-
Bug
-
Resolution: Not an Issue
-
P2
-
None
-
5.0
-
x86
-
linux
FULL PRODUCT VERSION :
java version "1.5.0_14"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_14-b03)
Java HotSpot(TM) Client VM (build 1.5.0_14-b03, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Redhat Linux (Linux mybox 2.6.9-55.0.0.0.2.EL #1 Wed May 2 14:55:28 PDT 2007 i686 i686 i386 GNU/Linux)
EXTRA RELEVANT SYSTEM CONFIGURATION :
-- my configuration in /opt/bar/cfg/pkcs11.cfg --
name = LunaSA
library = /usr/lunasa/lib/libCryptoki2.so
A DESCRIPTION OF THE PROBLEM :
By Sun's PKCS#11 Bridge, I can access credentials on LunaSA HSM, but only "part" of them.
char[] pin = "abcdefg".toCharArray();
KeyStore ks = KeyStore.getInstance("pkcs11");
ks.load(null,pin);
Only the certificates that have keys also on the HSM can be identified by their aliases. For example, if on the HSM are a trusted certificate, whose alias is 'trustedcert', a user certificate and its private key (whose aliases are 'mycert' and 'mykey'), by
ks.aliases();
I got 'mykey' and 'mycert' only, but not 'trustedcert'. I got the same problem when I tried with Java "keytool".
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
javac pkcs11.java
java pkcs11
* The file pkcs11.java is attached below
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
all ther key/certificate entries on the pkcs11 token are listed
ACTUAL -
only the certificates that have keys also on the pkcs11 token are listed
ERROR MESSAGES/STACK TRACES THAT OCCUR :
no error messages
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
import java.io.*;
import java.lang.*;
import java.util.*;
import java.security.*;
import javax.crypto.*;
public class pkcs11 {
public static void main(String[] args) throws Exception {
String configName = "/opt/bar/cfg/pkcs11.cfg";
Provider p = new sun.security.pkcs11.SunPKCS11(configName);
Security.addProvider(p);
KeyStore ks = null;
try {
char[] pin = "abcdefg".toCharArray();
ks = KeyStore.getInstance("pkcs11");
ks.load(null,pin);
for (Enumeration e = ks.aliases(); e.hasMoreElements();)
System.out.println(e.nextElement());
} catch(Exception e) {
e.printStackTrace();
}
}
}
---------- END SOURCE ----------
java version "1.5.0_14"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_14-b03)
Java HotSpot(TM) Client VM (build 1.5.0_14-b03, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Redhat Linux (Linux mybox 2.6.9-55.0.0.0.2.EL #1 Wed May 2 14:55:28 PDT 2007 i686 i686 i386 GNU/Linux)
EXTRA RELEVANT SYSTEM CONFIGURATION :
-- my configuration in /opt/bar/cfg/pkcs11.cfg --
name = LunaSA
library = /usr/lunasa/lib/libCryptoki2.so
A DESCRIPTION OF THE PROBLEM :
By Sun's PKCS#11 Bridge, I can access credentials on LunaSA HSM, but only "part" of them.
char[] pin = "abcdefg".toCharArray();
KeyStore ks = KeyStore.getInstance("pkcs11");
ks.load(null,pin);
Only the certificates that have keys also on the HSM can be identified by their aliases. For example, if on the HSM are a trusted certificate, whose alias is 'trustedcert', a user certificate and its private key (whose aliases are 'mycert' and 'mykey'), by
ks.aliases();
I got 'mykey' and 'mycert' only, but not 'trustedcert'. I got the same problem when I tried with Java "keytool".
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
javac pkcs11.java
java pkcs11
* The file pkcs11.java is attached below
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
all ther key/certificate entries on the pkcs11 token are listed
ACTUAL -
only the certificates that have keys also on the pkcs11 token are listed
ERROR MESSAGES/STACK TRACES THAT OCCUR :
no error messages
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
import java.io.*;
import java.lang.*;
import java.util.*;
import java.security.*;
import javax.crypto.*;
public class pkcs11 {
public static void main(String[] args) throws Exception {
String configName = "/opt/bar/cfg/pkcs11.cfg";
Provider p = new sun.security.pkcs11.SunPKCS11(configName);
Security.addProvider(p);
KeyStore ks = null;
try {
char[] pin = "abcdefg".toCharArray();
ks = KeyStore.getInstance("pkcs11");
ks.load(null,pin);
for (Enumeration e = ks.aliases(); e.hasMoreElements();)
System.out.println(e.nextElement());
} catch(Exception e) {
e.printStackTrace();
}
}
}
---------- END SOURCE ----------