Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

How to replace a local keystore by windows cert or a smartcard cert ?

843811Jan 25 2010 — edited Jan 28 2010
hello all,
I'm French so excuse me in advance if I make mistakes with my english.
I'm new with cryptographics concepts and I try to establish two-way ssl connexion between a JAX-WS web service and a java client.
It works fine when I do the following : 
System.setProperty("javax.net.debug", "SSL,handshake");
System.setProperty("javax.net.ssl.trustStore", "C:\\Program Files\\Java\\jdk\\jre\\lib\\security\\cacerts");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
System.setProperty("javax.net.ssl.keyStore", "D:\\certs\\mycert.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "mypass");
...
final WSTestImpl proxy = service.getWSTestImplPort();
((BindingProvider) proxy).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, "https://localhost:8443/test-service/WSTest?wsdl");
final String result = proxy.getMessage("toto");
System.out.println("Response : " + result);
But with this example, I get the cert in the jks that is on my local disk.
Now I want to do the same thing in 2 others ways :
1/ with a P12 cert from the windows store
2/ with a P11 cert from a smartcard

For the point 1/, I try this : 
System.setProperty("javax.net.ssl.keyStoreProvider", "SunMSCAPI");
System.setProperty("javax.net.ssl.keyStoreType", "Windows-MY");
System.setProperty("javax.net.ssl.keyStore", "NONE");
System.setProperty("javax.net.ssl.trustStoreProvider", "SunMSCAPI");
System.setProperty("javax.net.ssl.trustStoreType", "Windows-ROOT");
but I always get the error "Software caused connection abort: recv failed." when calling the web service

I also try this way : 
System.setProperty("javax.net.ssl.keyStoreProvider", "SunMSCAPI");
System.setProperty("javax.net.ssl.keyStoreType", "Windows-MY");
System.setProperty("javax.net.ssl.keyStore", "CN=marlou, OU=zzz, O=yyy, L=paris, ST=idf, C=fr"); // the DN of my cert
System.setProperty("javax.net.ssl.keyStorePassword", "mypass");
System.setProperty("javax.net.ssl.trustStoreProvider", "SunMSCAPI");
System.setProperty("javax.net.ssl.trustStoreType", "Windows-ROOT");
but I get the error "java.io.FileNotFoundException: CN=marlou, OU=zzz, O=yyy, L=paris, ST=idf, C=fr (Le fichier spécifié est introuvable)" when calling the web service

For the point 2/, I try this : 
final InputStream conf = Thread.currentThread().getContextClassLoader().getResourceAsStream("pkcs11.properties");
final Provider pkcs11Provider = new sun.security.pkcs11.SunPKCS11(conf);
final String p11ProviderName = pkcs11Provider.getName();
Security.addProvider(pkcs11Provider);
System.setProperty("javax.net.ssl.keyStoreProvider", p11ProviderName);
System.setProperty("javax.net.ssl.keyStoreType", "PKCS11");
System.setProperty("javax.net.ssl.keyStore", "NONE");
System.setProperty("javax.net.ssl.keyStorePassword", pinCode);
With in the pkcs11.properties : 
name=sagem
library=C:/Windows/system32/CnfPkcs11v220.dll
slot=1
but I get the error "java.security.NoSuchAlgorithmException: no such algorithm: PKCS11 for provider SunPKCS11-sagem" when calling the web service

help would be really appreciated !

thanx in advance
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Feb 25 2010
Added on Jan 25 2010
#cryptography
10 comments
3,707 views