com.unbound.client.kmip.KMIPCert Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of unbound-java-provider Show documentation
Show all versions of unbound-java-provider Show documentation
This is a collection of JAVA libraries that implement Unbound cryptographic classes for JAVA provider, PKCS11 wrapper, cryptoki, and advapi
package com.unbound.client.kmip;
import com.unbound.client.*;
import com.unbound.common.Converter;
import com.unbound.common.Log;
import com.unbound.common.crypto.SHA256;
import com.unbound.common.crypto.X509;
import com.unbound.kmip.KMIP;
import com.unbound.kmip.attribute.Name;
import com.unbound.kmip.attribute.TemplateAttribute;
import com.unbound.kmip.object.ManagedObject;
import com.unbound.kmip.request.ActivateRequest;
import com.unbound.kmip.request.RegisterRequest;
import com.unbound.kmip.request.RequestMessage;
import com.unbound.kmip.response.RegisterResponse;
import com.unbound.kmip.response.ResponseMessage;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
public class KMIPCert extends KMIPObject implements CertObject
{
private X509Certificate cert = null;
KMIPCert(KMIPSession session, long uid)
{
super(ObjectType.Certificate, uid);
read(session);
}
@Override
public X509Certificate getCert()
{
return cert;
}
@Override
void acceptManagedObject(ManagedObject managedObject)
{
com.unbound.kmip.object.Certificate kmipCert = (com.unbound.kmip.object.Certificate)managedObject;
try { cert = X509.get(kmipCert.value); }
catch (CertificateException e) { throw new ProviderException(e); }
}
static long valueToUid_old(X509Certificate x509)
{
PublicKey publicKey = x509.getPublicKey();
if (publicKey instanceof RSAPublicKey)
{
return ~Client.getRsaUid(((RSAPublicKey)publicKey));
}
else
{
return ~Client.getEcUid((ECPublicKey)publicKey);
}
}
static long valueToUid_new(X509Certificate x509)
{
byte[] hash;
try { hash = SHA256.hash(x509.getEncoded()); }
catch (CertificateEncodingException e) { throw new ProviderException(e); }
return Converter.getBE8(hash, 0);
}
static TemplateAttribute getTemplate(String name)
{
if (name==null) return null;
TemplateAttribute template = new TemplateAttribute();
template.attrs.add(new Name(name));
return template;
}
static KMIPCert importCert(KMIPSession session, String name, X509Certificate cert)
{
wipeDeletedObject(session, valueToUid_old(cert));
wipeDeletedObject(session, valueToUid_new(cert));
Log log = Log.func("KMIPCertificate.importCert").log("name", name).end(); try
{
RequestMessage reqMsg = new RequestMessage();
RegisterRequest reqRegister = new RegisterRequest();
reqMsg.batch.add(reqRegister);
reqRegister.objectType = KMIP.ObjectType.Certificate;
reqRegister.template = getTemplate(name);
com.unbound.kmip.object.Certificate managedObject = new com.unbound.kmip.object.Certificate();
managedObject.type = KMIP.CertificateType.X_509;
managedObject.value = cert.getEncoded();
reqRegister.object = managedObject;
ActivateRequest reqActivate = new ActivateRequest();
reqMsg.batch.add(reqActivate);
ResponseMessage respMsg = session.transmit(reqMsg);
RegisterResponse respRegister = (RegisterResponse)respMsg.batch.get(0);
long uid = strToUid(respRegister.uid);
return new KMIPCert(session, uid);
}
catch (Exception e) { log.failed(e); throw new ProviderException(e); } finally { log.leave(); }
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy