openjdk team mailing list archive

Thread
Date

Bug#742831: the details are essential

To: 742831@xxxxxxxxxxxxxxx
From: Hans-Christoph Steiner <hans@xxxxxxx>
Date: Tue, 10 Jun 2014 09:54:06 -0400
Openpgp: id=374bbe81
Reply-to: Hans-Christoph Steiner <hans@xxxxxxx>, 742831@xxxxxxxxxxxxxxx
Resent-cc: OpenJDK Team <openjdk@xxxxxxxxxxxxxxxxxxx>
Resent-date: Tue, 10 Jun 2014 13:57:02 +0000
Resent-from: Hans-Christoph Steiner <hans@xxxxxxx>
Resent-message-id: <handler.742831.B742831.140240845915848@xxxxxxxxxxxxxxx>
Resent-sender: Debian BTS <debbugs@xxxxxxxxxxxxxxxxxxxx>
Resent-to: debian-bugs-dist@xxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Hey Martin,

It sounds like you are missing some technical details of what I propose.

What I propose still requires the user to explicitly enable using OpenSC to
access the smartcard, it just makes the process of explicitly enabling much
simpler by adding a pre-configured provider.  If what I proposed was
included, Java code, keytool, and jarsigner all would ignore OpenSC by
default.  For example, these would ignore OpenSC:

  keytool -keystore NONE -storetype PKCS11 -list
  keytool -keystore /path/to/store.jks -storetype PKCS11 -list

Only when adding "-providerName SunPKCS11-OpenSC" would Java use OpenSC.
The "OpenSC" part of the name "SunPKCS11-OpenSC" points to the configuration
in ${java.home}/lib/security/opensc.cfg.

libnss is preconfigured this way in Debian also:
security.provider.10=sun.security.pkcs11.SunPKCS11
${java.home}/lib/security/nss.cfg

And it is available using "-providerName SunPKCS11-NSS".
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: GPG for Android - https://guardianproject.info/code/gnupg/
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTlw3+AAoJEJ8P5Yc3S76BgPQP/AoYWAp3vS8n/3eS+AcsjdVV
ml8laEVtZvr53LhNm/OsAXQkqNu6m32DO1Yi9pwWS2msOBVk68HvzSWkj9MQemzT
UnwMTCBuYoCOYohNd65umC7AG0HpSDI8IEBSmSPeL37EmMjgNb440Dcw3MPUcZsu
KPAuoA5+9dpLHG62pNupkf/6HA+5xuDgr5g/A1HMzGPTLCAgi7V3LClTqR3YK+Gt
8uT05ynwn/GRQBdsAmJHOb8lwlsVMQ4v++hYA0jp+WUF9lTuc5r17vZFvB9I7Fzz
thcYVP2vV4xg2ViyRhJ/zKSuGSU1co0lyAi9zhx8zBdGZc546jAENomP3wKKvIUy
dpWKXzpt8m7LXPXOgWP7zp2lnXEntr7Oyz8KI6F/ht9mswuu6eWQYr76mdycwAEc
IpNjs2zsis45GzBDW073Z1inKEbtywhjQC10UXUZ/dr+GVjKF0bjkagZXD27EHe/
B9QCAdcDpstyMIplQe/gAkLkX26FDRZLUAOe2JbXpZnJ2ZrBP5++FTLUYTAqhPY8
roCEe4pF2uUlc5WP0/6h6ovMhGK7o4V+ucqKeqxkIKMDL4Dujvjm29MN3s7mKr7A
bt65SiD46HguxCbfOCzIRnAzY4N3xTQq3I2LDu8jjSe64DjFTmIp6bnSryDl76fj
mZ61nHGmGXzJUOaKdskM
=DTbC
-----END PGP SIGNATURE-----