This content has been marked as final. Show 1 reply
You really need to read up on the Public Key Cryptographic System #11 (PKCS#11 or P11) standard to understand what is going on underneath (ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/pkcs11v2.pdf).
When you write a C-program to talk to a PKCS#11 cryptographic module, you "open a session" with the token. Implementers of the module support a certain number of sessions per module; when you reach the limit, you get a CKR_SESSION_COUNT return value, indicating that there are too many open sessions. Application developers who write code to the P11 interface are expected to close sessions when they're done - but the question of when an application is done depends on the developer.
Since Sun Microsystems is the "application developer" of the SunPKCS11 Bridge, when you write JCE code and instantiate a new SunPKCS11 Provider, the Bridge code written by Sun "opens" the session to the underlying P11 token (your smartcard in this case). Obviously, when you exit the Java application, the Provider will close the session; until then, the session is likely kept open.
Since we don't know how you've written your application code, its entirely possible that the way you've written it causes the Bridge to open a new session with the smartcard, thereby running out of sessions supported by the smartcard. You probably need to experiment with your Java code to see how you can reuse existing instantiated objects so the SunPKCS11 Bridge does not open a new session for each operation on the smartcard (unless the session truly requires a different type of P11 privilege or access - the PDF document describes P11 Sessions in great detail).
It is for this reason, when I work with cryptographic hardware modules, I insist on the module vendor providing a native JCE interface - or at least a JCE Provider that talks to their own PKCS11 library; this way, the creators of the module know what to write in their JNI code to talk to their P11 module/token without a third-party Bridge (SunPKCS11) getting in the way.