我的applet使用智能卡签名PDF文档时遇到问题。它适用于不合格的证书,但不适用于合格证书。我正在使用SunPKCS11提供商。这是CryptoTech卡。这是代码的一部分,我正在尝试对此提供程序进行操作:
String pkcs11config = "name = " + PROVIDER + "\nlibrary = \"" + value + "\"";
byte[] pkcs11configBytes = pkcs11config.getBytes();
final ByteArrayInputStream configStream = new ByteArrayInputStream(pkcs11configBytes);
pkcs11Provider = new sun.security.pkcs11.SunPKCS11(configStream);
Security.addProvider(pkcs11Provider);
这是代码,当问题发生时:
final KeyStore keyStore = KeyStore.getInstance(TYPE, pkcs11Provider);
keyStore.load(null, PIN);
常数:
public static final String PROVIDER = "CryptoTech";
private static final String TYPE = "PKCS11";
这是异常堆栈跟踪:
java.io.IOException: load failed
at sun.security.pkcs11.P11KeyStore.engineLoad(P11KeyStore.java:763)
at java.security.KeyStore.load(Unknown Source)
at pl.emsi.sign.card.CardManager.getKey(CardManager.java:165)
at pl.emsi.sign.logic.DocumentLogic$1.success(DocumentLogic.java:79)
at pl.emsi.sign.card.CardManager$1.driverSelected(CardManager.java:92)
at pl.emsi.sign.card.CardManager$2.driverSelected(CardManager.java:121)
at pl.emsi.sign.card.CardManager$7.actionPerformed(CardManager.java:414)
at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
at java.awt.Component.processMouseEvent(Unknown Source)
at javax.swing.JComponent.processMouseEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Window.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$500(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.WaitDispatchSupport$2.run(Unknown Source)
at java.awt.event.InvocationEvent.dispatch(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$500(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)
Caused by: javax.security.auth.login.LoginException
at sun.security.pkcs11.SunPKCS11.login(SunPKCS11.java:1238)
at sun.security.pkcs11.P11KeyStore.login(P11KeyStore.java:849)
at sun.security.pkcs11.P11KeyStore.engineLoad(P11KeyStore.java:753)
... 54 more
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_PIN_LOCKED
at sun.security.pkcs11.wrapper.PKCS11.C_Login(Native Method)
at sun.security.pkcs11.SunPKCS11.login(SunPKCS11.java:1222)
... 56 more
我已经检查过PIN没有锁定,因为其他应用程序(无需提及此应用程序的名称)签署PDF文档没有任何问题。 PIN也是100%正确。
如果缺少某些信息,请告诉我们。
EDIT1:
通过:“它适用于不合格的证书但不符合条件”我的意思是不合格的证书被放置在不同的智能卡上,而不是这个合格的证书。
答案 0 :(得分:1)
在keyStore.load方法(keyStore.load(null,null))中传递null代替PIN参数将导致来自相应令牌驱动程序的密码提示。您可以通过这种方式验证PIN ...
答案 1 :(得分:1)
<强>解决
好的,我找到了解决问题的方法。
原来,提供商默认尝试使用ID为0的卡槽。有问题的卡在三个第一个插槽上有非合格证书。这些插槽上的标记未初始化。我试图使用的合格证书放在第四个插槽上。
我使用IAIK PKCS11 Wrapper获取有关此卡的Tokens的信息。这是代码示例:
try {
Module module = Module.getInstance(value);
module.initialize(null);
Slot[] slots = module.getSlotList(true);
TokenInfo[] infos = new TokenInfo[slots.length];
for (int i = 0; i < slots.length; i++) {
infos[i] = slots[i].getToken().getTokenInfo();
}
printTokenInfos(infos);
if (slots.length == 0) {
System.err.println("No token available!");
return;
}
} catch (TokenException | IOException e1) {
e1.printStackTrace();
}
[...]
private void printTokenInfos(TokenInfo[] infos) {
int counter = 0;
for (TokenInfo info : infos) {
System.out.println("Token: " + counter++);
System.out.println(info);
}
}
//"value" passed to Module's getInstance method is th path for .dll module
//used for one's type of card.
从这个地方我可以确定应该使用哪个插槽。可以通过向Provider的配置输入流添加slotListIndex参数来实现。 E.g。
String pkcs11config = "name = " + PROVIDER + "\nlibrary = \"" + value + "\"\nslotListIndex = " + slotIndex;
此问题的有用网站:
IAIK JCA/JCE
https://javaczysen.blogspot.com/ - 不幸的是,只是在波兰语中。