JDK-8147547 : Calling load() on Windows-MY KeyStore shows false error with certs on smartcard
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.smartcardio
  • Affected Version: 8u66
  • Priority: P4
  • Status: Open
  • Resolution: Unresolved
  • OS: windows_7
  • CPU: x86_64
  • Submitted: 2016-01-09
  • Updated: 2022-08-19
Related Reports
Relates :  
JDK-8068797 - Ability to pass CRYPT_ACQUIRE_SILENT_FLAG in CryptAcquireCertificatePrivateKey
Description
FULL PRODUCT VERSION :
java version "1.8.0_66"
Java(TM) SE Runtime Environment (build 1.8.0_66-b18)
Java HotSpot(TM) 64-Bit Server VM (build 25.66-b18, mixed mode)

java version "1.7.0_79"
Java(TM) SE Runtime Environment (build 1.7.0_79-b15)
Java HotSpot(TM) 64-Bit Server VM (build 24.79-b02, mixed mode)

ADDITIONAL OS VERSION INFORMATION :
Windows 7 64bit

EXTRA RELEVANT SYSTEM CONFIGURATION :
SmartCard reader: Alcor Micro USB SmartCard Reader
SmartCard chip: Gemalto TOP DM GX4Verze
SmartCard ATR: 3B7F960000EA5CBDF07AEB6541894B0400000000

A DESCRIPTION OF THE PROBLEM :
When calling KeyStore.load() with SunMSCAPI crypto provider (instantiated by getting a keystore with name "Windows-MY"), Java shows an unnecessary error window, if you use a Win CryptAPI-compatible smartcard.

Sorry, I use a localized version of Java, so the strings reported here are just approximate.

The window is titled "Insert a smartcard". It has 3 buttons (OK (disabled), Cancel (enabled), Details (enabled)).

When clicking on details, a more elaborate view is presented. There is a SC reader icon with a "stop sign" drawn over it signaling some error. Next to this icon, the smartcard name is written (correctly), and beneath it there is a paragraph saying: "A smartcard has been detected. But another one is required for the requested operation. There is probably no driver for the smartcard used, or the required certificate hasn't been found".

If I cancel this window, the load operation proceeds and finishes successfully (despite what would the error window suggest).

Applications affected by this bug:
* Libreoffice (in document signing)
* JSignPDF ( https://github.com/kwart/jsignpdf )

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
KeyStore ks = KeyStore.getInstance("Windows-MY");
ks.load(null, null);
System.out.println(Collections.list(ks.aliases()).toString());


REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
import java.io.IOException;
import java.security.*;
import java.security.cert.*;
import java.util.Collections;

public class Test {
	public static void main(String[] args) {
		try {
			
			KeyStore ks = KeyStore.getInstance("Windows-MY");
			ks.load(null, null);
			System.out.println(Collections.list(ks.aliases()).toString());
			
		} catch (KeyStoreException e) {
			e.printStackTrace();
		} catch (NoSuchAlgorithmException e) {
			e.printStackTrace();
		} catch (CertificateException e) {
			e.printStackTrace();
		} catch (IOException e) {
			e.printStackTrace();
		}
	}
}

---------- END SOURCE ----------