Migrating to the JCE Framework 2-5 You can create the java.security.cert.CRL object: ■ from an input stream ■ by using java.security.cert.CertificateFactory The input stream can be one of the following: ■ FileInputSream, if the CRL is stored in a file ■ ByteArrayInputStream, if the encoded bytes were obtained from an old oracle.security.crypto.cert.CRL object ■ any other source Here is an example of a CRL object creation: CertificateFactory cf = CertificateFactory.getInstanceX.509; 509Certificate cert = X509Certificatecf.generateCRL new FileInputStreamcrlFileName; where the crlFileName is the name of the CRL file.

2.5 JCE Keystores

Oracle Security Developer Tools provide four types of keystore: 1. the JKS keystore, which is Sun Microsystems implementation of the java.security.KeyStore interface 2. the Oracle wallet, which is Oracles implementation of the java.security.KeyStore interface 3. the PKCS12 wallet, which is a proprietary Oracle interfaceimplementation of PKCS12 4. the PKCS8 wallet, which is a proprietary Oracle interfaceimplementation of PKCS8

2.5.1 Working with standard KeyStore-type Wallets

You can instantiate a Keystore object using either a Sun Microsystems provider or an Oracle provider depending on the keystore format. Sun Microsystems Keystore This example instantiates a JKS keystore for the Sun Microsystems provider: java.security.KeyStore keystore = KeyStore.getInstanceJKS, SUN; Oracle Keystore This example instantiates a PKCS12 wallet for the Oracle provider: java.security.KeyStore keystore = KeyStore.getInstancePKCS12, OraclePKI; Loading a Keystore File You perform this task with the keystore.load method: keystore.loadnew FileInputStreamwalletFile, pass; 2-6 Oracle Fusion Middleware Reference for Oracle Security Developer Tools Certificate Retrieval To retrieve a certificate and private key using an alias: Key key = keystore.getKeyalias; Certificate cert = keystore.getCertalias; If the alias is not known in advance, you can list all aliases by calling: keystore.aliases;

2.5.2 Working with PKCS12 and PKCS8 Wallets

If you maintain keystores in the PKCS12 or PKCS8 oracle wallet format, you can retrieve keys, certificates or CRLs from those stores in Oracle Security Developer Tools format. Key Retrieval In Oracle wallets, the key is found in oracle.security.crypto.core.PrivateKey. After retrieval, you can convert the keys into the JCE key format, using the utility class PhaosJCEKeyTranslator. For more information, see Section 2.2.1, Converting an Existing Key Object to a JCE Key Object . Certificate Retrieval In Oracle wallets, the certificate is found in oracle.security.crypto.cert.X509. After retrieval, you can:

1. get the encoded value of the X509 certificate, for example X509.getEncoded;

2. use the CertificateFactory to create a X509Certificate instance, based on the

encoded bytes value. For more information, see . Section 2.3, JCE Certificates . CRL Retrieval In Oracle wallets, the CRL is found in oracle.security.crypto.cert.CRL. After retrieval, you can: 1. get the encoded value of the CRL, for example CRL.getEncoded; 2. use the CertificateFactory to create a java.security.cert.CRL instance, based on the encoded bytes value. For more information, see . Section 2.4, JCE Certificate Revocation Lists CRLs . 3 Oracle Crypto 3-1 3 Oracle Crypto This chapter provides information about using the Oracle Crypto Software Development Kit SDK. Oracle Crypto allows Java developers to create applications that ensure data security and integrity. This chapter contains the following topics: ■ Oracle Crypto Features and Benefits