTimeTearDown");
    }

    @Before
    public void setUp() {
        // NOOP
        System.out.println("@Before - setUp");
    }

    @After
    public void tearDown() {
        // NOOP
        System.out.println("@After - tearDown");
    }

    @Test
    public void JNICall_registerKMIP() {
        System.out.println("@Test - JNICall-registerKMIP");

        String uid = null;
        String prvUid = null;
        String pubUid = null;
        String[] attribute = null;
        byte[] keyMaterial = null;
        TransparentKey tk = null;
        TransparentSymmetricKey symKey = null;
        TransparentRSAPublicKey rsaPubKey = null;
        TransparentRSAPrivateKey rsaPrvKey = null;
        P6KMIPClient kc = new P6KMIPClient();

        try {
            // [A] Register a symmetric key
            // -> generate a key locally
            KeyGenerator keyGen = KeyGenerator.getInstance("AES");
            keyGen.init(128);
            SecretKey secretKey = keyGen.generateKey();
            System.out.println("Created a locally generated key: " + secretKey.getAlgorithm() + ", " + secretKey.getFormat());
            assertNotEquals(secretKey, null);

            keyMaterial = secretKey.getEncoded();
            System.out.println("key material length: " + keyMaterial.length);
            assertEquals(keyMaterial.length, 16);

            // -> place the key on the KMIP server
            kc.initializeLibrary(P6KMIPClient.FLAGS_NONE);
            kc.open(_hostName, null);

            // -> create a symmetric key and use it to test out attributes
            uid = kc.registerSymmetricKey(KMIPConstants.ALG_AES, 128, (KMIPConstants.USAGE_MASK_ENCRYPT | KMIPConstants.USAGE_MASK_DECRYPT), keyMaterial);
            System.out.println("UID of registered AES key: " + uid);

            // -> now show that the key is really on the server by reading it back
            tk = kc.getSymmetricKey(uid);
            if (tk instanceof TransparentSymmetricKey) {
                symKey = (TransparentSymmetricKey) tk;
                SecretKeySpec sks = symKey.getSecretKeySpec();
                System.out.println("\nGet secret registered key, algorithm: " + sks.getAlgorithm() + ", format: " + sks.getFormat());
                assertEquals(sks.getAlgorithm(), "AES");

                byte[] keyBytes = sks.getEncoded();
                System.out.println("Symmetric key bytes [" + keyBytes.length + "]");
                for( int i=0; i < keyBytes.length; i++ ) {
                    System.out.print(keyBytes[i] + " ");
                }
                System.out.println("\n");

            } else assertEquals(0, 1);

            if (null != uid) kc.destroy(uid);


            // [B] Register a RSA key pair
            // -> we need PKCS#8 format to register a private key, and use the X509EncodedKeySpec for a public key
            KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
            kpg.initialize(1024);
            KeyPair RSAkeyPair = kpg.genKeyPair();
            PrivateKey prvKey = RSAkeyPair.getPrivate();
            PublicKey pubKey = RSAkeyPair.getPublic();

            byte[] privateKeyBytes = prvKey.getEncoded();
            byte[] publicKeyBytes = pubKey.getEncoded();

            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
            PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(privateKeyBytes);
            X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(publicKeyBytes);

            prvUid = kc.registerPrivateKey(KMIPConstants.ALG_RSA, 1024, KMIPConstants.USAGE_MASK_SIGN, null, privateKeySpec.getEncoded());
            System.out.println("\nUID of registered RSA private key: " + prvUid);
            assertNotEquals(prvUid, null);

            pubUid = kc.registerPublicKey(KMIPConstants.ALG_RSA, 1024, KMIPConstants.USAGE_MASK_VERIFY, null, publicKeySpec.getEncoded());
            System.out.println("UID of registered RSA public key: " + pubUid);
            assertNotEquals(pubUid, null);


            // -> now show that both keys are really on the server by reading them back
            tk = kc.getPublicKey(pubUid);
            if (tk instanceof TransparentRSAPublicKey) {
                rsaPubKey = (TransparentRSAPublicKey) tk;
                RSAPublicKeySpec rsaSpec = rsaPubKey.getRSAPublicKeySpec();
                System.out.println("RSA public registered key, modulus: " + rsaSpec.getModulus() + "\npublic exponent: " + rsaSpec.getPublicExponent() + "\n");
            } else assertEquals(0, 1);

            tk = kc.getPrivateKey(prvUid);
            if (tk instanceof TransparentRSAPrivateKey) {
                rsaPrvKey = (TransparentRSAPrivateKey) tk;
                RSAPrivateKeySpec rsaSpec = rsaPrvKey.getRSAPrivateKeySpec();
                System.out.println("RSA private registered key, modulus: " + rsaSpec.getModulus() + "\nprivate exponent: " + rsaSpec.getPrivateExponent() + "\n\n");
            } else assertEquals(0, 1);


            kc.destroy(prvUid);
            kc.destroy(pubUid);

            kc.close();
            kc.freeLibrary();

        } catch (Exception e) {
            // -> we shoud not get here
            System.out.println(e.toString());
            assertEquals(0, 1);
        }
    }
}