Introduction to Oracle Security Developer Tools 1-15 ■ X.509 Version 3 Certificates, as defined in RFC 3280 ■ Full PKCS12 support ■ PKCS10 support for certificate requests ■ CRL s as defined in RFC 3280 ■ Implementation of Signed Public Key And Challenge SPKAC ■ Support for X.500 Relative Distinguished Name ■ PKCS7 support for wrapping X.509 certificates and CRLs ■ Implementation of standard X.509 certificates and CRL extensions

1.6.5 Oracle CMS

Oracle CMS provides an extensive set of tools for reading and writing CMS objects, and supporting tools for developing secure message envelopes. Oracle CMS implements the IETF Cryptographic Message Syntax specified in RFC-2630. Oracle CMS implements all the RFC-2630 content types.

1.6.6 Oracle SMIME

Oracle SMIME provides the following SecureMultipurpose Internet Mail Extension SMIME features: ■ Full support for X.509 Version 3 certificates with extensions, including certificate parsing and verification ■ Support for X.509 certificate chains in PKCS7 and PKCS12 formats ■ Private key encryption using PKCS5 , PKCS8 , and PKCS12 ■ An integrated ASN.1 library for input and output of data in ASN.1 DER BER format

1.6.7 Oracle PKI SDK

Oracle PKI SDK contains a set of tools for working with digital certificate s, including access to LDAP directories, date stamping of digital messages, certificate validation, and certificate management. It includes the following toolkits: ■ Oracle PKI LDAP SDK ■ Oracle PKI TSP SDK ■ Oracle PKI OCSP SDK ■ Oracle PKI CMP SDK

1.6.7.1 Oracle PKI LDAP SDK

Oracle PKI LDAP SDK provides facilities for accessing a digital certificate within an LDAP directory. Some of the tasks you can perform using the Oracle PKI LDAP SDK are: ■ Validating a user’s certificate in an LDAP directory ■ Adding a certificate to an LDAP directory ■ Retrieving a certificate from an LDAP directory ■ Deleting a certificate from an LDAP directory 1-16 Oracle Fusion Middleware Reference for Oracle Security Developer Tools

1.6.7.2 Oracle PKI TSP SDK

The Oracle PKI TSP SDK provides the following features and functionality: ■ Oracle PKI TSP SDK conforms to RFC 3161 and is compatible with other products that conform to this time stamp protocol TSP specification. ■ Oracle PKI TSP SDK provides an example implementation of a TSA server to use for testing TSP request messages, or as a basis for developing your own time stamping service.

1.6.7.3 Oracle PKI OCSP SDK

The Oracle PKI OCSP SDK provides the following features and functionality: ■ The Oracle PKI OCSP SDK conforms to RFC 2560 and is compatible with other products that conform to this specification, such as Valicert’s Validation Authority. ■ The Oracle PKI OCSP SDK API provides classes and methods for constructing OCSP request messages that can be sent through HTTP to any RFC 2560 compliant validation authority. ■ The Oracle PKI OCSP SDK API provides classes and methods for constructing responses to OCSP request messages, and an OCSP server implementation that you can use as a basis for developing your own OCSP server to check the validity of certificates you have issued.

1.6.7.4 Oracle PKI CMP SDK

The set of functions supported by certificate management protocol CMP messages are: ■ Registration of an entity, which takes place prior to issuing a certificate ■ Initialization, such as the generation of a key pair ■ Certification issuing certificates ■ Key pair recovery for reissuing lost keys ■ Key pair updates when a certificate expires and a new key pair and certificate needs to be generated ■ Revocation requests to the CA to include a certificate in a CRL ■ Cross-certification between two CAs The Oracle PKI CMP SDK conforms to RFC 2510 and is compatible with other products that conform to this certificate management protocol CMP specification. In addition, it conforms to RFC 2511 and is compatible with other products that conform to this certificate request message format CRMF specification.

1.6.8 Oracle XML Security