Developer's Guide
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
JniResponse6Kmip.java
Go to the documentation of this file.
1 package com.p6r.kmipserverlib;
2 
3 import org.junit.*;
4 
5 import java.text.DateFormat;
6 import java.text.SimpleDateFormat;
7 import java.util.Date;
8 import java.util.TimeZone;
9 
10 import static org.junit.Assert.assertEquals;
11 
21 public class JniResponse6Kmip {
22 
23  @BeforeClass
24  public static void oneTimeSetUp() {
25  // NOOP
26  System.out.println("@BeforeClass - oneTimeSetUp");
27  }
28 
29  @AfterClass
30  public static void oneTimeTearDown() {
31  // NOOP
32  System.out.println("@AfterClass - oneTimeTearDown");
33  }
34 
35  @Before
36  public void setUp() {
37  // NOOP
38  System.out.println("@Before - setUp");
39  }
40 
41  @After
42  public void tearDown() {
43  // NOOP
44  System.out.println("@After - tearDown");
45  }
46 
52  @Test
53  public void JNICall_Response6KMIP() {
54  System.out.println("@Test - JNICall-Respnse6KMIP");
55 
56  // -> this parser is multi-thread safe by using JNI monitor locking
57  // -> use one parser object per server thread is recommended
58  P6KMIPServerLib sl = new P6KMIPServerLib();
59 
60  try {
61  sl.initializeLibrary(P6KMIPServerLib.FLAGS_NONE);
62 
63  // [A] Generate a response message in TTLV
64  sl.startResponseMessage(1, KMIPConstants.FORMAT_TTLV, 5);
65 
66  byte[] batchId1 = {0x01, 0x02, 0x03, 0x04};
67  byte[] fingerPrint = {0x11, 0x22, 0x33, 0x44, 0x55};
68 
69  long timeStamp = System.currentTimeMillis();
70  DateFormat df = new SimpleDateFormat("MM/dd/yyyy HH:mm:ss Z");
71  df.setTimeZone(TimeZone.getTimeZone("GMT"));
72 
73  Date today = new Date(timeStamp);
74  System.out.println("Unix Time stamp: " + timeStamp + ", date: " + df.format(today) + "\n");
75 
76  Attribute comment = new Attribute(KMIPConstants.ATTRIB_COMMENTS, 0, "attribute test case");
77  Attribute state = new Attribute(KMIPConstants.ATTRIB_STATE, 0, KMIPConstants.STATE_ACTIVE);
78  Attribute keyAlg = new Attribute(KMIPConstants.ATTRIB_CRYPTOALGORITHM, 0, KMIPConstants.ALG_AES);
79  Attribute fresh = new Attribute(KMIPConstants.ATTRIB_FRESH, 0, false);
80  Attribute cryptoLength = new Attribute(KMIPConstants.ATTRIB_CRYPTOLENGTH, 0, new Integer(128));
81  Attribute cryptoMask = new Attribute(KMIPConstants.ATTRIB_CRYPTOUSAGEMASK, 0, new Integer((KMIPConstants.USAGE_MASK_ENCRYPT | KMIPConstants.USAGE_MASK_DECRYPT)));
82  Attribute initialDate = new Attribute(KMIPConstants.ATTRIB_INITIALDATE, 0, new Long(timeStamp));
83 
84  // -> ** NOTE **, that setting fields in CryptographicParameters that are not supported by the KMIP protocol version chosen can result in the following
85  // exception: com.p6r.kmipserverlib.P6KMIPLibraryException: p6javakmipserverlib.endResponseMessage failed to generate KMIP message [ eInvalidVersion ],
86  // see comments in CryptographicParameters for details
87  CryptograhicParameters keyParams = new CryptograhicParameters( KMIPConstants.MODE_ECB, KMIPConstants.PAD_PKCS5, -1, KMIPConstants.ROLE_KEK, -1, KMIPConstants.ALG_AES, false, -1, -1, -1, -1, -1, -1, -1, -1, -1, null, -1 );
88  Attribute keyCryptoParams = new Attribute(0, keyParams);
89 
90  // -> KMIP 2.0 has replaced the CustomAttribute with VendorAttribute
91  // -> also KMIP 2.0 no longer uses the index value so those are ignored when a KMIP message is generated
92  VendorAttribute ca1 = new VendorAttribute("y", "ServerSpecific1", true);
93  Attribute custom1 = new Attribute(ca1);
94  VendorAttribute ca2 = new VendorAttribute("x", "clientSpecific1", "a b c d e f");
95  Attribute custom2 = new Attribute(ca2);
96  VendorAttribute ca3 = new VendorAttribute("P6R", "clientSpecific11", 55);
97  Attribute custom3 = new Attribute(ca3);
98  VendorAttribute ca4 = new VendorAttribute("y", "fingerprint", fingerPrint);
99  Attribute custom4 = new Attribute(ca4);
100 
101  NameAttribute name = new NameAttribute( "Client-Defined-ID: 456", KMIPConstants.NAME_TEXTSTR);
102  Attribute name1 = new Attribute(KMIPConstants.ATTRIB_NAME, 0, name);
103  NameAttribute altName = new NameAttribute("192.10.3.25", KMIPConstants.ALTNAME_IPADDRESS);
104  Attribute name2 = new Attribute(KMIPConstants.ATTRIB_ALTERNATIVENAME, 0, altName);
105  NameAttribute keyLoc = new NameAttribute("http://abc.hsm.com/12345", KMIPConstants.KVLT_URI);
106  Attribute name3 = new Attribute(KMIPConstants.ATTRIB_KEYVALUELOCATION, 0, keyLoc);
107 
108  byte[] fakeDigest = { (byte)0xAA, (byte)0xBB, (byte)0xCC, (byte)0xDD, (byte)0xEE, (byte)0xFF, 0x00, (byte)0x99, (byte)0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11};
109  DigestAttribute da = new DigestAttribute(KMIPConstants.HASH_SHA512, fakeDigest, KMIPConstants.KEYFORMAT_TRANSYMKEY);
110  Attribute digest1 = new Attribute(0, da);
111 
112  // -> ** NOTE **, all text certificate attributes have been removed from KMIP 2.0, so if you use it the library will return an "eInvalidVersion" error
113  String[] alternativeNames = new String[3];
114  alternativeNames[0] = "frank@p6r.com";
115  alternativeNames[1] = "192.34.5.689";
116  alternativeNames[2] = "jni-example.p6r.com";
117  CertificateNameAttribute cn = new CertificateNameAttribute("CN=Sample Cert, OU=R&D, O=Company Ltd., L=Dublin 4, S=Dublin, C=IE", alternativeNames);
118  Attribute certName1 = new Attribute(KMIPConstants.ATTRIB_CERTIFICATEISSUER, cn);
119 
120  // -> X.509 style certificate info, all info is fake here, just demonstrating how to pass it into the API
121  byte[] X509DN_fake = { 0x25, 0x00, 0x00, 0x00, 0x34 };
122  byte[] alt1bytes = { 0x01, 0x02, 0x03, 0x00, 0x04 };
123  byte[] alt2bytes = { 0x00, 0x71, 0x52, 0x23, 0x14, 0x0F };
124  ByteArrayObject alt1 = new ByteArrayObject( alt1bytes );
125  ByteArrayObject alt2 = new ByteArrayObject( alt2bytes );
126  ByteArrayObject[] X509alternativeNames = new ByteArrayObject[2];
127  X509alternativeNames[0] = alt1;
128  X509alternativeNames[1] = alt2;
129  X509CertificateNameAttribute x509CN = new X509CertificateNameAttribute(X509DN_fake, X509alternativeNames);
130  Attribute x509CertName1 = new Attribute(KMIPConstants.ATTRIB_X509CERTIFICATESUBJECT, x509CN);
131 
132  RevocationReasonAttribute rr = new RevocationReasonAttribute("Key exceeded its usage limits", KMIPConstants.REVOCATION_KEYCOMPROMISE);
133  Attribute revocation = new Attribute(rr);
134 
135  NameAttribute link = new NameAttribute("UID-111-333-000", KMIPConstants.LINK_PRIVATEKEY);
136  Attribute privateLink = new Attribute(KMIPConstants.ATTRIB_LINK, 0, link);
137 
138  UsageLimitsAttribute ul = new UsageLimitsAttribute(50000000, 2000000, KMIPConstants.USAGE_LIMITS_BYTE);
139  Attribute usageLimits = new Attribute(ul);
140 
141  ApplicationSpecificInfoAttribute as = new ApplicationSpecificInfoAttribute("P6R", "#12345678990000#");
142  Attribute appInfo = new Attribute(1,as);
143 
144  Attribute digitalSigAlg = new Attribute(KMIPConstants.ATTRIB_DIGITALSIGALG, 0, KMIPConstants.SIG_ECDSASHA1);
145 
146  // -> these type of certificate parts are still supported in KMIP 2.0
147  Attribute certSubjectCN = new Attribute(KMIPConstants.ATTRIB_CERTSUBJECT_CN, 0, "www.example.com"); // -> server can return parts of a certificate so that simple clients do not have to parse the X.509 encoding
148 
149  Attribute[] attributes = new Attribute[23];
150  attributes[0] = comment;
151  attributes[1] = state;
152  attributes[2] = fresh;
153  attributes[3] = cryptoLength;
154  attributes[4] = initialDate;
155  attributes[5] = keyAlg;
156  attributes[6] = cryptoMask;
157  attributes[7] = custom1;
158  attributes[8] = custom2;
159  attributes[9] = custom3;
160  attributes[10] = custom4;
161  attributes[11] = keyCryptoParams;
162  attributes[12] = name1;
163  attributes[13] = name2;
164  attributes[14] = name3;
165  attributes[15] = digest1;
166  attributes[16] = x509CertName1;
167  attributes[17] = revocation;
168  attributes[18] = privateLink;
169  attributes[19] = usageLimits;
170  attributes[20] = appInfo;
171  attributes[21] = digitalSigAlg;
172  attributes[22] = certSubjectCN;
173 
174  GetAttributesResponse ga = new GetAttributesResponse(batchId1, "1111-2222-3333-4444-5555", attributes);
175  sl.addBatchItem(ga);
176 
177  byte[] responseBuffer = sl.endResponseMessage(0);
178  for (int j = 0; j < responseBuffer.length; j++) {
179  System.out.print(responseBuffer[j]);
180  }
181  System.out.println("\n");
182 
183 
184  // [B] Do the same thing in XML
185  sl.startResponseMessage(1, KMIPConstants.FORMAT_MSGXML, 5);
186 
187  sl.addBatchItem(ga);
188 
189  byte[] responseBuffer2 = sl.endResponseMessage(0);
190  System.out.println(new String(responseBuffer2));
191  System.out.println("\n");
192 
193 
194  // [C] Do the same thing in JSON
195  sl.startResponseMessage(1, KMIPConstants.FORMAT_MSGJSON, 5);
196 
197  sl.addBatchItem(ga);
198 
199  byte[] responseBuffer3 = sl.endResponseMessage(0);
200  System.out.println(new String(responseBuffer3));
201  System.out.println("\n");
202 
203 
204  // [D] KMIP 2.0 no longer returns an attribute(s) in most responses
205  // -> notice that even though we pass in the state attribute it is ignored and not present in the generated message
206  // -> so you can re-use your code for KMIP 1.x when generating a KMIP 2.0 response and the proper message is still generated
207  sl.startResponseMessage(1, KMIPConstants.FORMAT_MSGXML, 5);
208 
209  AddAttributeResponse aa = new AddAttributeResponse(batchId1, "UID-383837jjejej", state);
210  sl.addBatchItem(aa);
211 
212  byte[] responseBuffer4 = sl.endResponseMessage(0);
213  System.out.println(new String(responseBuffer4));
214  System.out.println("\n");
215 
216 
217  // [E] KMIP 2.0 no longer returns an attribute(s) in most responses
218  // -> so for KMIP 2.0 we can just pass in an empty attribute (the JNI expects an object)
219  sl.startResponseMessage(1, KMIPConstants.FORMAT_MSGXML, 5);
220 
221  Attribute empty = new Attribute();
222  AddAttributeResponse aab = new AddAttributeResponse(batchId1, "UID-ABDGDGDG-00033", empty);
223  sl.addBatchItem(aab);
224 
225  byte[] responseBuffer5 = sl.endResponseMessage(0);
226  System.out.println(new String(responseBuffer5));
227  System.out.println("\n");
228 
229  sl.freeLibrary();
230 
231  } catch (Exception e) {
232  // -> we should not get here
233  System.out.println(e.toString());
234  assertEquals(0, 1);
235  }
236  }
237 }
A JUNIT test demonstrating how to parse an incoming KMIP request from a client.
void JNICall_Response6KMIP()
Test: Generate a message with multiple batch items using KMIP Version 2.0.
it may not contain all the symbols used by this software If you run into undefined symbol please let us know and we can provide you a build that will be compatible with your specific as well as not allowing the setting of crypto algorithm or length on the response This is now fixed Added some basic examples on how to use KSL in C Adding KMIP attribute support to parser and message generator This is just part of the KMIP additions In KMIP the way attributes are encoded are completely different from x protocol versions This update deals with the change mostly invisible from the application Also added new KMIP only attribute support Worked around a Linux linker bug that was not properly detecting dependencies and leaving out symbols as a result Added some basic examples on how to use KSL in C Adding KMIP support in the also supporting the Byte String extension Credential used by the Db2 KMIP client To finish off KMIP support Query Response JNI now supports the server returning an array of Validation Information Fixed an issue where the Cryptographic Parameters attribute always appeared to be in client requests of which it was defined as possible An additional field was added to the Crypto Params structure to indicate if the attribute was present or not The JNI was fixed not to create the corresponding Java object if the attribute was not present Message Extension fields are available to the user for Create KMIP operation The VendorExtension structure is just available in TTLV messages This will be added to all operations in the next release Application Specific Information attribute is not supported in the and the Offset field for ReKey and ReKeyPair is now set to if not provided by the client request message Crytographic and Cryptgraphic algorithm where not properly included in the Get response message for a wrapped key This has been fixed Issue with properly parsing KMIP XML and JSON message whenever an ISO8601 timestamp string was used Parse failed incorrectly Version Responses can now be empty
Definition: readme.txt:35