如何解决使用 softhsm 配置 SunPKCS11 时出现 CKR_GENERAL_ERROR
使用 softhsm 配置 SunPKCS11 时出现 CKR_GENERAL_ERROR。
平台:
- Windows 10 64 位
- OpenJDK 11.0.2
- https://github.com/disig/SoftHSM2-for-Windows/releases/download/v2.5.0/SoftHSM2-2.5.0.msi
环境变量:
PKCS11_LOGGER_FLAGS=16
PKCS11_LOGGER_LIBRARY_PATH=C:\SoftHSM2\lib\softhsm2-x64.dll
VM 参数:
-Djava.security.debug=sunpkcs11
Java 代码:
String aPKCS11LibraryFileName = "C:\\\\Development\\\\pkcs11-logger\\\\pkcs11-logger-x64.dll";
StringBuilder pkcs11Config = new StringBuilder();
pkcs11Config
.append("name = token1")
.append(NEW_LINE)
.append("library = ")
.append(DOUBLE_QUOTE)
.append(aPKCS11LibraryFileName)
.append(DOUBLE_QUOTE);
Provider provider = Security.getProvider("SunPKCS11");
Method configureMethod = provider.getClass().getmethod("configure",String.class);
provider = (Provider) configureMethod.invoke(provider,"--" + pkcs11Config.toString());
Security.addProvider(provider);
KeyStore keyStore = KeyStore.getInstance(SUN_PKCS11_KEYSTORE_TYPE,provider);
keyStore.load(null,"1234".tochararray());
控制台输出:
SunPKCS11 loading --name = token1
library = "C:\\Development\\pkcs11-logger\\pkcs11-logger-x64.dll"
sunpkcs11: Initializing PKCS#11 library C:\Development\pkcs11-logger\pkcs11-logger-x64.dll
sunpkcs11: Multi-threaded initialization Failed: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_GENERAL_ERROR
Exception in thread "main" java.lang.reflect.InvocationTargetException
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at ar.gob.hcssf.isileg.tokengateway.PKCS11MockTest.start(PKCS11MockTest.java:51)
at ar.gob.hcssf.isileg.tokengateway.PKCS11MockTest.main(PKCS11MockTest.java:29)
Caused by: java.security.ProviderException: Initialization Failed
at jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:382)
at jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11$1.run(SunPKCS11.java:113)
at jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11$1.run(SunPKCS11.java:110)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11.configure(SunPKCS11.java:110)
... 6 more
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_GENERAL_ERROR
at jdk.crypto.cryptoki/sun.security.pkcs11.wrapper.PKCS11.C_Initialize(Native Method)
at jdk.crypto.cryptoki/sun.security.pkcs11.wrapper.PKCS11$SynchronizedPKCS11.C_Initialize(PKCS11.java:1549)
at jdk.crypto.cryptoki/sun.security.pkcs11.wrapper.PKCS11.getInstance(PKCS11.java:160)
at jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:336)
... 10 more
0x000085a0 : 0x00007750 : ****************************** 2021-04-25 00:11:33 ***
0x000085a0 : 0x00007750 : PKCS11-LOGGER 2.2.0
0x000085a0 : 0x00007750 : PKCS#11 logging proxy module
0x000085a0 : 0x00007750 : Developed as a part of the pkcs11interop project
0x000085a0 : 0x00007750 : Please visit www.pkcs11interop.net for more information
0x000085a0 : 0x00007750 : ****************************** 2021-04-25 00:11:33 ***
0x000085a0 : 0x00007750 : Successfuly loaded C:\SoftHSM2\lib\softhsm2-x64.dll
0x000085a0 : 0x00007750 : Memory contents are dumped without endianness conversion
0x000085a0 : 0x00007750 : ****************************** 2021-04-25 00:11:33 ***
0x000085a0 : 0x00007750 : Calling C_GetFunctionList
0x000085a0 : 0x00007750 : Input
0x000085a0 : 0x00007750 : ppFunctionList: 0000024C156047D8
0x000085a0 : 0x00007750 : Output
0x000085a0 : 0x00007750 : Note: Returning function list of PKCS11-LOGGER
0x000085a0 : 0x00007750 : Returning 0 (CKR_OK)
0x000085a0 : 0x00007750 : ****************************** 2021-04-25 00:11:33 ***
0x000085a0 : 0x00007750 : Calling C_Initialize
0x000085a0 : 0x00007750 : Input
0x000085a0 : 0x00007750 : pInitArgs: 0000024C152539C0
0x000085a0 : 0x00007750 : CreateMutex: 0000000000000000
0x000085a0 : 0x00007750 : DestroyMutex: 0000000000000000
0x000085a0 : 0x00007750 : LockMutex: 0000000000000000
0x000085a0 : 0x00007750 : UnlockMutex: 0000000000000000
0x000085a0 : 0x00007750 : Flags: 2
0x000085a0 : 0x00007750 : CKF_LIBRARY_CANT_CREATE_OS_THREADS: FALSE
0x000085a0 : 0x00007750 : CKF_OS_LOCKING_OK: TRUE
0x000085a0 : 0x00007750 : pReserved: 0000000000000000
0x000085a0 : 0x00007750 : Returning 5 (CKR_GENERAL_ERROR)
0x000085a0 : 0x00007750 : ****************************** 2021-04-25 00:11:33 ***
0x000085a0 : 0x00007750 : Calling C_GetFunctionList
0x000085a0 : 0x00007750 : Input
0x000085a0 : 0x00007750 : ppFunctionList: 0000024C1562A7E8
0x000085a0 : 0x00007750 : Output
0x000085a0 : 0x00007750 : Note: Returning function list of PKCS11-LOGGER
0x000085a0 : 0x00007750 : Returning 0 (CKR_OK)
0x000085a0 : 0x00007750 : ****************************** 2021-04-25 00:11:33 ***
0x000085a0 : 0x00007750 : Calling C_Initialize
0x000085a0 : 0x00007750 : Input
0x000085a0 : 0x00007750 : pInitArgs: 0000000000000000
0x000085a0 : 0x00007750 : Returning 5 (CKR_GENERAL_ERROR)
softhsm2-util.exe:
C:\SoftHSM2\bin>softhsm2-util.exe --show-slots
Available slots:
Slot 1309549255
Slot info:
Description: SoftHSM slot ID 0x4e0e22c7
Manufacturer ID: SoftHSM project
Hardware version: 2.5
Firmware version: 2.5
Token present: yes
Token info:
Manufacturer ID: SoftHSM project
Model: SoftHSM v2
Hardware version: 2.5
Firmware version: 2.5
Serial number: 48ed68114e0e22c7
Initialized: yes
User PIN init.: yes
Label: My token 2
Slot 2134878761
Slot info:
Description: SoftHSM slot ID 0x7f3faa29
Manufacturer ID: SoftHSM project
Hardware version: 2.5
Firmware version: 2.5
Token present: yes
Token info:
Manufacturer ID: SoftHSM project
Model: SoftHSM v2
Hardware version: 2.5
Firmware version: 2.5
Serial number: 169a27c97f3faa29
Initialized: yes
User PIN init.: yes
Label: My token 1
Slot 2
Slot info:
Description: SoftHSM slot ID 0x2
Manufacturer ID: SoftHSM project
Hardware version: 2.5
Firmware version: 2.5
Token present: yes
Token info:
Manufacturer ID: SoftHSM project
Model: SoftHSM v2
Hardware version: 2.5
Firmware version: 2.5
Serial number:
Initialized: no
User PIN init.: no
Label:
C:\SoftHSM2\bin>
在此之前,我曾尝试使用 pkcs11-mock。 Provider 已成功配置,但在执行 keystore.load() 时它永远不会结束。
提前致谢!
解决方法
只需在启动器中设置 SOFTHSM2_CONF 环境变量,提供程序就已成功配置,并且密钥库可以立即加载。
似乎没有获取系统环境变量。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
