Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

sunpkcs#11, smartcard and tomcat

790737Feb 19 2015 — edited Feb 19 2015

I have a web application running on Tomcat.My application uses a webservice which signs(via smartcard) and sends email.The webservice itself adds the sunpkcs#11 provider automatically during first call and before sending email, then can  sign and send emails if smarcard not removed and inserted.If removed and inserted, in order to send email i must restart the tomcat server, if not, it gives several errors accordingly my editions on my code.

This is the code:

result= api.signAndSend(to, cc, bcc, subject, content, smartCardPin);

After removing and inserting smard card this code gives: "Token has been removed" exception.

These are my tryings:

1-  I tried removing the sunpkcs#11 provider just after sending email and creating a new sunpkcs#11 provider and adding it.it gives and error like: java.security.InvalidKeyException: No installed provider supports this key: sun.security.pkcs11.P11Key$P11PrivateKey or java.security.InvalidKeyException: No installed provider supports this key: null

2- I did not remove sunpkcs#11 provider after each api.signAndSend(...) call, rather :

result= api.signAndSend(to, cc, bcc, subject, content, smartCardPin);

  result= api.signAndSend(to, cc, bcc, subject, content, smartCardPin);


  SunPKCS11 sunPKCS11=(SunPKCS11)getLastProvider();


  sunPKCS11.logout();


  sunPKCS11.setCallbackHandler(new MyCallbackHandler());


  KeyStore.CallbackHandlerProtection cpprotection = new KeyStore.CallbackHandlerProtection(


  new MyCallbackHandler());


  KeyStore.Builder builder = KeyStore.Builder.newInstance(


  "PKCS11", sunPKCS11, cpprotection);


  KeyStore ks = builder.getKeyStore();




//finalize PKCS#11


Field moduleMapField = PKCS11.class.getDeclaredField("moduleMap");


  moduleMapField.setAccessible(true);


  Map<?, ?> moduleMap = (Map<?, ?>) moduleMapField.get(null);


  moduleMap.clear(); // force re-execution of C_Initialize next time




//load PKCS#11(i expect this code to load pkcs#11 again but i am not sure)


Method getInstanceMethod = PKCS11.class.getMethod("getInstance",


  String.class, String.class, CK_C_INITIALIZE_ARGS.class,


  Boolean.TYPE);


  CK_C_INITIALIZE_ARGS ck_c_initialize_args = new CK_C_INITIALIZE_ARGS();


  PKCS11 pkcs11 = (PKCS11) getInstanceMethod.invoke(null, pkcs11Path,


  "C_GetFunctionList", ck_c_initialize_args, false);

this code gives:

java.security.ProviderException: Initialization failed

  at sun.security.pkcs11.P11Signature.initialize(P11Signature.java:319)

  at sun.security.pkcs11.P11Signature.engineInitSign(P11Signature.java:432)

  at java.security.Signature$Delegate.init(Signature.java:1127)

  at java.security.Signature$Delegate.chooseProvider(Signature.java:1087)

  at java.security.Signature$Delegate.engineInitSign(Signature.java:1151)

  at java.security.Signature.initSign(Signature.java:512)

  at org.esign.bouncycastle.operator.jcajce.JcaContentSignerBuilder.build(Unknown Source)

.

.

.

Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_KEY_HANDLE_INVALID

  at sun.security.pkcs11.wrapper.PKCS11.C_SignInit(Native Method)

  at sun.security.pkcs11.wrapper.PKCS11$SynchronizedPKCS11.C_SignInit(PKCS11.java:1721)

  at sun.security.pkcs11.P11Signature.initialize(P11Signature.java:311)

java: 1.8.0.31

Any help would be appreciated.

Comments

Locked Post
New comments cannot be posted to this locked post.

Post Details

Locked on Mar 19 2015
Added on Feb 19 2015
#cryptography
0 comments
1,444 views