jsse: How to select among different connected USB Tokens for PKCS11?
843811Jan 30 2010 — edited Feb 8 2010Dear experts
If a user connects 2 different USB-Readers or Tokens how can we actively select the one to be used as the PKCS11 Provider?
<code>
ByteArrayInputStream bis = new ByteArrayInputStream("name=OurToken\nlibrary=OurDll");
AuthProvider ap = new sun.security.pkcs11.SunPKCS11(bis);
int slot = Security.insertProviderAt(1);
KeyStore ks = new KeyStore("PKCS11", ap)
ks.load(null, pin);
.
.
</code>
If only our usb token is connected, all works fine. If an additional usb token is connected it might or might not work fine, depending on the internal usb driver sequence (?)
If not working fine we get the Exception java.security.KeyStoreException: PKCS11 not found
As soon as the additional token is removed, all works fine again.
So it seems Sun's PKCS11 implementation just gets the first physical token available which of course must fail most of the times...
If doing native PKCS11 one just would loop around all slots avalible and filter out the required one.
How to do this in the Java/JCA/JSSE Provider architecture?
Thanks for your help
Marcel