I'm trying to sign my files with my smart card. I initialize my keystore like this:
String pkcs11config = "name = CertumSmartCard \n" + "library = "
+ new File(".").getAbsolutePath() + "/cryptoCertum3PKCS.dll";
Provider pkcs11Provider = new SunPKCS11(new ByteArrayInputStream(
pkcs11config.getBytes()));
Security.addProvider(pkcs11Provider);
KeyStore keyStore = KeyStore.getInstance("PKCS11", pkcs11Provider);
keyStore.load(null, pin.toCharArray());
and then I try to read certificate chain using:
Enumeration<String> aliasesEnum = keyStore.aliases();
String alias = null;
while (aliasesEnum.hasMoreElements()) {
alias = aliasesEnum.nextElement();
Certificate[] certChain = keyStore.getCertificateChain(alias);
(...)
}
but unfortunately I get only one certificate in my chain (certificate of the owner of this card). I don't have any trusted root certificates so during validation I get an error that file was signed using untrusted certicicate.
Do you have any idea? Should I use SunPKSC11 class? It doesn't work with java 7 (I use java 6), looks like it's deprecated. Are there any other libraries to get into the card's guts?
Actually this card contained only one certificate so my code worked properly. I added missing certificates manually and connected them into chain. With that chain I could sign my file. I got missing certificates by saving them from another application (proCertum Smart Card) oficially used for singning file with this type of certificate.