0 Replies Latest reply: Apr 24, 2012 1:16 PM by 932937 RSS

    Issues with calling more than one PKCS11 instance

    932937
      Hi all,

      I've more or less identified exactly what the problem is, so I'm wondering if this is a bug that will be fixed. I have multiple PKCS11 providers, one that uses NSS in fips mode and one that uses a library for a smart card. This is the sample code I'm using:

      KeyStore ks = KeyStore.getInstance("PKCS11","SunPKCS11-smartcard");
      KeyStore ts = KeyStore.getInstance("PKCS11","SunPKCS11-NSSfips");

      ks.load(null,"12345");
      ts.load(null,"12345abcd");

      What a lot of debugging has shown me is that when I make that first ks.load call, in the P11KeyStore class, a static variable, CKA_TRUSTED_SUPPORTED gets set to false, which prevents me from loading trusted certs in the second call (ts.load). It's fine if I call them in reverse order, because that static variable gets set after I get all my trusted certs but later in the program another class makes that call and fails. I think this should be a bug. The CKA_TRUSTED_SUPPORTED variable never gets reset to true even if it is a valid attribute.

      Edited by: 929934 on Apr 24, 2012 11:16 AM