Closed Bug 840460 Opened 13 years ago Closed 7 years ago

Java example is failing with a CKR_OPERATION_ACTIVE exception

Categories

(NSS :: Build, defect)

Product:
NSS
Version:
3.14.1
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: paolo.giovannini, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0 Build ID: 20130201065344 Steps to reproduce: hi i follow this document to test the new aes-ni istruction: http://software.intel.com/en-us/articles/improved-advanced-encryption-standard-aes-crypto-performance-on-java-with-nss-using-intel they say the crypt/decrypt new istruction go more fast about 30 % so we want test. we have Linux A.S. Red Hat on a vmware As 5.5 64 bit and jboss 5.1 on a vm macchine (vmware) we had a jboss application that crypt/decrypt document and the application works properly. Actual results: i install the new NSS on the java macchine 1.6.27 and we run the application but ALL the document go in error this is the error message : java.security.ProviderException: doFinal() failed at sun.security.pkcs11.P11Cipher.implDoFinal(P11Cipher.java:729) ~[sunpkcs11.jar:na] at sun.security.pkcs11.P11Cipher.engineDoFinal(P11Cipher.java:495) ~[sunpkcs11.jar:na] at sun.security.pkcs11.P11Cipher.engineDoFinal(P11Cipher.java:478) ~[sunpkcs11.jar:na] at javax.crypto.Cipher.doFinal(DashoA13*..) ~[na:1.6] at javax.crypto.CipherOutputStream.close(DashoA13*..) ~[na:1.6] at it.infocert.legaldoc.bl.command.storage.archive.ArchiveNetApp.execute(ArchiveNetApp.java:257) [legaldoc-bl-1.0-SNAPSHOT.jar:na] at it.infocert.legaldoc.bl.command.storage.archive.ArchiveNetApp.execute(ArchiveNetApp.java:61) [legaldoc-bl-1.0-SNAPSHOT.jar:na] at it.infocert.legaldoc.bl.command.storage.archive.ArchiveMultiStorage.execute(ArchiveMultiStorage.java:32) [legaldoc-bl-1.0-SNAPSHOT.jar:na] at it.infocert.legaldoc.bl.command.storage.archive.ArchiveMultiStorage.execute(ArchiveMultiStorage.java:22) [legaldoc-bl-1.0-SNAPSHOT.jar:na] at it.infocert.legaldoc.bl.command.parameters.validation.StoreRetrieveIndex.execute(StoreRetrieveIndex.java:43) [legaldoc-bl-1.0-SNAPSHOT.jar:na] at it.infocert.legaldoc.bl.command.parameters.validation.StoreRetrieveIndex.execute(StoreRetrieveIndex.java:26) [legaldoc-bl-1.0-SNAPSHOT.jar:na] at it.infocert.legaldoc.state.conserve.IndexFileState.execute(IndexFileState.java:80) [classes:na] at it.infocert.legaldoc.state.conserve.IndexFileState.execute(IndexFileState.java:31) [classes:na] at it.infocert.legaldoc.business.ConserveContext.handleInputParameter(ConserveContext.java:53) [classes:na] at it.infocert.legaldoc.ws.DocumentsResourceConserve.conserve(DocumentsResourceConserve.java:113) [classes:na] at it.infocert.legaldoc.ws.DocumentsResourcePath.conserve(DocumentsResourcePath.java:30) [classes:na] at sun.reflect.GeneratedMethodAccessor441.invoke(Unknown Source) ~[na:na] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) ~[na:1.6.0_27] at java.lang.reflect.Method.invoke(Method.java:597) ~[na:1.6.0_27] at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60) [jersey-bundle-1.12.jar:1.12] at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$ResponseOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:205) [jersey-bundle-1.12.jar:1.12] at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75) [jersey-bundle-1.12.jar:1.12] at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:288) [jersey-bundle-1.12.jar:1.12] at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108) [jersey-bundle-1.12.jar:1.12] at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) [jersey-bundle-1.12.jar:1.12] at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84) [jersey-bundle-1.12.jar:1.12] at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1483) [jersey-bundle-1.12.jar:1.12] at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1414) [jersey-bundle-1.12.jar:1.12] at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1363) [jersey-bundle-1.12.jar:1.12] at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1353) [jersey-bundle-1.12.jar:1.12] at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:414) [jersey-bundle-1.12.jar:1.12] at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:537) [jersey-bundle-1.12.jar:1.12] at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:708) [jersey-bundle-1.12.jar:1.12] at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) [servlet-api.jar!/:na] at sun.reflect.GeneratedMethodAccessor342.invoke(Unknown Source) ~[na:na] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) ~[na:1.6.0_27] at java.lang.reflect.Method.invoke(Method.java:597) ~[na:1.6.0_27] at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:275) [jbossweb.jar!/:na] at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:273) [jbossweb.jar!/:na] at java.security.AccessController.doPrivileged(Native Method) [na:1.6.0_27] at javax.security.auth.Subject.doAsPrivileged(Subject.java:517) [na:1.6.0_27] at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:307) [jbossweb.jar!/:na] at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:167) [jbossweb.jar!/:na] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:283) [jbossweb.jar!/:na] at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:56) [jbossweb.jar!/:na] at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189) [jbossweb.jar!/:na] at java.security.AccessController.doPrivileged(Native Method) [na:1.6.0_27] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185) [jbossweb.jar!/:na] at it.infocert.legaldoc.filter.CheckSessionFilter.doFilter(CheckSessionFilter.java:97) [classes:na] at sun.reflect.GeneratedMethodAccessor340.invoke(Unknown Source) ~[na:na] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) ~[na:1.6.0_27] at java.lang.reflect.Method.invoke(Method.java:597) ~[na:1.6.0_27] at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:275) [jbossweb.jar!/:na] at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:273) [jbossweb.jar!/:na] at java.security.AccessController.doPrivileged(Native Method) [na:1.6.0_27] at javax.security.auth.Subject.doAsPrivileged(Subject.java:517) [na:1.6.0_27] at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:307) [jbossweb.jar!/:na] at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:248) [jbossweb.jar!/:na] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230) [jbossweb.jar!/:na] at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:56) [jbossweb.jar!/:na] at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189) [jbossweb.jar!/:na] at java.security.AccessController.doPrivileged(Native Method) [na:1.6.0_27] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185) [jbossweb.jar!/:na] at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) [jboss-web-service.jar!/:5.1.0 (build: SVNTag=JBPAPP_5_1_0 date=201009150028)] at sun.reflect.GeneratedMethodAccessor339.invoke(Unknown Source) ~[na:na] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) ~[na:1.6.0_27] at java.lang.reflect.Method.invoke(Method.java:597) ~[na:1.6.0_27] at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:275) [jbossweb.jar!/:na] at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:273) [jbossweb.jar!/:na] at java.security.AccessController.doPrivileged(Native Method) [na:1.6.0_27] at javax.security.auth.Subject.doAsPrivileged(Subject.java:517) [na:1.6.0_27] at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:307) [jbossweb.jar!/:na] at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:248) [jbossweb.jar!/:na] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230) [jbossweb.jar!/:na] at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:56) [jbossweb.jar!/:na] at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189) [jbossweb.jar!/:na] at java.security.AccessController.doPrivileged(Native Method) [na:1.6.0_27] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185) [jbossweb.jar!/:na] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235) [jbossweb.jar!/:na] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) [jbossweb.jar!/:na] at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:183) [jboss-web-service.jar!/:5.1.0 (build: SVNTag=JBPAPP_5_1_0 date=201009150028)] at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:95) [jboss-web-service.jar!/:5.1.0 (build: SVNTag=JBPAPP_5_1_0 date=201009150028)] at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126) [jboss-web-service.jar!/:5.1.0 (build: SVNTag=JBPAPP_5_1_0 date=201009150028)] at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70) [jboss-web-service.jar!/:5.1.0 (build: SVNTag=JBPAPP_5_1_0 date=201009150028)] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) [jbossweb.jar!/:na] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb.jar!/:na] at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) [jboss-web-service.jar!/:5.1.0 (build: SVNTag=JBPAPP_5_1_0 date=201009150028)] at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:567) [jbossweb.jar!/:na] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb.jar!/:na] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330) [jbossweb.jar!/:na] at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:436) [jbossweb.jar!/:na] at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:384) [jbossweb.jar!/:na] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:451) [jbossweb.jar!/:na] at java.lang.Thread.run(Thread.java:662) [na:1.6.0_27] Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_OPERATION_ACTIVE at sun.security.pkcs11.wrapper.PKCS11.C_EncryptInit(Native Method) ~[sunpkcs11.jar:na] at sun.security.pkcs11.P11Cipher.initialize(P11Cipher.java:393) ~[sunpkcs11.jar:na] at sun.security.pkcs11.P11Cipher.ensureInitialized(P11Cipher.java:383) ~[sunpkcs11.jar:na] at sun.security.pkcs11.P11Cipher.implDoFinal(P11Cipher.java:694) ~[sunpkcs11.jar:na] ... 93 common frames omitted this is my configuration : 1) add the new variables on the macchine export LD_LIBRARY_PATH=/opt/nss/lib/ 2) Create the directory from the download site and did the make like write in the document /opt/nss with : lib i put the files output from the make command nss-3.14.1 file from internet 3) modify the file (jdk 1.6.27): /usr/java/latest/jre/lib/security/java.security insert the first line and recalculate the number of the others security.provider.1=sun.security.pkcs11.SunPKCS11 /usr/java/latest/jre/lib/security/nss.cfg security.provider.2=sun.security.provider.Sun security.provider.3=sun.security.rsa.SunRsaSign security.provider.4=com.sun.net.ssl.internal.ssl.Provider security.provider.5=com.sun.crypto.provider.SunJCE security.provider.6=sun.security.jgss.SunProvider security.provider.7=com.sun.security.sasl.Provider security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI security.provider.9=sun.security.smartcardio.SunPCSC 4) add the file /usr/java/latest/jre/lib/security/nss.cfg with the following lines: name=NSS nssLibraryDirectory=/opt/nss/lib/ nssDbMode=noDb attributes=compatibility i tries also the nss 3.12.1 but the problem still exists Expected results: works ! thank you very much
Severity: normal → major
OS: All → Linux
Hardware: All → x86_64
6 years without activity, let's close it.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
Summary: CKR_OPERATION_ACTIVE → Java example is failing with a CKR_OPERATION_ACTIVE exception
You need to log in before you can comment on or make changes to this bug.