【发布时间】:2013-05-09 03:54:22
【问题描述】:
我研究了如何使用 Sun PKCS#11 api 访问 DoD CAC 并可能使用 CAC 访问(只读)Active Directory。我的问题是,我发现在大多数情况下会引用一些代码,但从不显示引用的代码。我找到了以下代码,但给出了错误。有谁知道将 PKCS11 用于 CAC 的任何代码示例或清晰的文档?或者一个可行的 API 解决方案?
import java.io.*;
import java.util.*;
import java.security.cert.CertificateException;
import java.security.KeyStoreException;
import java.security.cert.X509Certificate;
import java.security.KeyStore;
import java.security.Provider;
import java.security.Security;
public class SmartCard {
public static void main(String[] args) throws Exception {
try {
String configName = "pkcs11.properties";
Provider p = new sun.security.pkcs11.SunPKCS11(configName);
Security.addProvider(p);
Console c = System.console();
char[] pin = c.readPassword("Enter your PIN: ");
KeyStore cac = null;
cac = KeyStore.getInstance("PKCS11");
cac.load(null, pin);
showInfoAboutCAC(cac);
}
catch(Exception ex) {
ex.printStackTrace();
System.exit(0);
}
}
public static void showInfoAboutCAC(KeyStore ks) throws KeyStoreException, CertificateException {
Enumeration<String> aliases = ks.aliases();
while(aliases.hasMoreElements()) {
String alias = aliases.nextElement();
X509Certificate[] cchain = (X509Certificate[]) ks.getCertificateChain(alias);
System.out.println("Certificate Chain for " + alias);
for(int i = 0; i < cchain.length; i++) {
System.out.println(" -SubjectDN: " + cchain[i].getSubjectDN());
System.out.println(" -IssuerDN: " + cchain[i].getIssuerDN());
}
}
}
}
java.security.ProviderException: Initialization failed
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:374)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:103)
at smartcard.SmartCard.main(SmartCard.java:21)
Caused by: java.io.IOException: The specified procedure could not be found.
at sun.security.pkcs11.wrapper.PKCS11.connect(Native Method)
at sun.security.pkcs11.wrapper.PKCS11.<init>(PKCS11.java:137)
at sun.security.pkcs11.wrapper.PKCS11.getInstance(PKCS11.java:150)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:312)
... 2 more
【问题讨论】: