0 Replies Latest reply on Nov 24, 2010 1:29 PM by hectorcastro

    Setting up a WebSentry HSM for LC DigSig

    hectorcastro Level 1

      Hello everyone.

       

      I'm getting a strange error when trying to setup an HSM credential from a Thales WebSentry HSM device.

      I on a WinXP, LCES2 SP2 installed with Turnkey method, which works fine for most purposes.

       

      The obvious message complains about the password, but I think the problem is deeper in the transaction.

       

      I paste below the messages I see on the log.

       

      Thanks a lot fro any you you may give to  trace to root cause.

       

      Best Regards,

       

      Hector Castro.

       

       

      2010-11-24 15:40:34,171 INFO  [org.jboss.system.server.Server] JBoss (MX MicroKernel) [4.2.1.GA (build: SVNTag=JBoss_4_2_1_GA date=200707131605)] Started in 18m:40s:359ms
      2010-11-24 15:40:44,562 INFO  [com.adobe.livecycle.contentservices.dsc.impl.DocumentManagementServiceImpl] ALC-CSV-001-000-External Url has been changed or is not initialized. Will modify the existing value.
      2010-11-24 15:40:44,578 INFO  [com.adobe.livecycle.contentservices.dsc.impl.DocumentManagementServiceImpl] ALC-CSV-001-000-External Url has been modified successfully.
      2010-11-24 15:40:46,328 INFO  [com.adobe.contentservices.webscripts.client.WSClient] ALC-CSV-001-000-Query server at  http://192.168.40.253:8080/contentspace/faces/jsp/login.jsp is successful
      2010-11-24 15:40:47,609 INFO  [com.adobe.livecycle.contentservices.dsc.impl.DocumentManagementServiceImpl] ALC-CSV-001-008-External Url for connection : http://192.168.40.253:8080
      2010-11-24 15:40:47,609 INFO  [com.adobe.livecycle.contentservices.dsc.impl.DocumentManagementServiceImpl] ALC-CSV-001-000-External Url has been modified successfully.
      2010-11-24 15:42:09,765 INFO  [com.adobe.livecycle.cache.stats.StatisticManager] Registered StatisticManager
      2010-11-24 16:31:43,750 INFO  [com.adobe.licenseManager.service.LicenseManagerService] ALC-LFS-RightsManagement found to be installed
      2010-11-24 16:31:43,765 INFO  [com.adobe.licenseManager.service.LicenseManagerService] ALC-LFS-ProcessManagement found to be installed
      2010-11-24 16:31:43,765 INFO  [com.adobe.licenseManager.service.LicenseManagerService] ALC-LFS-DigitalSignatures found to be installed
      2010-11-24 16:31:43,765 INFO  [com.adobe.licenseManager.service.LicenseManagerService] ALC-LFS-Output found to be installed
      2010-11-24 16:31:43,921 INFO  [com.adobe.licenseManager.service.LicenseManagerService] ALC-LFS-ReaderExtensions found to be installed
      2010-11-24 16:31:43,921 INFO  [com.adobe.licenseManager.service.LicenseManagerService] ALC-LFS-ContentServices found to be installed
      2010-11-24 16:31:43,921 INFO  [com.adobe.licenseManager.service.LicenseManagerService] ALC-LFS-PDFGenerator found to be installed
      2010-11-24 16:31:43,937 INFO  [com.adobe.licenseManager.service.LicenseManagerService] ALC-LFS-Foundation found to be installed
      2010-11-24 16:31:43,937 INFO  [com.adobe.licenseManager.service.LicenseManagerService] ALC-LFS-Forms found to be installed
      2010-11-24 16:31:43,937 INFO  [com.adobe.licenseManager.service.LicenseManagerService] ALC-LFS-BarcodedForms found to be installed
      2010-11-24 16:31:43,937 INFO  [com.adobe.licenseManager.service.LicenseManagerService] ALC-LFS-PDFGenerator3D found to be installed
      2010-11-24 16:31:44,875 INFO  [com.adobe.licenseManager.service.LicenseManagerService] ALC-LFS-RightsManagement found to be installed
      2010-11-24 16:31:44,890 INFO  [com.adobe.licenseManager.service.LicenseManagerService] ALC-LFS-ProcessManagement found to be installed
      2010-11-24 16:31:44,890 INFO  [com.adobe.licenseManager.service.LicenseManagerService] ALC-LFS-DigitalSignatures found to be installed
      2010-11-24 16:31:44,890 INFO  [com.adobe.licenseManager.service.LicenseManagerService] ALC-LFS-Output found to be installed
      2010-11-24 16:31:44,890 INFO  [com.adobe.licenseManager.service.LicenseManagerService] ALC-LFS-ReaderExtensions found to be installed
      2010-11-24 16:31:44,890 INFO  [com.adobe.licenseManager.service.LicenseManagerService] ALC-LFS-ContentServices found to be installed
      2010-11-24 16:31:44,890 INFO  [com.adobe.licenseManager.service.LicenseManagerService] ALC-LFS-PDFGenerator found to be installed
      2010-11-24 16:31:44,906 INFO  [com.adobe.licenseManager.service.LicenseManagerService] ALC-LFS-Foundation found to be installed
      2010-11-24 16:31:44,906 INFO  [com.adobe.licenseManager.service.LicenseManagerService] ALC-LFS-Forms found to be installed
      2010-11-24 16:31:44,906 INFO  [com.adobe.licenseManager.service.LicenseManagerService] ALC-LFS-BarcodedForms found to be installed
      2010-11-24 16:31:44,906 INFO  [com.adobe.licenseManager.service.LicenseManagerService] ALC-LFS-PDFGenerator3D found to be installed
      2010-11-24 16:33:23,203 WARN  [com.adobe.livecycle.signatures.hsm.platform.PKCS11Factory] Exception in loading HSM Keystore
      java.io.IOException: load failed

          at sun.security.pkcs11.P11KeyStore.engineLoad(P11KeyStore.java:756)
          at java.security.KeyStore.load(KeyStore.java:1185)
          at com.adobe.livecycle.signatures.hsm.platform.PKCS11Factory.createKeyStore(PKCS11Factory.ja va:795)
          at com.adobe.livecycle.signatures.hsm.platform.PKCS11Factory.createAndCacheP11KeyStore(PKCS1 1Factory.java:785)
          at com.adobe.livecycle.signatures.hsm.platform.PKCS11Factory.getCredentialsOnToken(PKCS11Fac tory.java:1116)
          at com.adobe.livecycle.signatures.hsm.HSMProvider.getCredentialsOnSlot(HSMProvider.java:217)
          at com.adobe.truststore.dsc.HSMCredentialHelper.getCredsOnSlot(HSMCredentialHelper.java:114)
          at com.adobe.truststore.dsc.CredentialServiceImpl.getCredentialsOnToken(CredentialServiceImp l.java:490)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:597)
          at com.adobe.idp.dsc.component.impl.DefaultPOJOInvokerImpl.invoke(DefaultPOJOInvokerImpl.jav a:118)
          at com.adobe.idp.dsc.interceptor.impl.InvocationInterceptor.intercept(InvocationInterceptor. java:140)
          at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
          at com.adobe.idp.dsc.interceptor.impl.DocumentPassivationInterceptor.intercept(DocumentPassi vationInterceptor.java:53)
          at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
          at com.adobe.idp.dsc.transaction.interceptor.TransactionInterceptor$1.doInTransaction(Transa ctionInterceptor.java:74)
          at com.adobe.idp.dsc.transaction.impl.ejb.adapter.EjbTransactionBMTAdapterBean.doRequiresNew (EjbTransactionBMTAdapterBean.java:218)
          at sun.reflect.GeneratedMethodAccessor691.invoke(Unknown Source)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:597)
          at org.jboss.invocation.Invocation.performCall(Invocation.java:359)
          at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionConta iner.java:237)
          at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionI nterceptor.java:158)
          at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
          at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
          at org.jboss.ejb.plugins.AbstractTxInterceptorBMT.invokeNext(AbstractTxInterceptorBMT.java:1 73)
          at org.jboss.ejb.plugins.TxInterceptorBMT.invoke(TxInterceptorBMT.java:77)
          at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstance Interceptor.java:169)
          at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:168)
          at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
          at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor. java:138)
          at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:648)
          at org.jboss.ejb.Container.invoke(Container.java:960)
          at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invoke(BaseLocalProxyFactory.java:430)
          at org.jboss.ejb.plugins.local.StatelessSessionProxy.invoke(StatelessSessionProxy.java:103)
          at $Proxy427.doRequiresNew(Unknown Source)
          at com.adobe.idp.dsc.transaction.impl.ejb.EjbTransactionProvider.execute(EjbTransactionProvi der.java:133)
          at com.adobe.idp.dsc.transaction.interceptor.TransactionInterceptor.intercept(TransactionInt erceptor.java:72)
          at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
          at com.adobe.idp.dsc.interceptor.impl.InvocationStrategyInterceptor.intercept(InvocationStra tegyInterceptor.java:55)
          at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
          at com.adobe.idp.dsc.interceptor.impl.InvalidStateInterceptor.intercept(InvalidStateIntercep tor.java:37)
          at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
          at com.adobe.idp.dsc.interceptor.impl.AuthorizationInterceptor.intercept(AuthorizationInterc eptor.java:188)
          at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
          at com.adobe.idp.dsc.interceptor.impl.JMXInterceptor.intercept(JMXInterceptor.java:48)
          at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
          at com.adobe.idp.dsc.engine.impl.ServiceEngineImpl.invoke(ServiceEngineImpl.java:115)
          at com.adobe.idp.dsc.routing.Router.routeRequest(Router.java:129)
          at com.adobe.idp.dsc.provider.impl.base.AbstractMessageReceiver.routeMessage(AbstractMessage Receiver.java:93)
          at com.adobe.idp.dsc.provider.impl.vm.VMMessageDispatcher.doSend(VMMessageDispatcher.java:20 9)
          at com.adobe.idp.dsc.provider.impl.base.AbstractMessageDispatcher.send(AbstractMessageDispat cher.java:66)
          at com.adobe.idp.dsc.clientsdk.ServiceClient.invoke(ServiceClient.java:208)
          at com.adobe.truststore.ui.impl.TrustStoreProxy.getCreds(TrustStoreProxy.java:935)
          at com.adobe.truststore.ui.struts.actions.AddHSMSelectTokenAction.execute(AddHSMSelectTokenA ction.java:66)
          at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
          at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
          at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)
          at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:290)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          at com.adobe.framework.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:1 73)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:235)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          at com.adobe.truststore.ui.TSAuthFilter.doFilter(TSAuthFilter.java:63)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:235)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          at com.adobe.framework.SecurityFilter.doFilter(SecurityFilter.java:206)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:235)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          at com.adobe.idp.um.auth.filter.PortalSSOFilter.doFilter(PortalSSOFilter.java:91)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:235)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          at com.adobe.idp.um.auth.filter.PortalSSOFilter.doFilter(PortalSSOFilter.java:91)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:235)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:235)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
          at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
          at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.ja va:179)
          at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
          at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java: 157)
          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.ja va:580)
          at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
          at java.lang.Thread.run(Thread.java:619)
      Caused by: javax.security.auth.login.LoginException
          at sun.security.pkcs11.SunPKCS11.login(SunPKCS11.java:1152)
          at sun.security.pkcs11.P11KeyStore.login(P11KeyStore.java:856)
          at sun.security.pkcs11.P11KeyStore.engineLoad(P11KeyStore.java:746)
          ... 95 more
      Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: 0x80000021
          at sun.security.pkcs11.wrapper.PKCS11.C_Login(Native Method)
          at sun.security.pkcs11.SunPKCS11.login(SunPKCS11.java:1136)
          ... 97 more
      2010-11-24 16:33:23,375 ERROR [com.adobe.livecycle.signatures.client.types.exceptions.SignaturesBaseException] ALC-DSS-311-004 Incorrect PIN for HSM device. (in the operation : createKeyStore)
      2010-11-24 16:35:22,109 WARN  [com.adobe.livecycle.signatures.hsm.platform.PKCS11Factory] Exception in loading HSM Keystore
      java.io.IOException: load failed

       

      And the last big dump keeps repepeating in the same way everytime i try to set credentials  via ADMINUI.

       

      Thanks again.