Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CTE-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Widows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Samples

Sample Code for Java Developers

search

Please Note:

printsuggest an edit

Sample Code for Java Developers

This topic provides a sample code for java developers.

Note

The user may use the obfuscated password or credential. See Creating Obfuscated Data Using Obfuscation Utility for more information.

Included in the software download is the TokenServiceSample application. Run the sample application from the command line, using a statement like the following:

java TokenServiceSample data tokenVault naeUser naePswd dbUser dbPswd

The example below also uses the -cp flag to set the jar files in the classpath.

java -cp .;C:\SafeNetTokenService\SafeNetTokenService-8.12.4.000.jar TokenServiceSample 1234512345 testVault ksuser password1 dbuser1 test123#

Note

For Java 10, also specify the CADP JCE Provider files in the Java classpath.

Here is the outcome:

Token: 106890268502893
Value 129388322312893 was tokenized to 106890268502893
Value 129388322312893123 was not tokenized
Decrypted Value: 129388322312893
Token in new format: 129437886406263

Tokens created before or on Tue Mar 29 10:38:13 IST 2016
13531699973175599
68713984869785674231
78756887366712307
129437886406263

Mask tokens created:
12345678998776111
12345678998776112
12345678998776113
12345678998776114

The source code is explained here. The application, compiled using jdk 1.8, is also included with the software.

import com.safenet.token.TokenService; import java.util.Calendar;
import java.util.Calendar imports java.util.Calendar class.

The following code snippet specific to this sample. It’s very unlikely that you will pass your values in from the command line, but notice what happens with args[3] and args[5]: passwords must be converted to character arrays before they can be used in the call to TokenService(). The dbtable value must be in CAPITAL letters.

public class TokenServiceSample
{
    public static void main (String[] args) throws Exception
    {
        if (args.length !=6)
        {
            System.err.println("Usage: java TokenServiceSample dataToEncrypt dbtable naeUser naePswd dbUser dbPswd");
            System.exit(-1);
        }
        String dataToEncrypt = args[0];
        String dbTable = args[1];
        String naeUser = args[2];
        char[] naePswd = args[3].toCharArray();
        String dbUser = args[4];
        char[] dbPswd = args[5].toCharArray();
        .....
    }
}

new TokenService() starts the CT-V by creating a new instance of TokenService. The method call includes the usernames and passwords for the Key Manager and database user. The Key Manager user must have access to the token vault’s encryption and hmac keys. Ideally, it would be the key owner. The database user must have read and write permission for the token vault table.

TokenService ts = new TokenService (naeUser, naePswd, dbUser, dbPswd);

Remember that the keys are picked when the token vault is created through the KeySecure Classic UI or utilities.Keys are not selected in the application; there is no way to pass them to the API. Also, the IngrianNAE.properties and SafeNetToken.properties files contain the parameters used to connect to the Key Manager parameters(IPs, ports, etc.) and the database. You don’t set those connections using the API.

ts.insert() calls insert(), which creates a token for a plaintext value and inserts that value into the token vault. This method is overloaded; it can accept an array of plaintext or a single plaintext value.

String token = ts.insert(dataToEncrypt, dbTable, TokenService.LAST_FOUR_TOKEN, false);
System.out.println("Token: " + token);

The method call includes the token format and the luhnCheck boolean. All tokens in a vault should use the same format. Check Using CipherTrust Vaulted Tokenization Java APIs for the list of delivered formats.

Since the luhnCheck boolean is false, the token will not pass a Luhn check. You may want a value to fail the Luhn check so that it is clearly identifiable as a token, and not a real credit card number.

The method returns the token and prints it to standard output.

ts.getToken() calls getToken(), which checks if a plaintext value has a token in the token vault. If the token vault contains a token for this value - meaning that the value has already been tokenized - the method returns the token. Otherwise, the method returns a null. The sample program shows an example of both outcomes.

String newToken = ts.getToken(dataToEncrypt, null, dbTable);
System.out.println("Value " + dataToEncrypt + " was tokenized to " + newToken);
newToken = ts.getToken(dataToEncrypt+"123", null, dbTable);
if (newToken == null)
System.out.println("Value " + dataToEncrypt + "123 was not tokenized");

ts.get() calls get(), which retrieves the plaintext value from the token vault. This method is overloaded; it can accept an array of tokens or a single token. The method call includes the token, the token vault name, and the format as parameters. For get(), the only valid formats are MASK_TOKEN and 0 (zero). 0 gets the full plaintext. MASK_TOKEN masks all but the last four digits.

String value = ts.get (token, dbTable, 0);
System.out.println("Decrypted Value: " + value);

ts.deleteToken() deletes the token from the vault by calling deleteToken(). This deletes the value and the token from the vault.

ts.deleteToken(token, dbTable);

Similarly, the sample could have called deleteValue() and removed the entry from the token vault based on the plaintext value.

ts.createNewFormat() creates a new token format by calling createNewFormat(). The method call controls how many of the leading digits (3) and how many of the trailing digits (1) to keep in the token. The digits in between will be replaced with random numbers. The call also determines how many of the first digits will have a mask (null means no mask is used), and if the tokens must pass a Luhn check (yes).

int newFormat = ts.createNewFormat(3, 1, null, 1);

ts.insert() calls insert(), which creates a token using the new format.

token = ts.insert(dataToEncrypt, dbTable, newFormat, true);
System.out.println("Token in new format: " + token);

ts.getTokensByDate() retrieves all tokens created before or on a specific date, in this case, the current system date. It does so by creating a Calendar object and calling getInstance, which returns the current date.

Calendar calendarDate = Calendar.getInstance();
String[] dateTokens = ts.getTokensByDate(null, calendarDate, dbTable);
System.out.println("Tokens created before or on " + calendarDate.getTime().toString());
for (int i = 0; i < dateTokens.length; i++)
System.out.println("\n" + dateTokens[i];

ts.deleteValue() deletes the value from the vault by calling deleteValue(). This deletes the value and the token from the vault.

ts.deleteValue(dataToEncrypt, dbTable);

ts.mask() creates tokens without storing then in the token vault by calling mask(). For this example, the values provided to mask() are the values returned by the getTokensByDate API. A sequential token format is used, so the method call can include a startToken value (the 3rd argument) to use as the first token in the sequence.

String[] maskTokens = ts.mask (dateTokens, TokenService.SEQUENTIAL_TOKEN, "12345678998776111", false);
System.out.println("Mask tokens created: ");
for (int i = 0; i < dateTokens.length; i++)
System.out.println("\n" + maskTokens[i]);

ts.getVersion() returns the version of the CT-V software by calling getVersion().

System.out.println(ts.getVersion());

ts.closeService() closes the connection by calling closeService().

ts.closeService();

On this page