javax.security.auth.login.LoginException: Unable to perform password callback

[michnovka]

jSignPDF version 2.0.0 Kubuntu 20.04 java 17.0.1 2021-10-19 LTS

When signing with my card and TSA, I get the below exception. The final PDF looks fine and has valid timestamped signature.

superuser@TheTower:~/Applications/jsignpdf-2.0.0$ ./jsignpdf.sh 
FINE Relaxing SSL security.
FINE Registering SunPKCS11 provider from configuration in conf/pkcs11.cfg
FINE PKCS11 provider registered with name SunPKCS11-eObcanka
FINE PKCS11 provider registered with name JSignPKCS11-eObcanka
INFO Starting JSignPdf
INFO Checking input and output PDF paths.
INFO Getting key alias
INFO Certificate Objekt 04/08/2020 00:16:43 expired already.
INFO Used key alias: Objekt 02/08/2021 18:24:39
INFO Loading private key
INFO Getting certificate chain
INFO Opening input PDF file: /home/superuser/Nextcloud2/Konevova/Dopis bonollo.pdf
INFO Creating output PDF file: /home/superuser/Nextcloud2/Konevova/Dopis bonollo_signed.pdf
INFO Creating signature
INFO Setting location: Praha
INFO Setting certification level
INFO Configuring visible signature
INFO Use only layers recommend by Acrobat 6: true
INFO Setting background image scale
INFO Setting Layer 2 text (description)
INFO Setting Layer 4 text (status)
INFO Setting Render mode
INFO Creating visible signature
INFO Processing (it may take a while) ...
INFO Reading CRLs
INFO Reading CRL distribution points from certificate XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX#redacted
INFO Found CRL URL in distribution point: http://qcrldp1.ica.cz/2qca16_rsa.crl
INFO Found CRL URL in distribution point: http://qcrldp2.ica.cz/2qca16_rsa.crl
INFO Found CRL URL in distribution point: http://qcrldp3.ica.cz/2qca16_rsa.crl
INFO Downloading CRL from http://qcrldp3.ica.cz/2qca16_rsa.crl
INFO Size of downloaded CRL: 146964
INFO Downloading CRL from http://qcrldp1.ica.cz/2qca16_rsa.crl
INFO Size of downloaded CRL: 146964
INFO Downloaded CRL is already present. Skipping.
INFO Downloading CRL from http://qcrldp2.ica.cz/2qca16_rsa.crl
INFO Size of downloaded CRL: 146964
INFO Downloaded CRL is already present. Skipping.
FINE KeyStore type JSIGNPKCS11 is not supported by the provider SunPKCS11-eObcanka
FINE KeyStore type JSIGNPKCS11 is supported by the provider JSignPKCS11-eObcanka
INFO Creating TSA client.
INFO Setting TSA hash algorithm: SHA256
INFO Setting TSA policy OID: 1.3.6.1.4.1.23624.10.1.50.2.0
javax.security.auth.login.LoginException: Unable to perform password callback
        at com.github.kwart.jsign.pkcs11.JSignPKCS11.contextSpecificLogin(JSignPKCS11.java:1335)
        at com.github.kwart.jsign.pkcs11.P11Signature.engineSign(P11Signature.java:604)
        at java.base/java.security.Signature$Delegate.engineSign(Signature.java:1423)
        at java.base/java.security.Signature.sign(Signature.java:712)
        at com.lowagie.text.pdf.PdfPKCS7.getEncodedPKCS7(PdfPKCS7.java:1258)
        at net.sf.jsignpdf.SignerLogic.signFile(SignerLogic.java:412)
        at net.sf.jsignpdf.SignerLogic.run(SignerLogic.java:115)
        at java.base/java.lang.Thread.run(Thread.java:833)
Caused by: java.lang.NullPointerException: Cannot invoke "javax.security.auth.callback.CallbackHandler.handle(javax.security.auth.callback.Callback[])" because "this.pHandler" is null
        at com.github.kwart.jsign.pkcs11.JSignPKCS11.contextSpecificLogin(JSignPKCS11.java:1333)
        ... 7 more
INFO Closing result PDF stream
INFO Finished: Signature succesfully created.

[michnovka]

TSA settings below in screenshot

[kwart]

Does the SunPKCS11 keystore type work? The JSignPKCS11 should only be used in cases where SunPKCS11 fails.

[michnovka]

I dont even have SunPKCS11 in the list. Only JSignPKCS11

[kwart]

Sorry, I wasn't clear. The SunPKCS11 is the implementation class name. The related keystone type name is just "PKCS11".

Try to run jsignpdf.sh -lkt, you should see the "PKCS11" in the output.

The JSignPKCS11 was not tested with Java 17 (yet) :)

[michnovka]

Yea, with SunPKCS11 the error is not present.