Oracle® Fusion Middleware Reference for Oracle Security Developer Tools 11g Release 1 (11.1.1) Part Number E10037-02 |
|
|
View PDF |
A public key infrastructure (PKI) is a security architecture that provides an increased level of confidence when exchanging information over the Internet.
This chapter provides information about using the packages in Oracle PKI SDK, which is a set of software development kits (SDKs) for developing PKI-aware applications.
This chapter contains the following topics:
This section provides information about using the Oracle public key infrastructure (PKI) Software Development Kit (SDK) for certificate management protocol (CMP). Oracle PKI CMP SDK allows Java developers to quickly implement certificate management functionality such as issuing and renewing certificates, creating and publishing CRLs, and providing key recovery capabilities.
This chapter contains the following topics:
The Oracle PKI CMP SDK provides the following features and functionality:
Oracle PKI CMP SDK conforms to RFC 2510, and is compatible with other products that conform to this certificate management protocol (CMP) specification. RFC 2510 defines protocol messages for all aspects of certificate creation and management.
Oracle PKI CMP SDK conforms to RFC 2511, and is compatible with other products that conform to this certificate request message format (CRMF) specification. RFC 2511 describes the Certificate Request Message Format (CRMF), which is used to convey X.509 certificate requests to a Certification Authority (CA).
The Oracle PKI CMP SDK toolkit contains the following packages:
The oracle.security.crypto.cmp
package provides classes that implement certificate management protocol (CMP) as described in RFC 2510, and certificate request message format (CRMF) as described in RFC 2511.
The oracle.security.crypto.cmp.attribute
package provides attribute classes for registration controls, registration information, and general information. This package includes the following classes and their subclasses:
RegistrationControl
RegistrationInfo
InfoTypeAndValue
(which extends oracle.security.crypto.cert.AttributeTypeAndValue
)
The oracle.security.crypto.cmp.transport
package provides classes for CMP and CRMF transport protocols. It includes the TCPMessage
class and its specific message-type subclasses.
The Oracle Security Developer Tools are installed with Oracle Application Server in ORACLE_HOME
. This section provides information for setting up your environment for Oracle PKI CMP SDK. It contains the following topics:
In order to use Oracle PKI CMP SDK, your system must have the Java Development Kit (JDK) version 1.5 or higher.
Your CLASSPATH
environment variable must contain the full path and file names to all of the required jar and class files. Make sure the following items are included in your CLASSPATH
:
osdt_core.jar
osdt_cert.jar
osdt_cms.jar
osdt_cmp.jar
To set your CLASSPATH
on Windows:
In your Windows Control Panel, select System.
In the System Properties dialog, select the Advanced tab.
Click Environment Variables.
In the User Variables section, click New to add a CLASSPATH
environment variable for your user profile. If a CLASSPATH
environment variable already exists, select it and click Edit.
Add the full path and file names for all of the required jar and class files to the CLASSPATH
. For example:
%ORACLE_HOME%\modules\oracle.osdt_11.1.1\osdt_core.jar; %ORACLE_HOME%\modules\oracle.osdt_11.1.1\osdt_cert.jar; %ORACLE_HOME%\modules\oracle.osdt_11.1.1\osdt_cms.jar; %ORACLE_HOME%\modules\oracle.osdt_11.1.1\osdt_cmp.jar
Click OK.
On UNIX, set your CLASSPATH
environment variable to include the full path and file names of all the required jar and class files. For example:
setenv CLASSPATH $CLASSPATH:$ORACLE_HOME/modules/oracle.osdt_11.1.1/osdt_core.jar: $ORACLE_HOME/modules/oracle.osdt_11.1.1/osdt_cert.jar: $ORACLE_HOME/modules/oracle.osdt_11.1.1/osdt_cms.jar: $ORACLE_HOME/modules/oracle.osdt_11.1.1/osdt_cmp.jar
The Oracle PKI CMP SDK Java API reference (Javadoc) is available at:
Oracle Fusion Middleware PKI SDK CMP Java API Reference for Oracle Security Developer Tools
For example programs using the Oracle Security Developer Tools, see the Oracle Technology Network Web Site at http://samplecode.oracle.com
.
This section provides information about using the Oracle Online Certificate Status Protocol (OCSP) Software Development Kit (SDK). Oracle PKI OCSP SDK allows Java developers to quickly develop OCSP-enabled client applications and OCSP responders that conform to RFC 2560 specifications.
This section contains the following topics:
Oracle PKI OCSP SDK provides the following features and functionality:
Oracle PKI OCSP SDK conforms to RFC 2560 and is compatible with other products that conform to this specification, such as Valicert's Validation Authority. RFC 2560 specifies a protocol useful in determining the current status of a digital certificate without requiring CRLs.
The Oracle PKI OCSP SDK API provides classes and methods for constructing OCSP request messages that can be sent through HTTP to any RFC 2560 compliant validation authority.
The Oracle PKI OCSP SDK API provides classes and methods for constructing responses to OCSP request messages, and an OCSP server implementation that you can use as a basis for developing your own OCSP server to check the validity of certificates you have issued.
The Oracle Security Developer Tools are installed with Oracle Application Server in ORACLE_HOME
. This section provides information for setting up your environment for Oracle PKI OCSP SDK. It contains the following topics:
In order to use Oracle PKI OCSP SDK, your system must have the Java Development Kit (JDK) version 1.5 or higher. Also, make sure that your PATH
environment variable includes the Java bin directory.
Your CLASSPATH
environment variable must contain the full path and file names to all of the required jar and class files. Make sure the following items are included in your CLASSPATH
:
osdt_core.jar
osdt_cert.jar
osdt_ocsp.jar
CLASSPATH
on WindowsTo set your CLASSPATH
on Windows:
In your Windows Control Panel, select System.
In the System Properties dialog, select the Advanced tab.
Click Environment Variables.
In the User Variables section, click New to add a CLASSPATH
environment variable for your user profile. If a CLASSPATH
environment variable already exists, select it and click Edit.
Add the full path and file names for all of the required jar and class files to the CLASSPATH
. For example:
%ORACLE_HOME%\modules\oracle.osdt_11.1.1\osdt_core.jar; %ORACLE_HOME%\modules\oracle.osdt_11.1.1\osdt_cert.jar; %ORACLE_HOME%\modules\oracle.osdt_11.1.1\osdt_ocsp.jar
Click OK.
CLASSPATH
on UnixOn Unix, set your CLASSPATH
environment variable to include the full path and file name of all the required jar and class files. For example:
setenv CLASSPATH $CLASSPATH:$ORACLE_HOME/modules/oracle.osdt_11.1.1/osdt_core.jar: $ORACLE_HOMEmodules/oracle.osdt_11.1.1/osdt_cert.jar: $ORACLE_HOMEmodules/oracle.osdt_11.1.1/osdt_ocsp.jar
The Oracle PKI OCSP SDK Java API reference (Javadoc) is available at:
Oracle Fusion Middleware PKI SDK OCSP Java API Reference for Oracle Security Developer Tools
For example programs using the Oracle Security Developer Tools, see the Oracle Technology Network Web Site at http://samplecode.oracle.com
.
This section provides information about using the Oracle PKI TSP SDK, which allows Java developers to quickly implement time-stamping functionality within a public key infrastructure (PKI) framework.
This section contains the following topics:
Oracle PKI TSP SDK provides the following features and functionality:
Oracle PKI TSP SDK conforms to RFC 3161 and is compatible with other products that conform to this time stamp protocol (TSP) specification.
Oracle PKI TSP SDK provides an example implementation of a TSA server to use for testing TSP request messages, or as a basis for developing your own time stamping service.
Oracle PKI TSP SDK contains the following classes and interfaces:
Table 7-1 Oracle PKI TSP SDK Classes and Interfaces
Class or Interface Name | Description |
---|---|
|
Defines various constants associated with the Time Stamp Protocol (TSP). |
|
Implementation of a TSP request message over HTTP. |
|
Implementation of a TSP response message over HTTP. |
|
This class represents a |
|
This class represents a |
|
A content handler for TSP over HTTP. |
|
A TSP message. |
|
A TSP message of type |
|
A TSP message of type |
|
Defines various utility methods for the |
The Oracle Security Developer Tools are installed with Oracle Application Server in ORACLE_HOME
. This section provides information for setting up your environment for Oracle PKI TSP SDK. It contains the following topics:
In order to use Oracle PKI TSP SDK, your system must have the Java Development Kit (JDK) version 1.5 or higher. Also, make sure that your PATH
environment variable includes the Java bin directory.
Your CLASSPATH
environment variable must contain the full path and file names to all of the required jar and class files. Make sure the following items are included in your CLASSPATH
:
osdt_core.jar
osdt_cert.jar
osdt_cms.jar
osdt_cmp.jar
osdt_tsp.jar
CLASSPATH
on WindowsTo set your CLASSPATH
on Windows:
In your Windows Control Panel, select System.
In the System Properties dialog, select the Advanced tab.
Click Environment Variables.
In the User Variables section, click New to add a CLASSPATH
environment variable for your user profile. If a CLASSPATH
environment variable already exists, select it and click Edit.
Add the full path and file names for all the required jar and class files to the CLASSPATH
. For example:
%CLASSPATH%;%ORACLE_HOME%\modules\oracle.osdt_11.1.1\osdt_core.jar; %ORACLE_HOME%\modules\oracle.osdt_11.1.1\osdt_cert.jar; %ORACLE_HOME%\modules\oracle.osdt_11.1.1\osdt_cms.jar; %ORACLE_HOME%\modules\oracle.osdt_11.1.1\osdt_cmp.jar; %ORACLE_HOME%\modules\oracle.osdt_11.1.1\osdt_tsp.jar
Click OK.
CLASSPATH
on UnixOn Unix, set your CLASSPATH
environment variable to include the full path and file name of all the required jar and class files. For example:
setenv CLASSPATH $CLASSPATH:$ORACLE_HOME/modules/oracle.osdt_11.1.1/osdt_core.jar: $ORACLE_HOME/modules/oracle.osdt_11.1.1/osdt_cert.jar: $ORACLE_HOME/modules/oracle.osdt_11.1.1/osdt_cms.jar: $ORACLE_HOME/modules/oracle.osdt_11.1.1/osdt_cmp.jar; $ORACLE_HOME/modules/oracle.osdt_11.1.1/osdt_tsp.jar
The Oracle PKI TSP SDK Java API reference (Javadoc) is available at:
For example programs using the Oracle Security Developer Tools, see the Oracle Technology Network Web Site at http://samplecode.oracle.com
.
This section provides information about using Oracle PKI LDAP SDK, which allows Java developers to quickly implement operations that involve publishing and retrieving digital certificates from a directory server.
This section contains the following topics:
Oracle PKI LDAP SDK provides facilities for accessing a digital certificate within an LDAP directory. Some of the tasks you can perform with Oracle PKI LDAP SDK are:
Validating a user's certificate in an LDAP directory
Adding a certificate to an LDAP directory
Retrieving a certificate from an LDAP directory
Deleting a certificate from an LDAP directory
The oracle.security.crypto.LDAP
package contains two classes:
LDAPCertificateValidator
, which validates a user certificate by checking whether it exists in its subject's LDAP directory entry
LDAPUtils
, which is a collection of methods to add, retrieve, and remove certificates from a subject's LDAP directory entry
The Oracle Security Developer Tools are installed with Oracle Application Server in ORACLE_HOME
. This section provides information on setting up your environment for Oracle PKI LDAP SDK. It contains the following topics:
To use Oracle PKI LDAP SDK, your system must have the following:
Java Development Kit (JDK) version 1.5 or higher. Also, make sure that the Java bin
directory is added to your PATH environment variable.
Sun Microsystem's Java Naming and Directory Interface (JNDI) version 1.2.1 or higher. You must add all of the JNDI jar files to your CLASSPATH
.
Your CLASSPATH
environment variable must contain the full path and file names to all of the required jar and class files. Make sure the following items are included in your CLASSPATH
:
osdt_core.jar
osdt_cert.jar
osdt_ldap.jar
jndi.jar, ldapbp.jar, ldap.jar, jaas.jar,
and providerutil.jar
(Sun's Java Naming and Directory Interface (JNDI))
CLASSPATH
on WindowsTo set your CLASSPATH
on Windows:
In your Windows Control Panel, select System.
In the System Properties dialog, select the Advanced tab.
Click Environment Variables.
In the User Variables section, click New to add a CLASSPATH
environment variable for your user profile. If a CLASSPATH
environment variable already exists, select it and click Edit.
Add the full path and file names for all of the required jar and class files to the CLASSPATH
. For example:
%ORACLE_HOME%\modules\oracle.osdt_11.1.1\osdt_core.jar; %ORACLE_HOME%\modules\oracle.osdt_11.1.1\osdt_cert.jar; %ORACLE_HOME%\modules\oracle.osdt_11.1.1\osdt_ldap.jar;
Click OK.
CLASSPATH
on UnixOn Unix, set your CLASSPATH
environment variable to include the full path and file name of all the required jar and class files. For example:
setenv CLASSPATH $CLASSPATH:$ORACLE_HOME/modules/oracle.osdt_11.1.1/osdt_core.jar: $ORACLE_HOME/modules/oracle.osdt_11.1.1/osdt_cert.jar: $ORACLE_HOME/modules/oracle.osdt_11.1.1/osdt_ldap.jar
The Oracle PKI LDAP SDK Java API reference (Javadoc) is available at:
Oracle Fusion Middleware PKI SDK LDAP Java API Reference for Oracle Security Developer Tools
For example programs using the Oracle Security Developer Tools, see the Oracle Technology Network Web Site at http://samplecode.oracle.com
.