stackoom
  简体   繁体   中英

How can I use MSCAPI inside an applet to load a keystore

 原文  2011-06-28 19:57:43       java/ applet/ digital-signature/ cryptoapi

Question

I have an applet that allows users to sign documents using their personal certificates. The applet is already signed, but when it tries to load their keystore, I get an access denied error related to sunMSCAPI. It's being caused by the following lines of code:

store = KeyStore.getInstance("Windows-MY");
store.load(null, null);

From what I understand of applet signing, there are no additional steps after the signing process that I need to jump through (editing policy files and such). I tried wrapping all the applet functionality within:

AccessController.doPrivileged(new PrivilegedAction() {
  public Object run() {
    etc...

But that didn't help. I've rooted around and found some comments on various forums that sunMSCAPI is only available in JDK 6...which I've got. I'm running out of ideas, and any help would be appreciated.

For potential aid, here's the stack trace of the access denied error:

java.security.AccessControlException: access denied (java.security.SecurityPermission authProvider.SunMSCAPI)
    at java.security.AccessControlContext.checkPermission(Unknown Source)
    at java.security.AccessController.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkPermission(Unknown Source)
    at sun.security.mscapi.KeyStore.engineLoad(KeyStore.java:736)
    at sun.security.mscapi.KeyStore$MY.engineLoad(KeyStore.java:43)
    at java.security.KeyStore.load(Unknown Source)
    at com.bloop.signature.PKCS11.loadKeyStore(PKCS11.java:42)
    at com.bloop.signature.PKCS11.sign(PKCS11.java:29)
    at com.bloop.signature.applet.SignApplet.signDocument(SignApplet.java:103)
    at com.bloop.signature.applet.SignApplet.access$200(SignApplet.java:19)
    at com.bloop.signature.applet.SignApplet$1.run(SignApplet.java:64)
    at java.lang.Thread.run(Unknown Source)

1 answers

solution1
 1 ACCPTED  2011-06-29 18:26:21

It seems that the keystore I was using to sign the applet was invalid somehow. I generated a new one, signed with it, cleared the java cache, and everything started working nicely.

For completeness sake, here's the command I ran to generate the new store:

keytool -genkey -alias keyPair -keyalg RSA -validity 500 -keystore myKeyStore -keypass <password> -storepass <password> -dname "<CN,OU,O,L,ST,C details>"

If anyone else ever has this problem, hopefully the above helps.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can I use JMF functionality inside a java applet? How do I use mscapi.RSAPrivateKey for JWT signing? Load MSCAPI Java Keystore without loading private keys (hard token) How I can use java.applet.Applet in Android? how can i use JXMapViewer in my applet? OpenPGP (Bouncy Castle) with MSCAPI Keystore How to use MSCAPI provider for client SSL authentication Can I use PDFBox in an applet? How can I use an old java applet with an expired certificate? How do I load and display a remote jar applet in my applet?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM