Tuesday, March 3, 2009

orapki, made up of bits installed with JDeveloper 11

You may for whatever reason want to use orapki to examine the contents of cwallet.sso; but find that JDeveloper doesn't come with the executable. It seem though with the right jar files you can get this tool back. (Replace 11.X.X with the version of JDeveloper you are using.)

[gdavison META-INF ] java -cp %ORACLE_HOME%/jdeveloper/modules/oracle.pki_11.X.X/oraclepki.jar:%ORACLE_HOME%/jdeveloper/modules/oracle.osdt_11.X.X/osdt_core.jar:%ORACLE_HOME%/jdeveloper/modules/oracle.osdt_11.X.X/osdt_cert.jar oracle.security.pki.textui.OraclePKITextUI wallet display -wallet cwallet.sso

You get an output like:

Oracle PKI Tool : Version
Copyright (c) 2004, 2009, Oracle and/or its affiliates. All rights reserved.

Requested Certificates:
User Certificates:
Oracle Secret Store entries:
Trusted Certificates:
Subject:        OU=Class 1 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject:        OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject:        OU=Class 2 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject:        OU=Secure Server Certification Authority,O=RSA Data Security\, Inc.,C=US
Subject:        CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

Note there might be jar file missing as my testing was far from exhaustive, let me know if you find a problem. Actually extracting the password, which is what started me down this track, is not possible with this tool: for that you need java-ju-ju and that is a topic for another day.

Remember that as used in JDeveloper cwallet.sso only obfuscates the passwords and doesn't provide full security as the wallet has no password by default. You have to secure access to the wallet if it contains anything important.


Vik said...

what exactly cwallet.sso contains?

Gerard Davison said...

I depends on the application; but it can contain credentials; keys and certificates.