Cannot locate/load certificate by PKCS#11 certificate name #8
Description
I expect to be able to locate and load certificates (and actually, their related private keys) using their alias as reported by Java keytool, and OpenSC pkcs15-tool -c and pkcs11-tool -O. For example:
$ pkcs11-tool -O
Using slot 0 with a present token (0x0)
Public Key Object; RSA 2048 bits
label: PIV AUTH pubkey
ID: 01
Usage: encrypt, verify, wrap
Certificate Object, type = X.509 cert
label: Certificate for PIV Authentication
ID: 01
Public Key Object; RSA 2048 bits
label: SIGN pubkey
ID: 02
Usage: encrypt, verify
Certificate Object, type = X.509 cert
label: Certificate for Digital Signature
ID: 02
Public Key Object; RSA 2048 bits
label: KEY MAN pubkey
ID: 03
Usage: encrypt, wrap
Certificate Object, type = X.509 cert
label: Certificate for Key Management
ID: 03
. . . . .
$
and
$ pkcs15-tool -c
Using reader with a card: Yubico Yubikey NEO OTP+U2F+CCID
X.509 Certificate [Certificate for PIV Authentication]
Object Flags : [0x0]
Authority : no
Path :
ID : 01
Encoded serial : 02 04 57A9DFB6
X.509 Certificate [Certificate for Digital Signature]
Object Flags : [0x0]
Authority : no
Path :
ID : 02
Encoded serial : 02 04 578E91A9
X.509 Certificate [Certificate for Key Management]
Object Flags : [0x0]
Authority : no
Path :
ID : 03
Encoded serial : 02 04 578E9212
X.509 Certificate [Certificate for Card Authentication]
Object Flags : [0x0]
Authority : no
Path :
ID : 04
Encoded serial : 02 04 578E924A
$
But trying to do
String aliasCert = "Certificate for Key Management";
if (ks.isCertificateEntry(aliasCert))
System.out.println("Got certificate entry for alias " + aliasCert);
. . . . .
never prints that line. Somehow it insists on locating certificates by DN plus index (03 for Key Management).
SunPKCS11-based code always find the entries using the above aliasCert. Is there any problem/reason why opensc-java doesn't...?