Alternative Deployment Method
This section offers you alternative deployment method using installer.
Prerequisites
Any of the supported Java versions must be installed.
(Optional) If using Java version lower than 10, download the encryption policy files for unlimited strength ciphers (
US_export_policy.jarandlocal_policy.jar) and install in theJRE_HOME/lib/securitydirectory.
Deployment steps
Download the provider from our customer support site. The software adheres to the following naming convention:
Product Name - Product Version - File FormatCADP_for_JAVA_v8.18.1.000.zipExtract the file using any standard archive utility.
Extracting the archive creates the following directory structure:
Click here to view the directory structure and its content.
Navigate to the
CADP_for_JAVA/lib/extdirectory and run the following command to install CADP for Java.java -jar CADP_for_JAVA_Installer-8.18.1.000.jarThe license agreement is displayed on the console.
Press return/enter to continue or s to skip to the end.
Enter Yes, If you agree to the license terms.
The installer verifies the Java version.
Specify the installation location for CADP for Java.
For Java 8, enter Yes to install CADP for Java in the default directory that is
<JAVA_HOME>\lib\ext. Enter No to select a different location.For Java 10 and higher versions, the installer will prompt for the installation directory.
The installer displays the following properties that are required to connect to the Key Manager.
NAE_IP.1
NAE_Port
Log_File
Enter Yes to update these properties. Enter No to continue with the existing values.
Note
For centrally managed APIs, enter **No** to continue.
For further deployment steps, click the desired tab.
Import the following packages. These packages are required to perform cryptographic operations:
import com.centralmanagement.CipherTextData; import com.centralmanagement.CentralManagementProvider; import com.centralmanagement.RegisterClientParameters; import com.centralmanagement.policy.CryptoManager;Define CADP for Java Application and generate the registration token on the CipherTrust Manager. Refer to Application Data Protection for details.
Register the CADP for Java client on the CipherTrust Manager by passing the following arguments as shown in the below code snippet.
Argument Description keyManagerHost IP address or host name of the key manager. registrationToken Token required to register CADP for Java client on CipherTrust Manager. Registration sample
//Create a RegisterClientParameters object by passing the key manager's IP address and the registration token. RegisterClientParameters registerClientParams = new RegisterClientParameters.Builder(keyManagerHost,registrationToken.toCharArray()).build(); //Create a CentralManagementProvider object by passing RegisterClientParameters object. CentralManagementProvider centralManagementProvider = new CentralManagementProvider(registerClientParams); //Register the client centralManagementProvider.addProvider();Registration example
RegisterClientParameters registerClientParams = new RegisterClientParameters.Builder("10.xx.xx.xx","b6lYLQfViOmbU4fxBl9gbS6UTJCPqjNh57GV9LQKYSOHdwmuPkYtOZ6ZYFFdQJSa".toCharArray()).build(); CentralManagementProvider centralManagementProvider = new CentralManagementProvider(registerClientParams); centralManagementProvider.addProvider();After registration, the following logs are displayed.
Sample log
01-20-2025 15:33:31.980 [main] INFO ingrian.internal.config.Config - invoke0: configureProperties: ***************************** 01-20-2025 15:33:31.983 [main] INFO ingrian.internal.config.Config - invoke0: configureProperties: *Starting CADP-JCE Provider* 01-20-2025 15:33:31.983 [main] INFO ingrian.internal.config.Config - invoke0: configureProperties: *****************************The message
Starting CADP-JCE Providerin the log indicates that the CADP for Java is up and running and ready to serve requests.Explore the client registration sample (
CADPClientRegistrationSample.java) available on Github.
Next Topics
Import the following Ingrian packages. These packages are required to perform cryptographic operations.
import com.ingrian.security.nae.*;
import java.security.*;
import javax.crypto.*;
Important Notes
In case of Java 10, the java.se.ee module needs to be added as a JVM argument.
For Java 11 and higher versions, download the following JAR files from a trusted source and add their paths in Tomcat's CLASSPATH:
jaxb-api-2.3.1.jar: Provides an API and tools that automate the mapping between XML documents and Java objects.jaxb-impl-2.3.1.jar: Contains sources required for runtime processing.jaxb-core-2.3.0.1.jar: Provides the core functionality for mapping Java objects to XML and vice-versa.javax.activation-1.2.0.jar: Provides a standard way to handle data in different formats and sources within Java applications.
For Java 8, the following jar files are OSGI compliant:
cryptodatautility.jarCADP_for_JAVA-8.18.0.001.jarThese jar files access some non-public APIs, user needs to enable the
org.osgi.framework.bootdelegation=sun.,com.sun. propertyin the OSGI framework to provide access to these APIs.
User can configure an external logger to capture logs instead of the default logging jar files
log4j-core-x.x.x.jarandlog4j-api-x.x.x.jar.To run multiple web applications using CADP for Java, place the
CADP_for_JAVAjar file and dependent jar files in a desired directory and specify it as CLASSPATH for each web application. For example, when deploying multiple web applications using CADP for Java in Tomcat, place the jar files in Tomcat'slibdirectory.
Explore CADP for Java samples available on Github.
What's Next
Directory Structure
Here are the files that you need to be aware of.
| Filename | Description |
|---|---|
| commons-codec-1.17.1.jar | Apache Commons reusable Java components. Apache Commons Codec (TM) software provides implementations of common encoders and decoders such as Base64, Hex, and others. |
| commons-lang3-3.17.0.jar | Apache Commons reusable Java components. Lang provides methods for manipulation of core classes in the standard Java library, utilities for the java.lang API, and helps with building methods, such as hashCode, toString and equals. |
| commons-collections4-4.4.jar | Apache Commons reusable Java components. Extends or augments the Java Collections Framework. |
| commons-logging-1.3.4 | Apache Commons Logging is a thin adapter allowing configurable bridging to other, well-known logging systems. |
| gson-2.12.1.jar | A Java library to convert JSON to Java objects and vice versa. |
| guava-33.3.1-jre.jar | Guava is a suite of core and expanded libraries that include utility classes, Google's collections, I/O classes, and much more. This library is used for key caching. |
| failureaccess-1.0.2.jar | Contains com.google.common. util.concurrent.internal.InternalFutureFailureAccess and InternalFutures classes. |
| CADP_for_JAVA.properties | CADP for Java’s configuration file. |
| CADP_for_JAVA-8.18.1.000.jar | The Java components of the CADP for Java (Ingrian) Provider. Required for all installations. |
| CADP_for_JAVA_Installer-8.18.1.000.jar | Automates the CADP for Java installation by placing the CADP for Java jar files at default Java path or user provided path and setting basic Key Manager configuration parameters such as IP, Port, and Log path. |
| cryptodatautility.jar | CADP for Java utility used to decrypt a string without specifying the keyName and algorithm. |
| log4j-core-2.24.1.jar | The Apache Log4j ImplementationLogging application. |
| log4j-api-2.24.1.jar | Provides the interface that applications should code to and provides the adapter components required for implementers to create a logging implementation. |
| bcprov-jdk18on-1.78.1.jar | Required for AES/GCM and SEED algorithms when symmetric cache is enabled. |
| bcpkix-jdk18on-1.78.1.jar | Bouncy castle jar required for format conversion of EC keys. |
| bcutil-jdk18on-1.78.1.jar | Bouncy Castle Java APIs required for ASN.1 extension and utility APIs to support bcpkix and bctls. |
| slf4j-api-2.0.17 | slf4j-api serves as a simple facade or abstraction for various logging frameworks, allowing the end user to plug in the desired logging framework at deployment time. |
| slf4j-nop-2.0.17 | slf4j-nop is binding/provider for NOP, an implementation that silently discards all logging messages. |
| httpclient5-5.4 | httpclient provides a class for sending HTTP requests and receiving HTTP responses from a resource identified by a URI. |
| httpcore5-5.3 | httpcore is a set of low level HTTP transport components that can be used to build custom client and server side HTTP services with a minimal footprint. |
| httpcore5-h2-5.3 | httpcore5-h2 implementation related to HTTP/2 in the httpcore library |
| SafeNetVaultlessTokenization.properties | Contains the parameters used for tokenization. Required for all installations. |
| SafeNetVaultlessTokenization-8.10.0.000.jar | Contains the Java components required for tokenization. Required for all installations. |
| unicode.properties | Contains the parameters required to tokenize Unicode characters. |
| migration.properties | Contains the parameters used to set up the bulk migration feature. |
| detokenization.properties | Contains the parameters used to set up the bulk detokenization feature. |
Note
The following files are not applicable for centrally managed APIs:
CADP_for_JAVA.propertiesdetokenization.propertiesSafeNetVaultlessTokenization.propertiesunicode.propertiesmigration.propertiesdetokenization.properties
The following files are not applicable for traditional APIs:
slf4j-api-2.0.17.jarslf4j-nop-2.0.17.jarhttpcore5-h2-5.3.4.jarhttpcore5-5.3.4.jarhttpclient5-5.4.4.jarcommons-logging-1.3.4.jar
