Developer's Guide
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
JniAuthEncryptionKmip.java
Go to the documentation of this file.
1 package com.p6r.kmipserverlib;
2 
3 import org.junit.*;
4 
5 import java.nio.charset.Charset;
6 
7 import static org.junit.Assert.assertEquals;
8 
18 public class JniAuthEncryptionKmip {
19 
20  @BeforeClass
21  public static void oneTimeSetUp() {
22  // NOOP
23  System.out.println("@BeforeClass - oneTimeSetUp");
24  }
25 
26  @AfterClass
27  public static void oneTimeTearDown() {
28  // NOOP
29  System.out.println("@AfterClass - oneTimeTearDown");
30  }
31 
32  @Before
33  public void setUp() {
34  // NOOP
35  System.out.println("@Before - setUp");
36  }
37 
38  @After
39  public void tearDown() {
40  // NOOP
41  System.out.println("@After - tearDown");
42  }
43 
49  @Test
50  public void JNICall_AuthEncryptKMIP() {
51  System.out.println("@Test - JNICall-AuthEncryptKMIP");
52 
53  byte[] expectedEncryptData = { (byte)0xd9, (byte)0x31, (byte)0x32, (byte)0x25, (byte)0xf8, (byte)0x84, (byte)0x06, (byte)0xe5, (byte)0xa5, (byte)0x59, (byte)0x09,
54  (byte)0xc5, (byte)0xaf, (byte)0xf5, (byte)0x26, (byte)0x9a, (byte)0x86, (byte)0xa7, (byte)0xa9, (byte)0x53, (byte)0x15, (byte)0x34, (byte)0xf7, (byte)0xda, (byte)0x2e, (byte)0x4c, (byte)0x30,
55  (byte)0x3d, (byte)0x8a, (byte)0x31, (byte)0x8a, (byte)0x72, (byte)0x1c, (byte)0x3c, (byte)0x0c, (byte)0x95, (byte)0x95, (byte)0x68, (byte)0x09, (byte)0x53, (byte)0x2f, (byte)0xcf, (byte)0x0e,
56  (byte)0x24, (byte)0x49, (byte)0xa6, (byte)0xb5, (byte)0x25, (byte)0xb1, (byte)0x6a, (byte)0xed, (byte)0xf5, (byte)0xaa, (byte)0x0d, (byte)0xe6, (byte)0x57, (byte)0xba, (byte)0x63, (byte)0x7b, (byte)0x39 };
57 
58  byte[] expectedDecryptData = { (byte)0x61, (byte)0x35, (byte)0x3b, (byte)0x4c, (byte)0x28, (byte)0x06, (byte)0x93, (byte)0x4a, (byte)0x77, (byte)0x7f, (byte)0xf5, (byte)0x1f, (byte)0xa2, (byte)0x2a, (byte)0x47, (byte)0x55, (byte)0x69,
59  (byte)0x9b, (byte)0x2a, (byte)0x71, (byte)0x4f, (byte)0xcd, (byte)0xc6, (byte)0xf8, (byte)0x37, (byte)0x66, (byte)0xe5, (byte)0xf9, (byte)0x7b, (byte)0x6c, (byte)0x74, (byte)0x23, (byte)0x73, (byte)0x80,
60  (byte)0x69, (byte)0x00, (byte)0xe4, (byte)0x9f, (byte)0x24, (byte)0xb2, (byte)0x2b, (byte)0x09, (byte)0x75, (byte)0x44, (byte)0xd4, (byte)0x89, (byte)0x6b, (byte)0x42, (byte)0x49, (byte)0x89, (byte)0xb5,
61  (byte)0xe1, (byte)0xeb, (byte)0xac, (byte)0x0f, (byte)0x07, (byte)0xc2, (byte)0x3f, (byte)0x45, (byte)0x98 };
62 
63  byte[] expectedIV = { (byte)0xca, (byte)0xfe, (byte)0xba, (byte)0xbe, (byte)0xfa, (byte)0xce, (byte)0xdb, (byte)0xad };
64 
65  byte[] expectedPSource = { (byte)0x01, (byte)0x02, (byte)0x03, (byte)0x04, (byte)0x05, (byte)0x06, (byte)0x07, (byte)0x08, (byte)0x09, (byte)0x0A };
66 
67  byte[] expectedAddData1 = { (byte)0xfe, (byte)0xed, (byte)0xfa, (byte)0xce, (byte)0xde, (byte)0xad, (byte)0xbe, (byte)0xef, (byte)0xfe, (byte)0xed, (byte)0xfa, (byte)0xce, (byte)0xde, (byte)0xad, (byte)0xbe, (byte)0xef, (byte)0xab, (byte)0xad, (byte)0xda, (byte)0xd2 };
68  byte[] expectedTagData1 = { 0x36, 0x12, (byte)0xd2, (byte)0xe7, (byte)0x9e, 0x3b, 0x07, (byte)0x85, 0x56, 0x1b, (byte)0xe1, 0x4a, (byte)0xac, (byte)0xa2, (byte)0xfc, (byte)0xcb };
69 
70  // -> this parser is multi-thread safe by using JNI monitor locking
71  // -> use one parser object per server thread is recommended
72  P6KMIPServerLib sl = new P6KMIPServerLib();
73 
74  // -> Encryption with Signing in one operation, notice the extra fields
75  String testMessage1 = "<RequestMessage>\n" +
76  " <RequestHeader>\n" +
77  " <ProtocolVersion>\n" +
78  " <ProtocolVersionMajor type=\"Integer\" value=\"1\"/>\n" +
79  " <ProtocolVersionMinor type=\"Integer\" value=\"4\"/>\n" +
80  " </ProtocolVersion>\n" +
81  " <BatchCount type=\"Integer\" value=\"1\"/>\n" +
82  " </RequestHeader>\n" +
83  " <BatchItem>\n" +
84  " <Operation type=\"Enumeration\" value=\"Encrypt\"/>\n" +
85  " <RequestPayload>\n" +
86  " <UniqueIdentifier type=\"TextString\" value=\"c031edb5-fc17-4f1d-a0a7-35ff29fbf130\"/>\n" +
87  " <CryptographicParameters>\n" +
88  " <BlockCipherMode type=\"Enumeration\" value=\"GCM\"/>\n" +
89  " <TagLength type=\"Integer\" value=\"16\"/>\n" +
90  " </CryptographicParameters>\n" +
91  " <Data type=\"ByteString\" value=\"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39\"/>\n" +
92  " <IVCounterNonce type=\"ByteString\" value=\"cafebabefacedbad\"/>\n" +
93  " <AuthenticatedEncryptionAdditionalData type=\"ByteString\" value=\"feedfacedeadbeeffeedfacedeadbeefabaddad2\"/>\n" +
94  " </RequestPayload>\n" +
95  " </BatchItem>\n" +
96  "</RequestMessage>\n";
97 
98  String testMessage2 = "<RequestMessage>\n" +
99  " <RequestHeader>\n" +
100  " <ProtocolVersion>\n" +
101  " <ProtocolVersionMajor type=\"Integer\" value=\"1\"/>\n" +
102  " <ProtocolVersionMinor type=\"Integer\" value=\"4\"/>\n" +
103  " </ProtocolVersion>\n" +
104  " <BatchCount type=\"Integer\" value=\"1\"/>\n" +
105  " </RequestHeader>\n" +
106  " <BatchItem>\n" +
107  " <Operation type=\"Enumeration\" value=\"Decrypt\"/>\n" +
108  " <RequestPayload>\n" +
109  " <UniqueIdentifier type=\"TextString\" value=\"c031edb5-fc17-4f1d-a0a7-35ff29fbf130\"/>\n" +
110  " <CryptographicParameters>\n" +
111  " <BlockCipherMode type=\"Enumeration\" value=\"GCM\"/>\n" +
112  " <TagLength type=\"Integer\" value=\"16\"/>\n" +
113  " <PSource type=\"ByteString\" value=\"0102030405060708090A\" />\n" +
114  " <TrailerField type=\"Integer\" value=\"34\" />\n" +
115  " </CryptographicParameters>\n" +
116  " <Data type=\"ByteString\" value=\"61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598\"/>\n" +
117  " <IVCounterNonce type=\"ByteString\" value=\"cafebabefacedbad\"/>\n" +
118  " <AuthenticatedEncryptionAdditionalData type=\"ByteString\" value=\"feedfacedeadbeeffeedfacedeadbeefabaddad2\"/>\n" +
119  " <AuthenticatedEncryptionTag type=\"ByteString\" value=\"3612d2e79e3b0785561be14aaca2fccb\"/>\n" +
120  " </RequestPayload>\n" +
121  " </BatchItem>\n" +
122  "</RequestMessage>";
123 
124  try {
125  sl.initializeLibrary(P6KMIPServerLib.FLAGS_NONE);
126 
127  String libVersion = sl.getLibraryVersion();
128  System.out.println(libVersion);
129 
130  // -> server read incoming KMIP request message from a socket and loaded those bytes (e.g., TTLV, XML, JSON) into the parser)
131  // -> the type of message: TTLV, XML, JSON can be determine by the mime type passed in the HTTP request, or lack of one if just using SSL connection
132  sl.setMessageBuffer(testMessage1.getBytes(Charset.forName("UTF-8")), KMIPConstants.FORMAT_MSGXML);
133 
134  // -> here we test non-streaming encryption request
135  RequestHeader rh = sl.getRequestHeader();
136  assertEquals("1.4", rh.getProtocolVersion());
137 
138  // -> verify that in the encrypt request we can see the new fields
139  for (int i = 0; i < rh.getBatchCount(); i++) {
140 
141  BatchItem bi = sl.getBatchItem(i + 1);
142  if (bi instanceof EncryptBatchItem) {
143  EncryptBatchItem ck = (EncryptBatchItem) bi;
144 
145  String uniqueId = ck.getUniqueId();
146  assertEquals("c031edb5-fc17-4f1d-a0a7-35ff29fbf130", uniqueId);
147 
148  byte[] additionalData = ck.getAuthenticatedEncryptionAdditionalData();
149  assertEquals(20, additionalData.length);
150  for( int j=0; j < additionalData.length; j++ ) {
151  assertEquals(expectedAddData1[j], additionalData[j]);
152  }
153 
154  CryptograhicParameters params = ck.getParams();
155  int mode = params.getBlockCipherMode();
156  assertEquals(mode, KMIPConstants.MODE_GCM);
157  int tagLength = params.getTagLength();
158  assertEquals(16, tagLength);
159 
160  byte[] dataToEncrypt = ck.getData();
161  assertEquals(60, dataToEncrypt.length);
162  for( int j=0; j < dataToEncrypt.length; j++) {
163  assertEquals( expectedEncryptData[j], dataToEncrypt[j]);
164  }
165 
166  byte[] IV = ck.getIVCounterNonce();
167  assertEquals(8, IV.length);
168  for( int j=0; j < IV.length; j++) {
169  assertEquals( expectedIV[j], IV[j]);
170  }
171  }
172  }
173 
174  // -> verify that in the decrypt request we can see the new fields
175  sl.setMessageBuffer(testMessage2.getBytes(Charset.forName("UTF-8")), KMIPConstants.FORMAT_MSGXML);
176 
177  rh = sl.getRequestHeader();
178  assertEquals("1.4", rh.getProtocolVersion());
179 
180  // -> parsed message is maintained in parser until another call to setMessageBuffer() of freeLibrary() is called
181  for (int i = 0; i < rh.getBatchCount(); i++) {
182 
183  BatchItem bi = sl.getBatchItem(i + 1);
184  if (bi instanceof DecryptBatchItem) {
185  DecryptBatchItem ck = (DecryptBatchItem) bi;
186 
187  String uniqueId = ck.getUniqueId();
188  assertEquals("c031edb5-fc17-4f1d-a0a7-35ff29fbf130", uniqueId);
189 
190  byte[] additionalData = ck.getAuthenticatedEncryptionAdditionalData();
191  assertEquals(20, additionalData.length);
192  for( int j=0; j < additionalData.length; j++ ) {
193  assertEquals(expectedAddData1[j], additionalData[j]);
194  }
195 
196  byte[] tagData = ck.getAuthenticatedEncryptionTagData();
197  assertEquals(16, tagData.length);
198  for( int j=0; j < tagData.length; j++ ) {
199  assertEquals(expectedTagData1[j], tagData[j]);
200  }
201 
202  CryptograhicParameters params = ck.getParams();
203  int mode = params.getBlockCipherMode();
204  assertEquals(mode, KMIPConstants.MODE_GCM);
205  int tagLength = params.getTagLength();
206  assertEquals(16, tagLength);
207  int trailerField = params.getTrailerField();
208  assertEquals(34, trailerField);
209  byte[] PSource = params.getPSource();
210  assertEquals(10, PSource.length);
211  for( int j=0; j < PSource.length; j++) {
212  assertEquals( expectedPSource[j], PSource[j]);
213  }
214 
215  byte[] dataToDecrypt = ck.getData();
216  assertEquals(60, dataToDecrypt.length);
217  for( int j=0; j < dataToDecrypt.length; j++) {
218  assertEquals( expectedDecryptData[j], dataToDecrypt[j]);
219  }
220 
221  byte[] IV = ck.getIVCounterNonce();
222  assertEquals(8, IV.length);
223  for( int j=0; j < IV.length; j++) {
224  assertEquals( expectedIV[j], IV[j]);
225  }
226 
227  }
228  }
229  sl.freeLibrary();
230 
231  } catch (Exception e) {
232  // -> we shoud not get here
233  System.out.println(e.toString());
234  assertEquals(0, 1);
235  }
236  }
237 
238 }
A JUNIT test demonstrating how to parse an incoming KMIP request from a client.
void JNICall_AuthEncryptKMIP()
Test: Verify parser can handle CGM encryption.