Go to main content
1/19
Contents
List of Tables
Title and Copyright Information
Preface
Intended Audience
Documentation Accessibility
Related Documents
Conventions
What's New in Oracle Security Developer Tools?
New Features in 12c (12.2.1)
Updates in September 2014 Documentation Refresh for 12c (12.1.3)
New Features in 12c (12.1.3)
1
Introduction to Oracle Security Developer Tools
1.1
About Cryptography
1.1.1
Types of Cryptographic Algorithms
1.1.1.1
About Symmetric Cryptographic Algorithms
1.1.1.2
About Asymmetric Cryptographic Algorithms
1.1.1.3
Understanding Hash Functions
1.2
About Public Key Infrastructure (PKI)
1.2.1
Understanding Key Pairs
1.2.2
About the Certificate Authority
1.2.3
What are Digital Certificates?
1.2.4
Related PKI Standards
1.2.5
Benefits of PKI
1.3
About Web Services Security
1.4
About SAML
1.4.1
Understanding SAML Assertions
1.4.2
Understanding SAML Requests and Responses
1.4.2.1
About the SAML Request and Response Cycle
1.4.2.2
About SAML Protocol Bindings and Profiles
1.4.2.3
How SAML Integrates with XML Security
1.5
About Identity Federation
1.6
About Oracle Security Developer Tools
1.6.1
Understanding Toolkit Architecture
1.6.2
Tools for XML, SAML, and Web Services Security Applications
1.6.2.1
About Oracle XML Security
1.6.2.2
About Oracle SAML
1.6.2.3
About Oracle Web Services Security
1.6.2.4
About Oracle Liberty SDK
1.6.3
Tools for Public Key Cryptography (PKI) Applications
1.6.3.1
About Oracle PKI LDAP SDK
1.6.3.2
About Oracle PKI TSP SDK
1.6.3.3
About Oracle PKI OCSP SDK
1.6.3.4
About Oracle PKI CMP SDK
1.6.3.5
About Oracle XKMS
1.6.4
Tools for E-mail Security Applications
1.6.4.1
About Oracle CMS
1.6.4.2
About Oracle S/MIME
1.6.5
Tools for Low-level Cryptographic Applications
1.6.5.1
About Oracle Crypto
1.6.5.2
About Oracle Security Engine
1.6.6
Tools for Web Tokens
1.6.6.1
About Oracle JWT
1.7
About Supported Standards
1.8
Setting the CLASSPATH Environment Variable
1.8.1
Setting the CLASSPATH on Windows
1.8.2
Setting the CLASSPATH on UNIX
2
Oracle Crypto
2.1
About Oracle Crypto Features and Benefits
2.2
About the Oracle Crypto Packages
2.3
Setting Up Your Oracle Crypto Environment
2.4
Understanding and Using Core Classes and Interfaces of Oracle Crypto
2.4.1
About Oracle Crypto Key Classes
2.4.1.1
The oracle.security.crypto.core.Key Interface
2.4.1.2
The oracle.security.crypto.core.PrivateKey Interface
2.4.1.3
The oracle.security.crypto.core.PublicKey Interface
2.4.1.4
The oracle.security.crypto.core.SymmetricKey Class
2.4.2
Using the Oracle Crypto Key Generation Classes
2.4.2.1
Using the oracle.security.crypto.core.KeyPairGenerator Class
2.4.2.2
Using the oracle.security.crypto.core.SymmetricKeyGenerator Class
2.4.3
Using Oracle Crypto Cipher Classes
2.4.3.1
Using Symmetric Ciphers
2.4.3.2
Using the RSA Cipher
2.4.3.3
Using Password Based Encryption (PBE)
2.4.4
Using the Oracle Crypto Signature Classes
2.4.5
Using Oracle Crypto Message Digest Classes
2.4.5.1
Using the oracle.security.crypto.core.MessageDigest Class
2.4.5.2
Using the oracle.security.crypto.core.MAC Class
2.4.6
Using the Oracle Crypto Key Agreement Class
2.4.7
Using Oracle Crypto Pseudo-Random Number Generator Classes
2.4.7.1
Using the oracle.security.crypto.core.RandomBitsSource class
2.4.7.2
Using the oracle.security.crypto.core.EntropySource class
2.5
The Oracle Crypto and Crypto FIPS Java API References
3
Oracle Security Engine
3.1
Oracle Security Engine Features and Benefits
3.2
Setting Up Your Oracle Security Engine Environment
3.3
Core Classes and Interfaces of Oracle Security Engine
3.3.1
Using the oracle.security.crypto.cert.X500RDN Class
3.3.2
Using the oracle.security.crypto.cert.X500Name Class
3.3.3
Using the oracle.security.crypto.cert.CertificateRequest Class
3.3.4
Using the java.security.cert.X509Certificate Class
3.4
The Oracle Security Engine Java API Reference
4
Oracle CMS
4.1
Oracle CMS Features and Benefits
4.1.1
Content Types in Oracle CMS
4.1.2
Differences Between Oracle CMS Implementation and RFCs
4.2
Setting Up Your Oracle CMS Environment
4.3
Understanding and Developing Applications with Oracle CMS
4.3.1
About Oracle CMS Classes
4.3.2
About CMS Object Types
4.3.3
Constructing CMS Objects using the CMS***ContentInfo Classes
4.3.3.1
Using the Abstract Base Class CMSContentInfo
4.3.3.1.1
Constructing a CMS Object
4.3.3.1.2
Reading a CMS Object
4.3.3.2
Using the CMSDataContentInfo Class
4.3.3.3
Using the ESSReceipt Class
4.3.3.3.1
Creating an ESSReceipt Object
4.3.3.3.2
Reading an ESSReceipt Object
4.3.3.4
The CMSDigestedDataContentInfo Class
4.3.3.4.1
Constructing a CMS Digested-data Object
4.3.3.4.2
Reading a CMS Digested-data Object
4.3.3.4.3
Working with Detached digested-data Objects
4.3.3.5
The CMSSignedDataContentInfo Class
4.3.3.5.1
Constructing a CMS Signed-data Object
4.3.3.5.2
Reading a CMS Signed-data Object
4.3.3.5.3
Working with External Signatures (Detached Objects)
4.3.3.5.4
Working with Certificates/CRL-Only Objects
4.3.3.6
Using the CMSEncryptedDataContentInfo Class
4.3.3.6.1
Constructing a CMS Encrypted-data Object
4.3.3.6.2
Reading a CMS Encrypted-data Object
4.3.3.6.3
Generating a Detached encrypted-data CMS Object
4.3.3.7
Understanding and Using the CMSEnvelopedDataContentInfo Class
4.3.3.7.1
Constructing a CMS Enveloped-data Object
4.3.3.7.2
Reading a CMS Enveloped-data Object
4.3.3.7.3
About the Key Transport Key Exchange Mechanism
4.3.3.7.4
About the Key Agreement Key Exchange Mechanism
4.3.3.7.5
About the Key Encryption (Wrap) Key Exchange Mechanism
4.3.3.7.6
Using the Detached Enveloped-data CMS Object
4.3.3.8
Using the CMSAuthenticatedDataContentInfo Class
4.3.3.8.1
Constructing a CMS Authenticated-data Object
4.3.3.8.2
Reading a CMS Authenticated-data Object
4.3.3.8.3
Working with Detached Authenticated-data CMS Objects
4.3.3.9
Working with Wrapped (Triple or more) CMSContentInfo Objects
4.3.3.9.1
Reading a Nested (Wrapped) CMS Object
4.3.4
CMS Objects using the CMS***Stream and CMS***Connector Classes
4.3.4.1
Limitations of the CMS***Stream and CMS***Connector Classes
4.3.4.2
Difference between CMS***Stream and CMS***Connector Classes
4.3.4.3
Using the CMS***OutputStream and CMS***InputStream Classes
4.3.4.3.1
Working with the CMS id-data Object
4.3.4.3.2
Working with the CMS id-ct-receipt Object
4.3.4.3.3
Working with CMS id-digestedData Objects
4.3.4.3.4
Working with CMS id-signedData Objects
4.3.4.3.5
Working with CMS id-encryptedData Objects
4.3.4.3.6
Working with CMS id-envelopedData Objects
4.3.4.3.7
About CMS id-ct-authData Objects
4.3.4.4
Wrapping (Triple or more) CMS***Connector Objects
4.4
The Oracle CMS Java API Reference
5
Oracle S/MIME
5.1
Oracle S/MIME Features and Benefits
5.2
Setting Up Your Oracle S/MIME Environment
5.3
Developing Applications with Oracle S/MIME
5.3.1
Core Classes and Interfaces of Oracle S/MIME
5.3.1.1
Using the oracle.security.crypto.smime.SmimeObject Interface
5.3.1.2
Using the oracle.security.crypto.smime.SmimeSignedObject Interface
5.3.1.3
Using the oracle.security.crypto.smime.SmimeSigned Class
5.3.1.4
Using the oracle.security.crypto.smime.SmimeEnveloped Class
5.3.1.5
Using the oracle.security.crypto.smime.SmimeMultipartSigned Class
5.3.1.6
Using the oracle.security.crypto.smime.SmimeSignedReceipt Class
5.3.1.7
Using the oracle.security.crypto.smime.SmimeCompressed Class
5.3.2
Supporting Classes and Interfaces
5.3.2.1
Using the oracle.security.crypto.smime.Smime Interface
5.3.2.2
Using the oracle.security.crypto.smime.SmimeUtils Class
5.3.2.3
Using the oracle.security.crypto.smime.MailTrustPolicy Class
5.3.2.4
Using the oracle.security.crypto.smime.SmimeCapabilities Class
5.3.2.5
Using the oracle.security.crypto.smime.SmimeDataContentHandler Class
5.3.2.6
Using the oracle.security.crypto.smime.ess Package
5.3.3
Using the Oracle S/MIME Classes
5.3.3.1
Using the Abstract Class SmimeObject
5.3.3.2
Signing Messages
5.3.3.3
Creating "Multipart/Signed" Entities
5.3.3.4
Creating Digital Envelopes
5.3.3.5
Creating "Certificates-Only" Messages
5.3.3.6
Reading Messages
5.3.3.7
Authenticating Signed Messages
5.3.3.8
Opening Digital Envelopes (Encrypted Messages)
5.3.3.9
Adding Enhanced Security Services (ESS)
5.3.3.9.1
Requesting a Signed Receipt with ESS
5.3.3.9.2
Attaching a Security Label with ESS
5.3.3.9.3
Attaching a Signing Certificate with ESS
5.3.3.10
Processing Enhanced Security Services (ESS)
5.4
The Oracle S/MIME Java API Reference
6
Oracle PKI SDK
6.1
Oracle PKI CMP SDK
6.1.1
Oracle PKI CMP SDK Features and Benefits
6.1.2
Setting Up Your Oracle PKI CMP SDK Environment
6.1.3
The Oracle PKI CMP SDK Java API Reference
6.2
Oracle PKI OCSP SDK
6.2.1
Oracle PKI OCSP SDK Features and Benefits
6.2.2
Setting Up Your Oracle PKI OCSP SDK Environment
6.2.3
The Oracle PKI OCSP SDK Java API Reference
6.3
Oracle PKI TSP SDK
6.3.1
Oracle PKI TSP SDK Features and Benefits
6.3.2
Setting Up Your Oracle PKI TSP SDK Environment
6.3.3
The Oracle PKI TSP SDK Java API Reference
6.4
Oracle PKI LDAP SDK
6.4.1
Oracle PKI LDAP SDK Features and Benefits
6.4.2
Setting Up Your Oracle PKI LDAP SDK Environment
6.4.3
The Oracle PKI LDAP SDK Java API Reference
7
Oracle XML Security
7.1
Oracle XML Security Features and Benefits
7.2
Setting Up Your Oracle XML Security Environment
7.3
Signing Data with Oracle XML Security
7.3.1
Identifying What to Sign
7.3.1.1
Determining the Signature Envelope
7.3.1.2
Deciding How to Sign Binary Data
7.3.1.3
Signing Multiple XML Fragments with a Signature
7.3.1.4
Excluding Elements from a Signature
7.3.2
Deciding on a Signing Key
7.3.2.1
Setting Up Key Exchange
7.3.2.2
Providing a Receiver Hint
7.4
Verifying XML Data
7.5
Understanding how Data is Encrypted
7.5.1
Identifying what to Encrypt
7.5.1.1
Using the Content Only Encryption Mode
7.5.1.2
Encrypting Binary Data
7.5.2
Decide on the Encryption Key
7.6
Understanding Data Decryption with Oracle XML Security
7.7
Understanding and Using Element Wrappers in the OSDT XML APIs
7.7.1
Constructing the Wrapper Object
7.7.2
Obtaining the DOM Element from the Wrapper Object
7.7.3
Parsing Complex Elements
7.7.4
Constructing Complex Elements
7.8
Signing Data with the Oracle XML Security API
7.8.1
Creating a Detached Signature, Basic Procedure
7.8.2
Using Variations on the Basic Signing Procedure
7.8.2.1
Including Multiple References
7.8.2.2
Using an Enveloped Signature
7.8.2.3
Using an XPath Expression
7.8.2.4
Using a Certificate Hint
7.8.2.5
Signing with an HMAC Key
7.9
Verifying Signatures with the Oracle XML Security API
7.9.1
Checking What is Signed, Basic Procedure
7.9.2
Setting Up Callbacks
7.9.3
Writing a Custom Key Retriever
7.9.4
Checking What is Signed
7.9.5
Verifying the Signature
7.9.5.1
Verifying if Callbacks are Set Up
7.9.5.2
Verifying if Callbacks are Not Set Up
7.9.5.3
Debugging Verification
7.10
Encrypting Data with the Oracle XML Security API
7.10.1
Encrypting with a Shared Symmetric Key
7.10.2
Encrypting with a Random Symmetric Key
7.11
Decrypting Data with the Oracle XML Security API
7.11.1
Decrypting with a Shared Symmetric Key
7.11.2
Decrypting with a Random Symmetric Key
7.12
About Supporting Classes and Interfaces
7.12.1
About the oracle.security.xmlsec.util.XMLURI Interface
7.12.2
About the oracle.security.xmlsec.util.XMLUtils class
7.13
Common XML Security Questions
7.14
Best Practices for Oracle XML Security
7.15
The Oracle XML Security Java API Reference
8
Oracle SAML
8.1
Oracle SAML Features and Benefits
8.2
Oracle SAML 1.0/1.1
8.2.1
Oracle SAML 1.0/1.1 Packages
8.2.2
Setting Up Your Oracle SAML 1.0/1.1 Environment
8.2.3
Classes and Interfaces of Oracle SAML 1.x
8.2.3.1
Core Classes of Oracle SAML 1.x
8.2.3.1.1
Using the oracle.security.xmlsec.saml.SAMLInitializer Class
8.2.3.1.2
Using the oracle.security.xmlsec.saml.Assertion Class
8.2.3.1.3
Using the oracle.security.xmlsec.samlp.Request Class
8.2.3.1.4
Using the oracle.security.xmlsec.samlp.Response Class
8.2.3.2
Supporting Classes and Interfaces
8.2.3.2.1
Using the oracle.security.xmlsec.saml.SAMLURI Interface
8.2.3.2.2
Using the oracle.security.xmlsec.saml.SAMLMessage Class
8.2.4
The Oracle SAML 1.0/1.1 Java API Reference
8.3
Oracle SAML 2.0
8.3.1
Oracle SAML 2.0 Packages
8.3.2
Setting Up Your Oracle SAML 2.0 Environment
8.3.3
Classes and Interfaces of Oracle SAML 2.0
8.3.3.1
Core Classes of Oracle SAML 2.0
8.3.3.1.1
Using the oracle.security.xmlsec.saml2.core.Assertion Class
8.3.3.1.2
Using the oracle.security.xmlsec.saml2.protocol.AuthnRequest Class
8.3.3.1.3
Using the oracle.security.xmlsec.saml2.protocol.StatusResponseType Class
8.3.3.2
Supporting Classes and Interfaces
8.3.3.2.1
Using the oracle.security.xmlsec.saml2.util.SAML2URI Interface
8.3.4
The Oracle SAML 2.0 Java API Reference
9
Oracle Web Services Security
9.1
Setting Up Your Oracle Web Services Security Environment
9.2
Classes and Interfaces of Oracle Web Services Security
9.2.1
Element Wrappers in Oracle Web Services Security
9.2.2
The <wsse:Security> header
9.2.2.1
Handling Outgoing Messages
9.2.2.2
Handling Incoming Messages
9.2.3
Security Tokens (ST) in Oracle Web Services Security
9.2.3.1
Creating a WSS Username Token
9.2.3.2
Creating an X509 Token
9.2.3.3
Creating a Client-Side Kerberos Token
9.2.3.4
Creating a Server-side Kerberos Token
9.2.3.5
Creating a SAML Assertion Token
9.2.4
Security Token References (STR)
9.2.4.1
Creating a direct reference STR
9.2.4.2
Creating a Reference STR for a username token
9.2.4.3
Creating a Reference STR for a X509 Token
9.2.4.4
Creating a Reference STR for Kerberos Token
9.2.4.5
Creating a Reference STR for a SAML Assertion token
9.2.4.6
Creating a Reference STR for an EncryptedKey
9.2.4.7
Creating a Reference STR for a generic token
9.2.4.8
Creating a Key Identifier STR
9.2.4.9
Creating a KeyIdentifier STR for an X509 Token
9.2.4.10
Creating a KeyIdentifier STR for a Kerberos Token
9.2.4.11
Creating a KeyIdentifier STR for a SAML Assertion Token
9.2.4.12
Creating a KeyIdentifier STR for an EncryptedKey
9.2.4.13
Adding an STRTransform
9.2.5
Signing and Verifying
9.2.5.1
Signing SOAP Messages
9.2.5.1.1
Adding IDs to elements
9.2.5.1.2
Creating the WSSignatureParams object
9.2.5.1.3
Specifying Transforms
9.2.5.1.4
Calling the WSSecurity.sign method
9.2.5.2
Verifying SOAP Messages
9.2.5.3
Confirming Signatures
9.2.5.3.1
Signature Confirmation Response Generation
9.2.5.3.2
Signature Confirmation Response Processing
9.2.6
Encrypting and Decrypting
9.2.6.1
Encrypting SOAP messages with EncryptedKey
9.2.6.2
Encrypting SOAP messages without EncryptedKey
9.2.6.3
Encrypting SOAP Headers into an EncryptedHeader
9.2.6.4
Decrypting SOAP messages with EncryptedKey
9.2.6.5
Decrypting SOAP messages without EncryptedKey
9.3
Additional Resources for Web Services Security
9.4
The Oracle Web Services Security Java API Reference
10
Oracle Liberty SDK
10.1
Oracle Liberty SDK Features and Benefits
10.2
Oracle Liberty 1.1
10.2.1
Setting Up Your Oracle Liberty 1.1 Environment
10.2.1.1
Understanding System Requirements for Oracle Liberty 1.1
10.2.2
Overview of Oracle Liberty 1.1 Classes and Interfaces
10.2.2.1
Using Core Classes and Interfaces
10.2.2.1.1
Using the oracle.security.xmlsec.liberty.v11.AuthnRequest Class
10.2.2.1.2
Using the oracle.security.xmlsec.liberty.v11.AuthnResponse Class
10.2.2.1.3
Using the oracle.security.xmlsec.liberty.v11.FederationTerminationNotification Class
10.2.2.1.4
Using the oracle.security.xmlsec.liberty.v11.LogoutRequest Class
10.2.2.1.5
Using the oracle.security.xmlsec.liberty.v11.LogoutResponse Class
10.2.2.1.6
Using the oracle.security.xmlsec.liberty.v11.RegisterNameIdentifierRequest Class
10.2.2.1.7
Using the oracle.security.xmlsec.liberty.v11.RegisterNameIdentifierResponse Class
10.2.2.2
Using Supporting Classes and Interfaces
10.2.2.2.1
Using the oracle.security.xmlsec.liberty.v11.LibertyInitializer class
10.2.2.2.2
The oracle.security.xmlsec.liberty.v11.LibertyURI interface
10.2.2.2.3
Using the oracle.security.xmlsec.liberty.v11.ac.AuthenticationContextURI interface
10.2.2.2.4
The oracle.security.xmlsec.util.ac.AuthenticationContextStatement class
10.2.2.2.5
The oracle.security.xmlsec.saml.SAMLURI Interface
10.2.2.2.6
The oracle.security.xmlsec.saml.SAMLMessage class
10.2.3
The Oracle Liberty 1.1 API Reference
10.3
Oracle Liberty 1.2
10.3.1
Setting Up Your Oracle Liberty 1.2 Environment
10.3.2
Overview of Oracle Liberty 1.2 Classes and Interfaces
10.3.2.1
Core Classes and Interfaces
10.3.2.1.1
Using the oracle.security.xmlsec.saml.Assertion class
10.3.2.1.2
Using the oracle.security.xmlsec.samlp.Request class
10.3.2.1.3
Using the oracle.security.xmlsec.samlp.Response class
10.3.2.1.4
Using the oracle.security.xmlsec.liberty.v12.AuthnRequest class
10.3.2.1.5
Using the oracle.security.xmlsec.liberty.v12.AuthnResponse class
10.3.2.1.6
Using the oracle.security.xmlsec.liberty.v12.FederationTerminationNotification class
10.3.2.1.7
Using the oracle.security.xmlsec.liberty.v12.LogoutRequest class
10.3.2.1.8
Using the oracle.security.xmlsec.liberty.v12.LogoutResponse class
10.3.2.1.9
Using the oracle.security.xmlsec.liberty.v12.RegisterNameIdentifierRequest class
10.3.2.1.10
Using the oracle.security.xmlsec.liberty.v12.RegisterNameIdentifierResponse class
10.3.2.2
Supporting Classes and Interfaces
10.3.2.2.1
The oracle.security.xmlsec.liberty.v12.LibertyInitializer class
10.3.2.2.2
The oracle.security.xmlsec.liberty.v12.LibertyURI interface
10.3.2.2.3
The oracle.security.xmlsec.util.ac.AuthenticationContextStatement class
10.3.2.2.4
The oracle.security.xmlsec.saml.SAMLInitializer class
10.3.2.2.5
The oracle.security.xmlsec.saml.SAMLURI Interface
10.3.2.2.6
The oracle.security.xmlsec.saml.SAMLMessage Class
10.3.3
The Oracle Liberty SDK 1.2 API Reference
11
Oracle XKMS
11.1
Understanding Oracle XKMS Features and Benefits
11.2
Setting Up Your Oracle XKMS Environment
11.3
Core Classes and Interfaces
11.3.1
oracle.security.xmlsec.xkms.xkiss.LocateRequest
11.3.2
Using the oracle.security.xmlsec.xkms.xkiss.LocateResult Class
11.3.3
Using the oracle.security.xmlsec.xkms.xkiss.ValidateRequest Class
11.3.4
Using the oracle.security.xmlsec.xkms.xkiss.ValidateResult Class
11.3.5
Using the oracle.security.xmlsec.xkms.xkrss.RecoverRequest Class
11.3.6
Using the oracle.security.xmlsec.xkms.xkrss.RecoverResult Class
11.4
The Oracle XKMS Java API Reference
12
Oracle JSON Web Token
12.1
Oracle JSON Web Token Features and Benefits
12.1.1
About JSON Web Token
12.1.2
Oracle JSON Web Token Features
12.2
Setting Up Your Oracle JSON Web Token Environment
12.3
Using Core Classes and Interfaces
12.4
Examples of Oracle JSON Web Token Usage
12.4.1
Creating the JWT Token
12.4.2
Signing the JWT Token
12.4.3
Verifying the JWT Token
12.4.4
Serializing the JWT Token without Signing
12.5
The Oracle JSON Web Token Java API Reference
A
Migrating to the JCE Framework
A.1
About The JCE Framework
A.2
Understanding JCE Keys
A.3
Converting Between OSDT Key Objects and JCE Key Objects
A.3.1
Converting a Private Key from OSDT to JCE Object
A.3.2
Converting a Private Key from JCE Object to OSDT Object
A.4
Working with JCE Certificates
A.5
Working with JCE Certificate Revocation Lists (CRLs)
A.6
Using JCE Keystores
A.6.1
Working with standard KeyStore-type Wallets
A.6.2
Working with PKCS12 and PKCS8 Wallets
A.6.2.1
Retrieving a PKCS Object
A.6.2.2
Retrieving a Certificate
A.6.2.3
Retrieving CRLs
A.7
The Oracle JCE Java API Reference
B
References
Scripting on this page enhances content navigation, but does not change the content in any way.