search

aws-samples / aws-cloudhsm-jce-examples

Sample applications demonstrating how to use the CloudHSM JCE
MIT No Attribution
36 stars 56 forks source link

Explicit login not working #81

Closed raman1212 closed 7 months ago

raman1212 commented 7 months ago

Hi I am building a application that connects to cloud HSM using JCE client SDK 5. I am trying to do explicit login but it is getting failed.
I am passing the creds correctly to the method. I am getting a null provider from this statement - provider = (AuthProvider) Security.getProvider(CloudHsmProvider.PROVIDER_NAME); and then its trying to do implicit login using the below block which check for null provider.

            if (provider == null) {
                provider = new CloudHsmProvider();
            }

Pls, let me know what I am missing in this process.

com.amazonaws.cloudhsm.jce.jni.exception.FailedLoginException: Incorrect credentials are passed for this operation: Incorrect authentication credentials. at com.amazonaws.cloudhsm.jce.jni.Session.do_login(Native Method) at com.amazonaws.cloudhsm.jce.jni.Session.login(Session.java:22) at com.amazonaws.cloudhsm.jce.provider.LoginManager.login(LoginManager.java:88) at com.amazonaws.cloudhsm.jce.provider.CloudHsmProvider.login(CloudHsmProvider.java:666) at com.amazonaws.cloudhsm.jce.provider.CloudHsmProvider.attemptImplicitLogin(CloudHsmProvider.java:621) at com.amazonaws.cloudhsm.jce.provider.CloudHsmProvider.(CloudHsmProvider.java:165) at one.card.rest.cloud.aws.services.LoginRunner.loginWithExplicitCredentials(LoginRunner.java:98)

rday commented 7 months ago

Hi @raman1212 ,

It looks like you have the CLOUDHSM_PIN environment variable set, but the credentials in that variable are not correct. I can reproduce this as follows:

## Setting CLOUDHSM_PIN to be invalid
$ export CLOUDHSM_PIN=invalid:invalid
$ java -ea -jar target/assembly/login-runner.jar --user MyUser --password MyPassword --method explicit
com.amazonaws.cloudhsm.jce.jni.exception.FailedLoginException: Incorrect credentials are passed for this operation: Incorrect authentication credentials.

## After unsetting CLOUDHSM_PIN
$ unset CLOUDHSM_PIN
$ java -ea -jar target/assembly/login-runner.jar --user MyUser --password MyPassword --method explicit

Login successful on provider CloudHSM with user crypto_user!

Logout successful on provider CloudHSM!

Due to the nature of implicit credentials, they are loaded when our Provider is loaded. We recommend removing any unexpected credentials from your environment, and trying the process again.

Thanks!