Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Problem using PKCS11.getInstance(...) in Applet

843811Apr 8 2009
Hello,

I have an issue using sun.security.pkcs11.wrapper.PKCS11.getInstance(...) in an applet:

In the applet init() method, I am using the PKCS11.getInstance(...) to retrieve a PKCS11 handler.
In the applet destroy() method, I release the PKCS11 handler through the C_finalize(...)

However when I am reloading the applet and trying to access the list of readers, I get this error in the java console:

...
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_CRYPTOKI_NOT_INITIALIZED
at sun.security.pkcs11.wrapper.PKCS11.C_GetSlotList(Native Method)
at sun.security.pkcs11.wrapper.PKCS11$SynchronizedPKCS11.C_GetSlotList(PKCS11.java:1484)
... 20 more
...

By looking at the source code of the PKCS11 wrapper here http://www.java2s.com/Open-Source/Java-Document/6.0-JDK-Modules-sun/security/sun/security/pkcs11/wrapper/PKCS11.java.htm: 
	public static synchronized PKCS11 getInstance(String pkcs11ModulePath,
			String functionList, CK_C_INITIALIZE_ARGS pInitArgs,
			boolean omitInitialize) throws IOException, PKCS11Exception {
		// we may only call C_Initialize once per native .so/.dll
		// so keep a cache using the (non-canonicalized!) path
		PKCS11 pkcs11 = moduleMap.get(pkcs11ModulePath);
		if (pkcs11 == null) {
			if ((pInitArgs != null)
					&& ((pInitArgs.flags & CKF_OS_LOCKING_OK) != 0)) {
				pkcs11 = new PKCS11(pkcs11ModulePath, functionList);
			} else {
				pkcs11 = new SynchronizedPKCS11(pkcs11ModulePath, functionList);
			}
			if (omitInitialize == false) {
				try {
					pkcs11.C_Initialize(pInitArgs);
				} catch (PKCS11Exception e) {
					// ignore already-initialized error code
					// rethrow all other errors
					if (e.getErrorCode() != CKR_CRYPTOKI_ALREADY_INITIALIZED) {
						throw e;
					}
				}
			}
			moduleMap.put(pkcs11ModulePath, pkcs11);
		}
		return pkcs11;
	}
it looks like the wrapper contains a static hashmap called moduleMap that is never cleared during the applet lifecycle.

This prevent the pkcs11 wrapper from being re-initialize through C_Initialize(...)

I cannot re-initialize the method miself because it is package protected...

I've found a way to solve this by declaring the pkcs11 handler static in my applet and i am thining to add a shutdown hook to call the C_finalize(...)

Any nicer idea?

Thanks for your help

David
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on May 6 2009
Added on Apr 8 2009
#other-security-apis-tools-and-issues
0 comments
1,301 views