Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Session Management Tasks

Create Authenticated Session with Access to Persistent Key Cache

search

Please Note:

Create Authenticated Session with Access to Persistent Key Cache

To create an authenticated session that can use the persistent key cache, the getSession() call must include either the cache passphrase or an object that implements NAEKeyCachePassphrase interface.

Access persistent cache using passphrase

The passphrase is a char array set by the client application when the CADP for Java Provider creates the persistent key cache. The passphrase is obfuscated and stored as part of the NAESession object. Whenever a key is stored in or retrieved from the key cache, the CADP for Java Provider validates the session’s passphrase. If the passphrase is invalid, the key cache can't be accessed. The passphrase can either be a combination of username and password or a client certificate.

Access persistent cache with username and password

NAESession session = NAESession.getSession("user", "pswd".toCharArray(), "passphrase".toCharArray());
NAEKey key = NAEKey.getSecretKey("user1key", session);

Access persistent cache with client certificate

NAEClientCertificate clientCert = new NAEClientCertificate ("Cert","CertPswd".toCharArray());
NAESession session = NAESession.getSession("user1","password1".toCharArray(), clientCert, "passphrase".toCharArray());

Authenticated session created through the client certificate and not passing the username and password parameters can also create/access the persistent key cache. However, the persistent key cache will be created with the common name of the client certificate used. This feature is not applicable for sessions authenticated using Etoken.

Access persistent cache with NAEKeyCachePassphrase interface

The NAEKeyCachePassphrase interface allows you to create your own class that includes the passphrase character array. For example, to use password of length greater than 16, create a class that implements the NAEKeyCachePassphrase interface.

class MyNAEKeyCachePassphrase implements NAEKeyCachePassphrase {
@Override
public char[] getPassphrase(NAESessionInterface session)
    {
        /**
        * Passphrase length greater than 16.
        */
        string passPhrase= "Test@123456789Testabcdefgh%%"
        return passPhrase.toCharArray();
    }
}

There are two methods available for getSession when using NAEKeyCachePassphrase:

Method 1:

NAEKeyCachePassphrase passphraseCallback = new MyNAEKeyCachePassphrase();
NAESession session = NAESession.getSession("user", "pswd".toCharArray(), passphraseCallback);

Method 2:

NAESession session = NAESession.getSession("user1", "password1".toCharArray(), clientCert, passphraseCallback;

On this page