Public key infrastructure (PKI) is a security architecture that provides an increased level of confidence when exchanging information over the Internet. Oracle PKI SDK provides packages for PKI, LDAP, and timestamp functions for developing PKI-aware applications.
We explain PKI features and the various sub-packages of Oracle PKI:
You can use Oracle public key infrastructure (PKI) Software Development Kit (SDK) for certificate management protocol (CMP). Oracle PKI CMP SDK allows Java developers to quickly implement certificate management functionality such as issuing and renewing certificates, creating and publishing CRLs, and providing key recovery capabilities.
Oracle PKI CMP SDK provides packages that implement certificate management protocol (CMP) as described in RFC 2510, and certificate request message format (CRMF) as described in RFC 2511.
The Oracle PKI CMP SDK provides the following features and functionality:
Oracle PKI CMP SDK conforms to RFC 2510, and is compatible with other products that conform to this certificate management protocol (CMP) specification. RFC 2510 defines protocol messages for all aspects of certificate creation and management.
Oracle PKI CMP SDK conforms to RFC 2511, and is compatible with other products that conform to this certificate request message format (CRMF) specification. RFC 2511 describes the Certificate Request Message Format (CRMF), which is used to convey X.509 certificate requests to a Certification Authority (CA).
The Oracle PKI CMP SDK toolkit contains the following packages:
The oracle.security.crypto.cmp package provides classes that implement certificate management protocol (CMP) as described in RFC 2510, and certificate request message format (CRMF) as described in RFC 2511.
The oracle.security.crypto.cmp.attribute package provides attribute classes for registration controls, registration information, and general information. This package includes the following classes and their subclasses:
RegistrationControl
RegistrationInfo
InfoTypeAndValue (which extends oracle.security.crypto.cert.AttributeTypeAndValue)
The oracle.security.crypto.cmp.transport package provides classes for CMP and CRMF transport protocols. It includes the TCPMessage class and its specific message-type subclasses.
The Oracle Security Developer Tools are installed with Oracle WebLogic Server in ORACLE_HOME. In order to use Oracle PKI CMP SDK, your system must have the Java Development Kit (JDK) version 1.6 or higher. Your CLASSPATH environment variable must contain the full path and file names to all of the required jar and class files.
Make sure the following items are included in your CLASSPATH:
osdt_core.jar
osdt_cert.jar
osdt_cms.jar
osdt_cmp.jar
For example, your classpath may look like:
%ORACLE_HOME%\modules\oracle.osdt_11.1.1\osdt_core.jar; %ORACLE_HOME%\modules\oracle.osdt_11.1.1\osdt_cert.jar; %ORACLE_HOME%\modules\oracle.osdt_11.1.1\osdt_cms.jar; %ORACLE_HOME%\modules\oracle.osdt_11.1.1\osdt_cmp.jar
Oracle Fusion Middleware Java API Reference for Oracle Security Developer Tools guide explains the classes and methods available in Oracle PKI CMP SDK.
You can access the guide at:
Oracle Fusion Middleware Java API Reference for Oracle Security Developer Tools
Oracle PKI OCSP SDK allows Java developers to quickly develop Online Certificate Status Protocol (OCSP) enabled client applications and OCSP responders that conform to RFC 2560 specifications.
This section contains the following topics:
Oracle PKI OCSP SDK conforms to RFC 2560 specifications. It provides classes and methods to constructing OCSP request messages, responses, and OSCP server implementations.
Oracle PKI OCSP SDK provides the following features and functionality:
Oracle PKI OCSP SDK conforms to RFC 2560 and is compatible with other products that conform to this specification, such as Valicert's Validation Authority. RFC 2560 specifies a protocol useful in determining the current status of a digital certificate without requiring CRLs.
The Oracle PKI OCSP SDK API provides classes and methods for constructing OCSP request messages that can be sent through HTTP to any RFC 2560 compliant validation authority.
The Oracle PKI OCSP SDK API provides classes and methods for constructing responses to OCSP request messages, and an OCSP server implementation that you can use as a basis for developing your own OCSP server to check the validity of certificates you have issued.
The Oracle Security Developer Tools are installed with Oracle WebLogic Server in ORACLE_HOME. In order to use Oracle PKI OCSP SDK, your system must have the Java Development Kit (JDK) version 1.6 or higher. Also, make sure that your PATH environment variable includes the Java bin directory. Your CLASSPATH environment variable must contain the full path and file names to all of the required jar and class files.
Make sure the following items are included in your CLASSPATH:
osdt_core.jar
osdt_cert.jar
osdt_ocsp.jar
For example:
setenv CLASSPATH $CLASSPATH:$ORACLE_HOME/modules/oracle.osdt_11.1.1/osdt_core.jar: $ORACLE_HOMEmodules/oracle.osdt_11.1.1/osdt_cert.jar: $ORACLE_HOMEmodules/oracle.osdt_11.1.1/osdt_ocsp.jar
See Also:
The Oracle Fusion Middleware Java API Reference for Oracle Security Developer Tools guide explains the classes and methods available in Oracle PKI OCSP SDK.
You can access the guide at:
Oracle Fusion Middleware Java API Reference for Oracle Security Developer Tools
Oracle PKI TSP SDK allows Java developers quickly implement time-stamping functionality within a public key infrastructure (PKI) framework.
This section contains the following topics:
Oracle PKI TSP SDK conforms to RFC 3161 and is compatible with other products that conform to this time stamp protocol (TSP) specification. It provides a sample implementation of a TSA server which you can use for testing TSP request messages, or as a basis for developing your own time stamping service.
Oracle PKI TSP SDK contains the following classes and interfaces:
Table 6-1 Oracle PKI TSP SDK Classes and Interfaces
| Class or Interface Name | Description |
|---|---|
|
|
Defines various constants associated with the Time Stamp Protocol (TSP). |
|
|
Implementation of a TSP request message over HTTP. |
|
|
Implementation of a TSP response message over HTTP. |
|
|
This class represents a |
|
|
This class represents a |
|
|
A content handler for TSP over HTTP. |
|
|
A TSP message. |
|
|
A TSP message of type |
|
|
A TSP message of type |
|
|
Defines various utility methods for the |
The Oracle Security Developer Tools are installed with Oracle WebLogic Server in ORACLE_HOME. In order to use Oracle PKI TSP SDK, your system must have the Java Development Kit (JDK) version 1.6 or higher. Also, make sure that your PATH environment variable includes the Java bin directory. Your CLASSPATH environment variable must contain the full path and file names to all of the required jar and class files.
Make sure the following items are included in your CLASSPATH:
osdt_core.jar
osdt_cert.jar
osdt_cms.jar
osdt_cmp.jar
osdt_tsp.jar
For example:
setenv CLASSPATH $CLASSPATH:$ORACLE_HOME/modules/oracle.osdt_11.1.1/osdt_core.jar: $ORACLE_HOME/modules/oracle.osdt_11.1.1/osdt_cert.jar: $ORACLE_HOME/modules/oracle.osdt_11.1.1/osdt_cms.jar: $ORACLE_HOME/modules/oracle.osdt_11.1.1/osdt_cmp.jar; $ORACLE_HOME/modules/oracle.osdt_11.1.1/osdt_tsp.jar
See Also:
The Oracle Fusion Middleware Java API Reference for Oracle Security Developer Tools guide explains the classes and methods available in Oracle PKI TSP SDK.
You can access the guide at:
Oracle Fusion Middleware Java API Reference for Oracle Security Developer Tools
Oracle PKI LDAP SDK allows Java developers quickly implement operations that involve publishing and retrieving digital certificates from a directory server.
This section contains the following topics:
Oracle PKI LDAP SDK provides classes and methods to access, validate, and manage a digital certificate within an LDAP directory.
Oracle PKI LDAP SDK provides facilities for accessing a digital certificate within an LDAP directory. Some of the tasks you can perform with Oracle PKI LDAP SDK are:
Validating a user's certificate in an LDAP directory
Adding a certificate to an LDAP directory
Retrieving a certificate from an LDAP directory
Deleting a certificate from an LDAP directory
The oracle.security.crypto.LDAP package contains two classes:
LDAPCertificateValidator, which validates a user certificate by checking whether it exists in its subject's LDAP directory entry
LDAPUtils, which is a collection of methods to add, retrieve, and remove certificates from a subject's LDAP directory entry
The Oracle Security Developer Tools are installed with Oracle WebLogic Server in ORACLE_HOME. You must have Java Development Kit (JDK) version 1.6 or higher and Oracle's Java Naming and Directory Interface (JNDI) version 1.2.1 or higher in your system. Your CLASSPATH environment variable must contain the full path and file names to all of the required jar and class files.
To use Oracle PKI LDAP SDK, your system must have the following:
Java Development Kit (JDK) version 1.6 or higher. Also, make sure that the Java bin directory is added to your PATH environment variable.
Oracle's Java Naming and Directory Interface (JNDI) version 1.2.1 or higher. You must add all of the JNDI jar files to your CLASSPATH.
Make sure the following items are included in your CLASSPATH:
osdt_core.jar
osdt_cert.jar
osdt_ldap.jar
jndi.jar, ldapbp.jar, ldap.jar, jaas.jar, and providerutil.jar (Oracle's Java Naming and Directory Interface (JNDI))
For example:
%ORACLE_HOME%\modules\oracle.osdt_11.1.1\osdt_core.jar; %ORACLE_HOME%\modules\oracle.osdt_11.1.1\osdt_cert.jar; %ORACLE_HOME%\modules\oracle.osdt_11.1.1\osdt_ldap.jar;
See Also:
The Oracle Fusion Middleware Java API Reference for Oracle Security Developer Tools guide explains the classes and methods available in Oracle PKI LDAP SDK.
You can access the guide at:
Oracle Fusion Middleware Java API Reference for Oracle Security Developer Tools