Sample Code for Java Developers
This topic provides a sample code for java developers.
Note
The user may use the obfuscated password or credential. See Creating Obfuscated Data Using Obfuscation Utility for more information.
Included in the software download is the TokenServiceSample application. Run the sample application from the command line, using a statement like the following:
The example below also uses the -cp flag to set the jar files in the classpath.
Note
For Java 10, also specify the CADP JCE Provider files in the Java classpath.
Here is the outcome:
The source code is explained here. The application, compiled using jdk 1.8, is also included with the software.
The following code snippet specific to this sample. It’s very unlikely that you will pass your values in from the command line, but notice what happens with args[3] and args[5]: passwords must be converted to character arrays before they can be used in the call to TokenService(). The dbtable value must be in CAPITAL letters.
new TokenService() starts the CT-V by creating a new instance of TokenService. The method call includes the usernames and passwords for the Key Manager and database user. The Key Manager user must have access to the token vault’s encryption and hmac keys. Ideally, it would be the key owner. The database user must have read and write permission for the token vault table.
Remember that the keys are picked when the token vault is created through the KeySecure Classic UI or utilities.Keys are not selected in the application; there is no way to pass them to the API. Also, the IngrianNAE.properties and SafeNetToken.properties files contain the parameters used to connect to the Key Manager parameters(IPs, ports, etc.) and the database. You don’t set those connections using the API.
ts.insert() calls insert(), which creates a token for a plaintext value and inserts that value into the token vault. This method is overloaded; it can accept an array of plaintext or a single plaintext value.
The method call includes the token format and the luhnCheck boolean. All tokens in a vault should use the same format. Check Using CipherTrust Vaulted Tokenization Java APIs for the list of delivered formats.
Since the luhnCheck boolean is false, the token will not pass a Luhn check. You may want a value to fail the Luhn check so that it is clearly identifiable as a token, and not a real credit card number.
The method returns the token and prints it to standard output.
ts.getToken() calls getToken(), which checks if a plaintext value has a token in the token vault. If the token vault contains a token for this value - meaning that the value has already been tokenized - the method returns the token. Otherwise, the method returns a null. The sample program shows an example of both outcomes.
ts.get() calls get(), which retrieves the plaintext value from the token vault. This method is overloaded; it can accept an array of tokens or a single token. The method call includes the token, the token vault name, and the format as parameters. For get(), the only valid formats are MASK_TOKEN and 0 (zero). 0 gets the full plaintext. MASK_TOKEN masks all but the last four digits.
ts.deleteToken() deletes the token from the vault by calling deleteToken(). This deletes the value and the token from the vault.
Similarly, the sample could have called deleteValue() and removed the entry from the token vault based on the plaintext value.
ts.createNewFormat() creates a new token format by calling createNewFormat(). The method call controls how many of the leading digits (3) and how many of the trailing digits (1) to keep in the token. The digits in between will be replaced with random numbers. The call also determines how many of the first digits will have a mask (null means no mask is used), and if the tokens must pass a Luhn check (yes).
ts.insert() calls insert(), which creates a token using the new format.
ts.getTokensByDate() retrieves all tokens created before or on a specific date, in this case, the current system date. It does so by creating a Calendar object and calling getInstance, which returns the current date.
ts.deleteValue() deletes the value from the vault by calling deleteValue(). This deletes the value and the token from the vault.
ts.mask() creates tokens without storing then in the token vault by calling mask(). For this example, the values provided to mask() are the values returned by the getTokensByDate API. A sequential token format is used, so the method call can include a startToken value (the 3rd argument) to use as the first token in the sequence.
ts.getVersion() returns the version of the CT-V software by calling getVersion().
ts.closeService() closes the connection by calling closeService().