Examples for Using Secure Storage Interfaces and Classes 

Making Sure the Secure Storage Service is Running

Before beginning with the actual implementation, you should make sure the secure storage service is running. For this purpose, implement a JNDI lookup to the service tc~sec~securestorage~service. This lookup returns an object, which you must cast to SecureStorageRuntimeInterface. See the example below.

Code Example for Making Sure the Secure Storage Service is Running

Context ctx = new InitialContext(); Object o = (Object) ctx.lookup("tc~sec~securestorage~service"); if (o == null){    out.println("secure storage service not started<br>"); } else  {     //Cast     SecureStorageRuntimeInterface secStore =         (SecureStorageRuntimeInterface) o;     //Continue with implementation }

 

Obtaining a Context

Use the method getSecureStorageClientContext to obtain a context. See the example below.

Code Example for Obtaining a Context

RemoteSecureStorageClientContextInterface myContext =         secStore.getSecureStorageClientContext();

 

Managing Objects

The following examples show how to store, retrieve, delete or list objects in the context. For these examples, we store the string mypassword in myContext under the alias pass.

Code Example for Managing Objects

//Store an object     myContext.storeObject(new String("myPassword"), "pass");     //Retrieve an object     String myObject = (String) myContext.retrieveObject("pass");     //Delete an object     myContext.deleteObject("pass");     //List objects     out.println("<h3>Display all objects of client</h3>");     String[] listObjects = customerContext.getObjectIDs();     for (int i = 0; i<listObjects.length; i++){         out.println("<br>" + listObjects[i]);     }

 

Managing Objects With a Different Class

If the object’s class is not a common JDK class, set the classloader before calling the store or retrieve methods. Also cast the object’s class to the original class after retrieval. See the examples below:

Setting the Classloader Before Storing an Object

Thread.currentThread().setContextClassLoader(MyApplication         . class .getClassLoader());     myContext.storeObject(MyObject, "pass");

 

Setting the Classloader and Casting the Class When Retrieving an Object

Thread.currentThread().setContextClassLoader(MyApplication         . class .getClassLoader());     Object myRetrievedObject = myContext.retrieveObject("pass");     MyApplicationClass MyObject = (MyApplicationClass)         myRetrievedObject

 

If the application runs in different Virtual Machine than the secure storage service where the classloader can not be set to the secure storage thread, then use the retrieveByte method. Your application must then also de-serialize the returned byte array. See the example below:

Setting the Classloader and Casting the Class When Retrieving an Object

byte[] retrieveByte = myContext.retrieveBytes("pass");     ByteArrayInputStream bais = new ByteArrayInputStream(retrieveByte);     ObjectInputStream ois = new ObjectInputStream(bais);     MyApplicationClass myObject = (MyApplicationClass)ois.readObject();

Generating a New Key

The following example shows how to generate a new key to use within your context.

Code Example for Generating a New Key

//Generate a new key for the context     myContext.generateNewKey();

When an object is retrieved, the secure storage service checks to see if a newer key exists to use for encryption. If the object is still encrypted with an older key, then the secure storage service re-encrypts the object using the newer key.

Verifying the Encryption Method Used

When using secure storage, you can have objects either encrypted or just encoded. To encrypt the data object, the secure storage service uses the triple DES encryption algorithm; for encoding it uses base 64 encoding. To verify which method has been used, use the method isSecure as shown in the example below. It returns true if triple DES has been used for the encryption and false if base 64 was used.

Code Example for Verifying the Encryption Method Used

//Verify the encryption method used     Boolean encryptFlag = myContext.isSecure("pass");