This section demonstrates several use cases using the REST API.
You can view and manage the credential store framework using the REST APIs described in the following use case. Specifically, this use case shows you how to:
Create a credential in the credential store
View all credentials in the credential store
Delete a credential from the credential store
Note:
For more information about credential store management, see "Configuring the Credential Store" in Security and Administrator's Guide for Web Services.To manage the credential store framework using the REST API:
Create a credential in the credential store framework by performing the following steps:
Create a JSON document, createcred.json, that defines the credential that you want to create.
The following shows an example of the request document. In this example, the name of the credential map is default, the credential key is myKey, and the username and password credentials are myUsr and password, respectively.
{
"username" : "username",
"credential" : "password",
"key" : "mykey",
"map" : "oracle.wsm.security"
}
For more information about the request attributes, see "Create a New Credential in the Credential Store".
Using cURL, create a credential in the credential store framework, passing the JSON document defined in the previous step.
curl -i -X POST -u username:password --data @createcred.json -H Content-Type:application/json http://myhost:7001/idaas/platform/admin/v1/credential
For more information about the cURL command-line options, see "cURL Access".
The following shows an example of the response indicating the request succeeded.
{
"STATUS": "Succeeded"
}
For more information, see "Create a New Credential in the Credential Store".
View all credentials in the credential store.
curl -i -X GET -u username:password http://myhost:7001/idaas/platform/admin/v1/credential
For more information about the cURL command-line options, see "cURL Access".
The following shows an example of the response, showing all credentials in the credential store:
{
"CSF_MAP_NAME": "CSF_KEY_NAME",
"default": "systemuser",
"oracle.wsm.security": [
"sign-csf-key",
"jwt-sign-csf-key",
"owsmtest.credentials",
"basic.client.credentials",
"weblogic-csf-key",
"enc-csf-key",
"mykey",
"dummy-pwd-csf-key",
"weblogic-kerberos-csf-key",
"keystore-csf-key",
"weblogic-windowsdomain-csf-key",
"oratest-csf-key",
"csr-csf-key",
"invalid-csf-key",
"ca-signed-sign-csf-key"
]
}
For more information, see "View All Credentials in the Credential Store".
Delete the credential from the credential store.
curl -i -X DELETE -u username:password http://myhost:7001/idaas/webservice/admin/v1/credential?"key=mykey&map=oracle.wsm.security"
You must pass query parameters to define the map and key names associated with the credential store that you want to delete. For more information, see "Delete a Credential from the Credential Store".
For more information about the cURL command-line options, see "cURL Access".
The following shows an example of the response indicating the request succeeded.
{
"STATUS": "Succeeded"
}
You can view and manage Java Keystore (JKS) certificates within the current domain using the REST APIs described in the following use case. Specifically, this use case shows you how to:
View all aliases in the JKS keystore.
Import a trusted certificate into the JKS keystore.
View a trusted certificate in the JKS keystore.
Delete a trusted certificate from the JKS keystore.
Note:
For information about JKS keystore management, see "Configuring Keystores for Message Protection" in Security and Administrator's Guide for Web Services.To manage JKS keystores using the REST API:
View all of the aliases that currently exist in the JKS keystore within the current domain:
curl -i -X GET -u username:password http://myhost:7001/idaas/platform/admin/v1/keystore
For more information about the cURL command-line options, see "cURL Access".
The following shows an example of the response, showing all aliases in the JKS keystore.
{
"aliases":"oratest,orakey,testkey,jkstest,ms-oauthkey"
}
For more information, see "View All Aliases in the JKS Keystore".
Import the trusted certificate into the JKS keystore at the specified alias, by performing the following steps:
Create a JSON document, importjks.json, that defines the trusted certificate to import into the JKS keystore.
The following shows an example of the request document. In this example, the trusted certificate provided must be Base64-encoded and the component type must be set to JKS for this release.
{ "component":"JKS",
"certificate": "Base64-encoded certificate"
}
For more information about the request attributes, see "Import a Trusted Certificate into the JKS Keystore".
Using cURL, import the trusted certificate, specifying the alias of the trusted key to be imported, mytestkey, and passing the JSON request document defined in the previous step.
curl -i -X POST -u username:password -H Content-type:application/json --data @importjks.json http://myhost:7001/idaas/platform/admin/v1/keystore/mytestkey
For more information about the cURL command-line options, see "cURL Access".
The following shows an example of the response indicating the request succeeded.
{
"STATUS":"Succeeded",
"SUBJECT_DN":"CN=y,OU=y,O=y,L=y,ST=y,C=y"
}
For more information, see "Import a Trusted Certificate into the JKS Keystore".
View the trusted certificate that you imported in step 3:
curl -i -X GET -u username:password http://myhost:7001/idaas/platform/admin/v1/keystore/mytestkey
For more information about the cURL command-line options, see "cURL Access".
The following shows an example of the response, showing the details for the trusted certificate.
{
"SUBJECT_DN":"CN=y,OU=y,O=y,L=y,ST=y,C=y",
"ISSUER_DN":"CN=y,OU=y,O=y,L=y,ST=y,C=y",
"NOT_BEFORE":"Thu Jul 03 04:00:16 PDT 2014",
"NOT_AFTER":"Wed Oct 01 04:00:16 PDT 2014",
"SERIAL_NO":"1784168778",
"SIGNING_ALGORITHM":"1.2.840.10040.4.3",
"CONTENT":"-----BEGIN CERTIFICATE-----\
Base64-encoded certificate
-----END CERTIFICATE-----",
"SIGNATURE": "Base64-encoded signature key",
"Extensions": "{subjectKeyIDExtension {oid = 2.5.29.14, critical = false, value = f74ca5c1016d848260c749884e2b710c5fecc7b8}}"
}
For more information, see "View a Trusted Certificate in the JKS Keystore".
Delete the trusted certificate from the JKS keystore.
curl -i -X DELETE -u username:password http://myhost:7001/idaas/platform/admin/v1/keystore/mytestkey
For more information about the cURL command-line options, see "cURL Access".
The following shows an example of the response indicating the request succeeded.
{
"STATUS": "Succeeded"
}
For more information, see "Delete a Trusted Certificate from the JKS Keystore".
You can view and manage Keystore Service (KSS) keystores using the REST APIs described in the following use case. Specifically, this use case shows you how to:
Create a KSS keystore
View all KSS keystores for a stripe
Import a trusted certificate into the KSS keystore
View a trusted certificate in the JKS keystore
Delete the KSS keystore
Note:
For more information about KSS keystore management, see "Configuring the OPSS Keystore Service for Message Protection" in Security and Administrator's Guide for Web Services.To manage KSS keystores using the REST API:
Create a KSS keystore by performing the following steps:
Create a JSON document, createkss.json, that defines the KSS keystore that you want to create.
The following shows an example of the request document. In this example, the KSS stripe and keystore names are myStripe and myKeystore, respectively; the password for the KSS keystore is password; and the KSS keystore created is not permission-based.
{
"stripe" : "myStripe",
"keystore" : "myKeystore",
"pwd" : "password",
"permission" : "false"
}
For more information about the request attributes, see "Create a KSS Keystore".
Using cURL, create a KSS keystore, passing the JSON document defined in the previous step.
curl -i -X POST -u username:password -H Content-Type:application/json --data @createkss.json http://myhost:7001/idaas/platform/admin/v1/keystoreservice
For more information about the cURL command-line options, see "cURL Access".
The following shows an example of the response indicating the request succeeded.
{
"STATUS": "Succeeded"
}
For more information, see "Create a KSS Keystore".
View all KSS keystores for a stripe to confirm the KSS keystore was created.
curl -i -X GET -u username:password http://myhost:7001/idaas/platform/admin/v1/keystoreservice/myStripe
For more information about the cURL command-line options, see "cURL Access".
The following shows an example of the response, showing all KSS keystores in the stripe:
{
"keystore 1:"myKeystore"
}
For more information, see "View All KSS Keystores for a Stripe".
Import a trusted certificate into the KSS keystore by performing the following steps:
Create a JSON document, importkss.json, that defines the details of the trusted certificate that you want to import into the KSS keystore.
The following shows an example of the request document. In this example, the KSS keystore is identified by its stripe and keystore names, myStripe and myKeystore, respectively; the KSS keystore password, password, is required; the alias for the key is myAlias; the certificate is defined as a TrustedCertificate; and keystoreEntry specifies the encrypted certificate contents.
{
"keyAlias" : "myAlias",
"keystoreEntry":
"Base64-encoded certificate",
"keystoreEntryType" : "TrustedCertificate",
"keystoreName" : "myKeystore",
"stripeName" : "myStripe",
"keystorePassword" : "password"
}
For more information about the request attributes, see "Import a Trusted Certificate into a KSS Keystore".
Using cURL, import a trusted certificate into the KSS keystore, passing the JSON document defined in the previous step.
curl -i -X POST -u username:password -H Content-Type:application/json --data @importcertkss.json http://myhost:7001/idaas/platform/admin/v1/keystoreservice/certificates
For more information about the cURL command-line options, see "cURL Access".
The following shows an example of the response indicating the request succeeded.
{
"STATUS": "Succeeded"
"SUBJECT_DN": "CN=y,OU=y,O=y,L=y,ST=y,C=y"
}
For more information, see "Import a Trusted Certificate into a KSS Keystore".
View the trusted certificate that you just imported into the KSS keystore.
curl -i -X GET -u username:password -H keystorePassword:password== http://myhost:7001/idaas/platform/admin/v1/keystoreservice/certificates?"stripeName=myStripe&keystoreName=myKeystore&keyAlias=myAlias&keystoreEntryType=TrustedCertificate"
You must pass query parameters to define the stripe name, keystore name and entry type, and alias name associated with the trusted certificate you want to view.
For more information about the cURL command-line options, see "cURL Access".
The following shows an example of the response, showing the details of the trusted certificate.
{
"SUBJECT_DN":"CN=y,OU=y,O=y,L=y,ST=y,C=y",
"ISSUER_DN":"CN=y,OU=y,O=y,L=y,ST=y,C=y",
"NOT_BEFORE":"Fri Jul 25 02:45:11 PDT 2014",
"NOT_AFTER":"Thu Oct 23 02:45:11 PDT 2014",
"SERIAL_NO":"982191050",
"SIGNING_ALGORITHM":"1.2.840.10040.4.3",
"CONTENT":"-----BEGIN CERTIFICATE-----
Base64-encoded certificate
-----END CERTIFICATE-----",
"SIGNATURE":Base64-encoded signature key",
"Extensions":"{subjectKeyIDExtension {oid = 2.5.29.14 critical = false, value = 329b98f6b6225e92ca52513d3bfc43ee02aa9121}}"
}
For more information, see "View a Trusted Certificate in the KSS Keystore".
Delete the KSS keystore.
curl -i -X DELETE -u username:password -H keystorePassword:password== http://myhost:7001/idaas/platform/admin/v1/keystoreservice?"stripeName=myStripe&keystoreName=myKeystore"
For more information about the cURL command-line options, see "cURL Access".
You must pass query parameters to define the stripe and keystore name of the KSS keystore you want to delete. For more information, see "Delete a KSS Keystore".
The following shows an example of the response indicating the request succeeded.
HTTP/1.1 204 No Content