- Открытие магазина (кодовые блоки [1] и [2]), < /li>
Листинг сертификаты, хранящиеся на карте (кодовый блок [3]) < /li>
Создание пары клавиш на карте (кодовый блок [4]) < /li>
Создание Мой корневой сертификат (кодовый блок [5])
keyStoreException: sun.security.pkcs11.wrapper.pkcs11exception: ckr_user_not_logged_in
Почему это происходит? Содержание/Product_briefs/field_document/2022-02/safenet-id-prime940-pb.pdf
Я не уверен, что этот код, как правило, правильный с точки зрения создания и сохранения моего собственного сертификата Смарт -карта, поэтому, если вы видите какие -либо нарушения, пожалуйста, укажите мне, что не так. < /p>
public void smartCard_Save_Certificate()
{
try
{
//-------------- [1] PKCS#11 configuration ------------------------
Security.addProvider(new BouncyCastleProvider());
String name = "SmartCard";
String library = "C:\\Program Files\\SafeNet\\Authentication\\SAC\\x64\\IDPrimePKCS1164.dll";
String slotListIndex = "0";
String PIN = "1234";
String pkcs11Config = "name=" + name + "\nlibrary=" + library + "\nslot=" + slotListIndex;
ByteArrayInputStream pkcs11ConfigStream = new ByteArrayInputStream(pkcs11Config.getBytes());
Provider provider = new sun.security.pkcs11.SunPKCS11(pkcs11ConfigStream);
Security.addProvider(provider);
//--------------------- [2] Key store open -------------------------
KeyStore keyStore = KeyStore.getInstance("PKCS11", provider);
keyStore.load(null, PIN.toCharArray());
//------------------ [3] listing certificates ---------------------
Enumeration aliases = keyStore.aliases();
while (aliases.hasMoreElements())
{
String alias = aliases.nextElement();
System.out.println(alias);
}
//------------------------ [4] generate key pair (elliptic curves secp256r1) --------------------------
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC", provider);
keyGen.initialize(new ECGenParameterSpec("secp256r1"));
KeyPair keyPair = keyGen.generateKeyPair();
//-------------------------- [5] creation my root certificate -----------------------------------------
X509v3CertificateBuilder rootCertificateBuilder = new JcaX509v3CertificateBuilder(
new X500Name("CN=MyRootCertificate"),
new BigInteger(64, new SecureRandom()),
getCurrentDate(),
getCurrentDatePlusDays(7),
new X500Name("CN=MyRootCertificate"),
keyPair.getPublic());
ContentSigner rootSelfSigner = new JcaContentSignerBuilder("SHA256withECDSA").setProvider(provider).build(keyPair.getPrivate());
X509Certificate rootCertificate = new JcaX509CertificateConverter()./*setProvider(provider).*/getCertificate(rootCertificateBuilder.build(rootSelfSigner));
//---------------------------- [6] printing a public key ----------------------------------------------
PublicKey publicKey = rootCertificate.getPublicKey();
System.out.println("PublicKey of \"rootCertificate\": " + convertByteTableToHex(publicKey.getEncoded()));
//-------- [7] Saving the private key and my root certificate to a smart card ------------------------
Certificate[] certificatesChain = new Certificate[1];
certificatesChain[0] = rootCertificate;
keyStore.setKeyEntry("MyRootCertificate", (Key)keyPair.getPrivate(), null, certificatesChain);
keyStore.store(null);
//-------------------------- [8] private Key Verification -----------------------------------
PrivateKey privateKey = (PrivateKey)keyStore.getKey("MyRootCertificate", null);
boolean keyPairMatch = verifyKeyPair(privateKey, keyPair.getPublic(), "SHA256withRSA", provider);
System.out.println("Key pair match: " + keyPairMatch);
//-------------------------- [9] reading my certificate from the card -------------------------
Certificate x509CertificateSaved = keyStore.getCertificate("MyRootCertificate");
if (x509CertificateSaved != null)
{
PublicKey publicKeySaved = x509CertificateSaved.getPublicKey();
System.out.println("publicKeySaved: " + convertByteTableToHex(publicKeySaved.getEncoded()));
//-------------------------- [10] Verifying the public key of the card certificate --------------
rootCertificate.verify(publicKeySaved, provider);
}
}
catch (KeyStoreException ex)
{
Exceptions.printStackTrace(ex);
}
catch (IOException ex)
{
Exceptions.printStackTrace(ex);
}
catch (NoSuchAlgorithmException ex)
{
Exceptions.printStackTrace(ex);
}
catch (CertificateException ex)
{
Exceptions.printStackTrace(ex);
}
catch (InvalidAlgorithmParameterException ex)
{
Exceptions.printStackTrace(ex);
}
catch (OperatorCreationException ex)
{
Exceptions.printStackTrace(ex);
}
catch (InvalidKeyException ex)
{
Exceptions.printStackTrace(ex);
}
catch (SignatureException ex)
{
Exceptions.printStackTrace(ex);
}
catch (UnrecoverableKeyException ex)
{
Exceptions.printStackTrace(ex);
}
catch (ProviderException ex)
{
Exceptions.printStackTrace(ex);
}
}
public String convertByteTableToHex(byte [] bytes)
{
StringBuilder sb = new StringBuilder();
for (byte b : bytes)
{
sb.append(String.format("%02X ", b));
}
return sb.toString();
}
public boolean verifyKeyPair(PrivateKey privateKey, PublicKey publicKey, String signatureAlgorithm, Provider provider)
{
try
{
Signature signature = Signature.getInstance(signatureAlgorithm, provider);
try
{
signature.initSign(privateKey);
String testData = "Test data";
try
{
signature.update(testData.getBytes(StandardCharsets.UTF_8));
byte[] digitalSignature = signature.sign();
signature.initVerify(publicKey);
signature.update(testData.getBytes());
boolean keysMatch = signature.verify(digitalSignature);
System.out.println("Key pair match: " + keysMatch);
return keysMatch;
}
catch (SignatureException ex)
{
Exceptions.printStackTrace(ex);
return false;
}
}
catch (InvalidKeyException ex)
{
Exceptions.printStackTrace(ex);
return false;
}
}
catch (NoSuchAlgorithmException ex)
{
Exceptions.printStackTrace(ex);
return false;
}
}
Подробнее здесь: https://stackoverflow.com/questions/794 ... smart-card
