Skip to Main Content

Java Programming

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

PKCS11 token, receiving error CKR_ATTRIBUTE_TYPE_INVALID when executing keystore.getKey()

User_KZASHFeb 18 2018 — edited Mar 6 2018

I use java 1.8 and the following code works for many USB pkcs11 devices but this week I found a new model of a token that when I execute "keystorePkcs11.getKey(alias, pass);" I receive the error CKR_ATTRIBUTE_TYPE_INVALID. This token has a single certificate.

I read that this error means that Java is requesting an atributte that is not present in the object but I don't know how to fix this error. This token works well in other applications(web applications tested on Chrome and IE or other programming languages). Is there some way to ignore this error?

This is the full code source I used to do the test:

package pkcs11test;

import java.io.FileOutputStream;
import java.io.IOException;
import java.io.PrintStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Enumeration;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.KeyManagerFactory;
import sun.security.pkcs11.SunPKCS11;
import sun.security.pkcs11.wrapper.CK_TOKEN_INFO;
import sun.security.pkcs11.wrapper.PKCS11;
import sun.security.pkcs11.wrapper.PKCS11Exception;

public class PKCS11Test {
  
public static void main(String[] args) {
  
try {
  
char[] pass = "******".toCharArray(); // PIN of the token
  
String dllFile = "D:\\temp\\cryptoide_pkcs11.dll"; // DLL file used to acces the token
  
String configFile = "config.cfg"; // config file
  PKCS11 p11
= PKCS11.getInstance(dllFile, "C_GetFunctionList", null, false);
  
long[] slots = p11.C_GetSlotList(true);
  
for (int j = 0; j < slots.length; j++) {
  CK_TOKEN_INFO tokenInfo
= p11.C_GetTokenInfo(slots[j]);
  
System.err.println("Token found at position "+j+
  
" label "+new String(tokenInfo.label).toUpperCase().trim()+
  
" model "+new String(tokenInfo.model).toUpperCase().trim()+
  
" manufacturerID "+new String(tokenInfo.manufacturerID).toUpperCase().trim()+
  
" utcTime "+new String(tokenInfo.utcTime).toUpperCase().trim()+
  
" serial "+new String(tokenInfo.serialNumber).toUpperCase().trim());

  
PrintStream out = new PrintStream(new FileOutputStream(configFile));
  out
.print("name=SmartCard\r\n"+"library="+dllFile+"\r\nslotListIndex="+slots[j]+"\r\n");
  out
.close();

  
SunPKCS11 tempProv = new sun.security.pkcs11.SunPKCS11(configFile);
  
KeyStore keystorePkcs11 = KeyStore.getInstance("pkcs11", tempProv);
  keystorePkcs11
.load(null, pass);
  
KeyManagerFactory kKeyManagerFactory = KeyManagerFactory.getInstance("sunx509");
  
//kKeyManagerFactory.init(keystorePkcs11, null);

  
Enumeration<String
This post has been answered by User_KZASH on Mar 6 2018
Jump to Answer

Comments

karianna

This probably needs to be moved to the JaaS commmunity.

I'd also probably try the 3rd option:

Implement a custom URIDereferencer which can find these references and override the builtin URIDereferencer with the DOMValidateContext.setURIDereferencer method.

1 - 1
Locked Post
New comments cannot be posted to this locked post.

Post Details

Locked on Apr 3 2018
Added on Feb 18 2018
7 comments
2,258 views