EJBCA and Safenet Luna HSM - Error when creating CA token

Help
2013-09-30
2013-10-02
  • Good morning,

    I'm looking for any help or advice about the problem below.
    My setup:

    Ejbca 3.10.6
    Jboss EnterprisePlatform-4.3.0.GA_CP09
    SqlServer 2008
    Window 2008 Std. Edition
    HSM Safenet K5 firmware 4.8.1 and s.o. 4.5.0.12

    We have had setup EJBCA and it's up and running since last year with HSM Safenet K5 firmware 4.6.1 and s.o. 4.3.1. We have updated the firmware
    HSM last Thursday and since then we always get the same error:

    2013-09-30 13:28:29,061 DEBUG [org.ejbca.core.model.ca.catoken.CATokenManager] Added CA token for CA: -1717853931
    2013-09-30 13:28:29,061 DEBUG [org.ejbca.core.model.ca.catoken.BaseCAToken] >init: sSlotLabelKey=slot, Signaturealg=SHA256WithRSA
    2013-09-30 13:28:29,061 DEBUG [org.ejbca.core.model.ca.catoken.BaseCAToken] Prop: {sharedLibrary=C:\ejbca_3_10_6\lib\cryptoki.dll, pin=hidden, defaultKey=PKIG001, slot=1}
    2013-09-30 13:28:29,061 DEBUG [org.ejbca.util.CryptoProviderTools] MaxAllowedKeyLength for DES is: 2147483647
    2013-09-30 13:28:29,061 DEBUG [org.ejbca.util.StringTools] Using cleartext autoactivation pin
    2013-09-30 13:28:29,061 DEBUG [org.ejbca.core.model.ca.catoken.BaseCAToken] <init: sSlotLabelKey=slot, Signaturealg=SHA256WithRSA
    2013-09-30 13:28:29,061 DEBUG [org.ejbca.util.keystore.KeyTools] name = cryptoki.dll-slot1
    library = C:\ejbca_3_10_6\lib\cryptoki.dll
    slot = 1
    attributes(, , ) = {
    CKA_TOKEN = true
    }
    attributes(
    , CKO_PUBLIC_KEY, ) = {
    CKA_ENCRYPT = true
    CKA_VERIFY = true
    CKA_WRAP = true
    }
    attributes(
    , CKO_PRIVATE_KEY, *) = {
    CKA_PRIVATE = true
    CKA_SENSITIVE = true
    CKA_EXTRACTABLE = false
    CKA_DECRYPT = true
    CKA_SIGN = true
    CKA_UNWRAP = true
    }

    2013-09-30 13:28:29,061 DEBUG [org.ejbca.util.keystore.KeyTools] {SLOT_ID=1, PKCS11_NATIVE_MODULE=C:\ejbca_3_10_6\lib\cryptoki.dll}
    2013-09-30 13:28:29,076 INFO [org.ejbca.util.keystore.KeyTools] Using SUN PKCS11 provider: sun.security.pkcs11.SunPKCS11
    2013-09-30 13:28:29,076 ERROR [org.ejbca.util.keystore.KeyTools] Error constructing pkcs11 provider: null
    2013-09-30 13:28:29,076 ERROR [org.ejbca.core.model.ca.catoken.CATokenContainerImpl] Error contructing CA Token (setting to null):
    org.ejbca.core.model.ca.catoken.CATokenOfflineException: Error when creating CA token.
    at org.ejbca.util.keystore.P11Slot.getInstance(P11Slot.java:191)
    at org.ejbca.util.keystore.P11Slot.getInstance(P11Slot.java:145)
    at org.ejbca.core.model.ca.catoken.PKCS11CAToken.init(PKCS11CAToken.java:133)
    at org.ejbca.core.model.ca.catoken.CATokenContainerImpl.getCAToken(CATokenContainerImpl.java:974)
    at org.ejbca.core.model.ca.catoken.CATokenContainerImpl.getCATokenInfo(CATokenContainerImpl.java:157)
    at org.ejbca.core.model.ca.caadmin.X509CA.<init>(X509CA.java:194)
    at org.ejbca.core.ejb.ca.caadmin.CADataBean.readAndUpgradeCAInternal(CADataBean.java:252)
    at org.ejbca.core.ejb.ca.caadmin.CADataBean.upgradeCA(CADataBean.java:198)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.jboss.invocation.Invocation.performCall(Invocation.java:359)
    at org.jboss.ejb.EntityContainer$ContainerInterceptor.invoke(EntityContainer.java:1187)
    at org.jboss.ejb.plugins.cmp.jdbc.JDBCRelationInterceptor.invoke(JDBCRelationInterceptor.java:87)
    at org.jboss.ejb.plugins.EntitySynchronizationInterceptor.invoke(EntitySynchronizationInterceptor.java:284)
    at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:158)
    at org.jboss.ejb.plugins.EntityReentranceInterceptor.invoke(EntityReentranceInterceptor.java:126)
    at org.jboss.ejb.plugins.EntityInstanceInterceptor.invoke(EntityInstanceInterceptor.java:278)
    at org.jboss.ejb.plugins.EntityLockInterceptor.invoke(EntityLockInterceptor.java:104)
    at org.jboss.ejb.plugins.EntityCreationInterceptor.invoke(EntityCreationInterceptor.java:76)
    at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
    at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
    at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:350)
    at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:181)
    at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:168)
    at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
    at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:138)
    at org.jboss.ejb.EntityContainer.internalInvoke(EntityContainer.java:527)
    at org.jboss.ejb.Container.invoke(Container.java:960)
    at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invoke(BaseLocalProxyFactory.java:430)
    at org.jboss.ejb.plugins.local.EntityProxy.invoke(EntityProxy.java:65)
    at $Proxy187.upgradeCA(Unknown Source)
    at org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean.initializeAndUpgradeCAs(CAAdminSessionBean.java:389)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.jboss.invocation.Invocation.performCall(Invocation.java:359)
    at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionContainer.java:237)
    at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:158)
    at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstanceInterceptor.java:169)
    at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
    at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
    at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:350)
    at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:181)
    at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:168)
    at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
    at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:138)
    at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:648)
    at org.jboss.ejb.Container.invoke(Container.java:960)
    at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invoke(BaseLocalProxyFactory.java:430)
    at org.jboss.ejb.plugins.local.StatelessSessionProxy.invoke(StatelessSessionProxy.java:103)
    at $Proxy194.initializeAndUpgradeCAs(Unknown Source)
    at org.ejbca.ui.web.admin.configuration.StartServicesServlet.ejbcaInit(StartServicesServlet.java:286)
    at org.ejbca.ui.web.admin.configuration.StartServicesServlet.init(StartServicesServlet.java:186)
    at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1161)
    at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:981)
    at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4069)
    at org.apache.catalina.core.StandardContext.start(StandardContext.java:4362)
    at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:752)
    at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:732)
    at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:553)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:297)
    at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDynamicInvoker.java:164)
    at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
    at org.apache.catalina.core.StandardContext.init(StandardContext.java:5263)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:297)
    at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDynamicInvoker.java:164)
    at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
    at org.jboss.web.tomcat.service.TomcatDeployer.performDeployInternal(TomcatDeployer.java:295)
    at org.jboss.web.tomcat.service.TomcatDeployer.performDeploy(TomcatDeployer.java:108)
    at org.jboss.web.AbstractWebDeployer.start(AbstractWebDeployer.java:375)
    at org.jboss.web.WebModule.startModule(WebModule.java:83)
    at org.jboss.web.WebModule.startService(WebModule.java:61)
    at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:289)
    at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:245)
    at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
    at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
    at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
    at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
    at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
    at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:978)
    at $Proxy0.start(Unknown Source)
    at org.jboss.system.ServiceController.start(ServiceController.java:417)
    at org.jboss.system.ServiceController.start(ServiceController.java:435)
    at sun.reflect.GeneratedMethodAccessor9.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
    at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
    at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
    at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
    at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
    at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
    at $Proxy31.start(Unknown Source)
    at org.jboss.ejb.EJBDeployer.start(EJBDeployer.java:662)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
    at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
    at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133)
    at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
    at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142)
    at org.jboss.mx.interceptor.DynamicInterceptor.invoke(DynamicInterceptor.java:97)
    at org.jboss.system.InterceptorServiceMBeanSupport.invokeNext(InterceptorServiceMBeanSupport.java:238)
    at org.jboss.wsf.container.jboss42.DeployerInterceptor.start(DeployerInterceptor.java:87)
    at org.jboss.deployment.SubDeployerInterceptorSupport$XMBeanInterceptor.start(SubDeployerInterceptorSupport.java:188)
    at org.jboss.deployment.SubDeployerInterceptor.invoke(SubDeployerInterceptor.java:95)
    at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
    at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
    at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
    at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
    at $Proxy32.start(Unknown Source)
    at org.jboss.deployment.MainDeployer.start(MainDeployer.java:1025)
    at org.jboss.deployment.MainDeployer.start(MainDeployer.java:1015)
    at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:819)
    at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:782)
    at sun.reflect.GeneratedMethodAccessor24.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
    at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
    at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133)
    at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
    at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142)
    at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
    at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
    at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
    at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
    at $Proxy9.deploy(Unknown Source)
    at org.jboss.deployment.scanner.URLDeploymentScanner.deploy(URLDeploymentScanner.java:421)
    at org.jboss.deployment.scanner.URLDeploymentScanner.scan(URLDeploymentScanner.java:634)
    at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.doScan(AbstractDeploymentScanner.java:266)
    at org.jboss.deployment.scanner.AbstractDeploymentScanner.startService(AbstractDeploymentScanner.java:344)
    at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:289)
    at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:245)
    at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
    at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
    at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
    at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
    at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
    at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:978)
    at $Proxy0.start(Unknown Source)
    at org.jboss.system.ServiceController.start(ServiceController.java:417)
    at sun.reflect.GeneratedMethodAccessor9.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
    at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
    at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
    at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
    at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
    at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
    at $Proxy4.start(Unknown Source)
    at org.jboss.deployment.SARDeployer.start(SARDeployer.java:302)
    at org.jboss.deployment.MainDeployer.start(MainDeployer.java:1025)
    at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:819)
    at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:782)
    at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:766)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
    at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
    at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133)
    at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
    at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142)
    at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
    at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
    at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
    at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
    at $Proxy5.deploy(Unknown Source)
    at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:482)
    at org.jboss.system.server.ServerImpl.start(ServerImpl.java:362)
    at org.jboss.Main.boot(Main.java:200)
    at org.jboss.Main$1.run(Main.java:518)
    at java.lang.Thread.run(Thread.java:619)
    2013-09-30 13:28:29,076 DEBUG [org.ejbca.core.model.ca.catoken.CATokenContainerImpl] Setting CATokenInfo.status to: 2
    2013-09-30 13:28:29,076 DEBUG [org.ejbca.core.model.ca.caadmin.CACacheManager] Added CA to registry: -1717853931
    2013-09-30 13:28:29,076 INFO [org.ejbca.core.ejb.ca.caadmin.CAAdminSessionSession] Initialized CA: SCO RootCA SHA256, with expire time: Fri Dec 03 16:49:15 CET 2021
    2013-09-30 13:28:29,092 DEBUG [org.ejbca.util.CryptoProviderTools] MaxAllowedKeyLength for DES is: 2147483647

    Please help me

     
  • Mike Kushner
    Mike Kushner
    2013-10-02

    Hi Fabio,

    Firstly the version of EJBCA that you're using is past its End of Life, and is no longer supported. We recommend that you upgrade to the latest community version (4.0.16) before we can support you.
    Secondly, HSM-related questions fall outside of the community support sphere. If you require assistance, contact sales@primekey.se to inquire about a support contract.

    Cheers,
    Mike Kushner
    Developer, Primekey Solutions


    PrimeKey Solutions offers commercial EJBCA and SignServer support
    subscriptions and training courses. Please see www.primekey.se or
    contact sales@primekey.se for more information.
    http://www.primekey.se/Services/Support/
    http://www.primekey.se/Services/Training/