- "Statically", by editing the $ORACLE_HOME/jdk/jre/lib/security/java.security file and adding an additional entry, similar to this:
security.provider.X=oracle.security.pki.OraclePKIProvider
Where X is order you want this entry to be in (by default, there are 5 entries already in that file, so this can be 6). - Or you can specify the provider in your code at runtime. Be sure to do it only once as an initialization step, as I think it issues an exception if its already registered:
Security.addProvider(new OraclePKIProvider());
In Oracle wallet manager, you can select the option to enable Auto-Login for a wallet. What this does is create the cwallet.sso file in your wallet directory. This is a copy of your wallet, but in an encrypted/proprietary format. The cwallet.sso file does not require a password to open, and you can open it using the Oracle PKI Provider in java. You can also open the ewallet.p12 file using the PKI provider, but that file does require a password to open. Using the cwallet.sso file means you won't have to store the wallet password in cleartext anywhere, so it's more portable. The following is an example of opening the wallet using either method:
- Open the cwallet.sso file:
KeyStore keyStore = KeyStore.getInstance("SSO","OraclePKI");
FileInputStream walletFile = new FileInputStream("/path_to_wallet/cwallet.sso");
keyStore.load(walletFile,""); - Open the ewallet.p12 file:
KeyStore keyStore = KeyStore.getInstance("PKCS12","OraclePKI");
FileInputStream walletFile = new FileInputStream("/path_to_wallet/ewallet.p12");
keyStore.load(walletFile,"mypassword");
From there you can access the certificates in the wallet using the standard java keystore api.
The OraclePKIProvider class can be found in the $ORACLE_HOME/jlib/oraclepki.jar & $ORACLE_HOME/jlib/oraclepki103.jar files. Im not sure the difference, both seemed to work ok for me.
