我们正在尝试实现一个可以连接到https网站并使用PKI智能卡进行身份验证的java独立应用程序,并且我们正在运行各种问题。PKCS#11 PKCS11 DLL
我不得不提到的是,我们能够,如果我们用一个小程序(然后在浏览器的密钥存储和trustore将被使用)来运行这种应用中,一切工作完全正常,我们进入卡PIN号码,我们可以访问到网页。
我有两个问题。首先关于我的代码,有人看到它有什么问题。我包括在运行它,我们有运行时错误:
public class TestPKCS11 {
/**
* @param args the command line arguments
*/
public static void main(String[] args) {
// Set keyStore and trustStore
System.setProperty("javax.net.ssl.trustStoreType", "PKCS11");
System.setProperty("javax.net.ssl.trustStore", "NONE");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
System.setProperty("javax.net.ssl.trustStoreProvider", "SunPKCS11-mycard");
String trustStore = System.getProperty("javax.net.ssl.trustStore");
if (trustStore == null) {
System.out.println("javax.net.ssl.trustStore is not defined");
} else {
System.out.println("javax.net.ssl.trustStore = " + trustStore);
}
System.setProperty("javax.net.ssl.keyStoreType", "PKCS11");
System.setProperty("javax.net.ssl.keyStore", "NONE");
System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
System.setProperty("javax.net.ssl.keyStoreProvider", "SunPKCS11-mycard");
String keyStore = System.getProperty("javax.net.ssl.keyStore");
if (keyStore == null) {
System.out.println("javax.net.ssl.keyStore is not defined");
} else {
System.out.println("javax.net.ssl.keyStore = " + keyStore);
}
System.setProperty("javax.net.debug", "ssl"); // dynamic conf of PKCS#11
String configName = "C:\\confDirectory\\pkcs11.cfg";
sun.security.pkcs11.SunPKCS11 sunPKCS11 = new sun.security.pkcs11.SunPKCS11(configName);
Provider p = sunPKCS11;
Security.addProvider(p);
SSLSocketFactory sslFact = (SSLSocketFactory) SSLSocketFactory.getDefault();
try{
SSLSocket sock = (SSLSocket)sslFact.createSocket("myserver", 8081);
sock.startHandshake();
} catch (SSLHandshakeException ex) {
Logger.getLogger(TestPKCS11.class.getName()).log(Level.SEVERE, null, ex);
System.out.println(ex.getMessage());
}
catch (IOException ex) {
Logger.getLogger(TestPKCS11.class.getName()).log(Level.SEVERE, null, ex);
}
}
执行错误:
Exception in thread "main" java.security.ProviderException: Initialization failed
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:340)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:86)
at TestPKCS11.main(TestPKCS11.java:95)
Caused by: java.io.IOException: The specified procedure could not be found.
at sun.security.pkcs11.wrapper.PKCS11.connect(Native Method)
at sun.security.pkcs11.wrapper.PKCS11.<init>(PKCS11.java:141)
at sun.security.pkcs11.wrapper.PKCS11.getInstance(PKCS11.java:154)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:281)
... 2 more
我的第二个问题是关于DLL使用的PKCS11。目前我使用的是IBM的Rational的安装(jpkcs11.dll),但我真的不确定它是否是好的。我看过OpenSC,但找不到OpenSC-pkcs11.dll文件。我只能看到opensc.dll。
我的Windows7上运行的Java 1.6 27
谢谢
好的我没有找到它system32。也许来自客户端的安全策略不允许新文件夹中的dll,必须进行验证。 – jon