java SunPKCS11多个etokens(smartcards)同时出现，找不到提供程序错误 [英] java SunPKCS11 multiple etokens(smartcards) same time , provider not found error

问题描述

我正在将SSL连接与智能卡提供的X509证书一起使用. 我有2个来自雅典娜的相同记号.我在读取证书后初始化了密钥库，但是当我尝试为第二个令牌进行实际连接时，却没有找到我的私钥提供程序.使用第一个令牌进行连接不会受到影响，但它可以正常工作. 我尝试通过将slotIndexList指定为1来添加其他SunPCKS11提供程序，该数字是"slots = p11.C_GetSlotList(true)"给出的第二个令牌的编号，但仍然是相同的错误. 当我列出提供程序时:我看到了第二个提供程序，但是java不使用它(我不知道为什么).

I am using SSL connection with X509 certificates provided from smartcards. I have 2 identical tokens from athena . I initialise the keystores after I am reading the certificates, but when I am trying to to do the actual connection for the second token I am getting no provider found for my Private key.Connecting using the first token it's not affected, it works. I tried adding different SunPCKS11 provider by specifing the slotIndexList to 1 , the number for the second token given by "slots = p11.C_GetSlotList(true)", but still the same error. When I am listing the providers: I see the second provider, but java doesn't use it (I don't know why).

Provider _etpkcs11;
slots = p11.C_GetSlotList(true);

if(slot ==0) 
{
String pkcs11config = "name=Athena\nlibrary=C:\WINDOWS\system32\asepkcs.dll";
byte[] pkcs11configBytes =pkcs11config.getBytes();
 ByteArrayInputStream configStream = new ByteArrayInputStream(pkcs11configBytes);
etpkcs11 = new SunPKCS11(configStream);
Security.addProvider(etpkcs11);

}

以上作品 以下内容不起作用

the above works the following doesn't work

if(slot ==1) 
{
String pkcs11config1 = "name=Athenaslot1\nlibrary=C:\WINDOWS\system32\asepkcs.dll";
byte[] pkcs11configBytes1 =pkcs11config1.getBytes();
ByteArrayInputStream configStream1 = new ByteArrayInputStream(pkcs11configBytes1);
etpkcs11 = new SunPKCS11(configStream1);
Security.addProvider(etpkcs11);
}

以下

for(int j=0;j<Security.getProviders().length;j++)
        {
            System.out.println(Security.getProviders()[j].getName());   
        }

返回:

SunPKCS11-Athena
SunPKCS11-Athenaslot1
SUN
SunRsaSign
SunEC
SunJSSE
SunJCE
SunJGSS
SunSASL
XMLDSig
SunPCSC

以及使用第二个第二个令牌时的错误:

and the error when using the second the second token:

 No installed provider supports this key: sun.security.pkcs11.P11Key$P11PrivateKey

谢谢

PS:我需要两个令牌都在同一台机器上

PS: I need the both tokens on same machine

推荐答案

即使将2个提供程序添加到提供程序列表中，SunPKCS11类也会缓存第一个实例.似乎它一直都在使用该实例.这就是您的第二个提供者未被接取/识别的原因.

Even though you add 2 providers to the list of providers, the SunPKCS11 class caches the first instance. It seems like it always uses this instance all the time. That's the reason your second provider is not picked up/identified.

您可能必须编写一些偷偷摸摸的代码才能接近您的用例.在使用第二个提供程序之前，您必须清除缓存的实例.您可以在此处参考此帖子.它没有答案，但是您应该寻找的代码是

You might have to write some sneaky code to approach your use case. Right before you use your second provider, you have to clear the cached instance. You can refer to this post here. It is unanswered, but the code you should be looking for is

Field moduleMapField = PKCS11.class.getDeclaredField("moduleMap");  
moduleMapField.setAccessible(true);  
Map<?, ?> moduleMap = (Map<?, ?>) moduleMapField.get(<YOUR_FIRST_PROVIDER_INSTANCE>);  
moduleMap.clear(); // force re-execution of C_Initialize next time  

这基本上是清除缓存的实例.现在，您可以继续添加第二个提供程序实例，以与第二个令牌交互.

What this basically does is clearing the cached instance. And now you can proceed to add your second provider instance to interact with your second token.

这篇关于java SunPKCS11多个etokens(smartcards)同时出现，找不到提供程序错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！