com.unbound.client.kmip.KMIPSecretKey Maven / Gradle / Ivy

Go to download
Show more of this group Show more artifacts with this name
Show all versions of unbound-java-provider Show documentation
This is a collection of JAVA libraries that implement Unbound cryptographic classes for JAVA provider, PKCS11 wrapper, cryptoki, and advapi
There is a newer version: 42761
Show newest version
package com.unbound.client.kmip;

import com.unbound.client.*;
import com.unbound.common.Log;
import com.unbound.kmip.KMIP;
import com.unbound.kmip.attribute.*;
import com.unbound.kmip.object.SymmetricKey;
import com.unbound.kmip.request.*;
import com.unbound.kmip.response.CreateResponse;
import com.unbound.kmip.response.ResponseMessage;
import com.unbound.provider.KeyParameters;

import java.security.ProviderException;

public class KMIPSecretKey extends KMIPObject implements SecretKeyObject
{
  KMIPSecretKey(ObjectType type, KMIPSession session, long uid)
  {
    super(type, uid);
    read(session);
  }

  static private void setUsage(TemplateAttribute template, int usage, int mask, int tag, boolean value)
  {
    if ((usage & mask) == 0) return;
    template.attrs.add(new BoolAttribute(tag, value));
  }

  static TemplateAttribute getTemplate(String name, ObjectType type, KeyParameters kp)
  {
    TemplateAttribute template = new TemplateAttribute();
    template.attrs.add(new EnumAttribute(KMIP.Tag.CryptographicAlgorithm, type.getKmipAlg()));

    int usageMask;
    switch (type.getKmipAlg())
    {
      case KMIP.CryptographicAlgorithm.AES:
      case KMIP.CryptographicAlgorithm.DES3: usageMask =
        KMIP.CryptographicUsageMask.MACGenerate |
        KMIP.CryptographicUsageMask.MACVerify |
        KMIP.CryptographicUsageMask.WrapKey |
        KMIP.CryptographicUsageMask.UnwrapKey |
        KMIP.CryptographicUsageMask.Encrypt |
        KMIP.CryptographicUsageMask.Decrypt;
        break;

      case KMIP.CryptographicAlgorithm.DyAES_XTS: usageMask =
        KMIP.CryptographicUsageMask.Encrypt |
        KMIP.CryptographicUsageMask.Decrypt;
        break;

      case KMIP.CryptographicAlgorithm.DyAES_SIV: usageMask =
        KMIP.CryptographicUsageMask.WrapKey |
        KMIP.CryptographicUsageMask.UnwrapKey;
        break;

      case KMIP.CryptographicAlgorithm.HMAC_SHA1:
      case KMIP.CryptographicAlgorithm.HMAC_SHA256:
      case KMIP.CryptographicAlgorithm.HMAC_SHA384:
      case KMIP.CryptographicAlgorithm.HMAC_SHA512: usageMask =
        KMIP.CryptographicUsageMask.MACGenerate |
        KMIP.CryptographicUsageMask.MACVerify;
        break;

      default:
        throw new ProviderException("Unsupported key type");
    }

    usageMask |= KMIP.CryptographicUsageMask.DeriveKey;

    if (kp!=null)
    {
      if (name==null) name = kp.getName();
      setUsage(template, usageMask, KMIP.CryptographicUsageMask.Encrypt,     KMIP.Tag.CKA_ENCRYPT, kp.isAllowEncrypt());
      setUsage(template, usageMask, KMIP.CryptographicUsageMask.Decrypt,     KMIP.Tag.CKA_DECRYPT, kp.isAllowDecrypt());
      setUsage(template, usageMask, KMIP.CryptographicUsageMask.MACGenerate, KMIP.Tag.CKA_SIGN,    kp.isAllowSign());
      setUsage(template, usageMask, KMIP.CryptographicUsageMask.MACVerify,   KMIP.Tag.CKA_VERIFY,  kp.isAllowVerify());
      setUsage(template, usageMask, KMIP.CryptographicUsageMask.WrapKey,     KMIP.Tag.CKA_WRAP,    kp.isAllowWrap());
      setUsage(template, usageMask, KMIP.CryptographicUsageMask.UnwrapKey,   KMIP.Tag.CKA_UNWRAP,  kp.isAllowUnwrap());
      setUsage(template, usageMask, KMIP.CryptographicUsageMask.DeriveKey,   KMIP.Tag.CKA_DERIVE,  kp.isAllowDerive());
      if (kp.isSetTrusted()) template.attrs.add(new BoolAttribute(KMIP.Tag.CKA_TRUSTED, kp.isTrusted()));
      makeExportLevel(template, kp);
    }
    else
    {
      template.attrs.add(new IntAttribute(KMIP.Tag.CryptographicUsageMask, usageMask));
    }

    if (name!=null) template.attrs.add(new Name(name));

    return template;
  }

  static KMIPSecretKey importKey(KMIPSession session, String name, ObjectType type, byte[] keyValue, KeyParameters kp)
  {
    long uid = 0;
    Log log = Log.func("KMIPSecretKey.importKey").log("alg", type.getAlgName()).log("name", name).log("bitSize", keyValue.length*8).end(); try
    {
      SymmetricKey managedObject = new SymmetricKey();
      managedObject.keyBlock.formatType = KMIP.KeyFormatType.Raw;
      managedObject.keyBlock.buf = keyValue;
      managedObject.keyBlock.algorithm = type.getKmipAlg();

      RegisterRequest req = new RegisterRequest();
      req.objectType = KMIP.ObjectType.SymmetricKey;
      req.template = getTemplate(name, type, kp);
      req.object = managedObject;

      uid = register(session, req);
      return new KMIPSecretKey(type, session, uid);
    }
    catch (Exception e) { log.failed(e); throw e; } finally { log.leavePrint().logHex("UID", uid).end(); }
  }

  static KMIPSecretKey generate(KMIPSession session, String name, ObjectType type, int bitSize, KeyParameters kp)
  {
    long uid = 0;
    Log log = Log.func("KMIPSecretKey.generate").log("alg", type.getAlgName()).log("name", name).log("bitSize", bitSize).end(); try
    {
      CreateRequest req = new CreateRequest();
      req.objectType = KMIP.ObjectType.SymmetricKey;
      req.template = getTemplate(name, type, kp);
      req.template.attrs.add(new IntAttribute(KMIP.Tag.CryptographicLength, bitSize));

      RequestMessage reqMsg = new RequestMessage();
      reqMsg.batch.add(req);
      reqMsg.batch.add(new ActivateRequest());
      ResponseMessage respMsg = session.transmit(reqMsg);
      CreateResponse resp = (CreateResponse)respMsg.batch.get(0);
      uid = strToUid(resp.uid);
      return new KMIPSecretKey(type, session, uid);
    }
    catch (Exception e) { log.failed(e); throw e; } finally { log.leavePrint().logHex("UID", uid).end(); }
  }
}