OESECTOOL includes general utilities to configure OAuth2 and SAML resources needed for development and testing. These utilities can:
  • List available commands.
  • Generate a sample configuration command.
  • Check port availability.
  • Generate and parse tokens.
  • Import and export certificates.

The utilities use this syntax: 

oesectool[.sh|.bat] command [parameters]
Note: If a command requires a password, you are prompted to enter a valid password.

Commands

command
The utility commands include:
Command Description
catalina_opts Provides a command template for System Administrators to set the PAS for OpenEdge instance truststore to the OESECTOOL-created truststore containing self-signed certificates for testing purposes, when using HTTPS requests. 
set CATALINA_OPTS=-Djavax.net.ssl.trustStore="C:\oesectool\work\sslkeystore.p12"
 -Djavax.net.ssl.trustStorePassword=yourpassword
checkports Checks port availability. 
-port portnumber -ports portnumber
expcert Exports a public key certificate.
-keystore keystorefilepath -alias keyalias -cert certificatefilepath 
[-askoverwrite]
genjwe Generates a JWE token. 
-keystore keystorefilepath -payload jsonpayloadfilepath -jwe jwetokenfilepath 
-sigalias signaturekeyalias -sigalg signaturealgorithm
-encalias encryptionkeyalias -encalg encryptionalgorithm 
-encmethod encryptionmethod [-askoverwrite] [-askoverwrite]
genjws Generates a JWS token. 
-keystore keystorefilepath -payload jsonpayloadpath -jws jwsfilepath 
-sigalias signaturekeyname -sigalg signaturealgorithm [-askoverwrite]
help Provides a list of commands.
impcert Imports a public key certificate.
-keystore keystorefilepath -alias certificatealias -cert certificatefilepath
parsejwe Decrypts a JWE token to extract a JWS token and validates the JWS signature.
-keystore keystorefilepath -jwe jwetokenfilepath -sigalias signaturekeyname 
-encalias encryptionkeyalias
parsejws Parses and validates a JWS token. 
-keystore keystorefilepath -jws jwstokenfilepath -sigalias signaturekeyname
Note: The OpenEdge Advanced Security add-on is required to use JWE tokens.
parameter
The utility parameters include:
Parameter Description
-alias Certificate alias
-askoverwrite Optional. Asks whether to overwrite message, yes or no. The default value is yes.
-cert certificatefilepath Path to a certificate file
-encalg encryptionalgorithm Encryption algorithm
-encalias encryptionkeyalias The encryption key alias supplied by the PAS for OpenEdge System Administrator and added to the keystore.
-encmethod encryptionmethod Encryption method
-jwe jwetokenfilepath JWE token file path
-jws jwsfilepath JWS token file path
-keystore keystorefilepath Path to keystore file
-payload jsonpayloadfilepath Payload JSON file path
-port portnumber Port number for HTTP requests
-ports portnumber Port number for HTTPS requests
-sigalias signaturekeyalias Signature key alias
-sigalg signaturealgorithm Signature algorithm

Import certificates

To import a public key certificate, use: 
oesectool.bat impcert -keystore C:\oesectool\work\keystore.p12 -alias newsigkey 
-cert C:\temp\cert3.crt

Export certificates

To export a public key certificate, use: 
oesectool.bat expcert -keystore C:\oesectool\work\keystore.p12 -alias defsigkey 
-cert C:\temp\cert2.crt
The output is: 
-----BEGIN CERTIFICATE-----
MIICpjCCAY6gAwIBAgIGAYlp87k9MA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNVBAMM
CWxvY2FsaG9zdDAeFw0yMzA3MTgxNzAyMDdaFw0zMzA3MTgxNzAyMDdaMBQxEjAQ
BgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AJ4jkTYzOOLjAWGamoHyNc60t2dbHPujx9akbsggKacwLtSmnGy78T6+jCoBNYdO
5a5Q+YRksieecA82H/Lj3XG9L3g8zLWp0aKxBcKaKqaC72bZdidUG9XqB504ndm/
V9Bl3c/VCqlerIZ4m3xSv5w2BzSvvvMiqLlP60d+VaLVgdCHN+l7QIQoLTd1e7Hm
Oxv4LCnMOtaqFMZQ6A7DKrBU+KWeT1sun0zVkgFYh5GMrpiZ+hTfiPpJH2sc/uZp
txBe76CPC50IQxzPn3ehFEC26tBywJGHM4RtHVSdFgVTKs/PlSG9Toi0HFlI6C3O
iCKtFQ7tV2i/h+hhmJL+ROECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEARdUFZf/O
lgCTi1SeBgzDQVMQQCeOpTJ8GKy+9E0ByFwkWHPzeVVQF2ZBh20OHcuxaquDydhC
D/TzrLTZgy4E/95LsVDPnK5BinhgrpK06XJ4Vzqnh6OcAdyCg+7tE3TKYoTnPBJX
Ubj15yz+ScHEPGfzzaMibObyudCoLPDTmaB6HN2BzX8DBhogrxEdnbHAUBTho5hJ
sNs9/WWEbz/WfHahDb1lpb778VW7unBMkr8cJwmI6k/OJbzL3AyGnFBbF1Ch7CnP
vElFmqkbB0X6qyhJFp/AkAR1OwLbRDf3H4cetge2xVmCFlgY1Azoxa1qMVLrVgpv
rosMYjcN6l1Gjw==
-----END CERTIFICATE-----

Creating keys and certificates

For more information about creating keys and certificates, see Manage OpenEdge Keys and Certificates.

Generate a JWS token example

To generate a JWS token, use: 

oesectool genjws -keystore C:\oesectool\work\keystore.p12 
-payload C:\oesectool\work\TokenArrayPayload.json 
-sigalias defsigkey -sigalg RS256
-jws C:\oesectool\work\jwsToken
Note: The command has been reformatted.
The generated jwsToken file is: 
eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiI3OTY1YmJhNC1iNjVkLTQyMTItYWRjNy02YmQyN2VmZjE4MGU
iLCJCb29sZWFuQ2xhaW0iOlt0cnVlLGZhbHNlXSwiaXNzIjoiaHR0cHM6XC9cL25vZGUtcGFzb2UiLCJ
jbGllbnRfaWQiOiIxMjM0NTY3ODkiLCJuYmYiOjE2ODYzNDA0MTUsInRva2VuX3VzZSI6ImFjY2VzcyI
sIkludENsYWltIjpbMSwyLDMsNF0sInNjb3BlIjpbIlBTQ1VzZXIiLCJQU0NEZWJ1ZyJdLCJleHAiOjE
2ODYzNDc2MTUsImlhdCI6MTY4NjM0MDQxNSwianRpIjoiZ2k4dnpxaGk1Y2djd2c4MDB3MGNrb29vNGN
rZzgwIiwiZW1haWwiOiJpdHQtZGV2QHByb2dyZXNzLmNvbSIsInVzZXJuYW1lIjoicGFzb2UifQ.YRvH
Cd2gxRKUMTBiGP_bDfV0HJFhNw2EkumCL8jQSt_nAgd1hdn6jdSibY6jtdvgQ4uhRLtAtfsK22WRUjFL
3nne6mHY3pyopJmc0UcJlLeN7GsYdW_KDomUyHjp1hOpxOS0pexezk_8VlvrWGgY3-JAM_Ijg9zkWH0c
lvacABhQ4WALqo7sfd0sY5P5DcG8mdcIYwXiWl_NHwMcqw3kC2_V_HXUm6dBcVs5blLCDGN4ePzWbrEZ
JbjruAIxraZ3MfHnjY7z8458ln6gnLrmUGzgIxivVQozAYY3vmj7iq6q4PlMpRnxgy6xhXLFsd7exkpU
bC_zESMLpAIgL-3jcg

For more details on the payload required by this command, see Sample Payload for OAuth2.

Generate a JWE token example

To generate a JWE token, use: 
oesectool genjwe -keystore C:\oesectool\WRK\keystore.p12 -payload 
C:\oesectool\work\TokenArrayPayload.json -sigalias defsigkey 
-sigalg RS256 -encalias defsigkey -encalg RSA-OAEP-256 -encmethod A256CBC-HS512 
-jwe C:\oesectool\work\jweToken
For more details on the payload required by this command, see Sample Payload for OAuth2.
The generated jweToken file is: 
eyJjdHkiOiJKV1QiLCJlbmMiOiJBMjU2Q0JDLUhTNTEyIiwiYWxnIjoiUlNBLU9BRVAtMjU2In0.bn0RHN4
YaFLND1RYYJCkJnZZzyGDtOji4YCjOwxPC_s4EoLgyKBM91-KlrPktRc8nUe4BUeVhEFXwVaU9fhPG52w-3
y3u5U_4Vjifk9N-sP_1Xvd-dw9Wd5ToARvRyP6TTQCRqnDFFTrPmEAdtB0oT7iVmJ4XYRI1oIE-zx_TuFy1
YX7OhjxYYtNvDK45GZr0YL1i45eqnBu34wKn6kh8dCcGthr3dsx7v6C230mFRZKaMOpj9pqOH_4a6F7hWqw
TafhgtbUZwqADVKHsQeBFWb3hOk7nV14pc2KwuSjDm0lCGan8T22TM0a8Ixf7nGo7YOAgRMawIB60uJk0yH
Ggw.HCjGvWm05q-e3KSwqlJs1w.SWUfQn7DYd7ekLCP5569iU6dAVtzJ_qY5JsajedPACEWDW9QTzxk_Oxo
dlUiFNoPPDXvu_sgmWwFMdZNqXU7kFmosc9-myb7sZeuHeHls5AkS_YMb6bPW6U65O1H74hY7svyLp4smkh
eDbSAWxH1hc8eB-wQ5EKXZFyhk7qfAPEgqY03Ii-G-ESYLR5I1NT6jUtJhQe1uY-ycc2krBYE1hOEJEJi9x
dDMfRXIKjm9LoAhIHK_iH5SmlzTkFYsHZTKDNqB-zMqNPKE-SbvtD8ufueCbxmoW9n2cGo8nDOZ1XnxlPjx
u3XBfu2IVp4NUb-Zut6F3A0aXsMUt1wnioJ_LLKWEAHzmP_T7CYEtuBDBNskVkGVdDOHI2GJlIcIDs6UUG0
Qr6QTxtkgk67xipY6qIQgz8X5Gk42ouOfTRWbnXQFmMQkyb5aO2r-SfiTUAObLq_GmxM5nAgyleATwoZYUb
bS1VH6iwvEeqYv_mMO5l_aPNkdfcfZu3GcfjRWdpoVuTaVwSPmzFhiugHLaGhpdLX1n_omuE2o6Qu35fXE_
fv7e80aA7582aHfXC3NhmWJMTrftrIrUXnQDyuWk0qJt-p7RSC9jsllOX0tqCcx_5GirLt8eq_DlPmBoH9H
9bVl2TOrCzxv4CUEj1-ezPhYDkDNxsFpwGP5U8PHF-NGIY.9UqHUNZVCH3dVFu-TibadK-rO5XEAGL6ahc2
SOn38UQ

Sample Payload

This is an example of a JSON payload file:
{
  "sub": "7965bba4-b65d-4212-adc7-6bd27eff180e",
  "token_use": "access",
  "scope": [
    "PSCUser",
    "PSCDebug"
  ],
  "iss": "https://node-pasoe",
  "client_id": "123456789",
  "iat": "now",
  "exp": "now+2h",
  "nbf": "now",
  "jti": "gi8vzqhi5cgcwg800w0ckooo4ckg80",
  "aud": [ "pasoe.openedge.progress-users.com",  "oe.openedge-users.com"  ],
  "email": "itt-dev@progress.com",
  "username": "pasoe",
  "IntClaim": [ 1,  2,  3,  4  ],
  "BooleanClaim": [  true,  false  ]
}

Parse a JWE token

To decrypt a JWE token, extract a JWS token, and then validate the JWS signature by using:
oesectool.bat parsejwe -keystore C:\oesectool\work\keystore.p12 -sigalias defsigkey
  -encalias defu -jwe C:\JWT-Service\examples\jweToken

The output is:

{
   "Header":{ "alg":"HS256" },
   "Payload":{
      "sub":"7965bba4-b65d-4212-adc7-6bd27eff180e",
      "BooleanClaim":[  true,  false ],
      "token_use":"access",
      "IntClaim":[ 1,  2,  3,  4  ],
      "scope":[ "PSCUser",  "PSCDebug"  ],
      "iss":"https:\/\/node-pasoe",
      "exp":1598226300,
      "iat":1598139900,
      "client_id":"123456789",
      "jti":"gi8vzqhi5cgcwg800w0ckooo4ckg80",
      "email":"itt-dev@progress.com",
      "username":"pasoe"
   },
   "Valid":true
}

Parse a JWS token

To parse and validate a JWS token, use:
oesectool.bat parsejws -keystore C:\oesectool\work\keystore.p12  -sigalias defsigkey
-jws C:\JWT-Service\examples\jwsToken
The output is:
{
   "Header":{"alg":"RS256" },
   "Payload":{
      "sub":"7965bba4-b65d-4212-adc7-6bd27eff180e",
      "BooleanClaim":[ true, false ],
      "token_use":"access",
      "IntClaim":[ 1, 2, 3,  4  ],
      "scope":[  "PSCUser",  "PSCDebug"  ],
      "iss":"https:\/\/node-pasoe",
      "exp":1598224563,
      "iat":1598138163,
      "client_id":"123456789",
      "jti":"gi8vzqhi5cgcwg800w0ckooo4ckg80",
      "email":"itt-dev@progress.com",
      "username":"pasoe"
   },
   "Valid":true
}