Forum Stats

  • 3,838,710 Users
  • 2,262,394 Discussions
  • 7,900,739 Comments

Discussions

sunpkcs#11, smartcard and tomcat

790737
790737 Member Posts: 18
edited Feb 19, 2015 5:13AM in Cryptography

I have a web application running on Tomcat.My application uses a webservice which signs(via smartcard) and sends email.The webservice itself adds the sunpkcs#11 provider automatically during first call and before sending email, then can  sign and send emails if smarcard not removed and inserted.If removed and inserted, in order to send email i must restart the tomcat server, if not, it gives several errors accordingly my editions on my code.

This is the code:

result= api.signAndSend(to, cc, bcc, subject, content, smartCardPin);

After removing and inserting smard card this code gives: "Token has been removed" exception.

These are my tryings:

1-  I tried removing the sunpkcs#11 provider just after sending email and creating a new sunpkcs#11 provider and adding it.it gives and error like: java.security.InvalidKeyException: No installed provider supports this key: sun.security.pkcs11.P11Key$P11PrivateKey or java.security.InvalidKeyException: No installed provider supports this key: null

2- I did not remove sunpkcs#11 provider after each api.signAndSend(...) call, rather :

result= api.signAndSend(to, cc, bcc, subject, content, smartCardPin);

  result= api.signAndSend(to, cc, bcc, subject, content, smartCardPin);
  SunPKCS11 sunPKCS11=(SunPKCS11)getLastProvider();
  sunPKCS11.logout();
  sunPKCS11.setCallbackHandler(new MyCallbackHandler());
  KeyStore.CallbackHandlerProtection cpprotection = new KeyStore.CallbackHandlerProtection(
  new MyCallbackHandler());
  KeyStore.Builder builder = KeyStore.Builder.newInstance(
  "PKCS11", sunPKCS11, cpprotection);
  KeyStore ks = builder.getKeyStore();

//finalize PKCS#11
Field moduleMapField = PKCS11.class.getDeclaredField("moduleMap");
  moduleMapField.setAccessible(true);
  Map<?, ?> moduleMap = (Map<?, ?>) moduleMapField.get(null);
  moduleMap.clear(); // force re-execution of C_Initialize next time

//load PKCS#11(i expect this code to load pkcs#11 again but i am not sure)
Method getInstanceMethod = PKCS11.class.getMethod("getInstance",
  String.class, String.class, CK_C_INITIALIZE_ARGS.class,
  Boolean.TYPE);
  CK_C_INITIALIZE_ARGS ck_c_initialize_args = new CK_C_INITIALIZE_ARGS();
  PKCS11 pkcs11 = (PKCS11) getInstanceMethod.invoke(null, pkcs11Path,
  "C_GetFunctionList", ck_c_initialize_args, false);

this code gives:

java.security.ProviderException: Initialization failed

  at sun.security.pkcs11.P11Signature.initialize(P11Signature.java:319)

  at sun.security.pkcs11.P11Signature.engineInitSign(P11Signature.java:432)

  at java.security.Signature$Delegate.init(Signature.java:1127)

  at java.security.Signature$Delegate.chooseProvider(Signature.java:1087)

  at java.security.Signature$Delegate.engineInitSign(Signature.java:1151)

  at java.security.Signature.initSign(Signature.java:512)

  at org.esign.bouncycastle.operator.jcajce.JcaContentSignerBuilder.build(Unknown Source)

.

.

.

Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_KEY_HANDLE_INVALID

  at sun.security.pkcs11.wrapper.PKCS11.C_SignInit(Native Method)

  at sun.security.pkcs11.wrapper.PKCS11$SynchronizedPKCS11.C_SignInit(PKCS11.java:1721)

  at sun.security.pkcs11.P11Signature.initialize(P11Signature.java:311)

java: 1.8.0.31

Any help would be appreciated.

This discussion has been closed.