I'm experimenting with the relatively new SunMSCAPI security provider. I want to build a simple applet that prompts the browser to pop up the certificate selection box. I'll take it from there. I have Googled this up one way and down another. Any advice?
MSCAPI Certificate selection box in Java; SunMSCAPI?
2.2k views Asked by Stephan At
2
There are 2 answers
0
On
You can use the SunMSCAPI provider to instantiate the local client windows keystore. You can do it simply using this code:
KeyStore keyStore = KeyStore.getInstance("Windows-MY",new SunMSCAPI());
keyStore.load(null, null);
Or if you prefer you can add the provider to security list instead of passing it to the getInstance() call:
SunMSCAPI providerMSCAPI = new SunMSCAPI();
Security.addProvider(providerMSCAPI);
KeyStore ks = KeyStore.getInstance("Windows-MY");
ks.load(null, null);
Note that it's probably already added by default to security providers list for java installation on windows OS.
There are not many details on your question so I give you an example to for example show all aliases and subject of the related certificates from the local client windows keystore to illustrate the use of this provider:
package org.catcert.crypto.keyStoreImpl.windows;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import sun.security.mscapi.SunMSCAPI;
public class Example {
public static void main(String args[]) throws Exception {
KeyStore keyStore = KeyStore.getInstance("Windows-MY",new SunMSCAPI());
keyStore.load(null, null);
// copy to avoid concurrent problems with aliases...
ArrayList<String> aliases = Collections.list(keyStore.aliases());
for(String alias : aliases){
System.out.println("keyEntry alias: " + alias);
X509Certificate cert = (X509Certificate)keyStore.getCertificate(alias);
System.out.println("Certificate subject: " + cert.getSubjectDN());
}
}
}
Note that SunMSCAPI was introduced on java 1.6, however support for 64 bits version was added on java 1.7.
I am working (struggling) on something similar - although for a non web app.. The only solution which has worked for me so far - is to do a JNI to C# (Wrapped using MCPP)..