Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
Oracle Fusion Middleware extensions for Applications Core API Reference
11g Release 7 (11.1.7)
E22562-07
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

oracle.apps.fnd.applcore.attachments.ucm.util
Class SigningUtils

java.lang.Object
  extended by oracle.apps.fnd.applcore.attachments.ucm.util.SigningUtils

public class SigningUtils
extends java.lang.Object

Field Summary
static java.lang.String DEFAULT_ALGORITHM
           
static java.lang.String KEYSTORE_CRYPT_CSF_KEY_PROPERTY
           
static java.lang.String KEYSTORE_CSF_MAP_NAME_PROPERTY
           
static java.lang.String KEYSTORE_LOCATION_PROPERTY
           
static java.lang.String KEYSTORE_PASS_CSF_KEY_PROPERTY
           
static java.lang.String KEYSTORE_SIGN_CSF_KEY_PROPERTY
           
static java.lang.String KEYSTORE_TYPE_PROPERTY
           
 
Constructor Summary
SigningUtils()
           
 
Method Summary
static byte[] base64Decode(byte[] b64EncodedBytes)
          Decode base64 encoded data into binary
static byte[] base64Encode(byte[] bytes)
          Encode binary data into base64
static java.lang.String byteToHex(byte b)
          Returns a string represenation of the byte value in hexadecimal (base 16)
static java.lang.String convertBase64BytesToUrlSafeB64String(byte[] b64EncodedBytes)
          base64 bytes are first used to generate a String.
static byte[] convertUrlSafeB64StringToBase64Bytes(java.lang.String urlSafeB64String)
          Retrieves the underlying base 64 encoded bytes associated with a String return value obtained from the convertBase64BytesToUrlSafeB64String method.
static java.util.List<java.security.cert.X509Certificate> getFilteredX509Certificates(java.security.KeyStore keystore, java.util.List<java.lang.String> excludedAliases, java.util.List<java.lang.String> includedAliases)
          Obtains a filtered list of public certificates found in the specified keystore taking in to consideration the optional included/excluded keystore alias lists.
static java.util.Map<java.lang.String,java.security.cert.X509Certificate> getFilteredX509CertificatesMap(java.security.KeyStore keystore, java.util.List<java.lang.String> excludedAliases, java.util.List<java.lang.String> includedAliases)
          Returns a filtered map of public certificates found in the specified keystore taking in to consideration the optional included/excluded keystore alias lists.
static java.lang.String getFingerPrint(java.security.cert.X509Certificate publicCert, java.lang.String algorithm)
          Returns a fingerprint by applying a cryptographic hash function to the specified public certificate.
static java.lang.String getMD5FingerPrint(java.security.cert.X509Certificate publicCert)
          Returns an MD5 fingerprint of the specified public certificate.
static java.security.PrivateKey getPrivateKey(java.security.KeyStore keystore, java.lang.String keyAlias, char[] password)
          Obtain private key from the specified keystore stored under the entry alias using entry access password provided.
static java.lang.String getSHA1FingerPrint(java.security.cert.X509Certificate publicCert)
          Returns an SHA1 fingerprint of the specified public certificate.
static oracle.security.jps.service.credstore.PasswordCredential getWSMEncryptionKeyPC(java.util.Map<java.lang.String,java.lang.String> keyConfig)
          Retrieve the WSM encryption-key password credential object referenced by the specified service properties; The password credential contains details of the keystore alias leveraged to store the key, and its associated access password.
static java.security.PrivateKey getWSMEncryptionKeyPrivateKey()
          Retrieve the WSM encryption-key private key from the keystore leveraging JPS to obtain keystore and credential store details.
static java.security.cert.X509Certificate getWSMEncryptionKeyX509Certificate()
          Retrieve the WSM encryption-key public certificate from the keystore leveraging JPS to obtain keystore and credential store details.
static java.security.KeyStore getWSMKeyStore(java.util.Map<java.lang.String,java.lang.String> keyConfig)
          Retrieve the keystore instance referenced by the specified service properties.
static java.security.cert.X509Certificate getX509Certificate(java.security.KeyStore keystore, java.lang.String keyAlias)
          Obtain public certificate from the specified keystore under the entry alias provided.
static java.util.List<java.security.cert.X509Certificate> getX509Certificates(java.security.KeyStore keystore)
          Obtains a list of public certificates found in the specified keystore.
static java.util.Map<java.lang.String,java.security.cert.X509Certificate> getX509CertificatesMap(java.security.KeyStore keystore)
          Returns a map of public certificates found in the specified keystore keyed by the SHA1 fingerprint string of the certificate concerned.
static java.security.KeyStore loadKeyStore(java.lang.String type, java.lang.String location, char[] password)
          Load file-based keystore of specified type at provided location using supplied keystore access password.
static byte[] sign(byte[] inputBytes, java.security.PrivateKey key)
          Sign the specified input bytes using the supplied private key and the default algorithm SHA512withRSA (hashing is done with SHA-512, and encryption of the hash is done using RSA).
static byte[] sign(byte[] inputBytes, java.security.PrivateKey key, java.lang.String algorithm)
          Sign the specified input bytes using the supplied private key and algorithm.
static boolean verify(byte[] inputBytes, byte[] signature, java.security.cert.X509Certificate publicCert)
          Verify the specified digtal signature is valid based on the supplied input bytes, public certificate and default signing algorithm.
static boolean verify(byte[] inputBytes, byte[] signature, java.security.cert.X509Certificate publicCert, java.lang.String algorithm)
          Verify the specified digtal signature is valid based on the supplied input bytes, public certificate and signing algorithm.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

DEFAULT_ALGORITHM

public static final java.lang.String DEFAULT_ALGORITHM
See Also:
Constant Field Values

KEYSTORE_LOCATION_PROPERTY

public static final java.lang.String KEYSTORE_LOCATION_PROPERTY
See Also:
Constant Field Values

KEYSTORE_TYPE_PROPERTY

public static final java.lang.String KEYSTORE_TYPE_PROPERTY
See Also:
Constant Field Values

KEYSTORE_CSF_MAP_NAME_PROPERTY

public static final java.lang.String KEYSTORE_CSF_MAP_NAME_PROPERTY
See Also:
Constant Field Values

KEYSTORE_PASS_CSF_KEY_PROPERTY

public static final java.lang.String KEYSTORE_PASS_CSF_KEY_PROPERTY
See Also:
Constant Field Values

KEYSTORE_SIGN_CSF_KEY_PROPERTY

public static final java.lang.String KEYSTORE_SIGN_CSF_KEY_PROPERTY
See Also:
Constant Field Values

KEYSTORE_CRYPT_CSF_KEY_PROPERTY

public static final java.lang.String KEYSTORE_CRYPT_CSF_KEY_PROPERTY
See Also:
Constant Field Values
Constructor Detail

SigningUtils

public SigningUtils()
Method Detail

getWSMKeyStore

public static java.security.KeyStore getWSMKeyStore(java.util.Map<java.lang.String,java.lang.String> keyConfig)
                                             throws oracle.security.jps.JpsException,
                                                    java.security.KeyStoreException,
                                                    java.io.FileNotFoundException,
                                                    java.io.IOException,
                                                    java.security.NoSuchAlgorithmException,
                                                    java.security.cert.CertificateException,
                                                    java.security.PrivilegedActionException
Retrieve the keystore instance referenced by the specified service properties.

Parameters:
keyConfig - keystore service properties
Returns:
keystore instance used by WSM
Throws:
oracle.security.jps.JpsException
java.security.KeyStoreException
java.io.FileNotFoundException
java.io.IOException
java.security.NoSuchAlgorithmException
java.security.cert.CertificateException
java.security.PrivilegedActionException

getWSMEncryptionKeyPC

public static oracle.security.jps.service.credstore.PasswordCredential getWSMEncryptionKeyPC(java.util.Map<java.lang.String,java.lang.String> keyConfig)
                                                                                      throws oracle.security.jps.JpsException,
                                                                                             java.security.PrivilegedActionException
Retrieve the WSM encryption-key password credential object referenced by the specified service properties; The password credential contains details of the keystore alias leveraged to store the key, and its associated access password.

Parameters:
keyConfig - keystore service properties
Returns:
WSM encryption-key password credential object
Throws:
oracle.security.jps.JpsException
java.security.PrivilegedActionException

getWSMEncryptionKeyPrivateKey

public static java.security.PrivateKey getWSMEncryptionKeyPrivateKey()
                                                              throws oracle.security.jps.JpsException,
                                                                     java.security.KeyStoreException,
                                                                     java.io.FileNotFoundException,
                                                                     java.io.IOException,
                                                                     java.security.NoSuchAlgorithmException,
                                                                     java.security.cert.CertificateException,
                                                                     java.security.UnrecoverableKeyException,
                                                                     java.security.PrivilegedActionException
Retrieve the WSM encryption-key private key from the keystore leveraging JPS to obtain keystore and credential store details.

Returns:
private key associated with WSM encryption-key
Throws:
oracle.security.jps.JpsException
java.security.KeyStoreException
java.io.FileNotFoundException
java.io.IOException
java.security.NoSuchAlgorithmException
java.security.cert.CertificateException
java.security.UnrecoverableKeyException
java.security.PrivilegedActionException

getWSMEncryptionKeyX509Certificate

public static java.security.cert.X509Certificate getWSMEncryptionKeyX509Certificate()
                                                                             throws oracle.security.jps.JpsException,
                                                                                    java.security.KeyStoreException,
                                                                                    java.io.FileNotFoundException,
                                                                                    java.io.IOException,
                                                                                    java.security.NoSuchAlgorithmException,
                                                                                    java.security.cert.CertificateException,
                                                                                    java.security.PrivilegedActionException
Retrieve the WSM encryption-key public certificate from the keystore leveraging JPS to obtain keystore and credential store details.

Returns:
public certificate associated with encryption-key
Throws:
oracle.security.jps.JpsException
java.security.KeyStoreException
java.io.FileNotFoundException
java.io.IOException
java.security.NoSuchAlgorithmException
java.security.cert.CertificateException
java.security.PrivilegedActionException

sign

public static byte[] sign(byte[] inputBytes,
                          java.security.PrivateKey key)
                   throws java.security.NoSuchAlgorithmException,
                          java.security.InvalidKeyException,
                          java.security.SignatureException
Sign the specified input bytes using the supplied private key and the default algorithm SHA512withRSA (hashing is done with SHA-512, and encryption of the hash is done using RSA).

Parameters:
inputBytes - input bytes
key - private key used for signing
Returns:
digital signature
Throws:
java.security.NoSuchAlgorithmException
java.security.InvalidKeyException
java.security.SignatureException

sign

public static byte[] sign(byte[] inputBytes,
                          java.security.PrivateKey key,
                          java.lang.String algorithm)
                   throws java.security.NoSuchAlgorithmException,
                          java.security.InvalidKeyException,
                          java.security.SignatureException
Sign the specified input bytes using the supplied private key and algorithm.

Parameters:
inputBytes - input bytes
key - private key used for signing
algorithm - signature algorithm
Returns:
digital signature
Throws:
java.security.NoSuchAlgorithmException
java.security.InvalidKeyException
java.security.SignatureException

verify

public static boolean verify(byte[] inputBytes,
                             byte[] signature,
                             java.security.cert.X509Certificate publicCert)
                      throws java.security.NoSuchAlgorithmException,
                             java.security.InvalidKeyException,
                             java.security.SignatureException
Verify the specified digtal signature is valid based on the supplied input bytes, public certificate and default signing algorithm. What happens, is that the public key is extracted from the certificate and leveraged to unencrypt the signature bytes to obtain the provided digest; A digest/checksum is then taken of the input bytes leveraging the public key, and then the two digests are compared. If the digests match, we can be sure the signature was generated by someone whom had access to the private key.

Parameters:
inputBytes - input bytes
signature - digital signature created using private key
publicCert - public certificate
Returns:
true if specified signature valid
Throws:
java.security.NoSuchAlgorithmException
java.security.InvalidKeyException
java.security.SignatureException

verify

public static boolean verify(byte[] inputBytes,
                             byte[] signature,
                             java.security.cert.X509Certificate publicCert,
                             java.lang.String algorithm)
                      throws java.security.NoSuchAlgorithmException,
                             java.security.InvalidKeyException,
                             java.security.SignatureException
Verify the specified digtal signature is valid based on the supplied input bytes, public certificate and signing algorithm. What happens, is that the public key is extracted from the certificate and leveraged to unencrypt the signature bytes to obtain the provided digest; A digest/checksum is then taken of the input bytes leveraging the public key, and then the two digests are compared. If the digests match, we can be sure the signature was generated by someone whom had access to the private key.

Parameters:
inputBytes - input bytes
signature - digital signature created using private key
publicCert - public certificate
algorithm - signature algorithm
Returns:
true if specified signature valid
Throws:
java.security.NoSuchAlgorithmException
java.security.InvalidKeyException
java.security.SignatureException

loadKeyStore

public static java.security.KeyStore loadKeyStore(java.lang.String type,
                                                  java.lang.String location,
                                                  char[] password)
                                           throws java.security.KeyStoreException,
                                                  java.io.FileNotFoundException,
                                                  java.io.IOException,
                                                  java.security.NoSuchAlgorithmException,
                                                  java.security.cert.CertificateException
Load file-based keystore of specified type at provided location using supplied keystore access password.

Parameters:
type - keystore type - e.g. JKS
location - file location of keystore
password - keystore access password
Returns:
keystore instance
Throws:
java.security.KeyStoreException
java.io.FileNotFoundException
java.io.IOException
java.security.NoSuchAlgorithmException
java.security.cert.CertificateException

getPrivateKey

public static java.security.PrivateKey getPrivateKey(java.security.KeyStore keystore,
                                                     java.lang.String keyAlias,
                                                     char[] password)
                                              throws java.security.KeyStoreException,
                                                     java.security.NoSuchAlgorithmException,
                                                     java.security.UnrecoverableKeyException
Obtain private key from the specified keystore stored under the entry alias using entry access password provided.

Parameters:
keystore - keystore instance
keyAlias - alias of entry containing private key
password - password to access entry
Returns:
private key
Throws:
java.security.KeyStoreException
java.security.NoSuchAlgorithmException
java.security.UnrecoverableKeyException

getX509Certificate

public static java.security.cert.X509Certificate getX509Certificate(java.security.KeyStore keystore,
                                                                    java.lang.String keyAlias)
                                                             throws java.security.KeyStoreException
Obtain public certificate from the specified keystore under the entry alias provided.

Parameters:
keystore - keystore instance
keyAlias - alias of entry containing public certificate
Returns:
public certificate
Throws:
java.security.KeyStoreException

base64Encode

public static byte[] base64Encode(byte[] bytes)
                           throws java.io.IOException
Encode binary data into base64

Parameters:
bytes -
Returns:
Throws:
java.io.IOException

base64Decode

public static byte[] base64Decode(byte[] b64EncodedBytes)
                           throws java.io.IOException
Decode base64 encoded data into binary

Parameters:
b64EncodedBytes -
Returns:
Throws:
java.io.IOException

convertBase64BytesToUrlSafeB64String

public static java.lang.String convertBase64BytesToUrlSafeB64String(byte[] b64EncodedBytes)
                                                             throws java.io.UnsupportedEncodingException
base64 bytes are first used to generate a String. String is subsequently processed transforming characters not suitable for use within a URL parameter-value with url-friendly counterparts.

Parameters:
b64EncodedBytes - base64 encoded bytes
Returns:
URL parameter-value safe transformation
Throws:
java.io.UnsupportedEncodingException

convertUrlSafeB64StringToBase64Bytes

public static byte[] convertUrlSafeB64StringToBase64Bytes(java.lang.String urlSafeB64String)
                                                   throws java.io.UnsupportedEncodingException
Retrieves the underlying base 64 encoded bytes associated with a String return value obtained from the convertBase64BytesToUrlSafeB64String method.

Parameters:
urlSafeB64String - URL parameter-value safe transformation of base64 data
Returns:
base64 encoded bytes
Throws:
java.io.UnsupportedEncodingException

getX509Certificates

public static java.util.List<java.security.cert.X509Certificate> getX509Certificates(java.security.KeyStore keystore)
                                                                              throws java.security.KeyStoreException
Obtains a list of public certificates found in the specified keystore.

Parameters:
keystore - keystore instance
Returns:
public certificates list
Throws:
java.security.KeyStoreException

getFilteredX509Certificates

public static java.util.List<java.security.cert.X509Certificate> getFilteredX509Certificates(java.security.KeyStore keystore,
                                                                                             java.util.List<java.lang.String> excludedAliases,
                                                                                             java.util.List<java.lang.String> includedAliases)
                                                                                      throws java.security.KeyStoreException
Obtains a filtered list of public certificates found in the specified keystore taking in to consideration the optional included/excluded keystore alias lists. Should a non-empty includedAliases list be provided, the resulting public certificate list can only contain public certificates detected in the keystore matching the specified aliases. Should a non-empty excludedAliases list be provided, the resulting public certificate list can NOT contain public certificates detected in the keystore matching the specified aliases. Should BOTH a non-empty includedAliases list and a non-empty excludedAliases list be provided, the included aliases list takes priortity and the excluded aliases are ignored.

Parameters:
keystore - keystore instance
excludedAliases - excluded keystore aliases (lower-case)
includedAliases - included keystore aliases (lower-case)
Returns:
public certificates list filtered appropriately
Throws:
java.security.KeyStoreException

getX509CertificatesMap

public static java.util.Map<java.lang.String,java.security.cert.X509Certificate> getX509CertificatesMap(java.security.KeyStore keystore)
                                                                                                 throws java.security.KeyStoreException,
                                                                                                        java.security.NoSuchAlgorithmException,
                                                                                                        java.security.cert.CertificateEncodingException
Returns a map of public certificates found in the specified keystore keyed by the SHA1 fingerprint string of the certificate concerned.

Parameters:
keystore - keystore instance
Returns:
public certificates map
Throws:
java.security.KeyStoreException
java.security.NoSuchAlgorithmException
java.security.cert.CertificateEncodingException

getFilteredX509CertificatesMap

public static java.util.Map<java.lang.String,java.security.cert.X509Certificate> getFilteredX509CertificatesMap(java.security.KeyStore keystore,
                                                                                                                java.util.List<java.lang.String> excludedAliases,
                                                                                                                java.util.List<java.lang.String> includedAliases)
                                                                                                         throws java.security.KeyStoreException,
                                                                                                                java.security.NoSuchAlgorithmException,
                                                                                                                java.security.cert.CertificateEncodingException
Returns a filtered map of public certificates found in the specified keystore taking in to consideration the optional included/excluded keystore alias lists. The map entries are keyed by the SHA1 fingerprint string of the certificate concerned.

Parameters:
keystore - keystore instance
excludedAliases - excluded keystore aliases (lower-case)
includedAliases - included keystore aliases (lower-case)
Returns:
public certificates map filtered appropriately
Throws:
java.security.KeyStoreException
java.security.NoSuchAlgorithmException
java.security.cert.CertificateEncodingException

getSHA1FingerPrint

public static java.lang.String getSHA1FingerPrint(java.security.cert.X509Certificate publicCert)
                                           throws java.security.NoSuchAlgorithmException,
                                                  java.security.cert.CertificateEncodingException
Returns an SHA1 fingerprint of the specified public certificate.

Parameters:
publicCert - public certificate
Returns:
certificate fingerprint
Throws:
java.security.NoSuchAlgorithmException
java.security.cert.CertificateEncodingException

getMD5FingerPrint

public static java.lang.String getMD5FingerPrint(java.security.cert.X509Certificate publicCert)
                                          throws java.security.NoSuchAlgorithmException,
                                                 java.security.cert.CertificateEncodingException
Returns an MD5 fingerprint of the specified public certificate.

Parameters:
publicCert - public certificate
Returns:
certificate fingerprint
Throws:
java.security.NoSuchAlgorithmException
java.security.cert.CertificateEncodingException

getFingerPrint

public static java.lang.String getFingerPrint(java.security.cert.X509Certificate publicCert,
                                              java.lang.String algorithm)
                                       throws java.security.NoSuchAlgorithmException,
                                              java.security.cert.CertificateEncodingException
Returns a fingerprint by applying a cryptographic hash function to the specified public certificate.

Parameters:
publicCert - public certificate
algorithm - hash function algortihm
Returns:
certificate fingerprint
Throws:
java.security.NoSuchAlgorithmException
java.security.cert.CertificateEncodingException

byteToHex

public static java.lang.String byteToHex(byte b)
Returns a string represenation of the byte value in hexadecimal (base 16)

Parameters:
b - the byte to be converted to a hexadecimal string
Returns:
hexadecimal string respresenting the byte value
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
Oracle Fusion Middleware extensions for Applications Core API Reference
11g Release 7 (11.1.7)
E22562-07
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2013 Oracle. All Rights Reserved.