JSignPdf 2.2.2 sign pdf ltv format with pkcs11
114 views
Skip to first unread message
Melih Aybar
Sep 5, 2024, 7:49:27 AM9/5/24
to JSignPdf
Hi josef,
First of all I want to thank you for the library, you did a great job.
Now I want to sign a pdf in ltv format using your library. I have a Tubitak ACS ACR39U ICC Reader smart card and for this I installed the opensc pkcs11 package on my system and my java version is "1.8.0_421".
-pkcs11.cfg
name=Opensc
library=/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
slot=0
root@debian:~/jsignpdf-2.2.2# java -Djava.security.debug=pkcs11keystore -Djava.security.debug=sunpkcs11 -jar JSignPdf.jar -kst PKCS11 -ksp (pass) -lk
FINE Default property file doesn't exist.
FINE Default property file doesn't exist.
INFO Getting keystore type instance: PKCS11 java.security.KeyStoreException: PKCS11 not found at java.security.KeyStore.getInstance(KeyStore.java:855) at net.sf.jsignpdf.utils.KeyStoreUtils.loadKeyStore(KeyStoreUtils.java:355) at net.sf.jsignpdf.utils.KeyStoreUtil s.getKeyAliases(KeyStoreUtils.java:112) at net.sf.jsignpdf.Signer.main(Signer.java:127) Caused by: java.security.NoSuchAlgorithmException: PKCS11 KeyStore not available at sun.security.jca.GetInstance.getInstance(GetInstance.java:159) at java.security.Security.getImpl(Security.java:672)
at java.security.KeyStore.getInstance(KeyStore.java:852)
... 3 more
Exception in thread "main" java.lang.NullPointerException: Keystore was not loaded successfully. Check if the keystore type, path and password are valid.
at net.sf.jsignpdf.utils.KeyStoreUtils.getKeyAliases(KeyStoreUtils.java:114)
at net.sf.jsignpdf.Signer.main(Signer.java:127)
I get an error like this. I haven't dealt with this kind of project before so I couldn't really understand the documentation, sorry. What do I need to do to sign a pdf as I explained? Can you please give me an idea or help me?
Thank you very much in advance.
First of all I want to thank you for the library, you did a great job.
Now I want to sign a pdf in ltv format using your library. I have a Tubitak ACS ACR39U ICC Reader smart card and for this I installed the opensc pkcs11 package on my system and my java version is "1.8.0_421".
-pkcs11.cfg
name=Opensc
library=/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
slot=0
root@debian:~/jsignpdf-2.2.2# java -Djava.security.debug=pkcs11keystore -Djava.security.debug=sunpkcs11 -jar JSignPdf.jar -kst PKCS11 -ksp (pass) -lk
FINE Default property file doesn't exist.
FINE Default property file doesn't exist.
INFO Getting keystore type instance: PKCS11 java.security.KeyStoreException: PKCS11 not found at java.security.KeyStore.getInstance(KeyStore.java:855) at net.sf.jsignpdf.utils.KeyStoreUtils.loadKeyStore(KeyStoreUtils.java:355) at net.sf.jsignpdf.utils.KeyStoreUtil s.getKeyAliases(KeyStoreUtils.java:112) at net.sf.jsignpdf.Signer.main(Signer.java:127) Caused by: java.security.NoSuchAlgorithmException: PKCS11 KeyStore not available at sun.security.jca.GetInstance.getInstance(GetInstance.java:159) at java.security.Security.getImpl(Security.java:672)
at java.security.KeyStore.getInstance(KeyStore.java:852)
... 3 more
Exception in thread "main" java.lang.NullPointerException: Keystore was not loaded successfully. Check if the keystore type, path and password are valid.
at net.sf.jsignpdf.utils.KeyStoreUtils.getKeyAliases(KeyStoreUtils.java:114)
at net.sf.jsignpdf.Signer.main(Signer.java:127)
I get an error like this. I haven't dealt with this kind of project before so I couldn't really understand the documentation, sorry. What do I need to do to sign a pdf as I explained? Can you please give me an idea or help me?
Thank you very much in advance.
Josef Cacek
Sep 5, 2024, 8:30:54 AM9/5/24
to jsig...@googlegroups.com
Hi Melih,
JSignPdf loads its configuration from the "conf" directory within the JSignPdf application. The logs you've shared mean, the conf directory was not found on expected path.
If your SunPKCS11 provider configuration is not registered directly in your Java runtime setup, then you need to do the following:
* uncomment "pkcs11config.path=conf/pkcs11.cfg" line in [JSignPdf_HOME]/conf/conf.properties file
* and either use the full path to your pkcs11.conf file in the property or replace the content of the conf/pkcs11.cfg with your values
If you start the JSignPdf application outside of the installation home directory, then use either the helper script jsignpdf.sh or provide a System property pointing to the proper home directory:
java "-Djsignpdf.home=/path/to/jsignpdf-2.2.2" -jar JSignPdf.jar ...
These steps should resolve the issue for you.
One more thing: When you deal with PKCS11 then before listing keys in a specific keystore it's safer to start with listing keystore types:
java -jar JSignPdf.jar -lkt
Hope this helps.
Regards
Josef
čt 5. 9. 2024 v 13:49 odesílatel Melih Aybar <emany...@gmail.com> napsal:
--
You received this message because you are subscribed to the Google Groups "JSignPdf" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jsignpdf+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jsignpdf/d6b7ae29-7c10-42c1-bd55-c21f89c29f8dn%40googlegroups.com.
Melih Aybar
Sep 5, 2024, 8:39:23 AM9/5/24
to JSignPdf
Hi Josef,
First of all, thank you for your feedback. I forgot to add it to the explanation in my first message. I had removed the comment line pkcs11config.path=conf/pkcs11.cfg in the conf.properties file.
As you mentioned, I first listed the keystores but I can't see the pkcs11 store and also I am not running it outside the main directory but thanks for the information I will keep it in mind. So how should I proceed from now on?
First of all, thank you for your feedback. I forgot to add it to the explanation in my first message. I had removed the comment line pkcs11config.path=conf/pkcs11.cfg in the conf.properties file.
As you mentioned, I first listed the keystores but I can't see the pkcs11 store and also I am not running it outside the main directory but thanks for the information I will keep it in mind. So how should I proceed from now on?
root@debian:~/jsignpdf-2.2.2# java -jar JSignPdf.jar -lkt
FINE Default property file doesn't exists.
FINE Default property file doesn't exists.
INFO Available key store types:
BCFKS
BCFKS-DEF
BCPKCS12
BKS
BOUNCYCASTLE
CASEEXACTJKS
CloudFoxy
DKS
FIPS
FIPS-DEF
IBCFKS
IBCFKS-DEF
IFIPS
IFIPS-DEF
JCEKS
JKS
PKCS12
PKCS12-3DES-3DES
PKCS12-3DES-40RC2
PKCS12-DEF
PKCS12-DEF-3DES-3DES
PKCS12-DEF-3DES-40RC2
5 Eylül 2024 Perşembe tarihinde saat 15:30:54 UTC+3 itibarıyla Josef Cacek şunları yazdı:
Josef Cacek
Sep 5, 2024, 9:46:09 AM9/5/24
to jsig...@googlegroups.com
I see now. You've hit a new issue. Congratulations :)
Please create empty ".JSignPdf" file in your home to workaround it.
touch $HOME/.JSignPdf
This is how it should look like (I'm on Java 17) when everything works:
./jsignpdf.sh -lkt
FINE Relaxing SSL security.
FINE Registering SunPKCS11 provider from configuration in conf/pkcs11.cfg
FINE PKCS11 provider registered with name SunPKCS11-hsmPkcsConfig
FINE PKCS11 provider registered with name JSignPKCS11-hsmPkcsConfig
FINE Registering SunPKCS11 provider from configuration in conf/pkcs11.cfg
FINE PKCS11 provider registered with name SunPKCS11-hsmPkcsConfig
FINE PKCS11 provider registered with name JSignPKCS11-hsmPkcsConfig
INFO Available key store types:
BCFKS
BCFKS-DEF
BCPKCS12
BKS
BOUNCYCASTLE
CASEEXACTJKS
CloudFoxy
DKS
FIPS
FIPS-DEF
IBCFKS
IBCFKS-DEF
IFIPS
IFIPS-DEF
JCEKS
JKS
JSIGNPKCS11
PKCS11
PKCS11
PKCS12
PKCS12-3DES-3DES
PKCS12-3DES-40RC2
PKCS12-DEF
PKCS12-DEF-3DES-3DES
PKCS12-DEF-3DES-40RC2
I've prepared a fix for the issue - it's in this commit:
A new SNAPSHOT distribution package with the fix included is available here:
Feel free to try and report back.
Regards,
Josef
čt 5. 9. 2024 v 14:39 odesílatel Melih Aybar <emany...@gmail.com> napsal:
To view this discussion on the web visit https://groups.google.com/d/msgid/jsignpdf/ab1a28f6-ce2c-4179-a844-479ce4ab2f9cn%40googlegroups.com.
Melih Aybar
Sep 5, 2024, 11:04:28 AM9/5/24
to JSignPdf
Hi Josef,
As you mentioned, I created a .JSignPdf folder and installed java 17.0.10 on my debian 10 virtual machine. Then I pulled the project with git clone but I couldn't compile it with maven. Sorry for bothering you with such simple things but I don't know what to do. Actually, I downloaded jsignpdf from sourceforge. After pulling it as git clone, I couldn't compile the project with maven. Can you help me please?
As you mentioned, I created a .JSignPdf folder and installed java 17.0.10 on my debian 10 virtual machine. Then I pulled the project with git clone but I couldn't compile it with maven. Sorry for bothering you with such simple things but I don't know what to do. Actually, I downloaded jsignpdf from sourceforge. After pulling it as git clone, I couldn't compile the project with maven. Can you help me please?
5 Eylül 2024 Perşembe tarihinde saat 16:46:09 UTC+3 itibarıyla Josef Cacek şunları yazdı:
Josef Cacek
Sep 5, 2024, 11:09:49 AM9/5/24
to jsig...@googlegroups.com
You don't need to compile the project. I've sent the link to binary snapshot distribution build by a GitHub action.
The ~/.JSignPdf is not a folder, just an empty file.
Hope this helps
Josef
To view this discussion on the web visit https://groups.google.com/d/msgid/jsignpdf/74b4410e-a150-47da-bfab-2f320ed4c740n%40googlegroups.com.
Melih Aybar
Sep 6, 2024, 2:52:36 AM9/6/24
to JSignPdf
Hi Josef,
I hope you are well. By the way, yes my typo was actually the file I meant :) .
As you mentioned, you said you are working on Java 17. When I ran the snapshot by default (without editing pkcs11.conf) the pkcs11 repository did not appear. I also got this error when I tried with Java 17 installed and specifying the opensc_pkcs11.so file.
root@debian:~/jsignpdf-2.3.0-SNAPSHOT# java -jar JSignPdf.jar -lkt
FINE SSL security is being relaxed.
FINE SunPKCS11 provider is being registered from the configuration in conf/pkcs11.cfg
SEVERE SunPKCS11 security provider cannot be registered. java.lang.IllegalAccessException: Class net.sf.jsignpdf.utils.PKCS11Utils cannot access class sun.security.pkcs11.SunPKCS11 in module jdk.crypto.cryptoki because module jdk.crypto.cryptoki does not import sun.security.pkcs11 into unnamed module @c4437c4 at java.base/jdk.internal.reflect. Reflection.newIllegalAccessException(Reflection.java:392) at java.base/java.lang.reflect.AccessibleObject.checkAccess(AccessibleObject.java:674) at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:489) at java.base/java.lang.reflect.Constructor.newInstance(Construct or.java:480 ) at net.sf.jsignpdf.utils.PKCS11Utils.initPkcs11Provider(PKCS11Utils.java:112 ) at net.sf.jsignpdf.utils.PKCS11Utils.registerProviders(PKCS11Utils.java:66 ) at net.sf.jsignpdf.Signer.main(Signer.ja va: 104) SEVERE Unable to register SunPKCS11 security provider.
java.lang.IllegalAccessError: Class com.github.kwart.jsign.pkcs11.JSignPKCS11 (in unnamed module @0xc4437c4) cannot access class sun.security.util.Debug (in module java.base) because the java.base module did not import sun.security.util in the unnamed module @0xc4437c4 in com.github.kwart.jsign. pkcs11.JSignPKCS11.<clinit>(JSignPKCS11.java:64) at java.base/java.lang.Class.forName0(Native Method) at java.base/java.lang.Class.forName(Class.java:375) at net.sf.jsignpdf.utils.PKCS11Utils.initPkcs11Provider(PKCS11Utils. java:108) at net.sf.jsignpdf.utils.PKCS11Utils.registerProviders(PKCS11Utils.java:67) at net.sf.jsignpdf.Signer.main(Signer.java:104) INFORMATION Current keystore types:
BCFKS
BCFKS-DEF
BCPKCS12
BKS
BOUNCYCASTLE
CASEEXACTJKS
CloudFoxy
DKS
FIPS
FIPS-DEF
IBCFKS
IBCFKS-DEF
IFIPS
IFIPS-DEF
JCEKS
JKS
PKCS12
PKCS12-3DES-3DES
PKCS12-3DES-40RC2
PKCS12-DEF
PKCS12-DEF-3DES-3DES
PKCS12-DEF-3DES-40RC2
Then when I try this again in Java 8, I can see that the registration was successful but it is still not listed.
root@debian:~/jsignpdf-2.3.0-SNAPSHOT# java -jar JSignPdf.jar -lkt
I hope you are well. By the way, yes my typo was actually the file I meant :) .
As you mentioned, you said you are working on Java 17. When I ran the snapshot by default (without editing pkcs11.conf) the pkcs11 repository did not appear. I also got this error when I tried with Java 17 installed and specifying the opensc_pkcs11.so file.
root@debian:~/jsignpdf-2.3.0-SNAPSHOT# java -jar JSignPdf.jar -lkt
FINE SSL security is being relaxed.
FINE SunPKCS11 provider is being registered from the configuration in conf/pkcs11.cfg
SEVERE SunPKCS11 security provider cannot be registered. java.lang.IllegalAccessException: Class net.sf.jsignpdf.utils.PKCS11Utils cannot access class sun.security.pkcs11.SunPKCS11 in module jdk.crypto.cryptoki because module jdk.crypto.cryptoki does not import sun.security.pkcs11 into unnamed module @c4437c4 at java.base/jdk.internal.reflect. Reflection.newIllegalAccessException(Reflection.java:392) at java.base/java.lang.reflect.AccessibleObject.checkAccess(AccessibleObject.java:674) at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:489) at java.base/java.lang.reflect.Constructor.newInstance(Construct or.java:480 ) at net.sf.jsignpdf.utils.PKCS11Utils.initPkcs11Provider(PKCS11Utils.java:112 ) at net.sf.jsignpdf.utils.PKCS11Utils.registerProviders(PKCS11Utils.java:66 ) at net.sf.jsignpdf.Signer.main(Signer.ja va: 104) SEVERE Unable to register SunPKCS11 security provider.
java.lang.IllegalAccessError: Class com.github.kwart.jsign.pkcs11.JSignPKCS11 (in unnamed module @0xc4437c4) cannot access class sun.security.util.Debug (in module java.base) because the java.base module did not import sun.security.util in the unnamed module @0xc4437c4 in com.github.kwart.jsign. pkcs11.JSignPKCS11.<clinit>(JSignPKCS11.java:64) at java.base/java.lang.Class.forName0(Native Method) at java.base/java.lang.Class.forName(Class.java:375) at net.sf.jsignpdf.utils.PKCS11Utils.initPkcs11Provider(PKCS11Utils. java:108) at net.sf.jsignpdf.utils.PKCS11Utils.registerProviders(PKCS11Utils.java:67) at net.sf.jsignpdf.Signer.main(Signer.java:104) INFORMATION Current keystore types:
BCFKS
BCFKS-DEF
BCPKCS12
BKS
BOUNCYCASTLE
CASEEXACTJKS
CloudFoxy
DKS
FIPS
FIPS-DEF
IBCFKS
IBCFKS-DEF
IFIPS
IFIPS-DEF
JCEKS
JKS
PKCS12
PKCS12-3DES-3DES
PKCS12-3DES-40RC2
PKCS12-DEF
PKCS12-DEF-3DES-3DES
PKCS12-DEF-3DES-40RC2
Then when I try this again in Java 8, I can see that the registration was successful but it is still not listed.
root@debian:~/jsignpdf-2.3.0-SNAPSHOT# java -jar JSignPdf.jar -lkt
FINE Registering the SunPKCS11 provider from the conf/pkcs11.cfg configuration
FINE PKCS11 provider registered as SunPKCS11-JSignPdf
FINE PKCS11 provider registered as JSignPKCS11-JSignPdf INFO
Available key storage types:
BCFKS
BCFKS-DEF
BCPKCS12
BKS
BOUNCYCASTLE
CASEEXACTJKS
CloudFoxy
DKS
FIPS FIPS-DEF IBC FKS IBCFKS-DEF IFIPS IFIPS-DEF JCEKS JKS PKCS12 PKCS12-3DES-3DES PKCS12-3DES-40RC2 PKCS12-DEF PKCS12-DEF-3DES-3DES PKCS12-DEF-3DES-40RC2
5 Eylül 2024 Perşembe tarihinde saat 18:09:49 UTC+3 itibarıyla Josef Cacek şunları yazdı:
Melih Aybar
Sep 7, 2024, 4:07:44 AM9/7/24
to JSignPdf
Hi Josef,
I read the threads opened by other people who had the same problem. But I still haven't reached a conclusion. I'm currently testing the snapshot you sent. Is there any advice you can give please?
5 Eylül 2024 Perşembe tarihinde saat 18:09:49 UTC+3 itibarıyla Josef Cacek şunları yazdı:
Josef Cacek
Sep 9, 2024, 6:01:12 AM9/9/24
to jsig...@googlegroups.com
Does the pkcs11-tool (from opensc) work properly with your token?
Something like:
pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so --list-slots
Jose
so 7. 9. 2024 v 10:07 odesílatel Melih Aybar <emany...@gmail.com> napsal:
> To view this discussion on the web visit https://groups.google.com/d/msgid/jsignpdf/6a685de0-8ed2-4399-8687-85355c55a74en%40googlegroups.com.
Something like:
pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so --list-slots
Jose
so 7. 9. 2024 v 10:07 odesílatel Melih Aybar <emany...@gmail.com> napsal:
Melih Aybar
Sep 9, 2024, 7:36:14 AM9/9/24
to JSignPdf
Hi Josef,
root@debian:~# pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so --list-slots
Available slots:
Slot 0 (0x0): ACS ACR39U ICC Reader 00 00
(empty)
FINE Relaxing SSL security.
FINE Registering SunPKCS11 provider from configuration in conf/pkcs11.cfg
First of all, thank you for your feedback.Yes, I used it as you mentioned. I was able to get an output like this.
root@debian:~# pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so --list-slots
Available slots:
Slot 0 (0x0): ACS ACR39U ICC Reader 00 00
(empty)
Apart from these, when I try the codes mentioned in other topics, I get this output.
root@debian:~/jsignpdf-2.3.0-SNAPSHOT# java -Djava.security.debug=pkcs11keystore -Djava.security.debug=sunpkcs11 -jar J SignPdf.jar
SunPKCS11 loading /root/jsignpdf-2.3.0-SNAPSHOT/conf/pkcs11.cfg
sunpkcs11: Initializing PKCS#11 library /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
Information for provider SunPKCS11-OpenSC
Library info:
cryptokiVersion: 2.20
manufacturerID: OpenSC Project
flags: 0
libraryDescription: OpenSC smartcard framework
libraryVersion: 0.19
All slots: 0
Slots with tokens: 0
SunPKCS11 loading /root/jsignpdf-2.3.0-SNAPSHOT/conf/pkcs11.cfg
sunpkcs11: Initializing PKCS#11 library /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
Information for provider SunPKCS11-OpenSC
Library info:
cryptokiVersion: 2.20
manufacturerID: OpenSC Project
flags: 0
libraryDescription: OpenSC smartcard framework
libraryVersion: 0.19
All slots: 0
Slots with tokens: 0
FINE Relaxing SSL security.
FINE Registering SunPKCS11 provider from configuration in conf/pkcs11.cfg
SunPKCS11 loading /root/jsignpdf-2.3.0-SNAPSHOT/conf/pkcs11.cfg
sunpkcs11: Initializing PKCS#11 library /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
Information for provider SunPKCS11-OpenSC
Library info:
cryptokiVersion: 2.20
manufacturerID: OpenSC Project
flags: 0
libraryDescription: OpenSC smartcard framework
libraryVersion: 0.19
All slots: 0
Slots with tokens: 0
FINE PKCS11 provider registered with name SunPKCS11-OpenSC
JSignPKCS11 loading /root/jsignpdf-2.3.0-SNAPSHOT/conf/pkcs11.cfg
sunpkcs11: Initializing PKCS#11 library /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
Information for provider JSignPKCS11-OpenSC
Library info:
cryptokiVersion: 2.20
manufacturerID: OpenSC Project
flags: 0
libraryDescription: OpenSC smartcard framework
libraryVersion: 0.19
All slots: 0
Slots with tokens: 0
FINE PKCS11 provider registered with name JSignPKCS11-OpenSC
Exception in thread "main" java.awt.HeadlessException:
No X11 DISPLAY variable was set, but this program performed an operation which requires it.
at java.awt.GraphicsEnvironment.checkHeadless(GraphicsEnvironment.java:204)
at java.awt.Window.<init>(Window.java:536)
at java.awt.Frame.<init>(Frame.java:420)
at java.awt.Frame.<init>(Frame.java:385)
at javax.swing.JFrame.<init>(JFrame.java:189)
at net.sf.jsignpdf.SignPdfForm.<init>(SignPdfForm.java:89)
at net.sf.jsignpdf.Signer.main(Signer.java:159)
sunpkcs11: Initializing PKCS#11 library /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
Information for provider SunPKCS11-OpenSC
Library info:
cryptokiVersion: 2.20
manufacturerID: OpenSC Project
flags: 0
libraryDescription: OpenSC smartcard framework
libraryVersion: 0.19
All slots: 0
Slots with tokens: 0
FINE PKCS11 provider registered with name SunPKCS11-OpenSC
JSignPKCS11 loading /root/jsignpdf-2.3.0-SNAPSHOT/conf/pkcs11.cfg
sunpkcs11: Initializing PKCS#11 library /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
Information for provider JSignPKCS11-OpenSC
Library info:
cryptokiVersion: 2.20
manufacturerID: OpenSC Project
flags: 0
libraryDescription: OpenSC smartcard framework
libraryVersion: 0.19
All slots: 0
Slots with tokens: 0
FINE PKCS11 provider registered with name JSignPKCS11-OpenSC
Exception in thread "main" java.awt.HeadlessException:
No X11 DISPLAY variable was set, but this program performed an operation which requires it.
at java.awt.GraphicsEnvironment.checkHeadless(GraphicsEnvironment.java:204)
at java.awt.Window.<init>(Window.java:536)
at java.awt.Frame.<init>(Frame.java:420)
at java.awt.Frame.<init>(Frame.java:385)
at javax.swing.JFrame.<init>(JFrame.java:189)
at net.sf.jsignpdf.SignPdfForm.<init>(SignPdfForm.java:89)
at net.sf.jsignpdf.Signer.main(Signer.java:159)
Here I saw that it did not detect my inserted smart card (If I misunderstood, please correct me). Then I downloaded and installed the driver for my smart card (If you want to review it, https://kamusm.bilgem.tubitak.gov.tr/islemler/surucu_yukleme_servis) Here I installed the Debian package for Debian buster on my system. And when I introduce the libj2pkcs11.so file provided by my driver to my site and run it, I get this output.
root@debian:~/jsignpdf-2.3.0-SNAPSHOT# java -Djava.security.debug=pkcs11keystore -Djava.security.debug=sunpkcs11 -jar JSignPdf.jar
SunPKCS11 loading /root/jsignpdf-2.3.0-SNAPSHOT/conf/pkcs11.cfg
sunpkcs11: Initializing PKCS#11 library /opt/Akia/jre/lib/libj2pkcs11.so
Exception in thread "main" java.lang.ExceptionInInitializerError
at net.sf.jsignpdf.ssl.DynamicX509TrustManager.<init>(DynamicX509TrustManager.java:70)
at net.sf.jsignpdf.ssl.SSLInitializer.<clinit>(SSLInitializer.java:64)
at net.sf.jsignpdf.Signer.main(Signer.java:99)
Caused by: java.security.ProviderException: Initialization failed
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:376)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:103)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:224)
at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:206)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:206)
at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:187)
at sun.security.jca.ProviderList.loadAll(ProviderList.java:282)
at sun.security.jca.ProviderList.removeInvalid(ProviderList.java:299)
at sun.security.jca.Providers.getFullProviderList(Providers.java:174)
at java.security.Security.insertProviderAt(Security.java:362)
at java.security.Security.addProvider(Security.java:405)
at net.sf.jsignpdf.utils.KeyStoreUtils.<clinit>(KeyStoreUtils.java:83)
... 3 more
Caused by: java.io.IOException: ERROR: C_GetFunctionList == NULL
at sun.security.pkcs11.wrapper.PKCS11.connect(Native Method)
at sun.security.pkcs11.wrapper.PKCS11.<init>(PKCS11.java:144)
at sun.security.pkcs11.wrapper.PKCS11.getInstance(PKCS11.java:157)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:313)
... 19 more
root@debian:~/jsignpdf-2.3.0-SNAPSHOT# pkcs11-tool --module /opt/Akia/jre/lib/libj2pkcs11.so --list-slots
error: Failed to load pkcs11 module
Aborting.
SunPKCS11 loading /root/jsignpdf-2.3.0-SNAPSHOT/conf/pkcs11.cfg
sunpkcs11: Initializing PKCS#11 library /opt/Akia/jre/lib/libj2pkcs11.so
Exception in thread "main" java.lang.ExceptionInInitializerError
at net.sf.jsignpdf.ssl.DynamicX509TrustManager.<init>(DynamicX509TrustManager.java:70)
at net.sf.jsignpdf.ssl.SSLInitializer.<clinit>(SSLInitializer.java:64)
at net.sf.jsignpdf.Signer.main(Signer.java:99)
Caused by: java.security.ProviderException: Initialization failed
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:376)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:103)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:224)
at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:206)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:206)
at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:187)
at sun.security.jca.ProviderList.loadAll(ProviderList.java:282)
at sun.security.jca.ProviderList.removeInvalid(ProviderList.java:299)
at sun.security.jca.Providers.getFullProviderList(Providers.java:174)
at java.security.Security.insertProviderAt(Security.java:362)
at java.security.Security.addProvider(Security.java:405)
at net.sf.jsignpdf.utils.KeyStoreUtils.<clinit>(KeyStoreUtils.java:83)
... 3 more
Caused by: java.io.IOException: ERROR: C_GetFunctionList == NULL
at sun.security.pkcs11.wrapper.PKCS11.connect(Native Method)
at sun.security.pkcs11.wrapper.PKCS11.<init>(PKCS11.java:144)
at sun.security.pkcs11.wrapper.PKCS11.getInstance(PKCS11.java:157)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:313)
... 19 more
root@debian:~/jsignpdf-2.3.0-SNAPSHOT# pkcs11-tool --module /opt/Akia/jre/lib/libj2pkcs11.so --list-slots
error: Failed to load pkcs11 module
Aborting.
When I look at the Akia (smart card driver) files, I can see that security.provider.12=SunPKCS11 is defined in java security. So I tried these but I still couldn't reach a conclusion. If you have any ideas, please don't hesitate. I'm sorry for bothering you with unnecessary topics. Thanks in advance.
Regards
Regards
9 Eylül 2024 Pazartesi tarihinde saat 13:01:12 UTC+3 itibarıyla Josef Cacek şunları yazdı:
Reply all
Reply to author
Forward
0 new messages