Skip Headers
Oracle® Security Developer Tools Reference
10g Release 2 (10.1.2)
B15975-01
  Go To Documentation Library
Home
Go To Product List
Solution Area
Go To Table Of Contents
Contents
Go To Index
Index

Previous
Previous
Next
Next
 

7 Oracle PKI SDK

A public key infrastructure (PKI) is a security architecture that provides an increased level of confidence for exchanging information over the Internet.

This chapter provides information about using the packages in Oracle PKI SDK, which is a set of software development kits (SDKs) for developing PKI-aware applications.

This chapter contains the following topics:

7.1 Oracle PKI SDK CMP

This section provides information about using the Oracle public key infrastructure (PKI) Software Development Kit (SDK) for certificate management protocol (CMP). Oracle PKI SDK CMP allows Java developers to quickly implement certificate management functionality such as issuing and renewing certificates, creating and publishing CRLs, and providing key recovery capabilities.

This chapter contains the following topics:

7.1.1 Oracle PKI SDK CMP Features and Benefits

The Oracle PKI SDK CMP provides the following features and functionality:

  • Oracle PKI SDK CMP conforms to RFC 2510, and is compatible with other products that conform to this certificate management protocol (CMP) specification. RFC 2510 defines protocol messages for all aspects of certificate creation and management.

  • Oracle PKI SDK CMP conforms to RFC 2511, and is compatible with other products that conform to this certificate request message format (CRMF) specification. RFC 2511 describes the Certificate Request Message Format (CRMF), which is used to convey X.509 certificate requests to a Certification Authority (CA).

7.1.1.1 Package Overview for Oracle PKI SDK CMP

The Oracle PKI SDK CMP toolkit contains the following packages:

  • The oracle.security.crypto.cmp package provides classes that implement certificate management protocol (CMP) as described in RFC 2510, and certificate request message format (CRMF) as described in RFC 2511.

  • The oracle.security.crypto.cmp.attribute package provides attribute classes for registration controls, registration information, and general information. This package includes the following classes and their subclasses:

    • RegistrationControl

    • RegistrationInfo

    • InfoTypeAndValue (which extends oracle.security.crypto.cert.AttributeTypeAndValue)

  • The oracle.security.crypto.cmp.transport package provides classes for CMP and CRMF transport protocols. It includes the TCPMessage class and its specific message-type subclasses.

7.1.2 Setting Up Your Oracle PKI SDK CMP Environment

The Oracle Security Developer Tools are installed with Oracle Application Server in ORACLE_HOME. This section provides information for setting up your environment for Oracle PKI SDK CMP. It contains the following topics:

7.1.2.1 System Requirements for Oracle PKI SDK CMP

In order to use Oracle PKI SDK CMP, your system must have the Java Development Kit (JDK) version 1.2.2 or higher.

7.1.2.2 Setting the CLASSPATH Environment Variable

Your CLASSPATH environment variable must contain the full path and file names to all of the required jar and class files. Make sure the following items are included in your CLASSPATH:

  • osdt_core.jar

  • osdt_cert.jar

  • osdt_cms.jar

  • osdt_cmp.jar

7.1.2.2.1 Setting the CLASSPATH on Windows

To set your CLASSPATH on Windows:

  1. In your Windows Control Panel, select System.

  2. In the System Properties dialog, select the Advanced tab.

  3. Click Environment Variables.

  4. In the User Variables section, click New to add a CLASSPATH environment variable for your user profile. If a CLASSPATH environment variable already exists, select it and click Edit.

  5. Add the full path and file names for all of the required jar and class files to the CLASSPATH. For example:

    C:\ORACLE_HOME\jlib\osdt_core.jar;C:\ORACLE_HOME\jlib\osdt_cert.jar;
    C:\ORACLE_HOME\jlib\osdt_cms.jar;C:\ORACLE_HOME\jlib\osdt_cmp.jar
    
    
  6. Click OK.

7.1.2.2.2 Setting the CLASSPATH on UNIX

On UNIX, set your CLASSPATH environment variable to include the full path and file names of all the required jar and class files. For example:

setenv CLASSPATH $CLASSPATH:$ORACLE_HOME/jlib/osdt_core.jar:\
$ORACLE_HOME/jlib/osdt_cert.jar:$ORACLE_HOME/jlib/osdt_cms.jar:\
$ORACLE_HOME/jlib/osdt_cmp.jar

7.1.3 Oracle PKI SDK CMP Java API Reference

The Oracle PKI SDK CMP Java API reference (Javadoc) is available at:

Oracle PKI SDK CMP Java API Reference

7.2 Oracle PKI SDK OCSP

This section provides information about using the Oracle Online Certificate Status Protocol (OCSP) Software Development Kit (SDK). Oracle PKI SDK OCSP allows Java developers to quickly develop OCSP-enabled client applications and OCSP responders that conform to RFC 2560 specifications.

This section contains the following topics:

7.2.1 Features and Benefits of Oracle PKI SDK OCSP

Oracle PKI SDK OCSP provides the following features and functionality:

  • Oracle PKI SDK OCSP conforms to RFC 2560 and is compatible with other products that conform to this specification, such as Valicert's Validation Authority. RFC 2560 specifies a protocol useful in determining the current status of a digital certificate without requiring CRLs.

  • The Oracle PKI SDK OCSP API provides classes and methods for constructing OCSP request messages that can be sent through HTTP to any RFC 2560 compliant validation authority.

  • The Oracle PKI SDK OCSP API provides classes and methods for constructing responses to OCSP request messages, and an OCSP server implementation that you can use as a basis for developing your own OCSP server to check the validity of certificates you have issued.

7.2.2 Setting Up Your Oracle PKI SDK OCSP Environment

The Oracle Security Developer Tools are installed with Oracle Application Server in ORACLE_HOME/path/to/tools. This section provides information for setting up your environment for Oracle PKI SDK OCSP. It contains the following topics:

7.2.2.1 System Requirements for Oracle PKI SDK OCSP

In order to use Oracle PKI SDK OCSP, your system must have the Java Development Kit (JDK) version 1.2.2 or higher. Also, make sure that your PATH environment variable includes the Java bin directory.

7.2.2.2 Setting the CLASSPATH Environment Variable

Your CLASSPATH environment variable must contain the full path and file names to all of the required jar and class files. Make sure the following items are included in your CLASSPATH:

  • osdt_core.jar

  • osdt_cert.jar

  • osdt_ocsp.jar

7.2.2.2.1 Setting the CLASSPATH on Windows

To set your CLASSPATH on Windows:

  1. In your Windows Control Panel, select System.

  2. In the System Properties dialog, select the Advanced tab.

  3. Click Environment Variables.

  4. In the User Variables section, click New to add a CLASSPATH environment variable for your user profile. If a CLASSPATH environment variable already exists, select it and click Edit.

  5. Add the full path and file names for all of the required jar and class files to the CLASSPATH. For example:

    C:\ORACLE_HOME\jlib\osdt_core.jar;C:\ORACLE_HOME\jlib\osdt_cert.jar;
    C:\ORACLE_HOME\jlib\osdt_ocsp.jar
    
    
  6. Click OK.

7.2.2.2.2 Setting the CLASSPATH on Unix

On Unix, set your CLASSPATH environment variable to include the full path and file name of all the required jar and class files. For example:

setenv CLASSPATH $CLASSPATH:$ORACLE_HOME/jlib/osdt_core.jar:\
$ORACLE_HOME/jlib/osdt_cert.jar:\
$ORACLE_HOME/jlib/osdt_ocsp.jar

7.2.3 Oracle PKI SDK OCSP Java API Reference

The Oracle PKI SDK OCSP Java API reference (Javadoc) is available at:

Oracle PKI SDK OCSP Java API Reference

7.3 Oracle PKI SDK TSP

This section provides information about using the Oracle PKI SDK TSP, which allows Java developers to quickly implement time-stamping functionality within a public key infrastructure (PKI) framework.

This section contains the following topics:

7.3.1 Features and Benefits of Oracle PKI SDK TSP

Oracle PKI SDK TSP provides the following features and functionality:

  • Oracle PKI SDK TSP conforms to RFC 3161 and is compatible with other products that conform to this time stamp protocol (TSP) specification.

  • Oracle PKI SDK TSP provides an example implementation of a TSA server to use for testing TSP request messages, or as a basis for developing your own time stamping service.

7.3.1.1 Class and Interface Overview for Oracle PKI SDK TSP

Oracle PKI SDK TSP contains the following classes and interfaces:

Table 7-1 Oracle PKI SDK TSP Classes and Interfaces

Class or Interface Name Description
TSP Interface Defines various constants associated with the Time Stamp Protocol (TSP).
HttpTSPRequest Class Implementation of a TSP request message over HTTP.
HttpTSPResponse Class Implementation of a TSP response message over HTTP.
MessageImprint Class This class represents a MessageImprint object as defined in RFC 3161.
TSAPolicyID Class This class represents a TSAPolicyID object as defined in RFC 3161.
TSPContentHandlerFactory Class A content handler for TSP over HTTP.
TSPMessage Class A TSP message.
TSPTimeStampReq Class A TSP message of type TimeStampReq as defined in RFC 3161.
TSPTimeStampResp Class A TSP message of type TimeStampResp as defined in RFC 3161.
TSPUtils Class Defines various utility methods for the oracle.security.crypto.tsp package.

7.3.2 Setting Up Your Oracle PKI SDK TSP Environment

The Oracle Security Developer Tools are installed with Oracle Application Server in ORACLE_HOME. This section provides information for setting up your environment for Oracle PKI SDK TSP. It contains the following topics:

7.3.2.1 System Requirements for Oracle PKI SDK TSP

In order to use Oracle PKI SDK TSP, your system must have the Java Development Kit (JDK) version 1.2.2 or higher. Also, make sure that your PATH environment variable includes the Java bin directory.

7.3.2.2 Setting the CLASSPATH Environment Variable

Need to check the path information - what will be the default install path?

Your CLASSPATH environment variable must contain the full path and file names to all of the required jar and class files. Make sure the following items are included in your CLASSPATH:

  • osdt_core.jar

  • osdt_cert.jar

  • osdt_cms.jar

  • osdt_cmp.jar

  • osdt_tsp.jar

7.3.2.2.1 Setting the CLASSPATH on Windows

To set your CLASSPATH on Windows:

  1. In your Windows Control Panel, select System.

  2. In the System Properties dialog, select the Advanced tab.

  3. Click Environment Variables.

  4. In the User Variables section, click New to add a CLASSPATH environment variable for your user profile. If a CLASSPATH environment variable already exists, select it and click Edit.

  5. Add the full path and file names for all the required jar and class files to the CLASSPATH. For example:

    %CLASSPATH%;C:\ORACLE_HOME\jlib\osdt_core.jar;
    C:\ORACLE_HOME\jlib\osdt_cert.jar;
    C:\ORACLE_HOME\jlib\osdt_cms.jar;C:\ORACLE_HOME\jlib\osdt_cmp.jar;
    C:\ORACLE_HOME\jlib\osdt_tsp.jar
    
    
  6. Click OK.

7.3.2.2.2 Setting the CLASSPATH on Unix

On Unix, set your CLASSPATH environment variable to include the full path and file name of all the required jar and class files. For example:

setenv CLASSPATH $CLASSPATH:$ORACLE_HOME/jlib/osdt_core.jar:\
$ORACLE_HOME/jlib/osdt_cert.jar:$ORACLE_HOME/jlib/osdt_cms.jar:\
$ORACLE_HOME/jlib/osdt_cmp.jar;$ORACLE_HOME/jlib/osdt_tsp.jar

7.3.3 Oracle PKI SDK TSP Java API Reference

The Oracle PKI SDK TSP Java API reference is available at:

Oracle PKI SDK TSP Java API Reference

7.4 Oracle PKI SDK LDAP

This section provides information about using Oracle PKI SDK LDAP, which allows Java developers to quickly implement operations that involve publishing and retrieving digital certificates from a directory server.

This section contains the following topics:

7.4.1 Features and Benefits of Oracle PKI SDK LDAP

Oracle PKI SDK LDAP provides facilities for accessing a digital certificate within an LDAP directory. Some of the tasks you can perform with Oracle PKI SDK LDAP are:

  • Validating a user's certificate in an LDAP directory

  • Adding a certificate to an LDAP directory

  • Retrieving a certificate from an LDAP directory

  • Deleting a certificate from an LDAP directory

7.4.1.1 Class Overview for Oracle PKI SDK LDAP

The oracle.security.crypto.LDAP package contains two classes:

  • LDAPCertificateValidator, which validates a user certificate by checking whether it exists in its subject's LDAP directory entry

  • LDAPUtils, which is a collection of methods to add, retrieve, and remove certificates from a subject's LDAP directory entry

7.4.2 Setting Up Your Oracle PKI SDK LDAP Environment

The Oracle Security Developer Tools are installed with Oracle Application Server in ORACLE_HOME. This section provides information on setting up your environment for Oracle PKI SDK LDAP. It contains the following topics:

7.4.2.1 System Requirements for Oracle PKI SDK LDAP

To use Oracle PKI SDK LDAP, your system must have the following:

  • Java Development Kit (JDK) version 1.2.2 or higher. Also, make sure that the Java bin directory is added to your PATH environment variable.

  • Sun Microsystem's Java Naming and Directory Interface (JNDI) version 1.2.1 or higher. You must add all of the JNDI jar files to your CLASSPATH.

7.4.2.2 Setting the CLASSPATH Environment Variable

Your CLASSPATH environment variable must contain the full path and file names to all of the required jar and class files. Make sure the following items are included in your CLASSPATH:

  • osdt_core.jar

  • osdt_cert.jar

  • osdt_ldap.jar

  • jndi.jar, ldapbp.jar, ldap.jar, jaas.jar, and providerutil.jar (Sun's Java Naming and Directory Interface (JNDI))

7.4.2.2.1 Setting the CLASSPATH on Windows

To set your CLASSPATH on Windows:

  1. In your Windows Control Panel, select System.

  2. In the System Properties dialog, select the Advanced tab.

  3. Click Environment Variables.

  4. In the User Variables section, click New to add a CLASSPATH environment variable for your user profile. If a CLASSPATH environment variable already exists, select it and click Edit.

  5. Add the full path and file names for all of the required jar and class files to the CLASSPATH. For example:

    C:\ORACLE_HOME\jlib\osdt_core.jar;C:\ORACLE_HOME\jlib\osdt_cert.jar;
    C:\ORACLE_HOME\jlib\osdt_ldap.jar;
    
    
  6. Click OK.

7.4.2.2.2 Setting the CLASSPATH on Unix

On Unix, set your CLASSPATH environment variable to include the full path and file name of all the required jar and class files. For example:

setenv CLASSPATH $CLASSPATH:$ORACLE_HOME/jlib/osdt_core.jar:
$ORACLE_HOME/jlib/osdt_cert.jar:
$ORACLE_HOME/jlib/osdt_ldap.jar

7.4.3 Oracle PKI SDK LDAP Java API Reference

The Oracle PKI SDK LDAP Java API reference (Javadoc) is available at:

Oracle PKI SDK LDAP Java API Reference