Re: [Ejbca-develop] reconnect to PKCS#11 USB token

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Michael Ströder wrote:
> Tomas Gustavsson wrote:
>> To reproduce, what do you mean by changed/removed? You just pulled the
>> smart card from the reader, or did you do something else?
> 
> In case the token cannot be recovered in the same manner, e.g. hardware
> damage, one is stuck. One cannot reach the Crypto Token UI anymore.
> 
> Or there might be the case where you want to add a new token with the old keys
> and some new keys but preserve the old Crypto Token configuration for some
> time without having the old token plugged in.

Ah yes. For simply reproducing the exception you can just pull the token.
The UI frame for Crypto Tokens is not reachable anymore then.

Ciao, Michael.

>> On February 16, 2015 9:44:23 PM GMT+01:00, "Michael Ströder" <mi...@st...> wrote:
>>> Branko Majic wrote:
>>>> It's a more low-level issue with how the PKCS#11 security provider is
>>>> implemented in Java.
>>>>
>>>> Basically, you have no way to tell the PKCS#11 Java security provider
>>>> to reestablish a new session. There's also a bunch of cashing
>>> happening
>>>> there, so if you create keys etc outside of EJBCA's running JVM, you
>>>> won't see them in EJBCA.
>>>>
>>>> Fixing this would require quite a bit more effort, unfortunately
>>>> (implementing a custom Java security provider, and maintaining it).
>>>
>>> Even worse (with SVN revision 20683):
>>> When a crypto token was changed/removed you won't be able to access the
>>> "Crypto Tokens" UI in the adminweb anymore (see below) even after
>>> restarting
>>> JBOSS... :-(
>>>
>>> Ciao, Michael.
>>>
>>> 21:43:44,424 ERROR
>>> [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/ejbca/adminweb].[Faces
>>> Servlet]] (http--0.0.0.0-8443-1) Servlet.service() for servlet Faces
>>> Servlet
>>> threw exception: java.lang.RuntimeException: Attempted to find a slot
>>> for a
>>> PKCS#11 crypto token, but it did not exists. Perhaps the token was
>>> removed?
> 
> 
> 
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREE
> http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
> 
> 
> 
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 

--
Michael Ströder                 Klauprechtstr. 11
Dipl.-Inform.                   D-76137 Karlsruhe, Germany
Tel.: +49 721 8304316           Mobil: +49 170 2391920
E-Mail: mi...@st...    http://www.stroeder.com