ERROR [com.keyfactor.util.keys.token.pkcs11.SunP11SlotListWrapper] #552
Replies: 2 comments 4 replies
-
|
I have read other posts and it seems I would have to use Java-11 to avoid these problems. But if there is a way to solve it with Java-17, I think it would be ideal. |
Beta Was this translation helpful? Give feedback.
-
|
Install everything again using JAVA 11. However, I was able to add the token through the ejbca Web-GUI A recommendation on the installation guide: At this point: https://doc.primekey.com/ejbca/ejbca-installation/application-servers/wildfly-26#WildFly26-ConfigureOCSPLogging You should pause and continue with the EJBCA deploy (runinstall) and the deploy keystore And finally continue with https://doc.primekey.com/ejbca/ejbca-installation/application-servers/wildfly-26#WildFly26-HTTP(S)Configuration HSM LUNASA should arrive soon to continue the process. |
Beta Was this translation helpful? Give feedback.
-
|
"ejbcaClientToolBox.sh PKCS11HSMKeyTool" is a completely standalone tool. It has no interaction with EJBCA/WildFLy at all. |
Beta Was this translation helpful? Give feedback.
-
|
You can simply rebuild this tool "ant clean clientToolBox" with Java 11. But the important thing is that you run it with Java 11. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for your answer. Additionally, it is important to run the softhsm with the wildfly user. PKCS#11 : Library | SoftHSM 2 So you can show the Reference (label) When I have the HSM Thales (Lunasa), I will inform you of the results. I had not worked with ejbca since version 6 (2015) and on that occasion I used UTIMACO. |
Beta Was this translation helpful? Give feedback.
-
|
Solved Debian 12 amd64 for pkcs11, add Softhsm2 and Hsm Thales (Lunasa) all work fine. |
Beta Was this translation helpful? Give feedback.
-
Hi.
Debian 12 amd64
EJBCA: ejbca_ce_8_2_0_1
JAVA: java-17-openjdk-amd64
Wildfly: wildfly-26.0.0.Final
I have performed a clean installation without problems of ejbca. following the procedure: https://doc.primekey.com/ejbca/ejbca-installation all work fine.
I want to try the HSM by Software (softhsm): https://doc.primekey.com/ejbca/ejbca-integration/hardware-security-modules-hsm/softhsm
cryptotoken.p11.lib.82.name=SoftHSM 2
cryptotoken.p11.lib.82.file=/usr/lib/softhsm/libsofthsm2.so
but when running:
./ejbcaClientToolBox.sh PKCS11HSMKeyTool test /usr/lib/softhsm/libsofthsm2.so TOKEN_LABEL:slot1
I get the following error
Test of keystore with ID slot1.
2024-03-23 09:40:03,383 ERROR [com.keyfactor.util.keys.token.pkcs11.SunP11SlotListWrapper] Method sun.security.pkcs11.wrapper.PKCS11.CK_C_INITIALIZE_ARGS.getInstance was not accessible, this may be due to a change in the underlying library.
java.lang.IllegalAccessException: class com.keyfactor.util.keys.token.pkcs11.SunP11SlotListWrapper cannot access class sun.security.pkcs11.wrapper.PKCS11 (in module jdk.crypto.cryptoki) because module jdk.crypto.cryptoki does not export sun.security.pkcs11.wrapper to unnamed module @11b03c1f
.
.
.
.
Caused by: java.lang.IllegalAccessException: class com.keyfactor.util.keys.token.pkcs11.SunP11SlotListWrapper cannot access class sun.security.pkcs11.wrapper.PKCS11 (in module jdk.crypto.cryptoki) because module jdk.crypto.cryptoki does not export sun.security.pkcs11.wrapper to unnamed module @11b03c1f
at jdk.internal.reflect.Reflection.newIllegalAccessException(Reflection.java:392) ~[?:?]
at java.lang.reflect.AccessibleObject.checkAccess(AccessibleObject.java:674) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:560) ~[?:?]
at com.keyfactor.util.keys.token.pkcs11.SunP11SlotListWrapper.(SunP11SlotListWrapper.java:144) ~[x509-common-util-0.10.9.jar:?]
... 15 more
Not possible to load keys. Maybe a smart card should be inserted or maybe you just typed the wrong PIN. Press enter when the problem is fixed or 'x' enter to quit.
add
echo -e "\nJAVA_OPTS="$JAVA_OPTS --add-exports=jdk.crypto.cryptoki/sun.security.pkcs11.wrapper=ALL-UNNAMED"" >> /opt/wildfly/bin/standalone.conf
but no solved.
I keep investigating but it seems to point to a library reading issue perhaps, I have set chmod chow permissions but without a solution.
Thanks for your attention.
Beta Was this translation helpful? Give feedback.
All reactions