java.security.ProviderException

There are no available Samebug tips for this exception. Do you have an idea how to solve this issue? A short tip would help users who saw this issue last week.

  • FULL PRODUCT VERSION : java version "1.8.0_77" Java(TM) SE Runtime Environment (build 1.8.0_77-b03) Java HotSpot(TM) 64-Bit Server VM (build 25.77-b03, mixed mode) ADDITIONAL OS VERSION INFORMATION : Linux localhost.localdomain 4.4.6-301.fc23.x86_64 #1 SMP Wed Mar 30 16:43:58 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux EXTRA RELEVANT SYSTEM CONFIGURATION : Using Thales nShield HSM with Security World software v12.10, and associated PKCS#11 provider (/opt/nfast/toolkits/pkcs11/libcknfast.so). Note that this setup requires that the HSM belong to a valid Security World. A DESCRIPTION OF THE PROBLEM : 1. Create sample code: import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.FileOutputStream; import java.io.InputStream; import java.io.PrintStream; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.KeyPairGenerator; import javax.crypto.KeyGenerator; import javax.crypto.Cipher; import java.security.Key; import java.security.PublicKey; import java.security.KeyPair; import java.security.Provider; import java.security.Security; import java.security.cert.X509Certificate; import java.security.cert.Certificate; import sun.security.pkcs11.SunPKCS11; public class SunPKCS11Sample { private static final char[] CARDSET_PASSPHRASE = "123456".toCharArray(); private SunPKCS11Sample(){ ByteArrayOutputStream byteStream = new ByteArrayOutputStream(); PrintStream ps = new PrintStream(byteStream); ps.println("name = nCipher"); ps.println("library = /opt/nfast/toolkits/pkcs11/libcknfast.so"); ps.println("attributes = compatibility"); ps.println("slotListIndex = 0"); InputStream config = new ByteArrayInputStream(byteStream.toByteArray()); Provider pkcs11Provider = new SunPKCS11(config); Security.addProvider(pkcs11Provider); } private void run() throws Exception{ try { KeyStore ks = KeyStore.getInstance("PKCS11", "SunPKCS11-nCipher" ); //KeyStore ks = KeyStore.getInstance("PKCS11"); ks.load(null, CARDSET_PASSPHRASE ); Key mykey = ks.getKey("test123", null); } catch ( Exception e) { System.out.println("Error with keystore."); } } public static void main(String [] args) { try { (new SunPKCS11Sample()).run(); }catch (Throwable e){ e.printStackTrace(); System.exit(1); } System.exit(0); } } PKCS#11 debugging: 2016-04-13 13:49:30 [18477]: pkcs11: 00000000 >> C_GetFunctionList 2016-04-13 13:49:30 [18477]: pkcs11: 00000000 > ppFunctionList 0x7fd9ac1190c8 2016-04-13 13:49:30 [18477]: pkcs11: 00000000 >> C_Initialize 2016-04-13 13:49:30 [18477]: pkcs11: 00000000 > voidp 0x7fd9ac116470 2016-04-13 13:49:30 [18477]: pkcs11: 00000000 >> 2.19.1cam9 2016-04-13 13:49:30 [18477]: pkcs11: 00000000 D init_tweakflags 2016-04-13 13:49:30 [18477]: pkcs11: 00000000 D Turn on loadsharing 2016-04-13 13:49:30 [18477]: pkcs11: 00000000 D Ignore accelerator slots 2016-04-13 13:49:30 [18477]: pkcs11: 00000000 D init_mutexes 2016-04-13 13:49:30 [18477]: pkcs11: 00000000 D CK_C_INITIALIZE_ARGS flags 0x2 2016-04-13 13:49:30 [18477]: pkcs11: 00000000 D CKF_OS_LOCKING_OK, use default mutex callbacks 016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 < rv 0x00000000 (CKR_OK) 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 >> C_GetInfo 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 < rv 0x00000000 (CKR_OK) 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 >> C_GetSlotList 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 > tokenPresent 0 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 > pSlotList (nil) 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 D Get loadsharing slots 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 < *pulCount 1 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 < rv 0x00000000 (CKR_OK) 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 >> C_GetSlotList 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 > tokenPresent 0 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 > pSlotList 0x7fd9ac134300 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 > *pulCount 1 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 D Get loadsharing slots 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 < *pulCount 1 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 < pSlotList[0] 0x2D622495 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 < rv 0x00000000 (CKR_OK) 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 >> C_GetSlotInfo 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 > slotID 0x2D622495 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 > pInfo 0x7fd9b50b0630 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 < pInfo->flags 0x0000020D 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 < rv 0x00000000 (CKR_OK) 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 >> C_OpenSession 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 > slotID 0x2D622495 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 < *phSession 0x000008CB 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 < rv 0x00000000 (CKR_OK) 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 >> C_GetMechanismList 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 > slotID 0x7FD9B50B05C0 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 > pMechanismList (nil) 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 > pulCount 140573022029280 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 < rv 0x00000000 (CKR_OK) 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 >> C_GetMechanismList 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 > slotID 0x7FD9B50B05C0 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 > pMechanismList 0x7fd9ac13faf0 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 > pulCount 106 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 D mechanism CKM_NC_AES_CMAC_KEY_DERIVATION_SCP03 disabled 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 < rv 0x00000000 (CKR_OK) 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 >> C_GetInfo 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 < rv 0x00000000 (CKR_OK) 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 >> C_GetSlotInfo 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 > slotID 0x00000000 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 > pInfo 0x7fd9b50aefc0 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 Application error: NFC__lookup_slot CK_INVALID_HANDLE 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 < rv 0x00000003 (CKR_SLOT_ID_INVALID) java.security.ProviderException: Initialization failed at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:376) at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:103) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:423) at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:224) at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:206) at java.security.AccessController.doPrivileged(Native Method) at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:206) at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:187) at sun.security.jca.ProviderList.loadAll(ProviderList.java:282) at sun.security.jca.ProviderList.removeInvalid(ProviderList.java:299) at sun.security.jca.Providers.getFullProviderList(Providers.java:173) at java.security.Security.insertProviderAt(Security.java:360) at java.security.Security.addProvider(Security.java:403) at SunPKCS11Sample.<init>(SunPKCS11Sample.java:37) at SunPKCS11Sample.main(SunPKCS11Sample.java:57) Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_SLOT_ID_INVALID at sun.security.pkcs11.wrapper.PKCS11.C_GetSlotInfo(Native Method) at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:365) ... 17 more STEPS TO FOLLOW TO REPRODUCE THE PROBLEM : Create and execute the following sample code: 1. Create sample code: import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.FileOutputStream; import java.io.InputStream; import java.io.PrintStream; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.KeyPairGenerator; import javax.crypto.KeyGenerator; import javax.crypto.Cipher; import java.security.Key; import java.security.PublicKey; import java.security.KeyPair; import java.security.Provider; import java.security.Security; import java.security.cert.X509Certificate; import java.security.cert.Certificate; import sun.security.pkcs11.SunPKCS11; public class SunPKCS11Sample { private static final char[] CARDSET_PASSPHRASE = "123456".toCharArray(); private SunPKCS11Sample(){ ByteArrayOutputStream byteStream = new ByteArrayOutputStream(); PrintStream ps = new PrintStream(byteStream); ps.println("name = nCipher"); ps.println("library = /opt/nfast/toolkits/pkcs11/libcknfast.so"); ps.println("attributes = compatibility"); ps.println("slotListIndex = 0"); InputStream config = new ByteArrayInputStream(byteStream.toByteArray()); Provider pkcs11Provider = new SunPKCS11(config); Security.addProvider(pkcs11Provider); } private void run() throws Exception{ try { KeyStore ks = KeyStore.getInstance("PKCS11", "SunPKCS11-nCipher" ); //KeyStore ks = KeyStore.getInstance("PKCS11"); ks.load(null, CARDSET_PASSPHRASE ); Key mykey = ks.getKey("test123", null); } catch ( Exception e) { System.out.println("Error with keystore."); } } public static void main(String [] args) { try { (new SunPKCS11Sample()).run(); }catch (Throwable e){ e.printStackTrace(); System.exit(1); } System.exit(0); } } EXPECTED VERSUS ACTUAL BEHAVIOR : EXPECTED - Key should just load based on the following code: KeyStore ks = KeyStore.getInstance("PKCS11", "SunPKCS11-nCipher" ); //KeyStore ks = KeyStore.getInstance("PKCS11"); ks.load(null, CARDSET_PASSPHRASE ); Key mykey = ks.getKey("test123", null); ACTUAL - java.security.ProviderException: Initialization failed at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:376) at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:103) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:423) at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:224) at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:206) at java.security.AccessController.doPrivileged(Native Method) at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:206) at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:187) at sun.security.jca.ProviderList.loadAll(ProviderList.java:282) at sun.security.jca.ProviderList.removeInvalid(ProviderList.java:299) at sun.security.jca.Providers.getFullProviderList(Providers.java:173) at java.security.Security.insertProviderAt(Security.java:360) at java.security.Security.addProvider(Security.java:403) at SunPKCS11Sample.<init>(SunPKCS11Sample.java:37) at SunPKCS11Sample.main(SunPKCS11Sample.java:57) Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_SLOT_ID_INVALID at sun.security.pkcs11.wrapper.PKCS11.C_GetSlotInfo(Native Method) at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:365) ... 17 more REPRODUCIBILITY : This bug can be reproduced always. ---------- BEGIN SOURCE ---------- import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.FileOutputStream; import java.io.InputStream; import java.io.PrintStream; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.KeyPairGenerator; import javax.crypto.KeyGenerator; import javax.crypto.Cipher; import java.security.Key; import java.security.PublicKey; import java.security.KeyPair; import java.security.Provider; import java.security.Security; import java.security.cert.X509Certificate; import java.security.cert.Certificate; import sun.security.pkcs11.SunPKCS11; public class SunPKCS11Sample { private static final char[] CARDSET_PASSPHRASE = "123456".toCharArray(); private SunPKCS11Sample(){ ByteArrayOutputStream byteStream = new ByteArrayOutputStream(); PrintStream ps = new PrintStream(byteStream); ps.println("name = nCipher"); ps.println("library = /opt/nfast/toolkits/pkcs11/libcknfast.so"); ps.println("attributes = compatibility"); ps.println("slotListIndex = 0"); InputStream config = new ByteArrayInputStream(byteStream.toByteArray()); Provider pkcs11Provider = new SunPKCS11(config); Security.addProvider(pkcs11Provider); } private void run() throws Exception{ try { KeyStore ks = KeyStore.getInstance("PKCS11", "SunPKCS11-nCipher" ); //KeyStore ks = KeyStore.getInstance("PKCS11"); ks.load(null, CARDSET_PASSPHRASE ); Key mykey = ks.getKey("test123", null); } catch ( Exception e) { System.out.println("Error with keystore."); } } public static void main(String [] args) { try { (new SunPKCS11Sample()).run(); }catch (Throwable e){ e.printStackTrace(); System.exit(1); } System.exit(0); } } ---------- END SOURCE ---------- CUSTOMER SUBMITTED WORKAROUND : Workaround is to use the following version of OpenJDK 1.8: penjdk version "1.8.0_77" OpenJDK Runtime Environment (build 1.8.0_77-b03) OpenJDK 64-Bit Server VM (build 25.77-b03, mixed mode)
    via by Webbug Group,
  • SoftHSM2 java not working
    via Stack Overflow by Slok
    ,
  • iText®, a JAVA PDF library / Mailing Lists
    via by Unknown author,
  • TSA using a PKCS#11 device
    via signserver by dottzero
    ,
    • java.security.ProviderException: Initialization failed at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:376) at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:103) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:423) at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:224) at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:206) at java.security.AccessController.doPrivileged(Native Method) at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:206) at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:187) at sun.security.jca.ProviderList.loadAll(ProviderList.java:282) at sun.security.jca.ProviderList.removeInvalid(ProviderList.java:299) at sun.security.jca.Providers.getFullProviderList(Providers.java:173) at java.security.Security.insertProviderAt(Security.java:360) at java.security.Security.addProvider(Security.java:403) at SunPKCS11Sample.<init>(SunPKCS11Sample.java:37) at SunPKCS11Sample.main(SunPKCS11Sample.java:57) Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_SLOT_ID_INVALID at sun.security.pkcs11.wrapper.PKCS11.C_GetSlotInfo(Native Method) at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:365) ... 17 more

    Users with the same issue

    Unknown visitor1 times, last one,
    Unknown visitor1 times, last one,
    Unknown visitor1 times, last one,