Hi all,
can anybody help me with that? I want to place a certificate on a
certain PKCS#11 device. I see functions to examine certificates and
keys on the token, create key pair and a certificate request using
this pair, but how do you place eventually the certificate on the same
token? The CryptoManager.importCertXXX(...) methods take no token as
argument.
A search through the sources shows some relation between functions
like PK11_ImportCert (it seems to be the only function that actually
places a certificate on a token), PK11_ImportCertForKey,
pk11_findKeyObjectByDERCert,
PK11_ImportCertForKeyJava_org_mozilla_jss_CryptoManager_importCertPackageNative
and eventually CryptoManager.importCertPackage, and there are several
lines that give hope:
/**
* @param noUser true if we know that none of the certs are user
certs.
* In this case, no attempt will be made to find a matching
private
* key for the leaf certificate.
*/
private native X509Certificate
importCertPackageNative(byte[] certPackage, String nickname,
Well, maybe CryptoManager.importCertPackage will just place a
certificate on the right token, but I can not find that mentioned
anywhere in the docs. I think I will have to walk through the code
with a debugger, but I would very much appreciate any information on
the topic.
Can someone provide some details, please?
