Fortanix Data Security Manager (DSM) provides multiple interfaces to application developers. For C/C++ programmers, Fortanix DSM provides a PKCS#11 interface through a library. For Java programmers, Fortanix DSM can be accessed through the JCE interface and through Java SDK. Fortanix DSM can also be accessed through its RESTful interface, documented at https://www.fortanix.com/api/
We provide examples for using Fortanix DSM in 7 languages – a C++ program using the PKCS#11 interface, a Java program using the JCE interface, and other programs using the REST interface through Java, Python, Go, C#, PHP and Javascript SDKs
The example programs can be downloaded in full at the Downloads page.
C++
CK_FUNCTION_LIST_PTR initialize() {
CK_FUNCTION_LIST_PTR p11;
void *pDynLib;
pDynLib = dlopen("/opt/fortanix/pkcs11/sdkms-pkcs11.so", RTLD_NOW);
if (!pDynLib) {
cout << "Failed to load the PKCS#11 library" << endl;
return NULL;
}
cout << "Successfully initialized PKCS#11 library to use Fortanix SDKMS" << endl;
CK_C_GetFunctionList pGetFunctionList = (CK_C_GetFunctionList) dlsym(pDynLib, "C_GetFunctionList");
(*pGetFunctionList)(&p11);
return p11;
}
CK_RV login(CK_FUNCTION_LIST_PTR p11, CK_SESSION_HANDLE_PTR phSession, string pin) {
CK_RV rv;
CK_SLOT_ID slotId = 1;
rv = p11->C_Initialize(NULL_PTR);
if (rv == CKR_OK) {
rv = p11->C_OpenSession(slotId, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, phSession);
if (rv == CKR_OK) rv = p11->C_Login(*phSession, CKU_USER, (CK_UTF8CHAR_PTR)pin.c_str(), pin.length());
}
if (rv != CKR_OK) {
cout << "Incorrect API Key. Error code = " << rv << endl;
} else {
cout << "Successfully logged in to Fortanix SDKMS" << endl << endl;
}
return rv;
}
C#
public void login() {
string apiKey =SDKMS_API_KEY;
Configuration.Default.BasePath = SDKMS_API_ENDPOINT;
string decodedKey = Encoding.ASCII.GetString(Convert.FromBase64String(apiKey));
string[] tokens = decodedKey.Split(':');
Configuration.Default.Username = tokens[0];
Configuration.Default.Password = tokens[1];
// App Authentication
AuthenticationApi authenticationApi = new AuthenticationApi();
AuthResponse response = authenticationApi.Authorize();
Configuration.Default.AddApiKey("Authorization", response.AccessToken);
Configuration.Default.AddApiKeyPrefix("Authorization", "Bearer");
}
Go
package main
import (
"context"
"fmt"
"log"
"net/http"
"github.com/fortanix/sdkms-client-go/sdkms"
)
const (
apiEndpoint = "https://sdkms.fortanix.com"
myAPIKey = "..."
)
func main() {
// Initialization and Login
client := sdkms.Client{
Endpoint: apiEndpoint,
HTTPClient: http.DefaultClient,
}
ctx := context.Background()
// Establish a session
_, err := client.AuthenticateWithAPIKey(ctx, myAPIKey)
if err != nil {
log.Fatalf("Failed to authentication: %v", err)
}
// Terminate the session on exit
defer client.TerminateSession(ctx)
}
Java
private static ApiClient login() throw Exception{
String apiKey = new String (Base64.decode(SDKMS_API_KEY);
if (!apiKey.contains(":")) {
throw new Exception("Invalid SDKMS Api Key");
}
String[] credential = apiKey.split(":");
ApiClient apiClient = new ApiClient();
apiClient.setBasePath(SDKMS_API_ENDPOINT)
apiClient.setUsername(credential[0]);
apiClient.setPassword(credential[1]);
AuthenticationApi authenticationApi = new AuthenticationApi(apiClient);
AuthResponse authResponse = authenticationApi.authorize();
ApiKeyAuth bearerToken =
(ApiKeyAuth) apiClient.getAuthentication("bearerToken");
bearerToken.setApiKey(authResponse.getAccessToken());
bearerToken.setApiKeyPrefix("Bearer");
return apiClient;
}
Python
def login():
config = sdkms.v1.Configuration()
config.host = SDKMS_API_ENDPOINT
config.app_api_key = SDKMS_API_KEY
client = sdkms.v1.ApiClient(configuration=config)
auth_instance = sdkms.v1.AuthenticationApi(api_client=client)
try:
auth = auth_instance.authorize()
config.api_key['Authorization'] = auth.access_token
config.api_key_prefix['Authorization'] = 'Bearer'
return client
except sdkms.v1.ApiException as e:
print("Exception when calling AuthenticationApi->authorize: %s\n" % e)
return None
PHP
public function login() {
$apiKey = base64_decode(SDKMS_API_KEY);
$credential = explode(":", $apiKey);
$cfg = new Swagger\Client\Configuration();
$cfg->setHost(SDKMS_API_ENDPOINT);
$cfg->setUsername($credential[0]);
$cfg->setPassword($credential[1]);
$client = new Swagger\Client\ApiClient($cfg);
// authenticate
$authenticationApi = new Swagger\Client\Api\AuthenticationApi($client);
$auth = $authenticationApi->authorize();
// set access token
$cfg->setApiKey("Authorization", $auth['access_token']);
$cfg->setApiKeyPrefix("Authorization", "Bearer");
}
Javascript
var FortanixSdkmsRestApi = require('./src/index.js');
function initialise() {
var defaultClient = FortanixSdkmsRestApi.ApiClient.instance;
defaultClient.basePath= SDKMS_API_ENDPOINT
var basicAuth = defaultClient.authentications['basicAuth'];
var apiKey = Base64.decode(SDKMS_API_KEY);
var credential = apiKey.split(":");
basicAuth.username = credential[0]
basicAuth.password = credential[1]
return defaultClient;
}
var login = function(error, data, response) {
var bearerAuth = defaultClient.authentications['bearerToken'];
bearerAuth.apiKeyPrefix = "Bearer"
bearerAuth.apiKey = data["access_token"]
}
defaultClient = initialise()
var authenticationApi = new FortanixSdkmsRestApi.AuthenticationApi()
authenticationApi.authorize(login);