Remove and insert smart card using sunpkcs # 11 and tomcat

I have a web application running on Tomcat. My application uses a web service that signs (via smart card ) and sends an email. The web service itself automatically adds the provider sunpkcs#11during the first call and before sending emails, and then can enter and send emails if the smart card is not removed and inserted. If you delete and paste to send an email, I have to restart the tomcat server or it will give some errors depending on my code:

result= api.signAndSend(to, cc, bcc, subject, content, smartCardPin); 

After removing and inserting a smart card, this code gives an error message below:

Token deleted

These are my impressions:

  • I tried to remove the provider sunpkcs#11immediately after sending the email and creating a new sunpkcs#11provider and adding it.it gives an error, for example:

java.security.InvalidKeyException: none of the installed providers supports this key: sun.security.pkcs11.P11Key $ P11PrivateKey or java.security.InvalidKeyException: none of the installed providers supports this key: null

  1. I did not delete the provider sunpkcs # 11 after each call to api.signAndSend (...),

rather:

  result= api.signAndSend(to, cc, bcc, subject, content, smartCardPin);  
  SunPKCS11 sunPKCS11=(SunPKCS11)getLastProvider();  
  sunPKCS11.logout();  
  sunPKCS11.setCallbackHandler(new MyCallbackHandler());  
  KeyStore.CallbackHandlerProtection cpprotection = new KeyStore.CallbackHandlerProtection(  
  new MyCallbackHandler());  
  KeyStore.Builder builder = KeyStore.Builder.newInstance(  
  "PKCS11", sunPKCS11, cpprotection);  
  KeyStore ks = builder.getKeyStore();  

//finalize PKCS#11  
Field moduleMapField = PKCS11.class.getDeclaredField("moduleMap");  
  moduleMapField.setAccessible(true);  
  Map<?, ?> moduleMap = (Map<?, ?>) moduleMapField.get(null);  
  moduleMap.clear(); // force re-execution of C_Initialize next time  

//load PKCS#11(i expect this code to load pkcs#11 again but i am not sure)  
Method getInstanceMethod = PKCS11.class.getMethod("getInstance",  
  String.class, String.class, CK_C_INITIALIZE_ARGS.class,  
  Boolean.TYPE);  
  CK_C_INITIALIZE_ARGS ck_c_initialize_args = new CK_C_INITIALIZE_ARGS();  
  PKCS11 pkcs11 = (PKCS11) getInstanceMethod.invoke(null, pkcs11Path,  
  "C_GetFunctionList", ck_c_initialize_args, false);  

this code gives:

java.security.ProviderException:       at sun.security.pkcs11.P11Signature.initialize(P11Signature.java:319)       at sun.security.pkcs11.P11Signature.engineInitSign(P11Signature.java:432)        java.security.Signature $Delegate.init(Signature.java:1127)        java.security.Signature $Delegate.chooseProvider(Signature.java:1087)       at java.security.Signature $Delegate.engineInitSign(Signature.java:1151)        java.security.Signature.initSign(Signature.java:512)       at org.esign.bouncycastle.operator.jcajce.JcaContentSignerBuilder.build( )     ,     ,     ,     : sun.security.pkcs11.wrapper.PKCS11Exception: CKR_KEY_HANDLE_INVALID       at sun.security.pkcs11.wrapper.PKCS11.C_SignInit ( )       at sun.security.pkcs11.wrapper.PKCS11 $SynchronizedPKCS11.C_SignInit (PKCS11.java:1721)       at sun.security.pkcs11.P11Signature.initialize(P11Signature.java:311)

java: 1.8.0.31

: SunPkcs # 11 :

//the code below adds sunpkcss provider automatically after first call
result= api.signAndSend(to, cc, bcc, subject, content, smartCardPin);

//after each signAndSend i remove sunpkcs and add a new one
String sunpkcs11Name=getLastProvider().getName();
Security.removeProvider(sunpkcs11Name);

String cfg = MessageFormat.format(
                "name = Starcos-SunPkcs11  library = c:/windows/system32/aetpkss1.dll slot = 52481 ");
        InputStream is=new ByteArrayInputStream(cfg.getBytes());

SunPKCS11 newSunPkcs11Provider = new SunPKCS11(is);
Security.addProvider(newSunPkcs11Provider);

SunPkcs11, api.signAndSend(...) :

java.security.InvalidKeyException: : > sun.security.pkcs11.P11Key $P11PrivateKey

- SunPkcs11, SunPkcs11, , .

+4
1

, , PKCS # 11 Smartcards, , ,

, PKCS # 11 . , PKCS # 11 , , -, KeyStore.Builder. , PKCS # 11 .

, , post .

+2

All Articles