JDK-7020925 : Include x64 version of SunPKCS11 Provider with Windows x64 JRE
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 6u23
  • Priority: P4
  • Status: Closed
  • Resolution: Duplicate
  • OS: windows_2003
  • CPU: x86
  • Submitted: 2011-02-20
  • Updated: 2012-03-20
  • Resolved: 2011-02-24
Related Reports
Duplicate :  
JDK-6880559 - Enable PKCS11 64-bit windows builds
Description
A DESCRIPTION OF THE REQUEST :
x64 builds od JRE and JDK are missing the SunPKCS11 provider for accessing PKCS#11 security tokens.

You cannot use 32-bit versions from 32-bit JREs because j2pkcs11.dll needs to be of x64 architecture to be loaded from x64 JRE.


JUSTIFICATION :
Since most other Sun's JREs include this provider, the x64 version of JRE should too, to allow application portability between platforms.

The SunPKCS11 Provider is very useful, not only to access smart cards and cryptographic USB tokens, but also to access Mozilla Firefox NSS KeyStore. It's usually a core component of any Java-based cryptographic application.


EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
  To be able to instantiate and use the SunPKCS11 Security Provider:

[...]
String configName = "/opt/bar/cfg/pkcs11.cfg";
Provider p = new sun.security.pkcs11.SunPKCS11(configName);
Security.addProvider(p);
[...]
ACTUAL -
You get a ClassNotFoundException when you try to instantiate sun.security.pkcs11.SunPKCS11, because its missing from the JRE on Windows x64 builds (there's neither sunpkcs11.jar nor j2pkcs11.dll on JRE's dirs).

---------- BEGIN SOURCE ----------
java.security.Provider p = new sun.security.pkcs11.SunPKCS11(
  new ByteArrayInputStream(
    "name = FooAccelerator\r\nlibrary = /opt/foo/lib/libpkcs11.so\r\n".getBytes()
  )
);
java.security.Security.addProvider(p);
---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
You can compile as Windows x64 your own j2pkcs11.dll and use it with the usual sunpkcs11.jar from 32-bit Windows JRE.