Go to main content
1/21
Contents
List of Examples
List of Figures
List of Tables
Title and Copyright Information
Preface
Intended Audience
Documentation Accessibility
Related Documents
Conventions
What's New in Oracle Security Developer Tools?
Updates in September 2014 Documentation Refresh for 12
c
(12.1.3)
New Features in 12
c
(12.1.3)
New Features in 11g Release 1 (11.1.1.7.0)
New Features in 11g Release 1 (11.1.1.6.0)
New Features for Release 11
g
(11.1.1)
Oracle SAML Changes
1
Introduction to Oracle Security Developer Tools
1.1
About Cryptography
1.1.1
Types of Cryptographic Algorithms
1.1.1.1
About Symmetric Cryptographic Algorithms
1.1.1.2
About Asymmetric Cryptographic Algorithms
1.1.1.3
Understanding Hash Functions
1.1.2
Additional Cryptography Resources
1.2
About Public Key Infrastructure (PKI)
1.2.1
Understanding Key Pairs
1.2.2
About the Certificate Authority
1.2.3
What are Digital Certificates?
1.2.4
Related PKI Standards
1.2.5
Benefits of PKI
1.3
About Web Services Security
1.4
About SAML
1.4.1
Understanding SAML Assertions
1.4.2
Understanding SAML Requests and Responses
1.4.2.1
About the SAML Request and Response Cycle
1.4.2.2
About SAML Protocol Bindings and Profiles
1.4.2.3
How SAML Integrates with XML Security
1.5
About Identity Federation
1.6
About Oracle Security Developer Tools
1.6.1
Understanding Toolkit Architecture
1.6.2
About Supported Standards
1.6.3
About Oracle Crypto
1.6.4
About Oracle Security Engine
1.6.5
About Oracle CMS
1.6.6
About Oracle S/MIME
1.6.7
About the Oracle PKI SDK
1.6.7.1
About Oracle PKI LDAP SDK
1.6.7.2
About Oracle PKI TSP SDK
1.6.7.3
About Oracle PKI OCSP SDK
1.6.7.4
About Oracle PKI CMP SDK
1.6.8
About Oracle XML Security
1.6.9
About Oracle SAML
1.6.10
About Oracle Web Services Security
1.6.11
About Oracle Liberty SDK
1.6.12
About Oracle XKMS
1.6.13
About Oracle JWT
1.7
References
2
Migrating to the JCE Framework
2.1
About The JCE Framework
2.2
Understanding JCE Keys
2.2.1
Converting an Existing Key Object to a JCE Key Object
2.3
Working with JCE Certificates
2.3.1
Switching to a JCE Certificate
2.4
Working with JCE Certificate Revocation Lists (CRLs)
2.5
Using JCE Keystores
2.5.1
Working with standard KeyStore-type Wallets
2.5.2
Working with PKCS12 and PKCS8 Wallets
2.6
The Oracle JCE Provider Java API Reference
3
Oracle Crypto
3.1
About Oracle Crypto Features and Benefits
3.1.1
About the Oracle Crypto Packages
3.2
Setting Up Your Oracle Crypto Environment
3.2.1
Understanding System Requirements for Oracle Crypto
3.2.2
Setting the CLASSPATH Environment Variable
3.2.2.1
Setting the CLASSPATH on Windows
3.2.2.2
Setting the CLASSPATH on UNIX
3.3
Understanding and Using Core Classes and Interfaces
3.3.1
About the Key Classes
3.3.1.1
The oracle.security.crypto.core.Key Interface
3.3.1.2
The oracle.security.crypto.core.PrivateKey Interface
3.3.1.3
The oracle.security.crypto.core.PublicKey Interface
3.3.1.4
The oracle.security.crypto.core.SymmetricKey Class
3.3.2
Using the Key Generation Classes
3.3.2.1
Using the oracle.security.crypto.core.KeyPairGenerator Class
3.3.2.2
Using the oracle.security.crypto.core.SymmetricKeyGenerator Class
3.3.3
Using Cipher Classes
3.3.3.1
Using Symmetric Ciphers
3.3.3.2
Using the RSA Cipher
3.3.3.3
Using Password Based Encryption
3.3.4
Using the Signature Classes
3.3.5
Using Message Digest Classes
3.3.5.1
Using the oracle.security.crypto.core.MessageDigest Class
3.3.5.2
Using the oracle.security.crypto.core.MAC Class
3.3.6
Using the Key Agreement Class
3.3.7
Using Pseudo-Random Number Generator Classes
3.3.7.1
Using the oracle.security.crypto.core.RandomBitsSource class
3.3.7.2
Using the oracle.security.crypto.core.EntropySource class
3.4
The Oracle Crypto and Crypto FIPS Java API References
4
Oracle Security Engine
4.1
Oracle Security Engine Features and Benefits
4.1.1
About Oracle Security Engine Packages
4.2
Setting Up Your Oracle Security Engine Environment
4.2.1
Understanding System Requirements for Oracle Security Engine
4.2.2
Setting the CLASSPATH Environment Variable
4.2.2.1
Setting the CLASSPATH on Windows
4.2.2.2
Setting the CLASSPATH on UNIX
4.3
Core Classes and Interfaces
4.3.1
Using the oracle.security.crypto.cert.X500RDN Class
4.3.2
Using the oracle.security.crypto.cert.X500Name Class
4.3.3
Using the oracle.security.crypto.cert.CertificateRequest Class
4.3.4
The java.security.cert.X509Certificate Class
4.4
The Oracle Security Engine Java API Reference
5
Oracle CMS
5.1
Oracle CMS Features and Benefits
5.1.1
Content Types
5.1.2
Differences Between Oracle CMS Implementation and RFCs
5.2
Setting Up Your Oracle CMS Environment
5.2.1
Understanding System Requirements for Oracle CMS
5.2.2
Setting the CLASSPATH Environment Variable
5.2.2.1
Setting the CLASSPATH on Windows
5.2.2.2
Setting the CLASSPATH on UNIX
5.3
Understanding and Developing Applications with Oracle CMS
5.3.1
About CMS Object Types
5.3.2
Constructing CMS Objects using the CMS***ContentInfo Classes
5.3.2.1
Using the Abstract Base Class CMSContentInfo
5.3.2.2
Using the CMSDataContentInfo Class
5.3.2.3
Using the ESSReceipt Class
5.3.2.4
Using the CMSDigestedDataContentInfo Class
5.3.2.5
Using the CMSSignedDataContentInfo Class
5.3.2.6
Using the CMSEncryptedDataContentInfo Class
5.3.2.7
Understanding and Using the CMSEnvelopedDataContentInfo Class
5.3.2.8
Using the CMSAuthenticatedDataContentInfo Class
5.3.2.9
Working with Wrapped (Triple or more) CMSContentInfo Objects
5.3.3
Constructing CMS Objects using the CMS***Stream and CMS***Connector Classes
5.3.3.1
Limitations of the CMS***Stream and CMS***Connector Classes
5.3.3.2
Difference between CMS***Stream and CMS***Connector Classes
5.3.3.3
Understanding and Using the CMS***OutputStream and CMS***InputStream Classes
5.3.3.4
Wrapping (Triple or more) CMS***Connector Objects
5.4
The Oracle CMS Java API Reference
6
Oracle S/MIME
6.1
Oracle S/MIME Features and Benefits
6.2
Setting Up Your Oracle S/MIME Environment
6.2.1
Understanding System Requirements for Oracle S/MIME
6.2.2
Setting the CLASSPATH Environment Variable
6.2.2.1
Setting the CLASSPATH on Windows
6.2.2.2
Setting the CLASSPATH on UNIX
6.3
Developing Applications with Oracle S/MIME
6.3.1
Core Classes and Interfaces
6.3.1.1
Using the oracle.security.crypto.smime.SmimeObject Interface
6.3.1.2
Using the oracle.security.crypto.smime.SmimeSignedObject Interface
6.3.1.3
Using the oracle.security.crypto.smime.SmimeSigned Class
6.3.1.4
Using the oracle.security.crypto.smime.SmimeEnveloped Class
6.3.1.5
Using the oracle.security.crypto.smime.SmimeMultipartSigned Class
6.3.1.6
Using the oracle.security.crypto.smime.SmimeSignedReceipt Class
6.3.1.7
Using the oracle.security.crypto.smime.SmimeCompressed Class
6.3.2
Supporting Classes and Interfaces
6.3.2.1
Using the oracle.security.crypto.smime.Smime Interface
6.3.2.2
Using the oracle.security.crypto.smime.SmimeUtils Class
6.3.2.3
Using the oracle.security.crypto.smime.MailTrustPolicy Class
6.3.2.4
Using the oracle.security.crypto.smime.SmimeCapabilities Class
6.3.2.5
Using the oracle.security.crypto.smime.SmimeDataContentHandler Class
6.3.2.6
Using the oracle.security.crypto.smime.ess Package
6.3.3
Using the Oracle S/MIME Classes
6.3.3.1
Using the Abstract Class SmimeObject
6.3.3.2
Signing Messages
6.3.3.3
Creating "Multipart/Signed" Entities
6.3.3.4
Creating Digital Envelopes
6.3.3.5
Creating "Certificates-Only" Messages
6.3.3.6
Reading Messages
6.3.3.7
Authenticating Signed Messages
6.3.3.8
Opening Digital Envelopes (Encrypted Messages)
6.3.3.9
Adding Enhanced Security Services (ESS)
6.3.3.10
Processing Enhanced Security Services (ESS)
6.4
The Oracle S/MIME Java API Reference
7
Oracle PKI SDK
7.1
Oracle PKI CMP SDK
7.1.1
Oracle PKI CMP SDK Features and Benefits
7.1.1.1
Package Overview for Oracle PKI CMP SDK
7.1.2
Setting Up Your Oracle PKI CMP SDK Environment
7.1.2.1
Understanding System Requirements for Oracle PKI CMP SDK
7.1.2.2
Setting the CLASSPATH Environment Variable
7.1.3
The Oracle PKI CMP SDK Java API Reference
7.2
Oracle PKI OCSP SDK
7.2.1
Oracle PKI OCSP SDK Features and Benefits
7.2.2
Setting Up Your Oracle PKI OCSP SDK Environment
7.2.2.1
Understanding System Requirements for Oracle PKI OCSP SDK
7.2.2.2
Setting the CLASSPATH Environment Variable
7.2.3
The Oracle PKI OCSP SDK Java API Reference
7.3
Oracle PKI TSP SDK
7.3.1
Oracle PKI TSP SDK Features and Benefits
7.3.1.1
Class and Interface Overview for Oracle PKI TSP SDK
7.3.2
Setting Up Your Oracle PKI TSP SDK Environment
7.3.2.1
Understanding System Requirements for Oracle PKI TSP SDK
7.3.2.2
Setting the CLASSPATH Environment Variable
7.3.3
The Oracle PKI TSP SDK Java API Reference
7.4
Oracle PKI LDAP SDK
7.4.1
Oracle PKI LDAP SDK Features and Benefits
7.4.1.1
Class Overview for Oracle PKI LDAP SDK
7.4.2
Setting Up Your Oracle PKI LDAP SDK Environment
7.4.2.1
Understanding System Requirements for Oracle PKI LDAP SDK
7.4.2.2
Setting the CLASSPATH Environment Variable
7.4.3
The Oracle PKI LDAP SDK Java API Reference
8
Oracle XML Security
8.1
Oracle XML Security Features and Benefits
8.1.1
Supported Algorithms
8.1.2
Oracle XML Security API
8.2
Setting Up Your Oracle XML Security Environment
8.3
Signing Data
8.3.1
Identifying What to Sign
8.3.1.1
Determining the Signature Envelope
8.3.1.2
Deciding How to Sign Binary Data
8.3.1.3
Signing Multiple XML Fragments with a Signature
8.3.1.4
Excluding Elements from a Signature
8.3.2
Deciding on a Signing Key
8.3.2.1
Setting Up Key Exchange
8.3.2.2
Providing a Receiver Hint
8.4
Verifying Data
8.5
Understanding how Data is Encrypted
8.5.1
Identify what to Encrypt
8.5.1.1
About the Content Only Encryption Mode
8.5.1.2
Encrypt Binary Data
8.5.2
Decide on the Encryption Key
8.6
Understanding Data Decryption
8.7
Understanding and Using Element Wrappers in the OSDT XML APIs
8.7.1
Constructing the Wrapper Object
8.7.2
Obtaining the DOM Element from the Wrapper Object
8.7.3
Parsing Complex Elements
8.7.4
Constructing Complex Elements
8.8
Signing Data with the Oracle XML Security API
8.8.1
Creating a Detached Signature, Basic Procedure
8.8.2
Using Variations on the Basic Signing Procedure
8.8.2.1
Including Multiple References
8.8.2.2
Using an Enveloped Signature
8.8.2.3
Using an XPath Expression
8.8.2.4
Using a Certificate Hint
8.8.2.5
Signing with an HMAC Key
8.9
Verifying Signatures with the Oracle XML Security API
8.9.1
Checking What is Signed, Basic Procedure
8.9.2
Setting Up Callbacks
8.9.3
Writing a Custom Key Retriever
8.9.4
Checking What is Signed
8.9.5
Verifying the Signature
8.9.5.1
Verifying if Callbacks are Set Up
8.9.5.2
Verifying if Callbacks are Not Set Up
8.9.5.3
Debugging Verification
8.10
Encrypting Data with the Oracle XML Security API
8.10.1
Encrypting with a Shared Symmetric Key
8.10.2
Encrypting with a Random Symmetric Key
8.11
Decrypting Data with the Oracle XML Security API
8.11.1
Decrypting with a Shared Symmetric Key
8.11.2
Decrypting with a Random Symmetric Key
8.12
About Supporting Classes and Interfaces
8.12.1
About the oracle.security.xmlsec.util.XMLURI Interface
8.12.2
About the oracle.security.xmlsec.util.XMLUtils class
8.13
Common XML Security Questions
8.14
Best Practices
8.15
The Oracle XML Security Java API Reference
9
Oracle SAML
9.1
Oracle SAML Features and Benefits
9.2
Oracle SAML 1.0/1.1
9.2.1
Oracle SAML 1.0/1.1 Packages
9.2.2
Setting Up Your Oracle SAML 1.0/1.1 Environment
9.2.2.1
Understanding System Requirements for Oracle SAML 1.0/1.1
9.2.2.2
Setting the CLASSPATH Environment Variable
9.2.3
Classes and Interfaces
9.2.3.1
Core Classes
9.2.3.2
Supporting Classes and Interfaces
9.2.4
The Oracle SAML 1.0/1.1 Java API Reference
9.3
Oracle SAML 2.0
9.3.1
Oracle SAML 2.0 Packages
9.3.2
Setting Up Your Oracle SAML 2.0 Environment
9.3.2.1
Understanding System Requirements for Oracle SAML 2.0
9.3.2.2
Setting the CLASSPATH Environment Variable
9.3.3
Classes and Interfaces
9.3.3.1
Core Classes
9.3.3.2
Supporting Classes and Interfaces
9.3.4
The Oracle SAML 2.0 Java API Reference
10
Oracle Web Services Security
10.1
Setting Up Your Oracle Web Services Security Environment
10.2
Classes and Interfaces
10.2.1
Element Wrappers
10.2.2
The <wsse:Security> header
10.2.2.1
Outgoing Messages
10.2.2.2
Incoming Messages
10.2.3
Security Tokens (ST)
10.2.3.1
Creating a Username Token
10.2.3.2
Creating an X509 Token
10.2.3.3
Creating a Kerberos Token
10.2.3.4
Creating a SAML Assertion Token
10.2.4
Security Token References (STR)
10.2.4.1
Creating a direct reference STR
10.2.4.2
Creating a Reference STR for a username token
10.2.4.3
Creating a Reference STR for a X509 Token
10.2.4.4
Creating a Reference STR for Kerberos Token
10.2.4.5
Creating a Reference STR for a SAML Assertion token
10.2.4.6
Creating a Reference STR for an EncryptedKey
10.2.4.7
Creating a Reference STR for a generic token
10.2.4.8
Creating a Key Identifier STR
10.2.4.9
Creating a KeyIdentifier STR for an X509 Token
10.2.4.10
Creating a KeyIdentifier STR for a Kerberos Token
10.2.4.11
Creating a KeyIdentifier STR for a SAML Assertion Token
10.2.4.12
Creating a KeyIdentifier STR for an EncryptedKey
10.2.4.13
Adding an STRTransform
10.2.5
Signing and Verifying
10.2.5.1
Signing SOAP Messages
10.2.5.2
Verifying SOAP Messages
10.2.5.3
Confirming Signatures
10.2.6
Encrypting and Decrypting
10.2.6.1
Encrypting SOAP messages with EncryptedKey
10.2.6.2
Encrypting SOAP messages without EncryptedKey
10.2.6.3
Encrypting SOAP Headers into an EncryptedHeader
10.2.6.4
Decrypting SOAP messages with EncryptedKey
10.2.6.5
Decrypting SOAP messages without EncryptedKey
10.3
The Oracle Web Services Security Java API Reference
11
Oracle Liberty SDK
11.1
Oracle Liberty SDK Features and Benefits
11.2
Oracle Liberty 1.1
11.2.1
Setting Up Your Oracle Liberty 1.1 Environment
11.2.1.1
Understanding System Requirements for Oracle Liberty 1.1
11.2.1.2
Setting the CLASSPATH Environment Variable
11.2.2
Overview of Oracle Liberty 1.1 Classes and Interfaces
11.2.2.1
Using Core Classes and Interfaces
11.2.2.2
Supporting Classes and Interfaces
11.2.3
The Oracle Liberty SDK 1.1 API Reference
11.3
Oracle Liberty 1.2
11.3.1
Setting Up Your Oracle Liberty 1.2 Environment
11.3.1.1
Understanding System Requirements for Oracle Liberty 1.2
11.3.1.2
Setting the CLASSPATH Environment Variable
11.3.2
Overview of Oracle Liberty 1.2 Classes and Interfaces
11.3.2.1
Core Classes and Interfaces
11.3.2.2
Supporting Classes and Interfaces
11.3.3
The Oracle Liberty SDK 1.2 API Reference
12
Oracle XKMS
12.1
Understanding Oracle XKMS Features and Benefits
12.1.1
About Oracle XKMS Packages
12.2
Setting Up Your Oracle XKMS Environment
12.2.1
Understanding System Requirements for Oracle XKMS
12.2.2
Setting the CLASSPATH Environment Variable
12.2.2.1
Setting the CLASSPATH on Windows
12.2.2.2
Setting the CLASSPATH on UNIX
12.3
Core Classes and Interfaces
12.3.1
oracle.security.xmlsec.xkms.xkiss.LocateRequest
12.3.2
Using the oracle.security.xmlsec.xkms.xkiss.LocateResult Class
12.3.3
Using the oracle.security.xmlsec.xkms.xkiss.ValidateRequest Class
12.3.4
Using the oracle.security.xmlsec.xkms.xkiss.ValidateResult Class
12.3.5
Using the oracle.security.xmlsec.xkms.xkrss.RecoverRequest Class
12.3.6
Using the oracle.security.xmlsec.xkms.xkrss.RecoverResult Class
12.4
The Oracle XKMS Java API Reference
13
Oracle JSON Web Token
13.1
Oracle JSON Web Token Features and Benefits
13.1.1
About JWT
13.1.2
Oracle JSON Web Token Features
13.2
Setting Up Your Oracle JSON Web Token Environment
13.2.1
Understanding System Requirements for Oracle JSON Web Token
13.2.2
Setting the CLASSPATH Environment Variable
13.2.2.1
Setting the CLASSPATH on Windows
13.2.2.2
Setting the CLASSPATH on UNIX
13.3
Using Core Classes and Interfaces
13.4
Examples of Usage
13.4.1
Creating the JWT Token
13.4.2
Signing the JWT Token
13.4.3
Verifying the JWT Token
13.4.4
Serializing the JWT Token without Signing
13.5
The Oracle JSON Web Token Reference
A
References
Scripting on this page enhances content navigation, but does not change the content in any way.