Using Multiple Cards
With configuration file, you are able to use multiple cards concurrently. To use more than one card or more than one slot per card, simply create configuration file for each, and repeat the installation for each with the appropriate configuration file. This will result in an IBMPKCS11Impl provider instance for each card or each slot.
You would still be able to reuse the same provider instance for different cards like what you can
do on SDK 1.4.2. A few calls are available to help you do this. These calls basically clear out the
PKCS #11 information from the provider and then allow you to either create a new provider object or
reuse the same one if you are using the JAAS login module. The first call is part of the login
module:
<LoginContext>.logout();
This call removes the PKCS #11 information from all IBMPKCS11Impl
provider objects. You are now ready to initialize the provider again
or create a new provider object. Note: That this call is only for
an initialization that used the JAAS login module. The other methods
should use the static call:
IBMPKCS11Impl.removeSession();
This call will also clear out all IBMPKCS11Impl provider objects. Here is an example of how to do this using JAAS first to initialize the provider and then preferences:
//Initialize Provider using JAAS
//
String pswd = "PASSWORD";
char [] passwd = new char[pswd.length()];
pswd.getChars(0,pswd.length(),passwd,0);
LoginContext lc = null;
// This class is used to pass the needed information into the login module.
NullPrompter np = new NullPrompter("cryptoki.dll:0",passwd);
// Create the login context.
lc = new LoginContext("active", np);
// This creates the needed principal that the provider needs.
lc.login();
// Get the associated subject.
Subject whoami = lc.getSubject();
// Creates the privileged action needed to finish
PrivilegedAction doIt =
(PrivilegedAction)Class.forName("testAction").newInstance();
// Execute the action.
Subject.doAs(whoami, doIt);
// Remove Provider from Java Provider List
Security.removeProvider("IBMPKCS11Impl");
// Log out of the JAAS Login Module to clear the provider out.
lc.logout();
//Create Java Preferences for initialization.
//
// Add Preferences
prefs.put("IBMPKCSImpl DLL","cryptoki.dll:0");
prefs.put("IBMPKCSImpl password", "PASSWORD");
// Create new provider object
p1 = new com.ibm.crypto.pkcs11impl.provider.IBMPKCS11Impl();
// Remove Preferences for security reasons.
prefs.remove("IBMPKCSImpl DLL");
prefs.remove("IBMPKCSImpl password");
//Add the provider to the Java Provider List after the IBMJCE provider. Note
that
//the IBMJCE provider should be in the provider list for JCE framework
verification.
Security.addProvider(p1);
// Clear all of the IBMPKCS11Impl provider objects and remove the
// provider from the Java Provider List.
com.ibm.crypto.pkcs11impl.provider.IBMPKCS11Impl.removeSession();
Security.removeProvider("IBMPKCS11Impl");