Menu
▾
▴
Re: [Ejbca-develop] reconnect to PKCS#11 USB token
|
From: Tomas G. <to...@pr...> - 2015-02-17 10:46:19
|
I created this issue in Jira. https://jira.primekey.se/browse/ECA-4104 On 2015-02-17 09:32, Michael Ströder wrote: > Michael Ströder wrote: >> Tomas Gustavsson wrote: >>> To reproduce, what do you mean by changed/removed? You just pulled the >>> smart card from the reader, or did you do something else? >> >> In case the token cannot be recovered in the same manner, e.g. hardware >> damage, one is stuck. One cannot reach the Crypto Token UI anymore. >> >> Or there might be the case where you want to add a new token with the old keys >> and some new keys but preserve the old Crypto Token configuration for some >> time without having the old token plugged in. > > Ah yes. For simply reproducing the exception you can just pull the token. > The UI frame for Crypto Tokens is not reachable anymore then. > > Ciao, Michael. > >>> On February 16, 2015 9:44:23 PM GMT+01:00, "Michael Ströder" <mi...@st...> wrote: >>>> Branko Majic wrote: >>>>> It's a more low-level issue with how the PKCS#11 security provider is >>>>> implemented in Java. >>>>> >>>>> Basically, you have no way to tell the PKCS#11 Java security provider >>>>> to reestablish a new session. There's also a bunch of cashing >>>> happening >>>>> there, so if you create keys etc outside of EJBCA's running JVM, you >>>>> won't see them in EJBCA. >>>>> >>>>> Fixing this would require quite a bit more effort, unfortunately >>>>> (implementing a custom Java security provider, and maintaining it). >>>> >>>> Even worse (with SVN revision 20683): >>>> When a crypto token was changed/removed you won't be able to access the >>>> "Crypto Tokens" UI in the adminweb anymore (see below) even after >>>> restarting >>>> JBOSS... :-( >>>> >>>> Ciao, Michael. >>>> >>>> 21:43:44,424 ERROR >>>> [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/ejbca/adminweb].[Faces >>>> Servlet]] (http--0.0.0.0-8443-1) Servlet.service() for servlet Faces >>>> Servlet >>>> threw exception: java.lang.RuntimeException: Attempted to find a slot >>>> for a >>>> PKCS#11 crypto token, but it did not exists. Perhaps the token was >>>> removed? >> >> >> >> ------------------------------------------------------------------------------ >> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server >> from Actuate! Instantly Supercharge Your Business Reports and Dashboards >> with Interactivity, Sharing, Native Excel Exports, App Integration & more >> Get technology previously reserved for billion-dollar corporations, FREE >> http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk >> >> >> >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> > > > -- > Michael Ströder Klauprechtstr. 11 > Dipl.-Inform. D-76137 Karlsruhe, Germany > Tel.: +49 721 8304316 Mobil: +49 170 2391920 > E-Mail: mi...@st... http://www.stroeder.com > |
