Developer's Guide
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
JniResponse2Kmip.java
Go to the documentation of this file.
1 package com.p6r.kmipserverlib;
2 
3 import org.junit.*;
4 
5 import java.text.DateFormat;
6 import java.text.SimpleDateFormat;
7 import java.util.Date;
8 import java.util.TimeZone;
9 
10 import static org.junit.Assert.assertEquals;
11 
21 public class JniResponse2Kmip {
22 
23  @BeforeClass
24  public static void oneTimeSetUp() {
25  // NOOP
26  System.out.println("@BeforeClass - oneTimeSetUp");
27  }
28 
29  @AfterClass
30  public static void oneTimeTearDown() {
31  // NOOP
32  System.out.println("@AfterClass - oneTimeTearDown");
33  }
34 
35  @Before
36  public void setUp() {
37  // NOOP
38  System.out.println("@Before - setUp");
39  }
40 
41  @After
42  public void tearDown() {
43  // NOOP
44  System.out.println("@After - tearDown");
45  }
46 
52  @Test
53  public void JNICall_Response2KMIP() {
54  System.out.println("@Test - JNICall-Respnse2KMIP");
55 
56  // -> this parser is multi-thread safe by using JNI monitor locking
57  // -> use one parser object per server thread is recommended
58  P6KMIPServerLib sl = new P6KMIPServerLib();
59 
60  try {
61  sl.initializeLibrary(P6KMIPServerLib.FLAGS_NONE);
62 
63  // [A] Generate a response message in TTLV
64  sl.startResponseMessage(1, KMIPConstants.FORMAT_TTLV, 2);
65 
66  byte[] batchId1 = {0x01, 0x02, 0x03, 0x04};
67  byte[] fingerPrint = {0x11, 0x22, 0x33, 0x44, 0x55};
68 
69  long timeStamp = System.currentTimeMillis();
70  DateFormat df = new SimpleDateFormat("MM/dd/yyyy HH:mm:ss Z");
71  df.setTimeZone(TimeZone.getTimeZone("GMT"));
72 
73  Date today = new Date(timeStamp);
74  System.out.println("Unix Time stamp: " + timeStamp + ", date: " + df.format(today) + "\n");
75 
76  Attribute comment = new Attribute(KMIPConstants.ATTRIB_COMMENTS, 0, "attribute test case");
77  Attribute state = new Attribute(KMIPConstants.ATTRIB_STATE, 0, KMIPConstants.STATE_ACTIVE);
78  Attribute keyAlg = new Attribute(KMIPConstants.ATTRIB_CRYPTOALGORITHM, 0, KMIPConstants.ALG_AES);
79  Attribute fresh = new Attribute(KMIPConstants.ATTRIB_FRESH, 0, false);
80  Attribute cryptoLength = new Attribute(KMIPConstants.ATTRIB_CRYPTOLENGTH, 0, new Integer(128));
81  Attribute cryptoMask = new Attribute(KMIPConstants.ATTRIB_CRYPTOUSAGEMASK, 0, new Integer((KMIPConstants.USAGE_MASK_ENCRYPT | KMIPConstants.USAGE_MASK_DECRYPT)));
82  Attribute initialDate = new Attribute(KMIPConstants.ATTRIB_INITIALDATE, 0, new Long(timeStamp));
83 
84  // -> ** NOTE **, that setting fields in CryptographicParameters that are not supported by the KMIP protocol version chosen can result in the following
85  // exception: com.p6r.kmipserverlib.P6KMIPLibraryException: p6javakmipserverlib.endResponseMessage failed to generate KMIP message [ eInvalidVersion ],
86  // see comments in CryptographicParameters for details
87  CryptograhicParameters keyParams = new CryptograhicParameters( KMIPConstants.MODE_ECB, KMIPConstants.PAD_PKCS5, -1, KMIPConstants.ROLE_KEK, -1, KMIPConstants.ALG_AES, false, -1, -1, -1, -1, -1, -1, -1, -1, -1, null, -1 );
88  Attribute keyCryptoParams = new Attribute(0, keyParams);
89 
90  // -> can also be a "x-" custom attribute if a KMIP client placed such an attribute on a managed object
91  CustomAttribute ca1 = new CustomAttribute("y-ServerSpecific1", true);
92  Attribute custom1 = new Attribute(0, ca1);
93  CustomAttribute ca2 = new CustomAttribute("x-clientSpecific1", "a b c d e f");
94  Attribute custom2 = new Attribute(0, ca2);
95  CustomAttribute ca3 = new CustomAttribute("x-clientSpecific11", 55);
96  Attribute custom3 = new Attribute(0, ca3);
97  CustomAttribute ca4 = new CustomAttribute("y-fingerprint", fingerPrint);
98  Attribute custom4 = new Attribute(0, ca4);
99 
100  NameAttribute name = new NameAttribute( "Client-Defined-ID: 456", KMIPConstants.NAME_TEXTSTR);
101  Attribute name1 = new Attribute(KMIPConstants.ATTRIB_NAME, 0, name);
102  NameAttribute altName = new NameAttribute("192.10.3.25", KMIPConstants.ALTNAME_IPADDRESS);
103  Attribute name2 = new Attribute(KMIPConstants.ATTRIB_ALTERNATIVENAME, 0, altName);
104  NameAttribute keyLoc = new NameAttribute("http://abc.hsm.com/12345", KMIPConstants.KVLT_URI);
105  Attribute name3 = new Attribute(KMIPConstants.ATTRIB_KEYVALUELOCATION, 0, keyLoc);
106 
107  byte[] fakeDigest = { (byte)0xAA, (byte)0xBB, (byte)0xCC, (byte)0xDD, (byte)0xEE, (byte)0xFF, 0x00, (byte)0x99, (byte)0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11};
108  DigestAttribute da = new DigestAttribute(KMIPConstants.HASH_SHA512, fakeDigest, KMIPConstants.KEYFORMAT_TRANSYMKEY);
109  Attribute digest1 = new Attribute(0, da);
110 
111  // -> old style certificate info
112  String[] alternativeNames = new String[3];
113  alternativeNames[0] = "frank@p6r.com";
114  alternativeNames[1] = "192.34.5.689";
115  alternativeNames[2] = "jni-example.p6r.com";
116  CertificateNameAttribute cn = new CertificateNameAttribute("CN=Sample Cert, OU=R&D, O=Company Ltd., L=Dublin 4, S=Dublin, C=IE", alternativeNames);
117  Attribute certName1 = new Attribute(KMIPConstants.ATTRIB_CERTIFICATEISSUER, cn);
118 
119  // -> X.509 style certificate info, all info is fake here, just demonstrating how to pass it into the API
120  byte[] X509DN_fake = { 0x25, 0x00, 0x00, 0x00, 0x34 };
121  byte[] alt1bytes = { 0x01, 0x02, 0x03, 0x00, 0x04 };
122  byte[] alt2bytes = { 0x00, 0x71, 0x52, 0x23, 0x14, 0x0F };
123  ByteArrayObject alt1 = new ByteArrayObject( alt1bytes );
124  ByteArrayObject alt2 = new ByteArrayObject( alt2bytes );
125  ByteArrayObject[] X509alternativeNames = new ByteArrayObject[2];
126  X509alternativeNames[0] = alt1;
127  X509alternativeNames[1] = alt2;
128  X509CertificateNameAttribute x509CN = new X509CertificateNameAttribute(X509DN_fake, X509alternativeNames);
129  Attribute x509CertName1 = new Attribute(KMIPConstants.ATTRIB_X509CERTIFICATESUBJECT, x509CN);
130 
131  CertificateIdentifierAttribute ci = new CertificateIdentifierAttribute("CN=Sample Cert, OU=R&D, O=Company Ltd., L=York, S=York, C=IE", "12345ABD9384");
132  Attribute certIdentifier = new Attribute(KMIPConstants.ATTRIB_CERTIFICATEIDENTIFIER, ci);
133 
134  RevocationReasonAttribute rr = new RevocationReasonAttribute("Key exceeded its usage limits", KMIPConstants.REVOCATION_KEYCOMPROMISE);
135  Attribute revocation = new Attribute(rr);
136 
137  NameAttribute link = new NameAttribute("UID-111-333-000", KMIPConstants.LINK_PRIVATEKEY);
138  Attribute privateLink = new Attribute(KMIPConstants.ATTRIB_LINK, 0, link);
139 
140  UsageLimitsAttribute ul = new UsageLimitsAttribute(50000000, 2000000, KMIPConstants.USAGE_LIMITS_BYTE);
141  Attribute usageLimits = new Attribute(ul);
142 
143  ApplicationSpecificInfoAttribute as = new ApplicationSpecificInfoAttribute("P6R", "#12345678990000#");
144  Attribute appInfo = new Attribute(1,as);
145 
146  Attribute digitalSigAlg = new Attribute(KMIPConstants.ATTRIB_DIGITALSIGALG, 0, KMIPConstants.SIG_ECDSASHA1);
147  Attribute certSubjectCN = new Attribute(KMIPConstants.ATTRIB_CERTSUBJECT_CN, 0, "www.example.com"); // -> server can return parts of a certificate so that simple clients do not have to parse the X.509 encoding
148 
149  Attribute[] attributes = new Attribute[25];
150  attributes[0] = comment;
151  attributes[1] = state;
152  attributes[2] = fresh;
153  attributes[3] = cryptoLength;
154  attributes[4] = initialDate;
155  attributes[5] = keyAlg;
156  attributes[6] = cryptoMask;
157  attributes[7] = custom1;
158  attributes[8] = custom2;
159  attributes[9] = custom3;
160  attributes[10] = custom4;
161  attributes[11] = keyCryptoParams;
162  attributes[12] = name1;
163  attributes[13] = name2;
164  attributes[14] = name3;
165  attributes[15] = digest1;
166  attributes[16] = certName1;
167  attributes[17] = x509CertName1;
168  attributes[18] = certIdentifier;
169  attributes[19] = revocation;
170  attributes[20] = privateLink;
171  attributes[21] = usageLimits;
172  attributes[22] = appInfo;
173  attributes[23] = digitalSigAlg;
174  attributes[24] = certSubjectCN;
175 
176  GetAttributesResponse ga = new GetAttributesResponse(batchId1, "1111-2222-3333-4444-5555", attributes);
177  sl.addBatchItem(ga);
178 
179  byte[] responseBuffer = sl.endResponseMessage(0);
180  for (int j = 0; j < responseBuffer.length; j++) {
181  System.out.print(responseBuffer[j]);
182  }
183  System.out.println("\n");
184 
185 
186  // [B] Do the same thing in XML
187  sl.startResponseMessage(1, KMIPConstants.FORMAT_MSGXML, 2);
188 
189  sl.addBatchItem(ga);
190 
191  byte[] responseBuffer2 = sl.endResponseMessage(0);
192  System.out.println(new String(responseBuffer2));
193  System.out.println("\n");
194 
195 
196  // [C] Do the same thing in JSON
197  sl.startResponseMessage(1, KMIPConstants.FORMAT_MSGJSON, 2);
198 
199  sl.addBatchItem(ga);
200 
201  byte[] responseBuffer3 = sl.endResponseMessage(0);
202  System.out.println(new String(responseBuffer3));
203  System.out.println("\n");
204 
205 
206  // [D] Add Attribute just takes a single attribute
207  sl.startResponseMessage(1, KMIPConstants.FORMAT_MSGXML, 1);
208 
209  AddAttributeResponse aa = new AddAttributeResponse(batchId1, "UID-383837jjejej", state);
210  sl.addBatchItem(aa);
211 
212  byte[] responseBuffer4 = sl.endResponseMessage(0);
213  System.out.println(new String(responseBuffer4));
214  System.out.println("\n");
215 
216 
217  // [E] Return a template response
218  sl.startResponseMessage(1, KMIPConstants.FORMAT_MSGXML, 2);
219 
220  GetTemplateResponse tr = new GetTemplateResponse(null, "1111-2222-3333-4444-5555", attributes);
221  sl.addBatchItem(tr);
222 
223  byte[] responseBuffer5 = sl.endResponseMessage(0);
224  System.out.println(new String(responseBuffer5));
225  System.out.println("\n");
226 
227  sl.freeLibrary();
228 
229  } catch (Exception e) {
230  // -> we should not get here
231  System.out.println(e.toString());
232  assertEquals(0, 1);
233  }
234  }
235 }
A JUNIT test demonstrating how to parse an incoming KMIP request from a client.
void JNICall_Response2KMIP()
Test: Generate a message with multiple batch items.