oracle.okv.service

Class OKVService

java.lang.Object

oracle.okv.service.OKVService

public class OKVService
extends java.lang.Object

OKVService is a service facade that allows clients to easily perform KMIP operations. OKVService abstracts most of the KMIP details away from the client, only requiring the client to provide simple parameters for the operations. OKVService requires various connection details used to connect with the Oracle Key Vault Server. The connection details are present in the configuration file 'okvclient.ora', usually located at $OKV_HOME/conf/okvclient.ora. If no configuration file location is provided, then the default configuration file is used. Please refer the documentation for further details.

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	CLASS_NAME
static java.lang.String	DEMO_PROGRAM_STMT Statement for Oracle Key Vault demo programs
static java.lang.String	DEMO_PROGRAM_STMT_FOR_OBJECT Statement for Oracle Key Vault demo programs created objects
static java.util.logging.Logger	logger
static java.lang.String	OKV_JSDK_VERSION Oracle Key Vault Java SDK Version

Method Summary

Modifier and Type	Method and Description
<TResponse> OKVTransporter<TResponse>	createOKVTransporter(oracle.okv.operation.OKVOperation<TResponse> inKMIPOperation) Creates an OKVTransporter object, which is used to send and receive KMIP operation messages.
oracle.okv.service.OKVEnv	getOKVEnv() Returns a OKVConnection object to the client.
OKVUidResponse	okvActivate(java.lang.String uid) API to perform the KMIP Activate operation on a KMIP object.
OKVUidResponse	okvAddAttribute(java.lang.String uid, OKVTTLV attr) API to perform the KMIP Add attribute operation on a KMIP object.
OKVBatchResponse	okvBatchExecute(OKVBatchOperation batchRequest) API to execute the batched KMIP functions in the same order as set in the OKVBatchOperation instance.
void	okvConnect() API to begin the session by creating a SSL connection to the Oracle Key Vault server.
OKVUidResponse	okvCreateKey(OKVTagEnum algorithm, int keyLength, int usageMask, OKVTTLV attributeList, java.lang.String walletName) API to perform the KMIP Create operation for the KMIP symmetric key object.
OKVKeyPairUidResponse	okvCreateKeyPair(OKVTagEnum algorithm, int keyLength, int privateKeyUsageMask, int publicKeyUsageMask, OKVTTLV commonAttributeList, OKVTTLV privateKeyAttributeList, OKVTTLV publicKeyAttributeList, java.lang.String walletName) API to perform the KMIP Create Key Pair operation for creating a pair of public and private key objects.
OKVDecryptResponse	okvDecrypt(java.lang.String uid, byte[] data, OKVCryptoContext cryptoContext) API to perform the decryption operation on the provided data using KMIP object.
OKVResponse	okvDeleteAttribute(java.lang.String uid, java.lang.String attrName, int attrIndex) API to perform the KMIP Delete attribute operation on a KMIP object.
OKVResponse	okvDestroy(java.lang.String uid) API to perform the KMIP Destroy operation on a KMIP object.
void	okvDisconnect() API to end the Oracle Key Vault server session and disconnect the SSL connection between the endpoint program and the Oracle Key Vault server.
OKVEncryptResponse	okvEncrypt(java.lang.String uid, byte[] data, OKVCryptoContext cryptoContext) API to perform the encryption operation on the provided data using KMIP object.
static OKVService	okvEnvSetConfig() API to create an OKVService instance and set the connection with default configuration.
static OKVService	okvEnvSetConfig(char[] password) API to create a OKVService instance and set the default connection configuration and specify the password for the SSL connection wallet.
static OKVService	okvEnvSetConfig(java.lang.String connConfigFile) API to create a OKVService instance and specify connection configuration file.
static OKVService	okvEnvSetConfig(java.lang.String connConfigFile, char[] password) API to create a OKVService instance and specify connection configuration file and the password for the SSL connection wallet.
OKVAttrListResponse	okvGetAttributeList(java.lang.String uid) API to perform the KMIP Get attribute list operation.
OKVAttrsResponse	okvGetAttributes(java.lang.String uid, java.util.List<java.lang.String> attrList) API to perform the KMIP get attribute operation on a KMIP object.
OKVCertificateResponse	okvGetCertificate(java.lang.String uid) API to do the KMIP Get operation for the KMIP certificate object.
OKVCertificateRequestResponse	okvGetCertificateRequest(java.lang.String uid) API to do the KMIP Get operation for the certificate request object.
OKVKeyResponse	okvGetKey(java.lang.String uid) API to perform the KMIP Get operation for the KMIP symmetric key object.
OKVOpaqueDataResponse	okvGetOpaqueData(java.lang.String uid) API to perform the KMIP Get operation for the KMIP opaque data object.
OKVPrivateKeyResponse	okvGetPrivateKey(java.lang.String uid) API to perform the KMIP Get operation for the KMIP private key object.
OKVPublicKeyResponse	okvGetPublicKey(java.lang.String uid) API to perform the KMIP Get operation for the KMIP public key object.
OKVSecretDataResponse	okvGetSecretData(java.lang.String uid) API to perform the the KMIP Get operation for the KMIP secret data object.
OKVAttrsResponse	okvGetTemplate(java.lang.String uid) API to perform the KMIP Get operation for the KMIP template object.
OKVUidListResponse	okvLocate(java.lang.Integer maxItems, java.lang.Integer storageStatusMask, OKVTagEnum objectGroupMember, OKVTTLV attributeList) API to find a KMIP object through the KMIP Locate operation.
OKVResponse	okvModifyAttribute(java.lang.String uid, OKVTTLV attr) API to perform the KMIP Modify attribute operation on a KMIP object.
<TResponse> TResponse	okvOpsExecuteOp(oracle.okv.operation.OKVOperation<TResponse> inKMIPOperation) Executes the operation passed in OKVOperation.
OKVQueryResponse	okvQueryCapability(java.util.List<OKVTagEnum> queryFuncs) API to perform the the KMIP query operation.
OKVUidResponse	okvRegCertificate(OKVTagEnum certificateType, OKVTag certificateSubType, byte[] certificateValue, int usageMask, OKVTTLV attributeList, java.lang.String privateKeyUID, java.lang.String walletName) API to do the KMIP Register operation for the KMIP certificate object.
OKVUidResponse	okvRegCertificateRequest(OKVTagEnum certificateRequestType, byte[] certificateRequestValue, OKVTTLV attributeList, java.lang.String privateKeyUID, java.lang.String walletName) API to do the KMIP Register operation for the KMIP certificate request object.
OKVUidResponse	okvRegKey(byte[] keyValue, OKVTagEnum algorithm, int keyLength, int usageMask, OKVTTLV attributeList, java.lang.String walletName) API to perform the KMIP Register operation for the KMIP symmetric key object.
OKVUidResponse	okvRegOpaqueData(OKVTagEnum opaqueType, byte[] opaqueValue, OKVTTLV attributeList, java.lang.String walletName) API to perform the KMIP Register operation for the KMIP opaque data object.
OKVUidResponse	okvRegPrivateKey(byte[] privateKeyValue, OKVTagEnum algorithm, int privateKeyLength, int usageMask, OKVTTLV attributeList, java.lang.String walletName) API to perform the KMIP Register operation for the KMIP private key object.
OKVUidResponse	okvRegPublicKey(byte[] publicKeyValue, OKVTagEnum algorithm, int publicKeyLength, int usageMask, OKVTTLV attributeList, java.lang.String privateKeyUID, java.lang.String walletName) API to perform the KMIP Register operation for the KMIP public key object.
OKVUidResponse	okvRegSecretData(OKVTagEnum secretDataType, byte[] secretDataValue, int usageMask, OKVTTLV attributeList, java.lang.String walletName) API to perform the KMIP Register operation for the KMIP secret data object.
OKVUidResponse	okvRegTemplate(OKVTTLV attributeList, java.lang.String walletName) API to perform the KMIP Register operation for the KMIP template object.
OKVUidResponse	okvRekey(java.lang.String uid, java.lang.Integer offset, OKVTTLV attributeList) API to perform the KMIP Rekey operation for the symmetric key object.
OKVResponse	okvRevoke(java.lang.String uid, OKVTagEnum reasonCode, java.lang.String reasonMessage, java.util.Date compromiseOccurrenceDate) API to perform the KMIP Revoke operation on a KMIP object.
OKVSignResponse	okvSign(java.lang.String uid, byte[] data, DataType dataType, OKVCryptoContext cryptoContext) API to perform the signing operation on the provided data using KMIP object.
OKVSignVerifyResponse	okvSignVerify(java.lang.String uid, byte[] data, DataType dataType, byte[] signatureData, OKVCryptoContext cryptoContext) API to perform the signature verify operation on the provided data using KMIP object.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

CLASS_NAME

public static final java.lang.String CLASS_NAME

logger

public static final java.util.logging.Logger logger

OKV_JSDK_VERSION

public static final java.lang.String OKV_JSDK_VERSION

Oracle Key Vault Java SDK Version

See Also:

Constant Field Values

DEMO_PROGRAM_STMT

public static final java.lang.String DEMO_PROGRAM_STMT

Statement for Oracle Key Vault demo programs

See Also:

Constant Field Values

DEMO_PROGRAM_STMT_FOR_OBJECT

public static final java.lang.String DEMO_PROGRAM_STMT_FOR_OBJECT

Statement for Oracle Key Vault demo programs created objects

See Also:

Constant Field Values

Method Detail

okvEnvSetConfig

public static final OKVService okvEnvSetConfig()
                                        throws OKVException

API to create an OKVService instance and set the connection with default configuration. The default configuration file will be used. Refer to the specification for default values. The connection configuration file is used to specify the connection details such as the server IP address, server port number, default wallet, and other endpoint parameters.

Returns:

an OKVService instance of default configuration

Throws:

OKVException

okvEnvSetConfig

public static final OKVService okvEnvSetConfig(char[] password)
                                        throws OKVException

API to create a OKVService instance and set the default connection configuration and specify the password for the SSL connection wallet. The default configuration file will be used. Please refer specification for default values. Connection configuration file is used to specify the connection details like the server IP address, server port number etc. SSL connection wallet will also be created at the time of enrollment. The password specified at the time of enrollment is the one used with this function.

Parameters:

password - Password for the SSL connection wallet

Returns:

an OKVService instance of default configurations

Throws:

OKVException

okvEnvSetConfig

public static final OKVService okvEnvSetConfig(java.lang.String connConfigFile)
                                        throws OKVException

API to create a OKVService instance and specify connection configuration file. Connection configuration file is used to specify the connection details like the server IP address, server port number etc.

Parameters:

connConfigFile - Absolute/Relative path of Oracle Key Vault connection configuration file

Returns:

an OKVService instance of given configuration

Throws:

OKVException

okvEnvSetConfig

public static final OKVService okvEnvSetConfig(java.lang.String connConfigFile,
                                               char[] password)
                                        throws OKVException

API to create a OKVService instance and specify connection configuration file and the password for the SSL connection wallet. Connection configuration file is used to specify the connection details like the server IP address, server port number etc. SSL connection wallet will also be created at the time of enrollment. The password specified at the time of enrollment is the one used with this function.

Parameters:

connConfigFile - Absolute/Relative path of Oracle Key Vault connection configuration file

password - Password of the SSL connection wallet

Returns:

an OKVService instance of given configuration

Throws:

OKVException

okvActivate

public OKVUidResponse okvActivate(java.lang.String uid)
                           throws OKVException

API to perform the KMIP Activate operation on a KMIP object. It will activate the KMIP object identified by the unique identifier 'uid'. The unique identifier of the KMIP object activated by the Oracle Key Vault server is returned in OKVUidResponse.

Parameters:

uid - Unique identifier

Returns:

OKVUidResponse object

Throws:

OKVException

okvAddAttribute

public OKVUidResponse okvAddAttribute(java.lang.String uid,
                                      OKVTTLV attr)
                               throws OKVException

API to perform the KMIP Add attribute operation on a KMIP object. It adds an attribute to the KMIP object specified by the unique identifier. The unique identifier of the KMIP object to which the attribute has been added by the Oracle Key Vault server is returned in OKVUidResponse. The API has the following exceptions when used with Oracle Key Vault server: 1) If attributes are added to opaque or template objects using this API, the Oracle Key Vault server will give a general failure error and the attributes will not be added to the KMIP object. As a workaround, the attributes can be added during the registration using APIs okvRegOpaqueData and okvRegTemplate. 2) If a single instance attribute is added to an object using this API and the object already has an instance of the attribute, then the attribute won't get overwritten, but a General Failure error will be thrown. Use the okvModifyAttribute API to modify attribute values. 3) If a protect stop date later than the deactivation date is passed in the request TTLV, the server will not give an error and the protect stop date will be added to the registered KMIP object. 4) If a process start date is added using this API, the server will return a Permission Denied Error. As a workaround, the attribute can be added during registration using APIs okvRegKey, okvRegPrivateKey, okvRegSecretData, okvRegOpaqueData and okvRegTemplate.

Parameters:

uid - Unique Identifier

attr - Attribute to be added

Returns:

OKVUidResponse object

Throws:

OKVException

okvDisconnect

public void okvDisconnect()
                   throws OKVConnectionException

API to end the Oracle Key Vault server session and disconnect the SSL connection between the endpoint program and the Oracle Key Vault server.

Throws:

OKVConnectionException

okvCreateKey

public OKVUidResponse okvCreateKey(OKVTagEnum algorithm,
                                   int keyLength,
                                   int usageMask,
                                   OKVTTLV attributeList,
                                   java.lang.String walletName)
                            throws OKVException

API to perform the KMIP Create operation for the KMIP symmetric key object. A symmetric key of the specified length for the specified algorithm and for a specific use (cryptographic usage mask) is generated. The unique identifier of the symmetric key object generated by the Oracle Key Vault server is returned in OKVUidResponse. It is recommended to add a KMIP name attribute to the symmetric key object using the okvAddAttribute operation. The key is generated in wallet (walletName) if specified else it is generated in the default wallet if present with the endpoint.

Parameters:

algorithm - symmetric key algorithm

keyLength - key length of the symmetric key

usageMask - cryptographic mask usage of the symmetric key

attributeList - template names or attributes that will form the Template-Attribute

walletName - wallet membership of the key

Returns:

OKVUidResponse object

Throws:

OKVException

okvCreateKeyPair

public OKVKeyPairUidResponse okvCreateKeyPair(OKVTagEnum algorithm,
                                              int keyLength,
                                              int privateKeyUsageMask,
                                              int publicKeyUsageMask,
                                              OKVTTLV commonAttributeList,
                                              OKVTTLV privateKeyAttributeList,
                                              OKVTTLV publicKeyAttributeList,
                                              java.lang.String walletName)
                                       throws OKVException

API to perform the KMIP Create Key Pair operation for creating a pair of public and private key objects. A public and private key pair of the specified length for the specified algorithm and for a specific use (cryptographic usage mask) is generated. The unique identifiers of the public and private keys generated by the Oracle Key Vault server is returned in OKVKeyPairUidResponse. It is recommended to add a KMIP custom or name attribute to both the private and public key objects. The keys are generated in wallet (walletName) if one is specified. Otherwise, they are both generated in the default wallet if present with the endpoint.

Parameters:

algorithm - asymmetric key algorithm

keyLength - key length of the asymmetric key algorithm

privateKeyUsageMask - cryptographic mask usage of the private key

publicKeyUsageMask - cryptographic mask usage of the public key

commonAttributeList - template names or attributes that are common to both public and private keys and will form the common template-attribute

privateKeyAttributeList - template names or attributes of private key and will form the private key template-attribute

publicKeyAttributeList - template names or attributes of public key that will form the public key template-attribute

walletName - wallet membership of the keys

Returns:

OKVKeyPairUidResponse object

Throws:

OKVException

createOKVTransporter

public <TResponse> OKVTransporter<TResponse> createOKVTransporter(oracle.okv.operation.OKVOperation<TResponse> inKMIPOperation)

Creates an OKVTransporter object, which is used to send and receive KMIP operation messages.

Type Parameters:

TResponse - the type of response object returned to the client

Parameters:

inKMIPOperation - the OKVOperation object, which composes and decomposes operation messages between the endpoint and the server

Returns:

response object of type TResponse

okvDeleteAttribute

public OKVResponse okvDeleteAttribute(java.lang.String uid,
                                      java.lang.String attrName,
                                      int attrIndex)
                               throws OKVException

API to perform the KMIP Delete attribute operation on a KMIP object. It deletes an attribute specified by an attribute name and attribute index of the KMIP object specified by the unique identifier.

Parameters:

uid - unique identifier

attrName - name of the attribute to be deleted

attrIndex - index of the attribute to be deleted

Returns:

OKVResponse object with operation results

Throws:

OKVException

okvDestroy

public OKVResponse okvDestroy(java.lang.String uid)
                       throws OKVException

API to perform the KMIP Destroy operation on a KMIP object. It will destroy the KMIP object specified by the unique identifier.

Parameters:

uid - unique identifier

Returns:

OKVResponse object with operation results

Throws:

OKVException

okvBatchExecute

public OKVBatchResponse okvBatchExecute(OKVBatchOperation batchRequest)
                                 throws OKVException

API to execute the batched KMIP functions in the same order as set in the OKVBatchOperation instance. If there are errors then the response objects for all the batched KMIP operations should be checked to verify which operations failed and which were successful. All response objects are contained in OKVBatchResponse. If there are no errors, the response objects are contained in OKVBatchResponse.

Parameters:

batchRequest - OKVBatchOperation containing the list of batch operations

Returns:

OKVBatchResponse object containing the results

Throws:

OKVException

okvOpsExecuteOp

public <TResponse> TResponse okvOpsExecuteOp(oracle.okv.operation.OKVOperation<TResponse> inKMIPOperation)
                                      throws OKVException

Executes the operation passed in OKVOperation.

Type Parameters:

TResponse - the type of response object returned to the client

Parameters:

inKMIPOperation - the OKVOperation object, which composes and decomposes operation messages between the endpoint and the server

Returns:

response object of type TResponse

Throws:

OKVException

okvGetAttributes

public OKVAttrsResponse okvGetAttributes(java.lang.String uid,
                                         java.util.List<java.lang.String> attrList)
                                  throws OKVException

API to perform the KMIP get attribute operation on a KMIP object. It retrieves the specified list of regular and custom attributes for a given KMIP object identified by the unique identifier.

Parameters:

uid - unique identifier

attrList - Names of the attributes to be retrieved

Returns:

OKVAttrsResponse object

Throws:

OKVException

okvGetAttributeList

public OKVAttrListResponse okvGetAttributeList(java.lang.String uid)
                                        throws OKVException

API to perform the KMIP Get attribute list operation. It retrieves the names of the regular and custom attributes of a KMIP object specified by the unique identifier.

Parameters:

uid - unique identifier

Returns:

OKVAttrListResponse object

Throws:

OKVException

okvGetCertificate

public OKVCertificateResponse okvGetCertificate(java.lang.String uid)
                                         throws OKVException

API to do the KMIP Get operation for the KMIP certificate object. For the specified unique identifier of the certificate, the certificate type, the certificate length and the certificate bytes are returned in OKVCertificateResponse.

Parameters:

uid - unique identifier

Returns:

OKVCertificateResponse object

Throws:

OKVException

okvGetCertificateRequest

public OKVCertificateRequestResponse okvGetCertificateRequest(java.lang.String uid)
                                                       throws OKVException

API to do the KMIP Get operation for the certificate request object. For the specified unique identifier of the certificate request object, the certificate request type, certificate request length and the certificate request bytes are returned in OKVCertificateRequestResponse.

Parameters:

uid - unique identifier

Returns:

OKVCertificateRequestResponse object

Throws:

OKVException

getOKVEnv

public oracle.okv.service.OKVEnv getOKVEnv()

Returns a OKVConnection object to the client. This object holds the connection to the key management server, and is used to transport operations to the server.

Returns:

the object that holds the connection to the key management server

okvGetKey

public OKVKeyResponse okvGetKey(java.lang.String uid)
                         throws OKVException

API to perform the KMIP Get operation for the KMIP symmetric key object. For the specified unique identifier of the symmetric key, the key length, key algorithm, and the actual key bytes are returned in OKVKeyResponse.

Parameters:

uid - unique identifier

Returns:

OKVKeyResponse object

Throws:

OKVException

okvGetPrivateKey

public OKVPrivateKeyResponse okvGetPrivateKey(java.lang.String uid)
                                       throws OKVException

API to perform the KMIP Get operation for the KMIP private key object. For the specified unique identifier of the private key, the key length, key algorithm and the actual key bytes are returned in OKVPrivateKeyResponse.

Parameters:

uid - unique identifier

Returns:

OKVPrivateKeyResponse object

Throws:

OKVException

okvGetPublicKey

public OKVPublicKeyResponse okvGetPublicKey(java.lang.String uid)
                                     throws OKVException

API to perform the KMIP Get operation for the KMIP public key object. For the specified unique identifier of the public key, the key length, key algorithm and the actual key bytes are returned in OKVPublicKeyResponse.

Parameters:

uid - unique identifier

Returns:

OKVPublicKeyResponse object

Throws:

OKVException

okvGetOpaqueData

public OKVOpaqueDataResponse okvGetOpaqueData(java.lang.String uid)
                                       throws OKVException

API to perform the KMIP Get operation for the KMIP opaque data object. For the specified unique identifier of the opaque data, the opaque data type, the opaque data length, and the opaque data bytes are returned in OKVOpaqueDataResponse.

Parameters:

uid - unique identifier

Returns:

OKVOpaqueDataResponse object

Throws:

OKVException

okvGetSecretData

public OKVSecretDataResponse okvGetSecretData(java.lang.String uid)
                                       throws OKVException

API to perform the the KMIP Get operation for the KMIP secret data object. For the specified unique identifier of the secret data, the secret data type, the secret data length, and the secret data bytes are returned in OKSecretDataResponse.

Parameters:

uid - unique identifier

Returns:

OKVSecretDataResponse object

Throws:

OKVException

okvGetTemplate

public OKVAttrsResponse okvGetTemplate(java.lang.String uid)
                                throws OKVException

API to perform the KMIP Get operation for the KMIP template object. The template is a list of attributes, which can be interpreted using the Oracle Key Vault utility or Oracle Key Vault KMIP extension functions. For the specified unique identifier of the template, the attributes of the template object are returned in OKVAttrsResponse. This API will throw a general failure error while retrieving the template with the process start date and the protect stop date if you register the template with these attributes.

Parameters:

uid - unique identifier

Returns:

OKVAttrsResponse object

Throws:

OKVException

okvLocate

public OKVUidListResponse okvLocate(java.lang.Integer maxItems,
                                    java.lang.Integer storageStatusMask,
                                    OKVTagEnum objectGroupMember,
                                    OKVTTLV attributeList)
                             throws OKVException

API to find a KMIP object through the KMIP Locate operation. The locate operation will look up all the objects in Oracle Key Vault that match the attributes specified in the attributeList. Starting Oracle Key Vault 21.7 release, the Oracle Key Vault server now supports the Maximum Items field (maxItems) for Locate operation i.e., only requested number (or upto maximum of 'maxItems') of object Unique ID's is returned by the server. If you want to skip this field in the locate operation, then please use 'null' in place of 'maxItems' parameter. As of today, Storage Status Mask (storageStatusMask) and Object Group Member (objectGroupMember) fields are not supported by the Oracle Key Vault server and hence any values passed into these fields are not taken into account by the server during locate operation.

Parameters:

maxItems - maximum number of unique identifiers expected

storageStatusMask - look for archived or online objects

objectGroupMember - object group member type

attributeList - template attributes that define the locate search

Returns:

OKVLocateResponse object

Throws:

OKVException

okvModifyAttribute

public OKVResponse okvModifyAttribute(java.lang.String uid,
                                      OKVTTLV attr)
                               throws OKVException

API to perform the KMIP Modify attribute operation on a KMIP object. It modifies an attribute of the KMIP object specified by the unique identifier.

Parameters:

uid - unique identifier

attr - Attribute to be modified

Returns:

OKVResponse object

Throws:

OKVException

okvConnect

public void okvConnect()
                throws OKVConnectionException

API to begin the session by creating a SSL connection to the Oracle Key Vault server. Subsequent Oracle Key Vault Java SDK functions will use this connection for communicating with the Oracle Key Vault server.

Throws:

OKVConnectionException

okvQueryCapability

public OKVQueryResponse okvQueryCapability(java.util.List<OKVTagEnum> queryFuncs)
                                    throws OKVException

API to perform the the KMIP query operation. The KMIP query operation returns the Oracle Key Vault server supported items such as KMIP operations, objects, and server information.

Parameters:

queryFuncs - KMIP query functions requested

Returns:

OKVQueryResponse object

Throws:

OKVException

okvRegKey

public OKVUidResponse okvRegKey(byte[] keyValue,
                                OKVTagEnum algorithm,
                                int keyLength,
                                int usageMask,
                                OKVTTLV attributeList,
                                java.lang.String walletName)
                         throws OKVException

API to perform the KMIP Register operation for the KMIP symmetric key object. A symmetric key of the specified length for a specified algorithm and use (cryptographic usage mask) is registered with Oracle Key Vault server. The unique identifier of the symmetric key object generated by the Oracle Key Vault server is returned in OKVUidResponse. The new key created can take in additional attributes specified with the help of attributes and template names, if specified. The attributes and template names, if specified, will be the template attribute added to KMIP register operation. It is recommended to add a KMIP name attribute to the symmetric key object to help identify it in future. The key is registered in wallet (walletName) if specified, otherwise it is registered in the default wallet if present with the endpoint.

Parameters:

keyValue - symmetric Key

algorithm - symmetric key algorithm

keyLength - key length of the symmetric key

usageMask - cryptographic mask usage of the symmetric key

attributeList - template names or attributes that will form the Template-Attribute

walletName - wallet membership of the key

Returns:

OKVUidResponse object

Throws:

OKVException

okvRegPrivateKey

public OKVUidResponse okvRegPrivateKey(byte[] privateKeyValue,
                                       OKVTagEnum algorithm,
                                       int privateKeyLength,
                                       int usageMask,
                                       OKVTTLV attributeList,
                                       java.lang.String walletName)
                                throws OKVException

API to perform the KMIP Register operation for the KMIP private key object. A private key of the specified length for a specified algorithm and use (cryptographic usage mask) is registered with Oracle Key Vault server. The unique identifier of the private key object generated by the Oracle Key Vault server is returned in OKVUidResponse. The new private key created can take in additional attributes specified with the help of attributes and template names, if specified. The attributes and template names, if specified, will be the template attribute added to KMIP register operation. It is recommended to add a KMIP name attribute to the private key object to help identify it in future. The private key is registered in wallet (walletName) if specified, otherwise it is registered in the default wallet if present with the endpoint.

Parameters:

privateKeyValue - private key being registered

algorithm - private key algorithm

privateKeyLength - key length of the private key

usageMask - cryptographic mask usage of the private key

attributeList - template names or attributes that will form the Template-Attribute

walletName - wallet membership of the private key

Returns:

OKVUidResponse object

Throws:

OKVException

okvRegPublicKey

public OKVUidResponse okvRegPublicKey(byte[] publicKeyValue,
                                      OKVTagEnum algorithm,
                                      int publicKeyLength,
                                      int usageMask,
                                      OKVTTLV attributeList,
                                      java.lang.String privateKeyUID,
                                      java.lang.String walletName)
                               throws OKVException

API to perform the KMIP Register operation for the KMIP public key object. A public key of the specified length for a specified algorithm and use (cryptographic usage mask) is registered with Oracle Key Vault server. The unique identifier of the public key object generated by the Oracle Key Vault server is returned in OKVUidResponse. The new public key created can take in additional attributes specified with the help of attributes and template names, if specified. The attributes and template names, if specified, will be the template attribute added to KMIP register operation. It is recommended to add a KMIP name attribute to the public key object to help identify it in future. The public key is registered in wallet (walletName) if specified, otherwise it is registered in the default wallet if present with the endpoint. The public key being registered can be optionally associated with a private key by providing the UID of the private key (privateKeyUID). Note: Validate the existence of privateKeyUID by performing a locate operation (using okvLocate API) before passing it as an argument to this API.

Parameters:

publicKeyValue - public key being registered

algorithm - public key algorithm

publicKeyLength - key length of the public key

usageMask - cryptographic mask usage of the public key

attributeList - template names or attributes that will form the Template-Attribute

privateKeyUID - UID of the private key associated with the public key

walletName - wallet membership of the public key

Returns:

OKVUidResponse object

Throws:

OKVException

okvRegCertificate

public OKVUidResponse okvRegCertificate(OKVTagEnum certificateType,
                                        OKVTag certificateSubType,
                                        byte[] certificateValue,
                                        int usageMask,
                                        OKVTTLV attributeList,
                                        java.lang.String privateKeyUID,
                                        java.lang.String walletName)
                                 throws OKVException

API to do the KMIP Register operation for the KMIP certificate object. A certificate of a specific type is registered with Oracle Key Vault Server. The unique identifier of the certificate object generated by the Oracle Key Vault server is returned in OKVUidResponse. The new certificate created can take in additional attributes specified with the help of attributes and template names, if specified. The attributes and template names, if specified, will be the template attribute added to KMIP register operation. It is recommended to add a KMIP Name attribute to certificate object to help identify it in future. The certificate is registered in wallet (walletName) if specified, otherwise it is registered in the default wallet if present with the endpoint. The certificate being registered can be optionally associated with a private key by providing the UID of the private key (privateKeyUID). Note: Validate the existence of privateKeyUID by performing a locate operation (using okvLocate API) before passing it as an argument to this API.

Parameters:

certificateType - type of certificate being registered

certificateSubType - sub type of the certificate being registered OKVTag.OKV_CERT_SUBTYPE_USER_CERT represents User Certificate OKVTag.OKV_CERT_SUBTYPE_TRUSTPOINT represents Trustpoint

certificateValue - certificate being registered

usageMask - cryptographic mask usage of the certificate

attributeList - template names or attributes that will form the Template-Attribute

privateKeyUID - UID of the private key associated with certificate

walletName - wallet membership of certificate

Returns:

OKVUidResponse object

Throws:

OKVException

okvRegCertificateRequest

public OKVUidResponse okvRegCertificateRequest(OKVTagEnum certificateRequestType,
                                               byte[] certificateRequestValue,
                                               OKVTTLV attributeList,
                                               java.lang.String privateKeyUID,
                                               java.lang.String walletName)
                                        throws OKVException

API to do the KMIP Register operation for the KMIP certificate request object. A certificate request object is registered as an opaque object with Oracle Key Vault Server. The unique identifier of the certificate request object generated by the Oracle Key Vault server is returned in OKVUidResponse. The new certificate request created can take in additional attributes specified with the help of attributes and template names, if specified. The attributes and template names, if specified, will be the template attribute added to KMIP register operation. It is recommended to add a KMIP Name attribute to certificate request object to help identify it in future. The certificate request is registered in wallet (walletName) if specified, otherwise it is registered in the default wallet if present with the endpoint. The certificate request being registered SHOULD be associated with a private key by providing the UID of the private key (privateKeyUID). Note: Validate the existence of privateKeyUID by performing a locate operation (using okvLocate API) before passing it as an argument to this API.

Parameters:

certificateRequestType - type of certificate request being registered.

certificateRequestValue - certificate request being registered

attributeList - template names or attributes that will form the Template-Attribute

privateKeyUID - UID of the private key associated with certificate request

walletName - wallet membership of certificate request

Returns:

OKVUidResponse object

Throws:

OKVException

okvRegSecretData

public OKVUidResponse okvRegSecretData(OKVTagEnum secretDataType,
                                       byte[] secretDataValue,
                                       int usageMask,
                                       OKVTTLV attributeList,
                                       java.lang.String walletName)
                                throws OKVException

API to perform the KMIP Register operation for the KMIP secret data object. A secret data of a specific type is registered with Oracle Key Vault server. Secret data is usually a password or a string. The unique identifier of the secret data registered by the Oracle Key Vault server is returned in OKVUidResponse. The new secret data created can take additional attributes specified with the help of attributes and template names, if specified. The attributes and template names, if specified, will be the template attribute added to KMIP register operation. It is recommended to add a KMIP name attribute to secret data object to help identify it in future. The secret data is registered in wallet (walletName) if specified, otherwise it is registered in the default wallet if present with the endpoint.

Parameters:

secretDataType - type of secret data being registered

secretDataValue - secret data being registered

usageMask - cryptographic mask usage of the secret data

attributeList - template names or attributes that will form the Template-Attribute

walletName - wallet membership of secret data

Returns:

OKVUidResponse object

Throws:

OKVException

okvRegOpaqueData

public OKVUidResponse okvRegOpaqueData(OKVTagEnum opaqueType,
                                       byte[] opaqueValue,
                                       OKVTTLV attributeList,
                                       java.lang.String walletName)
                                throws OKVException

API to perform the KMIP Register operation for the KMIP opaque data object. Opaque data of a specific type is registered with the Oracle Key Vault server. The opaque data is a byte string. A text file, text string, binary file, or key can also be uploaded as opaque data. The unique identifier of the opaque data object registered by the Oracle Key Vault server is returned in OKVUidResponse. The new opaque data registered can take in additional attributes specified with the help of attributes and template names, if specified. The attributes and template names, if specified, will be the template attribute added to KMIP register operation. It is recommended to add a KMIP name attribute to an opaque data object to help identify it in future. The opaque data is registered in wallet (walletName) if specified, otherwise it is registered in the default wallet if present with the endpoint. The API has an exception when used with Oracle Key Vault server: The attributes lease time, deactivation date, destroy date, compromise occurrence date, compromise date and revocation reason are not supported for opaque objects.

Parameters:

opaqueType - type of opaque object being registered

opaqueValue - opaque object being registered

attributeList - template names or attributes that will form the Template-Attribute

walletName - wallet membership of opaque data

Returns:

OKVUidResponse object

Throws:

OKVException

okvRegTemplate

public OKVUidResponse okvRegTemplate(OKVTTLV attributeList,
                                     java.lang.String walletName)
                              throws OKVException

API to perform the KMIP Register operation for the KMIP template object. A template object is a collection of attributes. The unique identifier of the template object generated by the Oracle Key Vault server is returned in OKVUidResponse. Do not confuse this API with the KMIP template-attribute object as an argument. The Template is registered in wallet (walletName) if specified, otherwise it is registered in the default wallet if present with the endpoint.

Parameters:

attributeList - attributes of the template

walletName - wallet membership of the template

Returns:

OKVUidResponse object

Throws:

OKVException

okvRekey

public OKVUidResponse okvRekey(java.lang.String uid,
                               java.lang.Integer offset,
                               OKVTTLV attributeList)
                        throws OKVException

API to perform the KMIP Rekey operation for the symmetric key object. The rekey operation requires the unique identifier of the KMIP object to be rekeyed. Most of the attributes are carried over from the old key. Some attributes are modified as per the KMIP defined rules. The unique identifier of the KMIP object rekeyed by the Oracle Key Vault server is returned in OKVUidResponse. The API has an exception when used with Oracle Key Vault server: If a template is passed for rekey, the template attributes are not added for the new key. As a workaround, this can be added after rekeying using okvAddAttribute.

Parameters:

uid - unique identifier

offset - time interval indicating the difference between the Initialization Date and the Activation Date of the replacement key to be created

attributeList - template names or attributes that will form the Template-Attribute

Returns:

OKVUidResponse object

Throws:

OKVException

okvRevoke

public OKVResponse okvRevoke(java.lang.String uid,
                             OKVTagEnum reasonCode,
                             java.lang.String reasonMessage,
                             java.util.Date compromiseOccurrenceDate)
                      throws OKVException

API to perform the KMIP Revoke operation on a KMIP object. It revokes the KMIP object specified by the unique identifier with a revocation reason and the date when the object was compromised. A key must be revoked prior to calling the destroy operation.

Parameters:

uid - unique identifier

reasonCode - revocation reason for revoking the KMIP object

reasonMessage - revocation message for revoking the KMIP object

compromiseOccurrenceDate - Date when the KMIP object compromise occurred

Returns:

OKVResponse object

Throws:

OKVException

okvEncrypt

public OKVEncryptResponse okvEncrypt(java.lang.String uid,
                                     byte[] data,
                                     OKVCryptoContext cryptoContext)
                              throws OKVException

API to perform the encryption operation on the provided data using KMIP object.

Parameters:

uid - unique identifier

data - data to be encrypted

cryptoContext - crypto context containing required parameters for encryption like cryptographic parameters, IV

Returns:

OKVEncryptResponse object

Throws:

OKVException

okvDecrypt

public OKVDecryptResponse okvDecrypt(java.lang.String uid,
                                     byte[] data,
                                     OKVCryptoContext cryptoContext)
                              throws OKVException

API to perform the decryption operation on the provided data using KMIP object.

Parameters:

uid - unique identifier

data - data to be decrypted

cryptoContext - crypto context containing required parameters for decryption like cryptographic parameters, IV

Returns:

OKVDecryptResponse object

Throws:

OKVException

okvSign

public OKVSignResponse okvSign(java.lang.String uid,
                               byte[] data,
                               DataType dataType,
                               OKVCryptoContext cryptoContext)
                        throws OKVException

API to perform the signing operation on the provided data using KMIP object.

Parameters:

uid - Unique Identifier of the key to be used for signature operation

data - data or digested data to be signed

dataType - Denotes the data type of the data argument ("RAW" or "DIGEST")

cryptoContext - cryptographic parameters

Returns:

OKVSignResponse object

Throws:

OKVException

okvSignVerify

public OKVSignVerifyResponse okvSignVerify(java.lang.String uid,
                                           byte[] data,
                                           DataType dataType,
                                           byte[] signatureData,
                                           OKVCryptoContext cryptoContext)
                                    throws OKVException

API to perform the signature verify operation on the provided data using KMIP object.

Parameters:

uid - Unique Identifier of the key to be used for the signature verify operation

data - Data or digested data passed to the signing operation (for those algorithms which need the original data to verify a signature)

dataType - Denotes the data type of the data argument ("RAW" or "DIGEST")

signatureData - Signature to be verified

cryptoContext - Cryptographic parameters

Returns:

OKVSignVerifyResponse

Throws:

OKVException