Hi all,
I am configuring a KeyStore for NSS in FIPS mode. The fipsdb has 8 self signed certificates. One of the certificates has a private key and is added with trustargs: "C,C,C". The other 7 do not have private keys and are added with trustargs: "p,p,p".
The nss config file looks like:
name = NSSfips
nssLibraryDirectory = c:\nss\lib
nssSecmodDirectory = c:\nss\fipsdb
nssModule = fips
and the code for reading the keyStores looks like:
nssProvider = new SunPKCS11("C:/nss/pkcs11.cfg");
Security.addProvider(nssProvider);
keysKeyStore = KeyStore.getInstance("PKCS11", nssProvider);
keysKeyStore.load(null, "password".toCharArray());
trustKeyStore = KeyStore.getInstance("PKCS11", nssProvider);
trustKeyStore.load(null, "".toCharArray());
List<String> aliases = Collections.list(keyStore.aliases());
for (String alias: aliases) {
if (keyStore.isCertificateEntry(alias)) {
getCertNames().add(alias);
}
if (keyStore.isKeyEntry(alias)) {
try {
Key key = keyStore.getKey(alias, "password".toCharArray());
getKeyNames().add(alias);
} catch (UnrecoverableKeyException e) {
log.error("Could not load key using alias \"" + alias + "\" (password required?)", e);
} catch (NoSuchAlgorithmException e) {
log.error("Could not load key using alias \"" + alias + "\"", e);
}
}
}
aliases = Collections.list(trustStore.aliases());
for (String alias: aliases) {
if (keyStore.isCertificateEntry(alias)) {
getCertNames().add(alias);
}
}
Even though I have 8 certs, only one is showing up, the one with keys.
How can I gain access to the other certs?
Thank you,
Rob