Last active
September 27, 2023 13:22
-
-
Save fuzziebrain/202f902d8fc6d8de586da5097a501047 to your computer and use it in GitHub Desktop.
Load an Oracle Wallet with certificates contained in a bundle file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# PURPOSE: | |
# Load an Oracle Wallet with certificates contained in a bundle file | |
# e.g. https://pki.goog/roots.pem | |
# | |
# NOTES: | |
# * Run as oracle | |
# * Assumes ORAENV is set | |
TMPDIR=/tmp/owbutil | |
if [ -z "$BUNDLE_FILE" ]; then | |
echo -n "Bundle file: " | |
read BUNDLE_FILE | |
fi | |
if [ ! -f "${BUNDLE_FILE}" ]; | |
then | |
echo Please specify a valid file. | |
exit -1 | |
fi | |
if [ -z "$WALLET_PATH" ]; then | |
echo -n "Wallet path: " | |
read WALLET_PATH | |
fi | |
if [ -d "${WALLET_PATH}" ]; | |
then | |
echo "Wallet path exists" | |
exit -1 | |
fi | |
if [ -z "$WALLET_PWD" ]; then | |
echo -n "Enter an Oracle Wallet password: " | |
read -s WALLET_PWD | |
fi | |
if [ -z "$WALLET_PWD_CONFIRM" ]; then | |
echo -e | |
echo -n "Enter the password again: " | |
read -s WALLET_PWD_CONFIRM | |
fi | |
if [ -z "${WALLET_PWD}" ]; | |
then | |
echo Password required. | |
exit -1 | |
fi | |
if [ $WALLET_PWD != $WALLET_PWD_CONFIRM ]; | |
then | |
echo Passwords do not match. | |
exit -1 | |
fi | |
if [ ! -d ${TMPDIR} ]; | |
then | |
mkdir -p ${TMPDIR} | |
fi; | |
csplit -f ${TMPDIR}/cert- -b %02d.pem ${BUNDLE_FILE} \ | |
'/-----END CERTIFICATE-----/1' '{*}' | |
orapki wallet create -wallet ${WALLET_PATH} -pwd ${WALLET_PWD} | |
for file in `ls ${TMPDIR}/*.pem` | |
do | |
if grep -Pzoq -e "-----BEGIN CERTIFICATE-----(.|\\s)*-----END CERTIFICATE-----" $file | |
then | |
orapki wallet add -wallet ${WALLET_PATH} -trusted_cert \ | |
-pwd ${WALLET_PWD} -cert $file | |
else | |
echo Skipping file $file | |
fi | |
done | |
rm -rf ${TMPDIR} |
Jon, no there are two options for making the wallet readable without supplying a password:
-auto_login and -auto_login_only
-auto_login gives you the ability to read the wallet without a password and, if you copy the wallet to a new machine, it will still work.
-auto_login_only does the same read thing, but it will only work on the machine it was created on. If you copy it to a new machine, the saved password in the cwallet.sso will no longer work. You can generate a new cwallet.sso file but only if you know the password that was used to create the ewallet.p12 file.
Ah, now I have it. Thanks again Rich.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks for the info, Rich. I did not know that a no-password wallet would only work on the machine it was created on. My thinking of having a no-password wallet was indeed that the content was public and a password was not necessary.