Home

MeileGuster

Project Members:


Discussion

  • MeileGuster
    MeileGuster
    2013-09-16

    Getting started with KMIP4J

    An Open Source Implementation of the Key Management Interoperability Protocol (KMIP)

    The Key Management Interoperability Protocol (KMIP) defines the communication between a Key Lifecycle Management System (KLMS) and its clients. Some companies have been working with proprietary implementations of KMIP in different programming languages for a while, but up until now, no open-source solution existed. KMIP4J is an open-source implementation of KMIP in Java.

    Files

    There are six different Zip-Files available:


    • kmip4j-bin-1.0 (binaries with config files)

    • kmip4j-src-1.0 (sources of the kmip-library "kmip4j")

    • kmip4j-src-client-gui-1.0 (sources of our KMIP Client GUI as test client)

    • kmip4j-src-simple-client-examle-1.0 (sources of how to implement a simple client)

    • kmip4j-src-simple-server-examle-1.0 (sources of how to implement a simple server)

    • kmip4j-src-test-environment-1.0 (complete sources of the test environment with Client-GUI, KMIP-Library and KLMS-server

     
    Last edit: MeileGuster 2013-09-20
  • MeileGuster
    MeileGuster
    2013-09-16

    Simple Client

    In the binary-zip-file you will find a simple example of a KMIP-Client. It uses the KMIP library to create a request for its KLMS. The KMIP objects and attributes are created and then filled into the KMIPContainer. In the code of the client example, the client creates a request for a “Create” operation. The KLMS is asked to create a symmetric key of 128 bits used for encryption and decryption (0x0C of Usage Mask) with the AES algorithm. The response KMIPContainer is then printed to the console.
    To configure the project, the library “kmip4j.jar” needs to be added to the build path. Additionally, the configuration files “StubConfig.xml” and “log4j-1.2.17.xml” have to be appended as you can see in the figure below.

    Client Project Structure

    If you want to communicate with HTTPS, you additionally need a Java-keystore with a certificate, which you can define in the “StubConfig.xml”-File.

     
    Last edit: MeileGuster 2013-09-16
  • MeileGuster
    MeileGuster
    2013-09-16

    Server Example

    In the binary-zip-file you will also find an example how to embed the KMIP-Library on the server-side.

    As a Web-Application-Server, we used Apache Tomcat v7.0, which is not included in our zip-file.

    First of all, you need to add the "kmip4j.jar" to your buildpath. Make sure that the jar-files are placed in the ".../WEB-INF/lib/"-folder, as you can see in the following project-structure.

    Server Project Structure

    As you can see in KMIPServlet.java -> initClasses(...), you then just need to write an Adapter for your Key Lifecycle Management System (KLMS) and instanciate a KMIPSkeleton with your Adapter and the fully qualified names of your Encoder and Decoder as transfer parameters.

    If you want to communicate with HTTPS, you additionally need a Java-keystore with a certificate, which you can define in the “web.xml”- and your "server.xml"-File. Therefore, you will find these configuration files in the binary-zip-file as well.

     
    Last edit: MeileGuster 2013-09-16
  • MeileGuster
    MeileGuster
    2013-09-16

    How to use the complete test environment

    In the zip-file "kmip4j-src-test-environment-1.0" are all sources of our KMIP-Implementation, including the KMIP-Client-GUI, KMIP-Library, Web-Application-Server-Project, a minimal Key Lifecycle Management System (KLMS) and its Database.

    In order to properly configure and run the system, follow the instructions below:


    1. Import projects from "kmip4j-src-test-environment-1.0.zip" into your workspace

    2. Download Apache Tomcat and define it as Runtime Environment (Eclipse: Window > Preferences > Server > Runtime Environments > Add..

    3. Replace the "server.xml"-file in the tomcats directory "../conf/" with the one from the "kmip4j-bin-1.0.zip/config/"

    4. Create a keystore with a certificate and modify the fully qualified path name and the password of the keystore in the "server.xml" and "web.xml". Alternatively you can use the keystore from "kmip4j-bin-1.0.zip/config/"

    5. Open the Ant-View (Eclipse: Window > Show View > Ant), Drag and Drop the "build.xml"-file from the KLMSDB-Project into the view, initialize and start the database with the corresponding targets.

    6. Start the KMIPWebAppServer (Eclipse: Run As > Run on Server)

    7. Start the KMIPClientGUI.java (Eclipse: Run as > Java Application)

     
  • MeileGuster
    MeileGuster
    2013-09-16

    Interchangeability

    As you can see below in the system architecture of the complete test environment ( "kmip4j-src-test-environment-1.0"), the important components implement an interface for the interchangeability.

    System Architecture

    If you want to extend the KMIP-Implementation or exchange a component, you just need to:


    • implement the corresponding interface

    • place it in the right package

    • modify the configuration files "ch.ntb.inf.kmip.stub.StubConfig.xml" and "web.xml"

    • test your component with the test environment

    • build the KMIP-Library (kmip4j.jar) with the Eclipse-Plugin Fat Jar. The KMIP-Library only includes the following files:

      Fat Jar config for "kmip4j.jar"