ERROR [com.keyfactor.util.keys.token.pkcs11.SunP11SlotListWrapper] #552
jpertuz-19
started this conversation in
General
Replies: 2 comments 4 replies
-
I have read other posts and it seems I would have to use Java-11 to avoid these problems. But if there is a way to solve it with Java-17, I think it would be ideal. |
Beta Was this translation helpful? Give feedback.
4 replies
-
Solved Debian 12 amd64 for pkcs11, add Softhsm2 and Hsm Thales (Lunasa) all work fine. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi.
Debian 12 amd64
EJBCA: ejbca_ce_8_2_0_1
JAVA: java-17-openjdk-amd64
Wildfly: wildfly-26.0.0.Final
I have performed a clean installation without problems of ejbca. following the procedure: https://doc.primekey.com/ejbca/ejbca-installation all work fine.
I want to try the HSM by Software (softhsm): https://doc.primekey.com/ejbca/ejbca-integration/hardware-security-modules-hsm/softhsm
cryptotoken.p11.lib.82.name=SoftHSM 2
cryptotoken.p11.lib.82.file=/usr/lib/softhsm/libsofthsm2.so
but when running:
./ejbcaClientToolBox.sh PKCS11HSMKeyTool test /usr/lib/softhsm/libsofthsm2.so TOKEN_LABEL:slot1
I get the following error
Test of keystore with ID slot1.
2024-03-23 09:40:03,383 ERROR [com.keyfactor.util.keys.token.pkcs11.SunP11SlotListWrapper] Method sun.security.pkcs11.wrapper.PKCS11.CK_C_INITIALIZE_ARGS.getInstance was not accessible, this may be due to a change in the underlying library.
java.lang.IllegalAccessException: class com.keyfactor.util.keys.token.pkcs11.SunP11SlotListWrapper cannot access class sun.security.pkcs11.wrapper.PKCS11 (in module jdk.crypto.cryptoki) because module jdk.crypto.cryptoki does not export sun.security.pkcs11.wrapper to unnamed module @11b03c1f
.
.
.
.
Caused by: java.lang.IllegalAccessException: class com.keyfactor.util.keys.token.pkcs11.SunP11SlotListWrapper cannot access class sun.security.pkcs11.wrapper.PKCS11 (in module jdk.crypto.cryptoki) because module jdk.crypto.cryptoki does not export sun.security.pkcs11.wrapper to unnamed module @11b03c1f
at jdk.internal.reflect.Reflection.newIllegalAccessException(Reflection.java:392) ~[?:?]
at java.lang.reflect.AccessibleObject.checkAccess(AccessibleObject.java:674) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:560) ~[?:?]
at com.keyfactor.util.keys.token.pkcs11.SunP11SlotListWrapper.(SunP11SlotListWrapper.java:144) ~[x509-common-util-0.10.9.jar:?]
... 15 more
Not possible to load keys. Maybe a smart card should be inserted or maybe you just typed the wrong PIN. Press enter when the problem is fixed or 'x' enter to quit.
add
echo -e "\nJAVA_OPTS="$JAVA_OPTS --add-exports=jdk.crypto.cryptoki/sun.security.pkcs11.wrapper=ALL-UNNAMED"" >> /opt/wildfly/bin/standalone.conf
but no solved.
I keep investigating but it seems to point to a library reading issue perhaps, I have set chmod chow permissions but without a solution.
Thanks for your attention.
Beta Was this translation helpful? Give feedback.
All reactions