Actually I get JSS to return the external crypto token, and then I retrieve
the cert from the external crypto token. So sthe code looks something like
this:
java.util.Enumeration items = cryptoManager.getExternalTokens();
CryptoToken cryptoToken = (CryptoToken)items.nextElement();
CryptoStore cryptoStore = cryptoToken.getCryptoStore();
X509Certificate[] extCerts = cryptoStore.getCertificates();
for (int i = 0; i < extCerts.length; i++) {
if ( extCerts[i] instanceof TokenCertificate ) System.out.println("cert "
+ extCerts[i].getNickname() + "is a TokenCertificate");
}
I never imported the cert in my internal db (cert7.db); Only the required
security module (PK11 module) to interface with the hardware token was
installed in secmod.db. The cert and key were generated on the hardware
token via a browser.
-- POC
"Jamie Nicolson" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Sounds like there is a copy of your certificate in the internal database
> (cert7.db), and that's the one you got when you looked up your
> certificate (by nickname?).
>
> In JSS 3.2 all certificates will be of type PK11InternalTokenCert, which
> implements both TokenCertificate and InternalCertificate.
>
> Patrick wrote:
>
> >I have one certificate residing on an external crypto token (hardware). I
> >can get info on the cert with X509Certificate methods, can use for SSL
> >client authentication, etc, but when I check if it's an instance of a
> >TokenCertificate, JSS says it isn't...If I cast my X509Certificate to a
> >TokenCertificate, JSS throws "java.lang.ClassCastException:
> >org.mozilla.jss.pkcs11.PK11InternalCert"...
> >
> >-- POC
> >
> >
> >
>
