Initialization and Login

  • Last updated:
  • access_time Reading time:

Self-Defending KMS provides multiple interfaces to application developers. For C/C++ programmers, Self-Defending KMS provides a PKCS#11 interface through a library. For Java programmers, Self-Defending KMS can be accessed through the JCE interface and through Java SDK. Self-Defending KMS can also be accessed through its RESTful interface, documented at https://www.fortanix.com/api/

We provide examples for using Self-Defending KMS in 7 languages – a C++ program using the PKCS#11 interface, a Java program using the JCE interface, and other programs using the REST interface through Java, Python, Go, C#, PHP and Javascript SDKs

The example programs can be downloaded in full at the Downloads page.

C++


CK_FUNCTION_LIST_PTR initialize() {
CK_FUNCTION_LIST_PTR p11;
void *pDynLib;

pDynLib = dlopen("/opt/fortanix/pkcs11/sdkms-pkcs11.so", RTLD_NOW);
if (!pDynLib) {
cout << "Failed to load the PKCS#11 library" << endl;
return NULL;
}
cout << "Successfully initialized PKCS#11 library to use Fortanix SDKMS" << endl;
CK_C_GetFunctionList pGetFunctionList = (CK_C_GetFunctionList) dlsym(pDynLib, "C_GetFunctionList");
(*pGetFunctionList)(&p11);
return p11;
}

CK_RV login(CK_FUNCTION_LIST_PTR p11, CK_SESSION_HANDLE_PTR phSession, string pin) {
CK_RV rv;
CK_SLOT_ID slotId = 1;

rv = p11->C_Initialize(NULL_PTR);
if (rv == CKR_OK) {
rv = p11->C_OpenSession(slotId, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, phSession);
if (rv == CKR_OK) rv = p11->C_Login(*phSession, CKU_USER, (CK_UTF8CHAR_PTR)pin.c_str(), pin.length());
}
if (rv != CKR_OK) {
cout << "Incorrect API Key. Error code = " << rv << endl;
} else {
cout << "Successfully logged in to Fortanix SDKMS" << endl << endl;
}
return rv;
}

C#

public void login() {
    string apiKey =SDKMS_API_KEY;
    Configuration.Default.BasePath = SDKMS_API_ENDPOINT;

    string decodedKey = Encoding.ASCII.GetString(Convert.FromBase64String(apiKey));
    string[] tokens = decodedKey.Split(':');
    Configuration.Default.Username = tokens[0];
    Configuration.Default.Password = tokens[1];

    // App Authentication
    AuthenticationApi authenticationApi = new AuthenticationApi();
    AuthResponse response = authenticationApi.Authorize();
    Configuration.Default.AddApiKey("Authorization", response.AccessToken);
    Configuration.Default.AddApiKeyPrefix("Authorization", "Bearer");
}

Go

package main

import (
	"context"
	"fmt"
	"log"
	"net/http"

	"github.com/fortanix/sdkms-client-go/sdkms"
)

const (
	apiEndpoint = "https://sdkms.fortanix.com"
	myAPIKey    = "..."
)
func main() {
    // Initialization and Login
    client := sdkms.Client{
        Endpoint:   apiEndpoint,
        HTTPClient: http.DefaultClient,
    }
    ctx := context.Background()

    // Establish a session
    _, err := client.AuthenticateWithAPIKey(ctx, myAPIKey)
    if err != nil {
        log.Fatalf("Failed to authentication: %v", err)
    }
    // Terminate the session on exit
    defer client.TerminateSession(ctx)
}

Java

private static ApiClient login() throw Exception{
    String apiKey = new String (Base64.decode(SDKMS_API_KEY);
    if (!apiKey.contains(":")) {
        throw new Exception("Invalid SDKMS Api Key");
    }
    String[] credential = apiKey.split(":");
    ApiClient apiClient = new ApiClient();
    apiClient.setBasePath(SDKMS_API_ENDPOINT)
    apiClient.setUsername(credential[0]);
    apiClient.setPassword(credential[1]);

    AuthenticationApi authenticationApi = new AuthenticationApi(apiClient);
    AuthResponse authResponse = authenticationApi.authorize();
    ApiKeyAuth bearerToken =
        (ApiKeyAuth) apiClient.getAuthentication("bearerToken");
    bearerToken.setApiKey(authResponse.getAccessToken());
    bearerToken.setApiKeyPrefix("Bearer");
    return apiClient;
}

Python

def login():
    config = sdkms.v1.Configuration()
    config.host = SDKMS_API_ENDPOINT
    config.app_api_key = SDKMS_API_KEY
    client = sdkms.v1.ApiClient(configuration=config)
    auth_instance = sdkms.v1.AuthenticationApi(api_client=client)
    try:
        auth = auth_instance.authorize()
        config.api_key['Authorization'] = auth.access_token
        config.api_key_prefix['Authorization'] = 'Bearer'
        return client
    except sdkms.v1.ApiException as e:
        print("Exception when calling AuthenticationApi->authorize: %s\n" % e)
        return None

PHP

public function login() {
    $apiKey = base64_decode(SDKMS_API_KEY);
    $credential = explode(":", $apiKey);

    $cfg = new Swagger\Client\Configuration();

    $cfg->setHost(SDKMS_API_ENDPOINT); 
    $cfg->setUsername($credential[0]); 
    $cfg->setPassword($credential[1]);

    $client = new Swagger\Client\ApiClient($cfg);
    // authenticate
    $authenticationApi = new Swagger\Client\Api\AuthenticationApi($client);
    $auth = $authenticationApi->authorize();
    // set access token
    $cfg->setApiKey("Authorization", $auth['access_token']);
    $cfg->setApiKeyPrefix("Authorization", "Bearer");
}

Javascript

var FortanixSdkmsRestApi = require('./src/index.js');

function initialise() {
    var defaultClient = FortanixSdkmsRestApi.ApiClient.instance;
    defaultClient.basePath= SDKMS_API_ENDPOINT
    var basicAuth = defaultClient.authentications['basicAuth'];
    var apiKey = Base64.decode(SDKMS_API_KEY);

    var credential = apiKey.split(":");
    basicAuth.username = credential[0] 
    basicAuth.password = credential[1]
    return defaultClient;
}

var login = function(error, data, response) {
   var bearerAuth = defaultClient.authentications['bearerToken'];
   bearerAuth.apiKeyPrefix = "Bearer"
   bearerAuth.apiKey = data["access_token"]
}

defaultClient = initialise()
var authenticationApi = new FortanixSdkmsRestApi.AuthenticationApi()
authenticationApi.authorize(login);