Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

PKCS11 & javax.net.ssl.keyStoreAlias

843811Feb 18 2008 — edited Oct 10 2012
Hello,

using JDK 1.5 I want to do a certificate authentication against LDAP (Sun Java System Directory Server).
On my smart card I've more than one (different kind of) certificates. But only a certain one is for login purposes, the others are for signing and stuff.
With the java keytool I can read out all certificates and even a certain one by using the alias.

With this piece of code it doesn't work.
With the SSL debug turned on, I can see that always the 1. certificate (maybe as default) is used and that the connection is refused.

h6.
What is the story behind 'javax.net.ssl.keyStoreAlias' and how can I use a certain certificate for my bind?
Hashtable<String, Object> env = new Hashtable<String, Object>();
/* THE LDAP STUFF */
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, PROVIDER_URL_SSL);
env.put(Context.SECURITY_PROTOCOL, "ssl");
env.put("java.naming.ldap.version", "3");
env.put("java.naming.ldap.factory.socket", "javax.net.ssl.SSLSocketFactory");
env.put(Context.SECURITY_AUTHENTICATION, "EXTERNAL");

/* THE SMARTCARD */
System.setProperty("javax.net.ssl.keyStore", "NONE");
System.setProperty("javax.net.ssl.keyStoreType", "PKCS11");
System.setProperty("javax.net.ssl.keyStoreProvider", "SunPKCS11-MyCard");
System.setProperty("javax.net.ssl.keyStoreAlias", "Windows 2000 Logon-Zertifikat");

myCtx = new InitialDirContext(env);
Thread-0, WRITE: TLSv1 Handshake, length = 32
Thread-0, waiting for close_notify or alert: state 1
Thread-0, Exception while waiting for close java.net.SocketException: Software caused connection abort: recv failed
Thread-0, handling exception: java.net.SocketException: Software caused connection abort: recv failed
main, handling exception: java.net.SocketException: Software caused connection abort: recv failed
main, SEND TLSv1 ALERT:  fatal, description = unexpected_message
main, WRITE: TLSv1 Alert, length = 18
main, Exception sending alert: java.net.SocketException: Software caused connection abort: socket write error
main, called closeSocket()
I can do user/pwd authentication.
I can do SSL.
The root and the issuer certs are in my cacerts file.
The program runs and then my SmartCardReader beeps an let me enter my pin.
So the environment seems to fit, but not the choosen cert.

Thanks for your help!

Best regards
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Nov 7 2012
Added on Feb 18 2008
#cryptography
26 comments
13,645 views