Java SmartCard Identity

Question

I’m trying to duplicate some functionality done for C# into Java. I’ve been banging my head on this for days and can’t figure out what PHD I need to accomplish this in Java. I’m working with smartcard authentication and have read many posts on the subject. I’ve been able to hook up to the reader to get it to tell me when something is inserted/removed (simple examples) and the name of the reader it happened to. However, I can find nothing on getting the cert from the card. Tons of examples that border on dealing with assembly language that I remember from college, but nothing usable to accomplish the objective. As a point of reference this simple bit of code, cobbled together from various examples, gets me exactly what I need in C#

      public static X509Certificate2 GetCertFromCard()
      {
         string magicString = magicString = "Microsoft Base Smart Card Crypto Provider";
         CspParameters cspParameters =  new CspParameters(1, magicString)
         RSACryptoServiceProvider rsaProvider = new RSACryptoServiceProvider(cspParameters);
         string pubKeyXml = rsaProvider.ToXmlString(false);
         X509Store x509Store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
         x509Store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);

         foreach (X509Certificate2 cert in x509Store.Certificates)
         {
            if ((cert.PublicKey.Key.ToXmlString(false) == pubKeyXml) && cert.HasPrivateKey)
            {
               return cert;
            }
         }

         return null;
      }

Obviously, this is nothing new and unique. I’m not trying to do anything revolutionary here, so you should not need to be a rocket surgeon to figure it out.

I’ve been able to access the KeyStore on the machines to look at the certs and have been able to find what I need there, I just need to be able to match it up to the card inserted to enable role based options.

Answer 1

Gave up and did a JNI call to M Cli/C++ At least THEY know how to process the request.

Answer 2

You are kind of cheating: you seem to be using a smart card which has a CSP installed for it. This middleware knows how to access and perform operations on the smart card.

The standardized / Java equivalent would be to have a PKCS#11 library for your smart card and using the Java PKCS#11 provider to access it. You could of course also use the `SunMSCAPI provider to access your key / certificate store on Windows.

If you don't have any of that then you may need to use the SmartCardIO library and access your smart card directly. However, in that case you need to know the specific format of the smart card. If it uses a generic way of locating keys and certificates (such as ISO 7816-15, previously known as PKCS#15) then libraries may be available to directly access certificates and use private keys.