签署具有合格证书的文件-智能卡
Signing document with qualified certificate - smart card
下面的代码适用于 2 个不同的加密智能卡库(certum cryptoCertum3PKCS.dll 和 cencert enigmap11.dll),但它在 kir(szafir) lib - ccpkip11.dll 后崩溃提供 pin,用于 100% 正确
有人知道我做错了什么吗?
KeyingDataProvider kp = new PKCS11KeyStoreKeyingDataProvider(
settings.getDriverPath(),
settings.getProviderName(),
settings.getSlot(),
new CertificateSelector(),
new KeyStorePasswordProvider(), null, false);
Document src = getDocumentBuilder().parse(new File(filename));
Document dest = getDocumentBuilder().newDocument();
Node objContent = dest.importNode(src.getDocumentElement(), true);
XadesSigner signer = new XadesBesSigningProfile(kp).newSigner();
DataObjectDesc obj = new EnvelopedXmlObject(objContent, "text/xml", null);
signer.sign(new SignedDataObjects(obj), dest);
Transformer transformer = TransformerFactory.newInstance().newTransformer();
Result output = new StreamResult(new File(signed));
Source input = new DOMSource(dest);
transformer.transform(input, output);
我在行 signer.sign(new SignedDataObjects(obj), dest) 有 CKR_PIN_LEN_RANGE 错误;
完整的堆栈跟踪:
xades4j.verification.UnexpectedJCAException: The keystore couldn't be initialized
at xades4j.providers.impl.KeyStoreKeyingDataProvider.ensureInitialized(KeyStoreKeyingDataProvider.java:179)
at xades4j.providers.impl.KeyStoreKeyingDataProvider.getSigningCertificateChain(KeyStoreKeyingDataProvider.java:189)
at xades4j.production.SignerBES.sign(SignerBES.java:151)
at xades4j.production.SignerBES.sign(SignerBES.java:122)
at com.riv.jpk.security.XadesHelper.sign(XadesHelper.java:127)
at com.riv.jpk.RaportGenerators.BaseGen.signXml(BaseGen.java:192)
at com.riv.jpk.ui.views.GenerateJPK.JpkGeneratorVM.signXml(JpkGeneratorVM.java:417)
at com.riv.jpk.ui.views.GenerateJPK.JpkGeneratorVM.lambda$validateMetaXML(JpkGeneratorVM.java:403)
at com.riv.jpk.ui.views.GenerateJPK.JpkGeneratorVM$$Lambda1/32216595.handle(Unknown Source)
at com.sun.javafx.event.CompositeEventHandler$NormalEventHandlerRecord.handleBubblingEvent(CompositeEventHandler.java:218)
at com.sun.javafx.event.CompositeEventHandler.dispatchBubblingEvent(CompositeEventHandler.java:80)
at com.sun.javafx.event.EventHandlerManager.dispatchBubblingEvent(EventHandlerManager.java:238)
at com.sun.javafx.event.EventHandlerManager.dispatchBubblingEvent(EventHandlerManager.java:191)
at com.sun.javafx.event.BasicEventDispatcher.dispatchEvent(BasicEventDispatcher.java:58)
at com.sun.javafx.event.EventDispatchChainImpl.dispatchEvent(EventDispatchChainImpl.java:114)
at com.sun.javafx.event.EventUtil.fireEventImpl(EventUtil.java:74)
at com.sun.javafx.event.EventUtil.fireEvent(EventUtil.java:54)
at javafx.event.Event.fireEvent(Event.java:198)
at javafx.concurrent.EventHelper.fireEvent(EventHelper.java:219)
at javafx.concurrent.Task.fireEvent(Task.java:1356)
at javafx.concurrent.Task.setState(Task.java:723)
at javafx.concurrent.Task$TaskCallable.lambda$call6(Task.java:1434)
at javafx.concurrent.Task$TaskCallable$$Lambda7/3131345.run(Unknown Source)
at com.sun.javafx.application.PlatformImpl.lambda$null0(PlatformImpl.java:295)
at com.sun.javafx.application.PlatformImpl$$Lambda/6271097.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.javafx.application.PlatformImpl.lambda$runLater1(PlatformImpl.java:294)
at com.sun.javafx.application.PlatformImpl$$Lambda/19468568.run(Unknown Source)
at com.sun.glass.ui.InvokeLaterDispatcher$Future.run(InvokeLaterDispatcher.java:95)
at com.sun.glass.ui.win.WinApplication._runLoop(Native Method)
at com.sun.glass.ui.win.WinApplication.lambda$null5(WinApplication.java:101)
at com.sun.glass.ui.win.WinApplication$$Lambda/443957.run(Unknown Source)
at java.lang.Thread.run(Thread.java:745) Caused by: java.security.KeyStoreException: KeyStore instantiation failed
at java.security.KeyStore$Builder.getKeyStore(KeyStore.java:1967)
at xades4j.providers.impl.KeyStoreKeyingDataProvider.ensureInitialized(KeyStoreKeyingDataProvider.java:175)
... 32 more
Caused by: java.io.IOException: load failed
at sun.security.pkcs11.P11KeyStore.engineLoad(P11KeyStore.java:843)
at java.security.KeyStore.load(KeyStore.java:1479)
at java.security.KeyStore$Builder.run(KeyStore.java:1937)
at java.security.KeyStore$Builder.run(KeyStore.java:1918)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.KeyStore$Builder.getKeyStore(KeyStore.java:1964)
... 33 more
Caused by: javax.security.auth.login.LoginException
at sun.security.pkcs11.SunPKCS11.login(SunPKCS11.java:1238)
at sun.security.pkcs11.P11KeyStore.login(P11KeyStore.java:849)
at sun.security.pkcs11.P11KeyStore.engineLoad(P11KeyStore.java:834)
... 38 more
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_PIN_LEN_RANGE
at sun.security.pkcs11.wrapper.PKCS11.C_Login(Native Method)
at sun.security.pkcs11.SunPKCS11.login(SunPKCS11.java:1222)
... 40 more
我找到了!解决方案是在创建 KeyingDataProvider 之前 运行 C_GetSlotList。
PKCS11 p11 = PKCS11.getInstance(settings.getDriverPath(), "C_GetFunctionList", null, false);
long[] slots = p11.C_GetSlotList(true);
我不确定是怎么回事。在此智能卡中,合格证书位于插槽 3 上,看起来 java pksc#11 实现在 运行ning C_GetSlotList.
之前无法获取此插槽
下面的代码适用于 2 个不同的加密智能卡库(certum cryptoCertum3PKCS.dll 和 cencert enigmap11.dll),但它在 kir(szafir) lib - ccpkip11.dll 后崩溃提供 pin,用于 100% 正确
有人知道我做错了什么吗?
KeyingDataProvider kp = new PKCS11KeyStoreKeyingDataProvider(
settings.getDriverPath(),
settings.getProviderName(),
settings.getSlot(),
new CertificateSelector(),
new KeyStorePasswordProvider(), null, false);
Document src = getDocumentBuilder().parse(new File(filename));
Document dest = getDocumentBuilder().newDocument();
Node objContent = dest.importNode(src.getDocumentElement(), true);
XadesSigner signer = new XadesBesSigningProfile(kp).newSigner();
DataObjectDesc obj = new EnvelopedXmlObject(objContent, "text/xml", null);
signer.sign(new SignedDataObjects(obj), dest);
Transformer transformer = TransformerFactory.newInstance().newTransformer();
Result output = new StreamResult(new File(signed));
Source input = new DOMSource(dest);
transformer.transform(input, output);
我在行 signer.sign(new SignedDataObjects(obj), dest) 有 CKR_PIN_LEN_RANGE 错误; 完整的堆栈跟踪:
xades4j.verification.UnexpectedJCAException: The keystore couldn't be initialized
at xades4j.providers.impl.KeyStoreKeyingDataProvider.ensureInitialized(KeyStoreKeyingDataProvider.java:179)
at xades4j.providers.impl.KeyStoreKeyingDataProvider.getSigningCertificateChain(KeyStoreKeyingDataProvider.java:189)
at xades4j.production.SignerBES.sign(SignerBES.java:151)
at xades4j.production.SignerBES.sign(SignerBES.java:122)
at com.riv.jpk.security.XadesHelper.sign(XadesHelper.java:127)
at com.riv.jpk.RaportGenerators.BaseGen.signXml(BaseGen.java:192)
at com.riv.jpk.ui.views.GenerateJPK.JpkGeneratorVM.signXml(JpkGeneratorVM.java:417)
at com.riv.jpk.ui.views.GenerateJPK.JpkGeneratorVM.lambda$validateMetaXML(JpkGeneratorVM.java:403)
at com.riv.jpk.ui.views.GenerateJPK.JpkGeneratorVM$$Lambda1/32216595.handle(Unknown Source)
at com.sun.javafx.event.CompositeEventHandler$NormalEventHandlerRecord.handleBubblingEvent(CompositeEventHandler.java:218)
at com.sun.javafx.event.CompositeEventHandler.dispatchBubblingEvent(CompositeEventHandler.java:80)
at com.sun.javafx.event.EventHandlerManager.dispatchBubblingEvent(EventHandlerManager.java:238)
at com.sun.javafx.event.EventHandlerManager.dispatchBubblingEvent(EventHandlerManager.java:191)
at com.sun.javafx.event.BasicEventDispatcher.dispatchEvent(BasicEventDispatcher.java:58)
at com.sun.javafx.event.EventDispatchChainImpl.dispatchEvent(EventDispatchChainImpl.java:114)
at com.sun.javafx.event.EventUtil.fireEventImpl(EventUtil.java:74)
at com.sun.javafx.event.EventUtil.fireEvent(EventUtil.java:54)
at javafx.event.Event.fireEvent(Event.java:198)
at javafx.concurrent.EventHelper.fireEvent(EventHelper.java:219)
at javafx.concurrent.Task.fireEvent(Task.java:1356)
at javafx.concurrent.Task.setState(Task.java:723)
at javafx.concurrent.Task$TaskCallable.lambda$call6(Task.java:1434)
at javafx.concurrent.Task$TaskCallable$$Lambda7/3131345.run(Unknown Source)
at com.sun.javafx.application.PlatformImpl.lambda$null0(PlatformImpl.java:295)
at com.sun.javafx.application.PlatformImpl$$Lambda/6271097.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.javafx.application.PlatformImpl.lambda$runLater1(PlatformImpl.java:294)
at com.sun.javafx.application.PlatformImpl$$Lambda/19468568.run(Unknown Source)
at com.sun.glass.ui.InvokeLaterDispatcher$Future.run(InvokeLaterDispatcher.java:95)
at com.sun.glass.ui.win.WinApplication._runLoop(Native Method)
at com.sun.glass.ui.win.WinApplication.lambda$null5(WinApplication.java:101)
at com.sun.glass.ui.win.WinApplication$$Lambda/443957.run(Unknown Source)
at java.lang.Thread.run(Thread.java:745) Caused by: java.security.KeyStoreException: KeyStore instantiation failed
at java.security.KeyStore$Builder.getKeyStore(KeyStore.java:1967)
at xades4j.providers.impl.KeyStoreKeyingDataProvider.ensureInitialized(KeyStoreKeyingDataProvider.java:175)
... 32 more
Caused by: java.io.IOException: load failed
at sun.security.pkcs11.P11KeyStore.engineLoad(P11KeyStore.java:843)
at java.security.KeyStore.load(KeyStore.java:1479)
at java.security.KeyStore$Builder.run(KeyStore.java:1937)
at java.security.KeyStore$Builder.run(KeyStore.java:1918)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.KeyStore$Builder.getKeyStore(KeyStore.java:1964)
... 33 more
Caused by: javax.security.auth.login.LoginException
at sun.security.pkcs11.SunPKCS11.login(SunPKCS11.java:1238)
at sun.security.pkcs11.P11KeyStore.login(P11KeyStore.java:849)
at sun.security.pkcs11.P11KeyStore.engineLoad(P11KeyStore.java:834)
... 38 more
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_PIN_LEN_RANGE
at sun.security.pkcs11.wrapper.PKCS11.C_Login(Native Method)
at sun.security.pkcs11.SunPKCS11.login(SunPKCS11.java:1222)
... 40 more
我找到了!解决方案是在创建 KeyingDataProvider 之前 运行 C_GetSlotList。
PKCS11 p11 = PKCS11.getInstance(settings.getDriverPath(), "C_GetFunctionList", null, false);
long[] slots = p11.C_GetSlotList(true);
我不确定是怎么回事。在此智能卡中,合格证书位于插槽 3 上,看起来 java pksc#11 实现在 运行ning C_GetSlotList.
之前无法获取此插槽