Java Programming

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

PKCS11 token, receiving error CKR_ATTRIBUTE_TYPE_INVALID when executing keystore.getKey()

User_KZASHFeb 18 2018 — edited Mar 6 2018

I use java 1.8 and the following code works for many USB pkcs11 devices but this week I found a new model of a token that when I execute "keystorePkcs11.getKey(alias, pass);" I receive the error CKR_ATTRIBUTE_TYPE_INVALID. This token has a single certificate.

I read that this error means that Java is requesting an atributte that is not present in the object but I don't know how to fix this error. This token works well in other applications(web applications tested on Chrome and IE or other programming languages). Is there some way to ignore this error?

This is the full code source I used to do the test:

package pkcs11test;

import java.io.FileOutputStream;
import java.io.IOException;
import java.io.PrintStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Enumeration;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.KeyManagerFactory;
import sun.security.pkcs11.SunPKCS11;
import sun.security.pkcs11.wrapper.CK_TOKEN_INFO;
import sun.security.pkcs11.wrapper.PKCS11;
import sun.security.pkcs11.wrapper.PKCS11Exception;

public class PKCS11Test {
   public static void main(String[] args) {
   try {
   char[] pass = "******".toCharArray(); // PIN of the token
   String dllFile = "D:\\temp\\cryptoide_pkcs11.dll"; // DLL file used to acces the token
   String configFile = "config.cfg"; // config file
  PKCS11 p11 = PKCS11.getInstance(dllFile, "C_GetFunctionList", null, false);
   long[] slots = p11.C_GetSlotList(true);
   for (int j = 0; j < slots.length; j++) {
  CK_TOKEN_INFO tokenInfo = p11.C_GetTokenInfo(slots[j]);
   System.err.println("Token found at position "+j+
   " label "+new String(tokenInfo.label).toUpperCase().trim()+
   " model "+new String(tokenInfo.model).toUpperCase().trim()+
   " manufacturerID "+new String(tokenInfo.manufacturerID).toUpperCase().trim()+
   " utcTime "+new String(tokenInfo.utcTime).toUpperCase().trim()+
   " serial "+new String(tokenInfo.serialNumber).toUpperCase().trim());

   PrintStream out = new PrintStream(new FileOutputStream(configFile));
  out.print("name=SmartCard\r\n"+"library="+dllFile+"\r\nslotListIndex="+slots[j]+"\r\n");
  out.close();

   SunPKCS11 tempProv = new sun.security.pkcs11.SunPKCS11(configFile);
   KeyStore keystorePkcs11 = KeyStore.getInstance("pkcs11", tempProv);
  keystorePkcs11.load(null, pass);
   KeyManagerFactory kKeyManagerFactory = KeyManagerFactory.getInstance("sunx509");
   //kKeyManagerFactory.init(keystorePkcs11, null);

   Enumeration<String
This post has been answered by User_KZASH on Mar 6 2018
Jump to Answer


  
    
    
      Comments
      
    
    
  
  


  
    
      
        Sergiusz Wolicki-Oracle
        
        
      
      
          
      
    
  
  
     
     
    I suspect that you have the problem of the pass-through scenario.

Your NLS_LANG and Unicode locale are set to AL32UTF8 but

your terminal works in WE8ISO8859P1. Hence, you can enter

and retrieve your data but they are not stored legal AL32UTF8 codes.

This only suspicion, therefore please do the following test:



INSERT INTO <your_table>(<your_CLOB_COLUMN>)

VALUES( UNISTR('\00e4\00f6\00fc\00df') );



and query this value back. If you correctly see three German lowercase umlauts

and sharp s, then my diagnosis is wrong and I will try again.



Otherwise, set NLS_LANG=.WE8ISO8859P1 and restart your tests.





-- Sergiusz 
     
    
  
  
      
    
  



  
    
      
        361551
        
        
      
      
          
      
    
  
  
     
     
    No, my terminal works with UFT-8 encoding.

I called your SQL-Statement twice, from windows and from UNIX, and I can see these four characters displayed correctly on the both sides.



Dzianis 
     
    
  
  
      
    
  



  
    
      
        Sergiusz Wolicki-Oracle
        
        
      
      
          
      
    
  
  
     
     
    Please, specify the exact database and client versions.



-- Sergiusz 
     
    
  
  
      
    
  



  
    
      
        Sergiusz Wolicki-Oracle
        
        
      
      
          
      
    
  
  
     
     
    Also, please post the code fragment that reports the error.



-- Sergiusz 
     
    
  
  
      
    
  



  
    
      
        361551
        
        
      
      
          
      
    
  
  
     
     
    Server and Client have the same version number:



Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production 
     
    
  
  
      
    
  



  
    
      
        361551
        
        
      
      
          
      
    
  
  
     
     
    The OCI function is OCILobRead. 
     
    
  
  
      
    
  



1 - 6


  
    
    
  
  
    
    
      
        Locked Post
        
      
      
        New comments cannot be posted to this locked post.


        
  
    
    
      Post Details
      
    
    
  
  
      
    
          Locked on Apr 3 2018
      
      
      
    
  
      
    
          Added on Feb 18 2018
      
      
      
    
  
      
    
                                     7 comments
      
      
      
    
  
      
    
                                 2,321 views