java.security.ProviderException: Initialization failed

GitHub | wtmann | 2 years ago
tip
Your exception is missing from the Samebug knowledge base.
Here are the best solutions we found on the Internet.
Click on the to mark the helpful solution and get rewards for you help.
  1. 0

    CKR_SLOT_ID_INVALID Exception with java pkcs11

    GitHub | 2 years ago | wtmann
    java.security.ProviderException: Initialization failed
  2. 0

    FULL PRODUCT VERSION : java version "1.8.0_77" Java(TM) SE Runtime Environment (build 1.8.0_77-b03) Java HotSpot(TM) 64-Bit Server VM (build 25.77-b03, mixed mode) ADDITIONAL OS VERSION INFORMATION : Linux localhost.localdomain 4.4.6-301.fc23.x86_64 #1 SMP Wed Mar 30 16:43:58 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux EXTRA RELEVANT SYSTEM CONFIGURATION : Using Thales nShield HSM with Security World software v12.10, and associated PKCS#11 provider (/opt/nfast/toolkits/pkcs11/libcknfast.so). Note that this setup requires that the HSM belong to a valid Security World. A DESCRIPTION OF THE PROBLEM : 1. Create sample code: import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.FileOutputStream; import java.io.InputStream; import java.io.PrintStream; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.KeyPairGenerator; import javax.crypto.KeyGenerator; import javax.crypto.Cipher; import java.security.Key; import java.security.PublicKey; import java.security.KeyPair; import java.security.Provider; import java.security.Security; import java.security.cert.X509Certificate; import java.security.cert.Certificate; import sun.security.pkcs11.SunPKCS11; public class SunPKCS11Sample { private static final char[] CARDSET_PASSPHRASE = "123456".toCharArray(); private SunPKCS11Sample(){ ByteArrayOutputStream byteStream = new ByteArrayOutputStream(); PrintStream ps = new PrintStream(byteStream); ps.println("name = nCipher"); ps.println("library = /opt/nfast/toolkits/pkcs11/libcknfast.so"); ps.println("attributes = compatibility"); ps.println("slotListIndex = 0"); InputStream config = new ByteArrayInputStream(byteStream.toByteArray()); Provider pkcs11Provider = new SunPKCS11(config); Security.addProvider(pkcs11Provider); } private void run() throws Exception{ try { KeyStore ks = KeyStore.getInstance("PKCS11", "SunPKCS11-nCipher" ); //KeyStore ks = KeyStore.getInstance("PKCS11"); ks.load(null, CARDSET_PASSPHRASE ); Key mykey = ks.getKey("test123", null); } catch ( Exception e) { System.out.println("Error with keystore."); } } public static void main(String [] args) { try { (new SunPKCS11Sample()).run(); }catch (Throwable e){ e.printStackTrace(); System.exit(1); } System.exit(0); } } PKCS#11 debugging: 2016-04-13 13:49:30 [18477]: pkcs11: 00000000 >> C_GetFunctionList 2016-04-13 13:49:30 [18477]: pkcs11: 00000000 > ppFunctionList 0x7fd9ac1190c8 2016-04-13 13:49:30 [18477]: pkcs11: 00000000 >> C_Initialize 2016-04-13 13:49:30 [18477]: pkcs11: 00000000 > voidp 0x7fd9ac116470 2016-04-13 13:49:30 [18477]: pkcs11: 00000000 >> 2.19.1cam9 2016-04-13 13:49:30 [18477]: pkcs11: 00000000 D init_tweakflags 2016-04-13 13:49:30 [18477]: pkcs11: 00000000 D Turn on loadsharing 2016-04-13 13:49:30 [18477]: pkcs11: 00000000 D Ignore accelerator slots 2016-04-13 13:49:30 [18477]: pkcs11: 00000000 D init_mutexes 2016-04-13 13:49:30 [18477]: pkcs11: 00000000 D CK_C_INITIALIZE_ARGS flags 0x2 2016-04-13 13:49:30 [18477]: pkcs11: 00000000 D CKF_OS_LOCKING_OK, use default mutex callbacks 016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 < rv 0x00000000 (CKR_OK) 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 >> C_GetInfo 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 < rv 0x00000000 (CKR_OK) 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 >> C_GetSlotList 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 > tokenPresent 0 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 > pSlotList (nil) 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 D Get loadsharing slots 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 < *pulCount 1 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 < rv 0x00000000 (CKR_OK) 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 >> C_GetSlotList 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 > tokenPresent 0 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 > pSlotList 0x7fd9ac134300 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 > *pulCount 1 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 D Get loadsharing slots 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 < *pulCount 1 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 < pSlotList[0] 0x2D622495 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 < rv 0x00000000 (CKR_OK) 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 >> C_GetSlotInfo 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 > slotID 0x2D622495 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 > pInfo 0x7fd9b50b0630 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 < pInfo->flags 0x0000020D 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 < rv 0x00000000 (CKR_OK) 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 >> C_OpenSession 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 > slotID 0x2D622495 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 < *phSession 0x000008CB 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 < rv 0x00000000 (CKR_OK) 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 >> C_GetMechanismList 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 > slotID 0x7FD9B50B05C0 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 > pMechanismList (nil) 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 > pulCount 140573022029280 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 < rv 0x00000000 (CKR_OK) 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 >> C_GetMechanismList 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 > slotID 0x7FD9B50B05C0 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 > pMechanismList 0x7fd9ac13faf0 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 > pulCount 106 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 D mechanism CKM_NC_AES_CMAC_KEY_DERIVATION_SCP03 disabled 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 < rv 0x00000000 (CKR_OK) 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 >> C_GetInfo 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 < rv 0x00000000 (CKR_OK) 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 >> C_GetSlotInfo 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 > slotID 0x00000000 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 > pInfo 0x7fd9b50aefc0 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 Application error: NFC__lookup_slot CK_INVALID_HANDLE 2016-04-13 13:49:32 [18477] t00170bb5d97f0000: pkcs11: 00000000 < rv 0x00000003 (CKR_SLOT_ID_INVALID) java.security.ProviderException: Initialization failed at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:376) at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:103) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:423) at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:224) at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:206) at java.security.AccessController.doPrivileged(Native Method) at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:206) at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:187) at sun.security.jca.ProviderList.loadAll(ProviderList.java:282) at sun.security.jca.ProviderList.removeInvalid(ProviderList.java:299) at sun.security.jca.Providers.getFullProviderList(Providers.java:173) at java.security.Security.insertProviderAt(Security.java:360) at java.security.Security.addProvider(Security.java:403) at SunPKCS11Sample.<init>(SunPKCS11Sample.java:37) at SunPKCS11Sample.main(SunPKCS11Sample.java:57) Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_SLOT_ID_INVALID at sun.security.pkcs11.wrapper.PKCS11.C_GetSlotInfo(Native Method) at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:365) ... 17 more STEPS TO FOLLOW TO REPRODUCE THE PROBLEM : Create and execute the following sample code: 1. Create sample code: import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.FileOutputStream; import java.io.InputStream; import java.io.PrintStream; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.KeyPairGenerator; import javax.crypto.KeyGenerator; import javax.crypto.Cipher; import java.security.Key; import java.security.PublicKey; import java.security.KeyPair; import java.security.Provider; import java.security.Security; import java.security.cert.X509Certificate; import java.security.cert.Certificate; import sun.security.pkcs11.SunPKCS11; public class SunPKCS11Sample { private static final char[] CARDSET_PASSPHRASE = "123456".toCharArray(); private SunPKCS11Sample(){ ByteArrayOutputStream byteStream = new ByteArrayOutputStream(); PrintStream ps = new PrintStream(byteStream); ps.println("name = nCipher"); ps.println("library = /opt/nfast/toolkits/pkcs11/libcknfast.so"); ps.println("attributes = compatibility"); ps.println("slotListIndex = 0"); InputStream config = new ByteArrayInputStream(byteStream.toByteArray()); Provider pkcs11Provider = new SunPKCS11(config); Security.addProvider(pkcs11Provider); } private void run() throws Exception{ try { KeyStore ks = KeyStore.getInstance("PKCS11", "SunPKCS11-nCipher" ); //KeyStore ks = KeyStore.getInstance("PKCS11"); ks.load(null, CARDSET_PASSPHRASE ); Key mykey = ks.getKey("test123", null); } catch ( Exception e) { System.out.println("Error with keystore."); } } public static void main(String [] args) { try { (new SunPKCS11Sample()).run(); }catch (Throwable e){ e.printStackTrace(); System.exit(1); } System.exit(0); } } EXPECTED VERSUS ACTUAL BEHAVIOR : EXPECTED - Key should just load based on the following code: KeyStore ks = KeyStore.getInstance("PKCS11", "SunPKCS11-nCipher" ); //KeyStore ks = KeyStore.getInstance("PKCS11"); ks.load(null, CARDSET_PASSPHRASE ); Key mykey = ks.getKey("test123", null); ACTUAL - java.security.ProviderException: Initialization failed at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:376) at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:103) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:423) at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:224) at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:206) at java.security.AccessController.doPrivileged(Native Method) at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:206) at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:187) at sun.security.jca.ProviderList.loadAll(ProviderList.java:282) at sun.security.jca.ProviderList.removeInvalid(ProviderList.java:299) at sun.security.jca.Providers.getFullProviderList(Providers.java:173) at java.security.Security.insertProviderAt(Security.java:360) at java.security.Security.addProvider(Security.java:403) at SunPKCS11Sample.<init>(SunPKCS11Sample.java:37) at SunPKCS11Sample.main(SunPKCS11Sample.java:57) Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_SLOT_ID_INVALID at sun.security.pkcs11.wrapper.PKCS11.C_GetSlotInfo(Native Method) at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:365) ... 17 more REPRODUCIBILITY : This bug can be reproduced always. ---------- BEGIN SOURCE ---------- import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.FileOutputStream; import java.io.InputStream; import java.io.PrintStream; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.KeyPairGenerator; import javax.crypto.KeyGenerator; import javax.crypto.Cipher; import java.security.Key; import java.security.PublicKey; import java.security.KeyPair; import java.security.Provider; import java.security.Security; import java.security.cert.X509Certificate; import java.security.cert.Certificate; import sun.security.pkcs11.SunPKCS11; public class SunPKCS11Sample { private static final char[] CARDSET_PASSPHRASE = "123456".toCharArray(); private SunPKCS11Sample(){ ByteArrayOutputStream byteStream = new ByteArrayOutputStream(); PrintStream ps = new PrintStream(byteStream); ps.println("name = nCipher"); ps.println("library = /opt/nfast/toolkits/pkcs11/libcknfast.so"); ps.println("attributes = compatibility"); ps.println("slotListIndex = 0"); InputStream config = new ByteArrayInputStream(byteStream.toByteArray()); Provider pkcs11Provider = new SunPKCS11(config); Security.addProvider(pkcs11Provider); } private void run() throws Exception{ try { KeyStore ks = KeyStore.getInstance("PKCS11", "SunPKCS11-nCipher" ); //KeyStore ks = KeyStore.getInstance("PKCS11"); ks.load(null, CARDSET_PASSPHRASE ); Key mykey = ks.getKey("test123", null); } catch ( Exception e) { System.out.println("Error with keystore."); } } public static void main(String [] args) { try { (new SunPKCS11Sample()).run(); }catch (Throwable e){ e.printStackTrace(); System.exit(1); } System.exit(0); } } ---------- END SOURCE ---------- CUSTOMER SUBMITTED WORKAROUND : Workaround is to use the following version of OpenJDK 1.8: penjdk version "1.8.0_77" OpenJDK Runtime Environment (build 1.8.0_77-b03) OpenJDK 64-Bit Server VM (build 25.77-b03, mixed mode)

    JDK Bug System | 11 months ago | Webbug Group
    java.security.ProviderException: Initialization failed
  3. 0

    iText®, a JAVA PDF library / Mailing Lists

    sourceforge.net | 1 year ago
    java.security.ProviderException: Initialization failed
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    SignServer / Discussion / Help:TSA using a PKCS#11 device

    sourceforge.net | 2 years ago
    org.ejbca.core.model.ca.catoken.CATokenOfflineException: Not possible to create provider. See cause.
  6. 0

    iText - desperatly trying to run Code sample 4.1: Signing a document using PKCS#11

    nabble.com | 1 year ago
    java.security.ProviderException: Initialization failed

    7 unregistered visitors
    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. sun.security.pkcs11.wrapper.PKCS11Exception

      CKR_SLOT_ID_INVALID

      at sun.security.pkcs11.wrapper.PKCS11.C_GetSlotInfo()
    2. sun.security.pkcs11
      SunPKCS11.<init>
      1. sun.security.pkcs11.wrapper.PKCS11.C_GetSlotInfo(Native Method)
      2. sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:365)
      3. sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:103)
      3 frames
    3. smartcardtest
      SmartCardTestCIE.main
      1. smartcardtest.SmartCardCIE.setProvider(SmartCardCIE.java:104)
      2. smartcardtest.SmartCardTestCIE.main(SmartCardTestCIE.java:32)
      2 frames