com.unbound.client.kmip.KMIPClient Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of unbound-java-provider Show documentation
Show all versions of unbound-java-provider Show documentation
This is a collection of JAVA libraries that implement Unbound cryptographic classes for JAVA provider, PKCS11 wrapper, cryptoki, and advapi
package com.unbound.client.kmip;
import com.unbound.client.*;
import com.unbound.client.pkcs11.PKCS11Partition;
import com.unbound.common.Config;
import com.unbound.common.Log;
import com.unbound.common.crypto.PKCS10;
import com.unbound.common.crypto.SystemProvider;
import com.unbound.common.crypto.X509;
import com.unbound.kmip.KMIP;
import com.unbound.kmip.request.dy.DyRegisterClientRequest;
import com.unbound.kmip.response.dy.DyRegisterClientResponse;
import javax.security.auth.x500.X500Principal;
import java.math.BigInteger;
import java.net.Inet4Address;
import java.net.InetAddress;
import java.net.NetworkInterface;
import java.security.*;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Map;
public class KMIPClient extends Client
{
private static final String ENV_SERVERS = "UKC_SERVERS";
private static final String ENV_PFX = "UKC_PFX";
private static final String ENV_PFX_PASS = "UKC_PFX_PASS";
private static final String ENV_CA = "UKC_CA";
private static final String ENV_CLIENT_NAME = "UKC_CLIENT_NAME";
private static final String ENV_TEMPLATE_NAME = "UKC_TEMPLATE_NAME";
private static final String ENV_PARTITION_NAME = "UKC_PARTITION_NAME";
private static final String ENV_ACTIVATION_CODE = "UKC_ACTIVATION_CODE";
private static boolean initialized = false;
static KMIPPartition simulator = null;
static native byte[] simTransmit(byte[] in);
private static final KMIPClient instance = new KMIPClient();
public static Client getInstance() { return instance; }
static void registerPartition(KMIPPartition partition, String partitionName, String clientName, String templateName, String activationCode)
{
Log log = Log.func("KMIPClient.registerPartition")
.log("partitionName", partitionName)
.log("clientName", clientName)
.log("templateName", templateName)
.log("activationCode", activationCode)
.end();
try
{
ArrayList ipList = new ArrayList<>();
Enumeration e = NetworkInterface.getNetworkInterfaces();
while (e.hasMoreElements())
{
NetworkInterface n = (NetworkInterface) e.nextElement();
Enumeration ee = n.getInetAddresses();
while (ee.hasMoreElements())
{
InetAddress i = (InetAddress) ee.nextElement();
if (i instanceof Inet4Address) ipList.add(i);
//else if (i instanceof Inet6Address)
}
}
InetAddress[] ip = ipList.isEmpty() ? null : ipList.toArray(new InetAddress[ipList.size()]);
if (clientName==null) clientName = InetAddress.getLocalHost().getHostName();
KeyPairGenerator gen = SystemProvider.KeyPairGenerator.getInstance("EC");
gen.initialize(256);
KeyPair keyPair = gen.generateKeyPair();
PKCS10 pkcs10 = new PKCS10(keyPair.getPublic());
pkcs10.setSubjectName("CN", clientName);
pkcs10.setSubjectName("OU", partitionName);
pkcs10.setChallengePassword(activationCode);
pkcs10.setAlternativeSubjectName(new String[]{clientName}, ip);
pkcs10.sign(keyPair.getPrivate(), "SHA256");
byte[] csr = pkcs10.exportDer();
/*FileOutputStream fos = new FileOutputStream("c:\\temp\\test.csr");
fos.write(buf);
fos.close();*/
DyRegisterClientRequest req = new DyRegisterClientRequest();
req.csr = csr;
req.name = clientName;
req.partitionName = partitionName;
req.template = templateName;
KMIPSession session = new KMIPSession(null);
DyRegisterClientResponse resp = (DyRegisterClientResponse)session.transmit(req);
X509Certificate[] chain = new X509Certificate[2];
chain[0] = X509.get(resp.clientCertificate);
chain[1] = X509.get(resp.rootCaCertificate);
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(null, null);
String pfxPassword = "UNBOUND";
keyStore.setKeyEntry(clientName, keyPair.getPrivate(), pfxPassword.toCharArray(), chain);
partition.setPfx(keyStore, pfxPassword);
}
catch (Exception e) { log.failed(e); throw new ProviderException(e); } finally { log.leave(); }
}
@Override
public X509Certificate selfSign(PrivateKeyObject key, String hashAlg, String subject, BigInteger serialNumber, int days) throws CertificateException
{
Log log = Log.func("PKCS11Client.SelfSign").log("subject", subject).end();
try
{
throw new ProviderException("Not implemented");
}
catch (Exception e) { log.failed(e); throw e; } finally { log.leave(); }
}
@Override
public CipherOper newCipherOperation() { return new KMIPCipherOper(); }
@Override
public MacOper newMacOperation() { return new KMIPMacOper(); }
@Override
public SignatureOper newSignatureOperation() { return new KMIPSignatureOper(); }
@Override
public DeriveOper newDeriveOperation() { return new KMIPDeriveOper(); }
@Override
public void initProviders(String[] servers, KeyStore trusted)
{
synchronized (KMIPClient.class)
{
if (initialized) return;
KMIPServer.initialize(servers);
KMIPConnection.initialize(trusted);
initialized = true;
}
}
@Override
public Partition getPartition(String name)
{
return KMIPPartition.get(name);
}
@Override
public Partition initProvider(KeyStore pfx, String pfxPass)
{
if (!initProviders(null)) throw new ProviderException("Invalid server configuration");
return KMIPPartition.registerPfx(pfx, pfxPass);
}
private static KMIPPartition checkSimulatorMode()
{
if (!Config.getEnvBool("UKC_SIMULATE")) return null;
synchronized (KMIPClient.class)
{
if (!initialized)
{
System.loadLibrary("ekmsimulator");
simulator = KMIPPartition.registerSimulator();
initialized = true;
}
return simulator;
}
}
private static String getConfig(Map map, String name)
{
String result = null;
if (map!=null) result = map.get(name);
if (result==null) result = System.getenv(name);
return result;
}
private static synchronized boolean initProviders(Map map)
{
if (initialized) return true;
String servers = getConfig(map, ENV_SERVERS);
if (servers==null) return false;
String ca = getConfig(map, ENV_CA);
KMIPServer.initialize(servers);
KMIPConnection.initialize(ca);
initialized = true;
return true;
}
@Override
public Partition initProvider(String configArg)
{
KMIPPartition partition = checkSimulatorMode();
if (partition!=null) return partition;
Log log = Log.func("KMIPClient.initProvider").log("configArg", configArg).end();
try
{
Map map = (configArg == null) ? null : Config.readFile(configArg);
if (!initProviders(map))
{
if (configArg==null) return null;
throw new ProviderException("Invalid server configuration");
}
String pfx = getConfig(map, ENV_PFX);
String pfxPass = getConfig(map, ENV_PFX_PASS);
String partitionName = getConfig(map, ENV_PARTITION_NAME);
String clientName = getConfig(map, ENV_CLIENT_NAME);
String templateName = getConfig(map, ENV_TEMPLATE_NAME);
String activationCode = getConfig(map, ENV_ACTIVATION_CODE);
if (pfx==null)
{
partition = KMIPPartition.preRegister(partitionName, clientName, templateName, activationCode);
}
else
{
partition = KMIPPartition.registerPfx(pfx, pfxPass);
}
return partition;
}
catch (Exception e)
{
log.failed(e);
throw new ProviderException(e);
}
finally
{
log.leave();
}
}
}