Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8334284

InvalidKeyException: Unsupported key type: SunPKCS11-SmartCard

XMLWordPrintable

    • b01
    • generic
    • generic

      A DESCRIPTION OF THE PROBLEM :
      We have a functionality that involves the signing of a document. This feature always worked with many versions of JRE 1.8, but suddenly stopped working after the last update 411 and it's giving us the following exception:
      java.security.InvalidKeyException: Unsupported key type: SunPKCS11-SmartCard RSA private key, 2048 bits (id 1002, token object, sensitive, unextractable)

      The failing method is java.security.Signature.initSign().

      Signature signatureAlgorithm = Signature.getInstance(algorithm);
      signatureAlgorithm.initSign(pkey);

      where algorithm is "NONEwithRSA"
      and pKey is the privateKey that has been read from the smartcard correctly (and without any issue) via the following piece of code:

      PrivateKey privateKey = (PrivateKey) keyStore.getKey(aliasId, password != null ? password.toCharArray() : null);

      The keystore is read (also in this case, without any issue) via specific dll (bit4xpki.dll) and with the following piece of code:

      public static KeyStore loadKeyStoreFromSmartCard(String aPKCS11LibraryFileName, String aSmartCardPIN, ClassLoader classLoader) throws GeneralSecurityException, IOException {
          String pkcs11ConfigSettings = "name = SmartCard\n" + "library = " + aPKCS11LibraryFileName + "\n";
          pkcs11ConfigSettings += "disabledMechanisms={ CKM_SHA1_RSA_PKCS }\n";

          byte[] pkcs11ConfigBytes = pkcs11ConfigSettings.getBytes();
          ByteArrayInputStream confStream = new ByteArrayInputStream(pkcs11ConfigBytes);

          try {
            Class<?> sunPkcs11Class = (classLoader != null) ? classLoader.loadClass(SUN_PKCS11_PROVIDER_CLASS) : Class.forName(SUN_PKCS11_PROVIDER_CLASS);
            Constructor<?> pkcs11Constr = sunPkcs11Class.getConstructor(java.io.InputStream.class);
            Provider pkcs11Provider = (Provider) pkcs11Constr.newInstance(confStream);
            Security.addProvider(pkcs11Provider);
            System.out.println("Provider name:" + pkcs11Provider.getName());
          } catch (Exception e) {
            throw new KeyStoreException("Can initialize Sun PKCS#11 security " + "provider. Reason: " + e, e);
          }

          char[] pin = (aSmartCardPIN != null) ? aSmartCardPIN.toCharArray() : null;
          KeyStore keyStore = KeyStore.getInstance(PKCS11_KEYSTORE_TYPE);
          keyStore.load(null, pin);
          return keyStore;
        }
        
      I read all the changelog of Java 411, but I didn't find any bugfix that could explain such a change of behaviour

      REGRESSION : Last worked in version 8


      FREQUENCY : always


            jnibedita Nibedita Jena
            webbuggrp Webbug Group
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated: