This discussion is archived
0 Replies Latest reply: Apr 24, 2012 11:16 AM by 932937 RSS

Issues with calling more than one PKCS11 instance

932937 Newbie
Currently Being Moderated
Hi all,

I've more or less identified exactly what the problem is, so I'm wondering if this is a bug that will be fixed. I have multiple PKCS11 providers, one that uses NSS in fips mode and one that uses a library for a smart card. This is the sample code I'm using:

KeyStore ks = KeyStore.getInstance("PKCS11","SunPKCS11-smartcard");
KeyStore ts = KeyStore.getInstance("PKCS11","SunPKCS11-NSSfips");

ks.load(null,"12345");
ts.load(null,"12345abcd");

What a lot of debugging has shown me is that when I make that first ks.load call, in the P11KeyStore class, a static variable, CKA_TRUSTED_SUPPORTED gets set to false, which prevents me from loading trusted certs in the second call (ts.load). It's fine if I call them in reverse order, because that static variable gets set after I get all my trusted certs but later in the program another class makes that call and fails. I think this should be a bug. The CKA_TRUSTED_SUPPORTED variable never gets reset to true even if it is a valid attribute.

Edited by: 929934 on Apr 24, 2012 11:16 AM