NSS keystore would probably satisfy your requirements: http://www.mozilla.org/projects/security/pki/nss/fips/
The private keys can also be stored in softtoken rather than hardware token. They will end up in a file called key3.db
NSS is a set of security libraries written in C so you can certainly use C APIs to access it as well. JSS is the Java interface to NSS. You can either use the JSS API directly or use Sun's PKCS11 wrapper which gives you access to most of the NSS functionalities.