Before using the REST API to view and manage Java Keystore (JKS) keystores within a domain, you need to understand how to access the REST resources and other important concepts.
For more information, see "About the REST API".
For information about JKS keystore management, see "Configuring Keystores for Message Protection" in Administering Web Services.
This chapter includes the following sections:
Representational state transfer (REST) resources enable you to view and manage JKS keystores.
You can view and manage JKS keystores within a domain using a set of representational state transfer (REST) resources, as summarized below.
| Task | Method | Resource Path |
|---|---|---|
|
|
|
|
|
POST Specified Alias Trusted Certificate JKS Keystore Method |
|
|
|
|
|
|
|
|
|
|
|
|
|
Use the GET method to get all aliases for the trusted certificate entries in the JKS keystore.
REST Request
GET /idaas/platform/admin/v1/keystore
Response Body
Media types for the request or response body: application/json
The response body contains the list of aliases:
| Attribute | Description |
|---|---|
|
|
Comma-separated list of aliases. |
cURL Example
The following example shows how to view all aliases for the trusted certificate entries in the JKS keystore by submitting a GET request on the REST resource using cURL.
curl -i -X GET -u username:password http://myhost:7001/idaas/platform/admin/v1/keystore
Example of Response Header
The following shows an example of the response header. For more about the HTTP status codes, see HTTP Status Codes for HTTP Methods
HTTP/1.1 200 OK
Example of Response Body
The following shows an example of the response body in JSON format.
TESTED
{
"aliases":"oratest,orakey,testkey,jkstest,ms-oauthkey"
}
Use the POST method to import a trusted certificate at the specified alias into the JKS keystore. The certificate must be Base64 encoded.
REST Request
POST /idaas/platform/admin/v1/keystore/{alias}
Parameters
The following table summarizes the POST request parameter.
| Name | Description | Type |
|---|---|---|
|
|
Alias of the trusted certificate to be imported. The alias will be created. The alias must not already exist in the JKS keystore; otherwise, the request will fail. |
Path |
Request Body
Media types for the request body: application/json
The request body contains the details of the import request:
| Attribute | Description |
|---|---|
|
|
Base64-encoded certificate. |
|
|
Component to which the certificate is imported. This value must be set to |
Response Body
Media types for the response body: application/json
The response body returns the status of the import operation, including:
| Attribute | Description |
|---|---|
|
|
If |
|
|
If |
|
|
Status of operation. For example, |
|
|
Subject DN list that was imported. |
cURL Example
The following example shows how to import a trusted certificate into the JKS keystore by submitting a POST request on the REST resource using cURL.
TESTED
curl -i -X POST -u username:password --data @importjkscert.json -H Content-Type:application/json http://myhost:7001/idaas/platform/admin/v1/keystore/mytestkey
Example of Request Body
The following shows an example of the request body in JSON format.
{ "component":"JKS",
"certificate": "Bese64-encoded certificate"
}
Example of Response Header
The following shows an example of the response header. For more about the HTTP status codes, see HTTP Status Codes for HTTP Methods
HTTP/1.1 200 OK
Example of Response Body
The following shows an example of the response body in JSON format.
{
"STATUS": "Succeeded",
"SUBJECT_DN": "CN=y,OU=y,O=y,L=y,ST=y,C=y"
}
Use the POST method to import a PKCS#7 trusted certificate or a certificate chain associated with a private key indicated by the specified alias into the JKS keystore.
REST Request
POST /idaas/platform/admin/v1/keystore/pkcs7/{alias}
Parameters
The following table summarizes the POST request parameter.
| Name | Description | Type |
|---|---|---|
|
|
Alias of the private key for which the trusted PKCS#7 certificate will be imported. The alias must already in the JKS keystore. |
Path |
Request Body
Media types for the request body: application/json
The request body contains the details of the import request:
| Attribute | Description |
|---|---|
|
|
Base64-encoded certificate. |
|
|
Component to which the certificate is imported. This value must be set to |
|
|
Password for the private key. |
Response Body
Media types for the response body: application/json
The response body returns the status of the import operation, including:
| Attribute | Description |
|---|---|
|
|
If |
|
|
If |
|
|
Status of operation. For example, |
|
|
Subject DN list that was imported. |
cURL Example
The following example shows how to import a trusted PKCS#7 certificate into the JKS keystore by submitting a POST request on the REST resource using cURL.
curl -i -X POST -u username:password --data @importjkscert.json -H Content-Type:application/json http://myhost:7001/idaas/platform/admin/v1/keystore/pkcs7/myprivatekey
Example of Request Body
The following shows an example of the request body in JSON format.
{
"component":"JKS",
"certificate": "Bese64-encoded certificate",
"keyPassword" : "Password"
}
Example of Response Header
The following shows an example of the response header. For more about the HTTP status codes, see HTTP Status Codes for HTTP Methods
HTTP/1.1 200 OK
Example of Response Body
The following shows an example of the response body in JSON format.
{
"STATUS": "Succeeded",
"SUBJECT_DN": "CN=y,OU=y,O=y,L=y,ST=y,C=y"
}
Use to GET method to view details of the trusted certificate at the specified alias in the JKS keystore.
If the alias specifies a keyStore.TrustedCertificateEntry, the details of the trusted certificate are returned. If the alias specifies a KeyStore.PrivateKeyEntry, the first certificate in the trusted certificate chain is returned.
REST Request
GET /idaas/platform/admin/v1/keystore/{alias}
Parameters
The following table summarizes the GET request parameters.
| Name | Description | Type |
|---|---|---|
|
|
Name of alias for which you want to view a trusted certificate. |
Path |
Response Body
Media types for the request or response body: application/json
The response body contains information about the certificate, including:
| Attribute | Description |
|---|---|
|
|
Contents of the Base64-encoded certificate. |
|
|
Optional extensions that are used to issue a certificate for a specific purpose. Each extension includes the following:
|
|
|
List of trusted distinguished names. |
|
|
Date the certificate expires. |
|
|
Date the certificate is activated. |
|
|
Serial number of the JKS keystore. |
|
|
Base64-encoded signature key. |
|
|
Signing algorithm for the alias. |
|
|
Subject distinguished names list. |
cURL Example
The following example shows how to view all certificates for an alias in the JKS keystore by submitting a GET request on the REST resource using cURL.
TESTED
curl -i -X GET -u username:password http://myhost:7001/idaas/platform/admin/v1/keystore/mytestkey
Example of Response Header
The following shows an example of the response header. For more about the HTTP status codes, see HTTP Status Codes for HTTP Methods
HTTP/1.1 200 OK
Example of Response Body
The following shows an example of the response body in JSON format.
{
"SUBJECT_DN":"CN=weblogic,OU=Testkey for JKS Mbean test,O=Oracle,L=testcity,ST=teststate,C=us",
"ISSUER_DN":"CN=weblogic,OU=Testkey for JKS Mbean test,O=Oracle,L=testcity,ST=teststate,C=us",
"NOT_BEFORE":"Tue Jun 25 02:20:38 PDT 2013",
"NOT_AFTER":"Wed Nov 27 01:20:38 PST 2052",
"SERIAL_NO":"1372152038",
"SIGNING_ALGORITHM":"1.2.840.113549.1.1.5",
"CONTENT":"-----BEGIN CERTIFICATE-----\n
Bese64-encoded certificate\n
-----END CERTIFICATE-----",
"SIGNATURE":"Bese64-encoded signature key",
"Extensions":"{subjectKeyIDExtension {oid = 2.5.29.14 critical = false, value = 329b98f6b6225e92ca52513d3bfc43ee02aa9121}}"
}
Use the Delete method to delete a trusted certificate (keyStore.TrustedCertificateEntry) with the specified alias from the JKS keystore. You cannot delete the keyStore.PrivateKeyEntry.
REST Request
DELETE /idaas/platform/admin/v1/keystore/{alias}
Parameters
The following table summarizes the DELETE request parameters.
| Name | Description | Type |
|---|---|---|
|
|
Alias of the trusted certificate entry to be deleted. |
Path |
Response Body
Media types for the request or response body: application/json
The response body returns the status of the delete operation, including:
| Attribute | Description |
|---|---|
|
|
If |
|
|
If |
|
|
Status of operation. For example, |
cURL Example
The following example shows how to delete a trusted certificate from the keystore by submitting a DELETE request on the REST resource using cURL.
TESTED
curl -i -X DELETE -u username:password http://myhost:7001/idaas/platform/admin/v1/keystore/testalias
Example of Response Header
The following shows an example of the response header. For more about the HTTP status codes, see HTTP Status Codes for HTTP Methods
HTTP/1.1 200 OK
Example of Response Body
The following shows an example of the response body in JSON format.
{
"STATUS": "Succeeded"
}