Skip navigation links

Oracle Fusion Middleware XKMS Java API Reference for Oracle Security Developer Tools
11g Release 1 (11.1.1.9)

E56327-01


oracle.security.xmlsec.xkms.util
Class XKMSUtils

java.lang.Object
  extended by oracle.security.xmlsec.xkms.util.XKMSUtils


public class XKMSUtils
extends java.lang.Object

A set of Utility functions.


Field Summary
static java.lang.String DEFAULT_SecretKEY_Algo
           
static oracle.security.crypto.core.AlgorithmIdentifier des_ede3_cbc
          RSA-registered identifier for the DES-EDE symmetric key encryption^M algorithm in CBC mode, as cited in RFC 2311.
static oracle.security.crypto.core.AlgorithmIdentifier dh_public_number
          The Diffie-Hellman Public Key Object Identifier (1.2.840.10046.2.1).
static oracle.security.crypto.core.AlgorithmIdentifier dsaWithSHA
           
static oracle.security.crypto.core.AlgorithmIdentifier dsaWithSHA1
          The DSA Signature Algorithm Identifier, with params omitted (not null) as per RFC-2633 (1.2.840.10040.4.3).
static oracle.security.crypto.core.AlgorithmIdentifier dsaWithSHA1Old
           
static oracle.security.crypto.core.AlgorithmIdentifier hmac_SHA_1
          The HMAC with SHA1 Message Authentication Code Algorithm Identifier (1.3.6.1.5.5.8.1.2).
static oracle.security.crypto.core.AlgorithmIdentifier id_alg_ESDH
          The Ephimeral-Static Diffie-Hellman Key Agreement Algorithm Identifier (1.2.840.113549.1.9.16.3.5).
static oracle.security.crypto.core.AlgorithmIdentifier id_alg_XKMS3DESwrap
          The Triple-DES Key Encryption (Wrap) Algorithm Identifier (1.2.840.113549.1.9.16.3.6).
static oracle.security.crypto.core.AlgorithmIdentifier id_alg_XKMSRC2wrap
          The RC2 Key Encryption (Wrap) Algorithm Identifier (1.2.840.113549.1.9.16.3.7).
static oracle.security.crypto.core.AlgorithmIdentifier id_dsa_with_sha_1
           
static oracle.security.crypto.core.AlgorithmIdentifier id_dsaWithSHA
          The DSA Signature Algorithm Identifier (1.3.14.3.2.13).
static oracle.security.crypto.core.AlgorithmIdentifier id_dsaWithSHA1Old
          The Obsolete DSA Signature Algorithm Identifier (1.3.14.3.2.27).
static oracle.security.crypto.core.AlgorithmIdentifier md5
          The MD5 Digest Algorithm Identifier (1.2.840.113549.2.5).
static oracle.security.crypto.core.AlgorithmIdentifier rc2_cbc
          The RC2 Content Encryption Algorithm in CBC mode Algorithm Identifier (1.2.840.113549.3.2).
static oracle.security.crypto.core.AlgorithmIdentifier rsaEncryption
          The RSA Signature Algorithm Identifier (1.2.840.113549.1.1.1).
static oracle.security.crypto.core.AlgorithmIdentifier sha_1
          The SHA-1 Digest Algorithm Identifier (1.3.14.3.2.26).

 

Constructor Summary
XKMSUtils()
           

 

Method Summary
static byte[] doMacAuthN(byte[] data, oracle.security.crypto.core.AlgorithmIdentifier hashAlgID)
          Convert the shared secret to an Authentication Key as per section 8.1 of the XKMS specification.
static byte[] doMacPrivateKey(byte[] data, oracle.security.crypto.core.AlgorithmIdentifier hashAlgID, int length)
          Convert the shared secret to a private key data as per section 8.1 of the XKMS specification.
static byte[] doMacRC(byte[] data, oracle.security.crypto.core.AlgorithmIdentifier hashAlgID)
          Convert the shared secret to an Authentication Key as per section 8.1 of the XKMS specification.
static byte[] doMacRCI(byte[] data, oracle.security.crypto.core.AlgorithmIdentifier hashAlgID)
          Convert the shared secret to a RevocationCode as per section 8.1 of the XKMS specification.
static byte[] generateNonce(java.util.Date time, java.math.BigInteger serialNo, byte[] secretKey, oracle.security.crypto.core.AlgorithmIdentifier hmacAlgID)
          Generate the Nonce as per the algorithm specified in Section 2.6.2 of the W3C XKMS specification.
static oracle.security.crypto.core.AlgorithmIdentifier getAlgoID(java.lang.String name)
          Algoname to algoId mapping
static java.lang.String getAlgoName(oracle.security.crypto.core.AlgorithmIdentifier oid)
          Algoid to algoname mapping
static oracle.security.xmlsec.util.XMLElement getInstance(org.w3c.dom.Element element)
          Instantiates a concrete Message subclass implementation to wrap the given Element.
static void insertChild(org.w3c.dom.Element parent, org.w3c.dom.Element e, java.lang.String[] tag, java.lang.String[] ns)
          Inserts a child element after any occurrences of the given elements.
static void insertChild(oracle.security.xmlsec.util.XMLElement parent, oracle.security.xmlsec.util.XMLElement e, java.lang.String[] tag, java.lang.String[] ns)
          Inserts a child element after any occurrences of the given elements.
static void removeChildren(org.w3c.dom.Element parent, java.lang.String tag, java.lang.String ns)
          Removes any child elements with the given tag name.
static byte[] secretString2Bytes(java.lang.String secret)
          Convert the shared secret to bytes as per section 8.1 of the XKMS specification.
static byte[] xor(byte[] a, byte[] b)
           

 

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

 

Field Detail

DEFAULT_SecretKEY_Algo

public static final java.lang.String DEFAULT_SecretKEY_Algo
See Also:
Constant Field Values

sha_1

public static final oracle.security.crypto.core.AlgorithmIdentifier sha_1
The SHA-1 Digest Algorithm Identifier (1.3.14.3.2.26).

md5

public static final oracle.security.crypto.core.AlgorithmIdentifier md5
The MD5 Digest Algorithm Identifier (1.2.840.113549.2.5).

dsaWithSHA1

public static final oracle.security.crypto.core.AlgorithmIdentifier dsaWithSHA1
The DSA Signature Algorithm Identifier, with params omitted (not null) as per RFC-2633 (1.2.840.10040.4.3).

id_dsa_with_sha_1

public static final oracle.security.crypto.core.AlgorithmIdentifier id_dsa_with_sha_1

id_dsaWithSHA

public static final oracle.security.crypto.core.AlgorithmIdentifier id_dsaWithSHA
The DSA Signature Algorithm Identifier (1.3.14.3.2.13).

dsaWithSHA

public static final oracle.security.crypto.core.AlgorithmIdentifier dsaWithSHA

id_dsaWithSHA1Old

public static final oracle.security.crypto.core.AlgorithmIdentifier id_dsaWithSHA1Old
The Obsolete DSA Signature Algorithm Identifier (1.3.14.3.2.27).

dsaWithSHA1Old

public static final oracle.security.crypto.core.AlgorithmIdentifier dsaWithSHA1Old

rsaEncryption

public static final oracle.security.crypto.core.AlgorithmIdentifier rsaEncryption
The RSA Signature Algorithm Identifier (1.2.840.113549.1.1.1).

dh_public_number

public static final oracle.security.crypto.core.AlgorithmIdentifier dh_public_number
The Diffie-Hellman Public Key Object Identifier (1.2.840.10046.2.1).

id_alg_ESDH

public static final oracle.security.crypto.core.AlgorithmIdentifier id_alg_ESDH
The Ephimeral-Static Diffie-Hellman Key Agreement Algorithm Identifier (1.2.840.113549.1.9.16.3.5).

id_alg_XKMS3DESwrap

public static final oracle.security.crypto.core.AlgorithmIdentifier id_alg_XKMS3DESwrap
The Triple-DES Key Encryption (Wrap) Algorithm Identifier (1.2.840.113549.1.9.16.3.6).

id_alg_XKMSRC2wrap

public static final oracle.security.crypto.core.AlgorithmIdentifier id_alg_XKMSRC2wrap
The RC2 Key Encryption (Wrap) Algorithm Identifier (1.2.840.113549.1.9.16.3.7).

rc2_cbc

public static final oracle.security.crypto.core.AlgorithmIdentifier rc2_cbc
The RC2 Content Encryption Algorithm in CBC mode Algorithm Identifier (1.2.840.113549.3.2).

hmac_SHA_1

public static final oracle.security.crypto.core.AlgorithmIdentifier hmac_SHA_1
The HMAC with SHA1 Message Authentication Code Algorithm Identifier (1.3.6.1.5.5.8.1.2).

des_ede3_cbc

public static final oracle.security.crypto.core.AlgorithmIdentifier des_ede3_cbc
RSA-registered identifier for the DES-EDE symmetric key encryption^M algorithm in CBC mode, as cited in RFC 2311.

Constructor Detail

XKMSUtils

public XKMSUtils()

Method Detail

secretString2Bytes

public static byte[] secretString2Bytes(java.lang.String secret)
                                 throws java.io.UnsupportedEncodingException
Convert the shared secret to bytes as per section 8.1 of the XKMS specification.

Note: This method only supports a subset of RFC 4103 stringprep profile.

Parameters:
secret - The shared secret used to derive the keying material.
Returns:
The converted bytes.
Throws:
java.io.UnsupportedEncodingException

doMacAuthN

public static byte[] doMacAuthN(byte[] data,
                                oracle.security.crypto.core.AlgorithmIdentifier hashAlgID)
                         throws java.security.NoSuchAlgorithmException,
                                java.security.spec.InvalidKeySpecException,
                                java.security.InvalidKeyException
Convert the shared secret to an Authentication Key as per section 8.1 of the XKMS specification.
Parameters:
data - The input material.
hashAlgID - The MAC algorithm.
Returns:
The derived key bytes.
Throws:
NoSuchAlgorithmException,InvalidKeySpecException,InvalidKeyException -

Note the changes in the exceptions thrown

algorithmIdentififer is no longer thrown

NoSuchAlgorithmException,InvalidKeySpecException,InvalidKeyException are introduced

java.security.NoSuchAlgorithmException
java.security.spec.InvalidKeySpecException
java.security.InvalidKeyException

doMacRC

public static byte[] doMacRC(byte[] data,
                             oracle.security.crypto.core.AlgorithmIdentifier hashAlgID)
                      throws java.security.NoSuchAlgorithmException,
                             java.security.spec.InvalidKeySpecException,
                             java.security.InvalidKeyException
Convert the shared secret to an Authentication Key as per section 8.1 of the XKMS specification.
Parameters:
data - The input material.
hashAlgID - The MAC algorithm.
Returns:
The derived key bytes.
Throws:
NoSuchAlgorithmException,InvalidKeySpecException,InvalidKeyException -

Note the changes in the exceptions thrown

algorithmIdentififer is no longer thrown

NoSuchAlgorithmException,InvalidKeySpecException,InvalidKeyException are introduced

java.security.NoSuchAlgorithmException
java.security.spec.InvalidKeySpecException
java.security.InvalidKeyException

doMacRCI

public static byte[] doMacRCI(byte[] data,
                              oracle.security.crypto.core.AlgorithmIdentifier hashAlgID)
                       throws java.security.NoSuchAlgorithmException,
                              java.security.InvalidKeyException,
                              java.security.spec.InvalidKeySpecException
Convert the shared secret to a RevocationCode as per section 8.1 of the XKMS specification.
Parameters:
data - The input material.
hashAlgID - The MAC algorithm.
Returns:
The derived revocation code bytes.
Throws:
NoSuchAlgorithmException,InvalidKeySpecException,InvalidKeyException -

Note the changes in the exceptions thrown

algorithmIdentififer is no longer thrown

NoSuchAlgorithmException,InvalidKeySpecException,InvalidKeyException are introduced

java.security.NoSuchAlgorithmException
java.security.InvalidKeyException
java.security.spec.InvalidKeySpecException

doMacPrivateKey

public static byte[] doMacPrivateKey(byte[] data,
                                     oracle.security.crypto.core.AlgorithmIdentifier hashAlgID,
                                     int length)
                              throws java.security.NoSuchAlgorithmException,
                                     java.security.InvalidKeyException,
                                     java.security.spec.InvalidKeySpecException
Convert the shared secret to a private key data as per section 8.1 of the XKMS specification.
Parameters:
data - The input material.
hashAlgID - The MAC algorithm.
length - The number of key bytes to generate.
Returns:
The derived revocation code identifier bytes.
Throws:
NoSuchAlgorithmException,InvalidKeySpecException,InvalidKeyException -

Note the changes in the exceptions thrown

algorithmIdentififer is no longer thrown

NoSuchAlgorithmException,InvalidKeySpecException,InvalidKeyException are introduced

java.security.NoSuchAlgorithmException
java.security.InvalidKeyException
java.security.spec.InvalidKeySpecException

insertChild

public static void insertChild(oracle.security.xmlsec.util.XMLElement parent,
                               oracle.security.xmlsec.util.XMLElement e,
                               java.lang.String[] tag,
                               java.lang.String[] ns)
                        throws org.w3c.dom.DOMException
Inserts a child element after any occurrences of the given elements.
Parameters:
parent - The element to which a child will be appended.
e - The child element to insert.
tag - An array of element tag names after any occurrence of which the child element is to be inserted. The tags must be presented in the order in which they appear in the parent element's schema.
ns - An array of namespace URIs corresponding to the tag names in the tag array.
Throws:
org.w3c.dom.DOMException

insertChild

public static void insertChild(org.w3c.dom.Element parent,
                               org.w3c.dom.Element e,
                               java.lang.String[] tag,
                               java.lang.String[] ns)
                        throws org.w3c.dom.DOMException
Inserts a child element after any occurrences of the given elements.
Parameters:
parent - The element to which a child will be appended.
e - The child element to insert.
tag - An array of element tag names after any occurrence of which the child element is to be inserted. The tags must be presented in the order in which they appear in the parent element's schema.
ns - An array of namespace URIs corresponding to the tag names in the tag array.
Throws:
org.w3c.dom.DOMException

removeChildren

public static void removeChildren(org.w3c.dom.Element parent,
                                  java.lang.String tag,
                                  java.lang.String ns)
Removes any child elements with the given tag name.
Parameters:
parent - The element whose children will be removed.
tag - The tag name of the child element(s) to remove.
ns - The namespace URI of the element(s) to remove.

generateNonce

public static byte[] generateNonce(java.util.Date time,
                                   java.math.BigInteger serialNo,
                                   byte[] secretKey,
                                   oracle.security.crypto.core.AlgorithmIdentifier hmacAlgID)
                            throws java.security.NoSuchAlgorithmException,
                                   java.security.spec.InvalidKeySpecException,
                                   java.security.InvalidKeyException
Generate the Nonce as per the algorithm specified in Section 2.6.2 of the W3C XKMS specification.
Parameters:
time - The current time.
serialNo - A unique serial number.
secretKey - The MAC key.
hmacAlgID - The MAC algorithm identifier.
Returns:
The raw nonce bytes.
Throws:
NoSuchAlgorithmException,InvalidKeySpecException,InvalidKeyException -

Note the changes in the exceptions thrown

IOException is no longer thrown

NoSuchAlgorithmException,InvalidKeySpecException,InvalidKeyException are introduced

java.security.NoSuchAlgorithmException
java.security.spec.InvalidKeySpecException
java.security.InvalidKeyException

getInstance

public static oracle.security.xmlsec.util.XMLElement getInstance(org.w3c.dom.Element element)
                                                          throws org.w3c.dom.DOMException
Instantiates a concrete Message subclass implementation to wrap the given Element.
Parameters:
element - An org.w3c.dom.Element that conforms to an element from the xkms schema.
Returns:
A subclass of XMLElement, or null if no appropriate implementation class could be found.
Throws:
org.w3c.dom.DOMException

getAlgoID

public static oracle.security.crypto.core.AlgorithmIdentifier getAlgoID(java.lang.String name)
                                                                 throws java.security.NoSuchAlgorithmException
Algoname to algoId mapping
Parameters:
name - Name of the algorithm
Returns:
AlgorithmIdentifier corresponding to the name of the algorithm
Throws:
java.security.NoSuchAlgorithmException

getAlgoName

public static java.lang.String getAlgoName(oracle.security.crypto.core.AlgorithmIdentifier oid)
                                    throws java.security.NoSuchAlgorithmException
Algoid to algoname mapping
Parameters:
oid - Algorithmidentifier for which algorithm name is required
Returns:
The algorithm name corresponding to the algoid
Throws:
java.security.NoSuchAlgorithmException

xor

public static byte[] xor(byte[] a,
                         byte[] b)

Skip navigation links

Oracle Fusion Middleware XKMS Java API Reference for Oracle Security Developer Tools
11g Release 1 (11.1.1.9)

E56327-01


Copyright © 2005, 2015 , Oracle. All rights reserved.