Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
The moose likes Security and the fly likes PKCS11 provider session count bug Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "PKCS11 provider session count bug" Watch "PKCS11 provider session count bug" New topic

PKCS11 provider session count bug

Valentin Ivanov
Ranch Hand

Joined: Nov 20, 2008
Posts: 38


I am trying to sign PDF files in my application. And i do. But when the files are few thousands i get the exception every time at around 240 file :

I have tried to create new PKCS11 provider and extract the keys form the SmartCard token but I always got this exception.
Thera is even a bug reported HERE.
Over the net space I could not found a solution. I don't know what to do. SunPKCS11 provider do not provide any managing methods , like for example clear session counter or Open new session or something like that.

I can't even find what the hell CKR_SESSION_COUNT means in that exception! There is no examples , no explanations on the web.
SessionManager class is invisible , so i can not manually manage the sessions to the SmartCard token.

I want to post this problem to Oracle, but don't know where to do that. Please does someone know it?
Or at least what else forum i should write to?
Thank you very much
Tim McGuire
Ranch Hand

Joined: Apr 30, 2003
Posts: 820

What application server are you using?

Several people reported similar problems.

For example, this guy examined his security provider with

what do you see when you do that?

By the way here are instructions for submitting bug reports.
Valentin Ivanov
Ranch Hand

Joined: Nov 20, 2008
Posts: 38

Hi Tim,

no i have no application server at all, I am working on completely stand alone Java application.
I took a look at the link you have provided, but the info for the provider is every time the same

SunPKCS11-SmartCard using library C:\Windows\SysWOW64\cvP11.dll

What I have discovered so far is if I do (the code that next is for showing the logic, do not expect it to run if you copy it):

The exception is thrown every time at cycle 50:

if i do:

The exception is every time at different file, but arount 250. Have no idea what class is doing inside. Looks like it creates sessions or doing something with the sessions.
I dont know maybe the provider is not clearing the resources when i do Security.RemoveProvider().
I don't know what to do else.
And thank you I will try to write to oracle, but I am not sure the problem is from java or from the nativ code of the provider!
I agree. Here's the link:
subject: PKCS11 provider session count bug
It's not a secret anymore!