The below exception is being thrown when the previously used HW cryptotoken is no longer present in the system. This happens in my case by simply unplugging the USB card reader. The issue with this that remaining cryptotokens are not accessible nor can the configuration be manipulated (not via web nor via CLI). The only way I have found to recover from this by presenting the same card reader to ejbca. I will try if the actual smartcard makes a difference, but anyway I think the error needs to be caught before.
I am running:
ejbca_ce_6_2_0
jboss-as-7.1.1.Final
Let me know if you need any more information
Exception report message description:
The server encountered an internal error () that prevented it from fulfilling this request.
exception
javax.servlet.ServletException: /cryptotoken/cryptotokens.jsp(57,1) '#{cryptoTokenMBean.cryptoTokenGuiList}' java.lang.RuntimeException: Attempted to find a slot for a soft crypto token. This should not happen.
javax.faces.webapp.FacesServlet.service(FacesServlet.java:277)
org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:198)
org.owasp.filters.ClickjackFilter.doFilter(ClickjackFilter.java:36)
org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter(ExtensionsFilter.java:147)
org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:109)
root cause
org.apache.jasper.el.JspELException: /cryptotoken/cryptotokens.jsp(57,1) '#{cryptoTokenMBean.cryptoTokenGuiList}' java.lang.RuntimeException: Attempted to find a slot for a soft crypto token. This should not happen.
org.apache.jasper.el.JspValueExpression.getValue(JspValueExpression.java:107)
javax.faces.component.UIData.getValue(UIData.java:614)
javax.faces.component.UIData.getDataModel(UIData.java:1145)
javax.faces.component.UIData.setRowIndex(UIData.java:451)
com.sun.faces.renderkit.html_basic.TableRenderer.encodeBegin(TableRenderer.java:77)
javax.faces.component.UIComponentBase.encodeBegin(UIComponentBase.java:816)
javax.faces.component.UIData.encodeBegin(UIData.java:983)
javax.faces.component.UIComponent.encodeAll(UIComponent.java:928)
javax.faces.render.Renderer.encodeChildren(Renderer.java:148)
javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:840)
javax.faces.component.UIComponent.encodeAll(UIComponent.java:930)
javax.faces.component.UIComponent.encodeAll(UIComponent.java:933)
com.sun.faces.application.ViewHandlerImpl.doRenderView(ViewHandlerImpl.java:266)
com.sun.faces.application.ViewHandlerImpl.renderView(ViewHandlerImpl.java:197)
com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:110)
com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100)
com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:139)
javax.faces.webapp.FacesServlet.service(FacesServlet.java:266)
org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:198)
org.owasp.filters.ClickjackFilter.doFilter(ClickjackFilter.java:36)
org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter(ExtensionsFilter.java:147)
org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:109)
thanks for your reply, I was a little unsure to were to set it so I have done the following:
- set the allow.nonexisting.slot in ejbca.properties
- run ant clean deployear
- restarted jboss
However, the error is still present.
Presumably I would not need to run a complete re-deploy.
Cheers
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
ok, tried that as well catoken.properties in conf directory, without much success.
The error occours doing nothing fancy, meaning I click on cryptotokens in the adminweb.
I can work around this issue, but others might get bitten in an disaster recovery scenario.
Do you want me to try anything else or should I file a bug report somewhere?
Cheers
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Well this is actually token properties. They are stored in the crypto token itself.
In EJBCA there is no GUI support for manipulating these properties. They are stored in Base64 encoded form in the database. column tokenProps in the table CryptoTokenData.
If you are database aware you can add that property diretly in the database (base64 decode existing, add property, base64 encode and update column).
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
This could be really problem especially when you have enabled database protection and you can't just update record in database...
I had the same problem few days ago and with database protection you have the only way to create small application that could be integrated into admin GUI to change crypto token properties and sign it.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I might have encountered an bug.
The below exception is being thrown when the previously used HW cryptotoken is no longer present in the system. This happens in my case by simply unplugging the USB card reader. The issue with this that remaining cryptotokens are not accessible nor can the configuration be manipulated (not via web nor via CLI). The only way I have found to recover from this by presenting the same card reader to ejbca. I will try if the actual smartcard makes a difference, but anyway I think the error needs to be caught before.
I am running:
ejbca_ce_6_2_0
jboss-as-7.1.1.Final
Let me know if you need any more information
Exception report message description:
The server encountered an internal error () that prevented it from fulfilling this request.
exception
javax.servlet.ServletException: /cryptotoken/cryptotokens.jsp(57,1) '#{cryptoTokenMBean.cryptoTokenGuiList}' java.lang.RuntimeException: Attempted to find a slot for a soft crypto token. This should not happen.
javax.faces.webapp.FacesServlet.service(FacesServlet.java:277)
org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:198)
org.owasp.filters.ClickjackFilter.doFilter(ClickjackFilter.java:36)
org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter(ExtensionsFilter.java:147)
org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:109)
root cause
org.apache.jasper.el.JspELException: /cryptotoken/cryptotokens.jsp(57,1) '#{cryptoTokenMBean.cryptoTokenGuiList}' java.lang.RuntimeException: Attempted to find a slot for a soft crypto token. This should not happen.
org.apache.jasper.el.JspValueExpression.getValue(JspValueExpression.java:107)
javax.faces.component.UIData.getValue(UIData.java:614)
javax.faces.component.UIData.getDataModel(UIData.java:1145)
javax.faces.component.UIData.setRowIndex(UIData.java:451)
com.sun.faces.renderkit.html_basic.TableRenderer.encodeBegin(TableRenderer.java:77)
javax.faces.component.UIComponentBase.encodeBegin(UIComponentBase.java:816)
javax.faces.component.UIData.encodeBegin(UIData.java:983)
javax.faces.component.UIComponent.encodeAll(UIComponent.java:928)
javax.faces.render.Renderer.encodeChildren(Renderer.java:148)
javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:840)
javax.faces.component.UIComponent.encodeAll(UIComponent.java:930)
javax.faces.component.UIComponent.encodeAll(UIComponent.java:933)
com.sun.faces.application.ViewHandlerImpl.doRenderView(ViewHandlerImpl.java:266)
com.sun.faces.application.ViewHandlerImpl.renderView(ViewHandlerImpl.java:197)
com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:110)
com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100)
com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:139)
javax.faces.webapp.FacesServlet.service(FacesServlet.java:266)
org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:198)
org.owasp.filters.ClickjackFilter.doFilter(ClickjackFilter.java:36)
org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter(ExtensionsFilter.java:147)
org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:109)
root cause
java.lang.RuntimeException: Attempted to find a slot for a soft crypto token. This should not happen.
org.cesecore.keys.token.CryptoTokenSessionBean.getCryptoToken(CryptoTokenSessionBean.java:92)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method.invoke(Method.java:606)
org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72)
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47)
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53)
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51)
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211)
org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363)
org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194)
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59)
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:32)
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165)
org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173)
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72)
org.cesecore.keys.token.CryptoTokenSessionLocal$$$view15.getCryptoToken(Unknown Source)
org.cesecore.keys.token.CryptoTokenManagementSessionBean.getCryptoTokenInfo(CryptoTokenManagementSessionBean.java:123)
org.cesecore.keys.token.CryptoTokenManagementSessionBean.getCryptoTokenInfos(CryptoTokenManagementSessionBean.java:115)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method.invoke(Method.java:606)
org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72)
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36)
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47)
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53)
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51)
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:211)
org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:363)
org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:194)
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59)
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:32)
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165)
org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173)
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72)
org.cesecore.keys.token.CryptoTokenManagementSessionLocal$$$view17.getCryptoTokenInfos(Unknown Source)
org.ejbca.ui.web.admin.cryptotoken.CryptoTokenMBean.getCryptoTokenGuiList(CryptoTokenMBean.java:259)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method.invoke(Method.java:606)
javax.el.BeanELResolver.getValue(BeanELResolver.java:302)
com.sun.faces.el.DemuxCompositeELResolver._getValue(DemuxCompositeELResolver.java:173)
com.sun.faces.el.DemuxCompositeELResolver.getValue(DemuxCompositeELResolver.java:200)
org.apache.el.parser.AstValue.getValue(AstValue.java:169)
org.apache.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:189)
org.apache.jasper.el.JspValueExpression.getValue(JspValueExpression.java:101)
javax.faces.component.UIData.getValue(UIData.java:614)
javax.faces.component.UIData.getDataModel(UIData.java:1145)
javax.faces.component.UIData.setRowIndex(UIData.java:451)
com.sun.faces.renderkit.html_basic.TableRenderer.encodeBegin(TableRenderer.java:77)
javax.faces.component.UIComponentBase.encodeBegin(UIComponentBase.java:816)
javax.faces.component.UIData.encodeBegin(UIData.java:983)
javax.faces.component.UIComponent.encodeAll(UIComponent.java:928)
javax.faces.render.Renderer.encodeChildren(Renderer.java:148)
javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:840)
javax.faces.component.UIComponent.encodeAll(UIComponent.java:930)
javax.faces.component.UIComponent.encodeAll(UIComponent.java:933)
com.sun.faces.application.ViewHandlerImpl.doRenderView(ViewHandlerImpl.java:266)
com.sun.faces.application.ViewHandlerImpl.renderView(ViewHandlerImpl.java:197)
com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:110)
com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100)
com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:139)
javax.faces.webapp.FacesServlet.service(FacesServlet.java:266)
org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:198)
org.owasp.filters.ClickjackFilter.doFilter(ClickjackFilter.java:36)
org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter(ExtensionsFilter.java:147)
org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:109)
You can set the property:
allow.nonexisting.slot=true
then it should not throw the NoSuchSlotException. Would be good if you could try that.
Cheers,
Tomas
Save time and money with an Enterprise support subscription. Please see www.primekey.se for more information.
http://www.primekey.se/Products/EJBCA+PKI/
http://www.primekey.se/Services/Support/
Hi Tomas,
thanks for your reply, I was a little unsure to were to set it so I have done the following:
- set the allow.nonexisting.slot in ejbca.properties
- run ant clean deployear
- restarted jboss
However, the error is still present.
Presumably I would not need to run a complete re-deploy.
Cheers
It should be in the crypto Token properties, not sure where to add it myself though. No redeploy, as it should be a runtime setting I believe.
ok, tried that as well catoken.properties in conf directory, without much success.
The error occours doing nothing fancy, meaning I click on cryptotokens in the adminweb.
I can work around this issue, but others might get bitten in an disaster recovery scenario.
Do you want me to try anything else or should I file a bug report somewhere?
Cheers
Well this is actually token properties. They are stored in the crypto token itself.
In EJBCA there is no GUI support for manipulating these properties. They are stored in Base64 encoded form in the database. column tokenProps in the table CryptoTokenData.
If you are database aware you can add that property diretly in the database (base64 decode existing, add property, base64 encode and update column).
Added this issue to make some support for it (if the issue gets enough prio).
https://jira.primekey.se/browse/ECA-3713
This could be really problem especially when you have enabled database protection and you can't just update record in database...
I had the same problem few days ago and with database protection you have the only way to create small application that could be integrated into admin GUI to change crypto token properties and sign it.