本周开始,当我们的客户在我们的某个产品上使用新的智能卡版本时,我开始遇到一个严重的问题,在keyStore加载期间,它会抛出这样的异常:
java.lang.Exception: Login failure: java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = -95)
at certificate.helper.HelperClass.validateCard(HelperClass.java:194)
at certificate.helper.HelperClass.retrieveToken(HelperClass.java:107)
at certificate.view.LoginDialog.validate(LoginDialog.java:144)
at certificate.view.LoginDialog$1.actionPerformed(LoginDialog.java:84)
at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
at java.awt.Component.processMouseEvent(Unknown Source)
at javax.swing.JComponent.processMouseEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Window.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$500(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)
更糟糕的是,我无法在开发环境中模拟它!
我开始认为它与用户的环境有关,这里我们的团队使用的是Windows 10 x64 + JDK 1.8_x 64,我们可以在一些Windows 7 x64 + JRE 1.8_x x86的statios中模拟同样的错误,我们的客户也在某个站点获得了Linux,他们说它工作正常。
我试图更改keyStore模型及其加载方式,但似乎没有解决问题!以下是事情的完成方式:
public TokenVO retrieveToken(String pin) throws Exception {
Provider pkcs11Provider = new SunPKCS11(leitorGemPC_Windows())
Security.addProvider(pkcs11Provider);
Security.addProvider(new BouncyCastleProvider());
KeyStore smartCardKeyStore = createKeyStore("PKCS11");
validateCard(pin, smartCardKeyStore);
Enumeration aliasesEnum = smartCardKeyStore.aliases();
while (aliasesEnum.hasMoreElements()) {
.... things don't even get this far
}
public void validateCard(String pin, KeyStore smartCardKeyStore) throws Exception {
try {
smartCardKeyStore.load(null, pin.toCharArray());
}
catch (Exception e) {
e.printStackTrace();
throw new Exception(e.getMessage());
}
}
public KeyStore createKeyStore(String keyStoreName) throws KeyStoreException {
if (keyStoreName== null || keyStoreName.isEmpty()) {
keyStoreName= DEFAULT_KEYSTORE;
}
KeyStore smartCardKeyStore = KeyStore.getInstance(keyStoreName);
return smartCardKeyStore;
}
唯一真正有效的keyStore是PKCS11,我尝试过的每一个都不会验证用户的智能卡PIN /密码,允许使用任何空白密码,并返回空的别名,以便数据不能从卡片中重新开始。
我能做些什么吗?