弹出正在从MS-CAPI加密服务提供商(CSP)激活)。 KeyStore只是打电话,两者之间的层次只是通过它;令牌上的固件是一个抛出了认证弹出并维持会话状态等
关键的Java DLL是sunmscapi.dll它具有执行:
// Use CertEnumCertificatesInStore to get the certificates
// from the open store. pCertContext must be reset to
// NULL to retrieve the first certificate in the store.
while (pCertContext = ::CertEnumCertificatesInStore(hCertStore, pCertContext))
{
// Check if private key available - client authentication certificate
// must have private key available.
HCRYPTPROV hCryptProv = NULL;
DWORD dwKeySpec = 0;
HCRYPTKEY hUserKey = NULL;
BOOL bCallerFreeProv = FALSE;
BOOL bHasNoPrivateKey = FALSE;
DWORD dwPublicKeyLength = 0;
if (::CryptAcquireCertificatePrivateKey(pCertContext, NULL, NULL,
&hCryptProv, &dwKeySpec, &bCallerFreeProv) == FALSE)
{
bHasNoPrivateKey = TRUE;
} else {
// Private key is available
BOOL bGetUserKey = ::CryptGetUserKey(hCryptProv, dwKeySpec, &hUserKey);
// Skip certificate if cannot find private key
if (bGetUserKey == FALSE)
{
if (bCallerFreeProv)
::CryptReleaseContext(hCryptProv, NULL);
continue;
}
....
正如你可以看到它总是检查一个私钥。您将不得不修改此代码并创建sunmscapi.dll的自定义版本以避免此问题或以其他方式击败此检查。
这个问题没有得到emsworth的很多关注,也许可以在Oracle论坛上提问(链接到这个问题)。 –