1 Reply Latest reply: Jun 2, 2012 12:27 PM by Arshad Noor RSS

    KeyStore - no such algorithm: PKCS11 for provider SunPKCS11-ActivCard

    pa*427101*le
      When accessing the KeyStore to get the certificate from a CAC Card Reader, everything works fine as long as there is only one card reader in the system. If an external car reader is also installed I can easily locate the active reader, but I cannot access the KeyStore to get the certificate info. I get the error

      java.security.NoSuchAlgorithmException: no such algorithm: PKCS11 for provider SunPKCS11-ActivCard

      How can I read the information from a reader when there is more than one in the system?

      private ArrayList<CACCertificateInfo> getCACCertData ()
      {
      CK_C_INITIALIZE_ARGS initArgs = new CK_C_INITIALIZE_ARGS();
      String functionList = "C_GetFunctionList";

      final long CKF_OS_LOCKING_OK = 0x00000002L;
      initArgs.flags = CKF_OS_LOCKING_OK;
      PKCS11 myPKCS11Module_ = null;
      try {
      try {
      myPKCS11Module_ = PKCS11.getInstance(ApplicationConstants.USER_CFG_CARD_LIBRARY, functionList, initArgs, false);
      } catch (IOException ex) {
      ex.printStackTrace();
      System.exit(0);
      }
      } catch (PKCS11Exception e) {
      try {
      initArgs = null;
      myPKCS11Module_ = PKCS11.getInstance(ApplicationConstants.USER_CFG_CARD_LIBRARY, functionList, initArgs, true);
      } catch (IOException ex) {
      ex.printStackTrace();
      } catch (PKCS11Exception ex) {
      ex.printStackTrace();
      }
      }
      ArrayList<CACCertificateInfo> cacInfo = new ArrayList<CACCertificateInfo>();
      try
      {
      // Get our certificates from our CAC Card
      StringBuffer cardConfig = new StringBuffer();
      cardConfig.append("name = " + ApplicationConstants.USER_CFG_CARD_NAME + "\n");
      cardConfig.append("library = " + ApplicationConstants.USER_CFG_CARD_LIBRARY);
      InputStream is = new ByteArrayInputStream(cardConfig.toString().getBytes());

      Provider p = new sun.security.pkcs11.SunPKCS11(is);
      Security.addProvider(p);
      long[] slots = myPKCS11Module_.C_GetSlotList(true);
      for (int i = 0; i < slots.length; i++)
      {
      CK_TOKEN_INFO tokenInfo = null;
      try
      {
      tokenInfo = myPKCS11Module_.C_GetTokenInfo(slots);
      if (tokenInfo.label != null)
      {
      KeyStore cac = null;
      cac = KeyStore.getInstance(ApplicationConstants.USER_CFG_CARD_KEYSTORE,p);
      cac.load(null, null);
      Enumeration<String> aliases = cac.aliases();

      while (aliases.hasMoreElements())
      {
      CACCertificateInfo certData = new CACCertificateInfo();
      String alias = aliases.nextElement();
      X509Certificate[] cchain = (X509Certificate[]) cac.getCertificateChain(alias);

      certData.setCertificateChain(alias);
      //System.out.println("Certificate Chain for : " + alias);
      for (int ii = 0; ii < cchain.length; ii++)
      {
      certData.setX509certificate(cchain[ii]);
      //System.out.println(ii + " SubjectDN: " + cchain[ii].getSubjectDN().getName());
      //System.out.println(ii + " IssuerDN: " + cchain[ii].getIssuerDN().getName());
      }
      cacInfo.add(certData);
      }
      }
      } catch (PKCS11Exception e) {
      // Some exceptions indicate a device is not present, not recognized, or removed
      // ignore these slots.
      if (e.getMessage() != null && e.getMessage().indexOf("TOKEN_NOT_PRESENT") >= 0) {
      continue;
      }
      if (e.getMessage() != null && e.getMessage().indexOf("TOKEN_NOT_RECOGNIZED") >= 0) {
      continue;
      }
      if (e.getMessage() != null && e.getMessage().indexOf("CKR_DEVICE_REMOVED") >= 0) {
      continue;
      }
      // else
      e.printStackTrace();
      System.exit(0);
      }
      }
      }
      catch (Exception ex)
      {
      ex.printStackTrace();
      System.exit(0);
      }
      finally
      {
      }
      return cacInfo;
      }