Java & Windows-MY keystore - duplicated aliases

Question

I'm implementing a mutual authentication with a web server in Java on Windows. I have a certificate on a SmartCard which is supposed to be used to authenticate me (or other user).

So far I've figured out that I can access the certificates using Windows-MY key store. I do it like that:

KeyStore keyStore = KeyStore.getInstance("Windows-MY");
keyStore.init(null, null);

This works. I can see all certificates inside keystoreSpi (in debugger). One of them is the one which I need to use - I confirmed that.

The problem is as follows:

KeyStore api allows me to get a certificate only by using it's alias. eg keyStore.getCertificate("alias") or keystore.getCertificateChain("alias")

I noticed that there are multiple different certificates with the same alias in this keystore. I cannot change the aliases. I just physicaly got the smartcard with given certificates.

When I call one of the mentioned methods, keystore returns just the first certificate in the list with given alias. (generally, in the implementation there is a map where aliases are it's keys, so all duplicated aliases are ignored).

Unfortunately first certificate's purpose is "email encryption", etc. The second certificate's purpose is "SmartCard Logon" and this one I need to use. I confirmed that by going into debugger and manually hacking the list of certificates.

The question is: how do I get a proper certificate using the API (eg. the second one) when there are duplicated aliases?

If this can be done by external libraries, I can opt for that.

More details which may be useful:

• I use KeyStore, then create KeyStoreManager.
• I initialize SSLContext with given keyStoreManager sslContext.init(keyManagerFactory.getKeyManagers(), ...)
• I create HttpsUrlConnection with given ssl context, which is my objective.

Answer 1

This has been fixed a while ago. Just update to a recent JRE. For more information see here: https://bugs.java.com/bugdatabase/view_bug.do?bug_id=6483657