如何解决“删除与令牌的连接超时后重新连接SunPKCS11”

时间:2019-05-31 12:07:05

标签: java spring-boot pkcs#11 hsm sunpkcs11

连接超时后,我有关于重新连接到SUNPKCS11的问题,我想再次重新连接到SUNPKCS11。

我第一次使用此代码连接到SUNPKCS11。

public void getConnection(String name, String slot, String lib, String type, String password) throws Exception {
    if (type.contains("PKCS11")) {
        StringBuilder cfg = new StringBuilder();
        cfg.append("name=" + name);
        cfg.append(System.getProperty("line.separator"));
        cfg.append("slot=" + slot);
        cfg.append(System.getProperty("line.separator"));
        cfg.append("library=" + lib);
        cfg.append(System.getProperty("line.separator"));
        cfg.append("disabledMechanisms = {");
        cfg.append(System.getProperty("line.separator"));
        cfg.append("CKM_SHA1_RSA_PKCS");
        cfg.append(System.getProperty("line.separator"));
        cfg.append("}");
        InputStream isCfg = new ByteArrayInputStream(cfg.toString().getBytes());
        //Provider p = new SunPKCS11(isCfg);
        p = new SunPKCS11(isCfg);
        p.setProperty("pkcs11LibraryPath", lib);
        Security.addProvider(p);
        keyStore = KeyStore.getInstance(type, p);
        keyStore.load(null, password.toCharArray());


        providerName = p.getName();
        authProvider = (AuthProvider) keyStore.getProvider();
        //String alias = keyStore.aliases().nextElement();
        alias = keyStore.aliases().nextElement();
        privateKey = (PrivateKey) keyStore.getKey(alias, password.toCharArray());
        certificateChain = keyStore.getCertificateChain(alias);
        certificate = keyStore.getCertificate(alias);
        keyStorePrivateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(alias,
                new KeyStore.PasswordProtection(password.toCharArray()));
        x509Certificate = (X509Certificate) keyStorePrivateKeyEntry.getCertificate();
    } else {
        throw new Exception("PK Type Not support");
    }
}

1小时后超时。因此,我创建了方法重新连接以用于重新连接到SUNPCKS11

public void reconnect() throws Exception {
    try {


        final String name = etaxProperties.getCs11_provider_name();
        final String library = etaxProperties.getCs11_lib_path();
        final String slot = etaxProperties.getCs11_slot_id();

        // SUN PKCS#11 Provider -------------------------------------------

        StringBuilder builder = new StringBuilder();
        builder.append("name=" + name);
        builder.append(System.getProperty("line.separator"));
        builder.append("library=\"" + library + "\"");
        builder.append(System.getProperty("line.separator"));
        builder.append("slot=" + slot);

        ByteArrayInputStream bais = new ByteArrayInputStream(builder.toString().getBytes());
        Provider provider = new sun.security.pkcs11.SunPKCS11(bais);
        provider.setProperty("pkcs11LibraryPath", library);
        Security.addProvider(provider);

        KeyStore ks = KeyStore.getInstance("PKCS11");
        ks.load(null, etaxProperties.getCs11_password().toCharArray());

        Enumeration<String> aliases = ks.aliases();
        while (aliases.hasMoreElements())
            System.out.println(aliases.nextElement());

        // ====================================
        // Solved it using the SUN PKCS#11 Wrapper

        PKCS11 pkcs11 = PKCS11.getInstance(((sun.security.pkcs11.SunPKCS11) provider).getProperty("pkcs11LibraryPath"), null, null, true);
        pkcs11.C_Finalize(PKCS11Constants.NULL_PTR);

        // ====================================

        // IAIK PKCS#11 Wrapper -------------------------------------------

        Module pkcs11Module = Module.getInstance(library);
        pkcs11Module.initialize(null);

        Slot[] slots = pkcs11Module.getSlotList(true);

        Session session = slots[0].getToken().openSession(true, true, null, null);
        session.login(Session.UserType.USER, "".toCharArray());

        session.logout();
        session.closeSession();

        //slots[0].getToken().closeAllSessions();
        slots[0].getToken();

        pkcs11Module.finalize(null);

        }catch(Exception e){
            log.error(e.getMessage());
        }
    }

但是收到错误消息:

  

java.security.InvalidKeyException:私钥必须是RSAPrivate(Crt)Key的实例或具有PKCS#8编码”

  

令牌已删除。

0 个答案:

没有答案