Closed GoogleCodeExporter closed 9 years ago
I think I did what you're trying to do but using the Portuguese citizen card
(i.e. multiple signatures using the same KeyingDataProvider). Right now I don't
have the smart card reader with me, but I'll look into this next week.
Original comment by luis.fgoncalv
on 8 Jul 2011 at 2:52
OK thanks, I appreciate your commitment and I am waiting for any help :)
Original comment by monc...@gmail.com
on 15 Jul 2011 at 8:49
I was able to reproduce the issue, but not consistently. If I create a
XadesSigner and use it N times, all goes OK. But if I test with a dummy
signature directly using the Signature engine class and then the XadesSigner (N
times on each), I get the error.. Looks like it has something to do with the
PKCS11 provider being in use or something. I'll keep looking into it.
Original comment by luis.fgoncalv
on 15 Jul 2011 at 10:23
Adding these just for reference:
https://issues.apache.org/bugzilla/show_bug.cgi?id=40826
https://issues.apache.org/bugzilla/show_bug.cgi?id=43056
http://download.oracle.com/javase/1.5.0/docs/guide/security/p11guide.html#Delaye
dSelect
Original comment by luis.fgoncalv
on 15 Jul 2011 at 10:37
I found the cause when creating multiple instances of
PKCS11KeyStoreKeyingDataProvider. I was always trying to add new instance of
the provider, but the addProvider method failed. Then, the provider instance
was used anyway to create the KeyStore. When the signature engine is
initialized, the delayed provider selection fails, because there is no provider
installed that matches the given instance (the addProvider had failed). The
links above were useful on this one.
Anyway, if the PKCS11KeyStoreKeyingDataProvider was created only once, I had no
problems. I wasn't able to reproduce your second scenario.
Can you test with the updated source code?
Original comment by luis.fgoncalv
on 15 Jul 2011 at 11:13
Did you have a chance to try this out?
Original comment by luis.fgoncalv
on 19 Jul 2011 at 3:33
[deleted comment]
I haven't tried it yet, but anyway, thanks for your fast reaction! I'm going to
try that for sure in the next few days (I don't have a reader right now) and
I'll leave you a comment.
It's completely out of topic, but I have a one suggestion. Could you implement
an updated version of PKCS11KeyStoreKeyingDataProvider, where there's a SLOT as
a additional argument (then in the body: config.append("slot =
").append(slot);). My card reader started to work only when I had provided him
slot=3 (I had to modify your method by myself, but in the end, it could be
helpful for other users in the future).
You did a good job!
Original comment by monc...@gmail.com
on 21 Jul 2011 at 9:39
I'm closing this issue since the main problem is resolved and the optional slot
argument was added.
Original comment by luis.fgoncalv
on 8 Sep 2011 at 10:03
I have a problem with exception:
xades4j.verification.UnexpectedJCAException: expected but could not find
private key
when i'm trying to sign the second document.
How did You resolved this ?
I'm using PKCS11KeyStoreKeyingDataProvider with slotId and everything works but
for first document. Signing the second one throws exception.
Thanks in advance for Your help.
Original comment by mario790...@gmail.com
on 3 Dec 2014 at 7:53
This problem should have been fixed by not registering the JCA provider
multiple times. Which version of the library are you using?
Original comment by luis.fgoncalv
on 4 Dec 2014 at 10:53
Ok solved
change this
Cipher rsaCipher = Cipher.getInstance(TRANSFORMATION, provider);
with this
Cipher rsaCipher = Cipher.getInstance(TRANSFORMATION, "SunPKCS11-Luna");
and it starts working
Original comment by tiwari9...@gmail.com
on 4 Feb 2015 at 9:41
Original issue reported on code.google.com by
monc...@gmail.com
on 7 Jul 2011 at 1:49