Basically the same problem as in #210 - signing fails with CKR_USER_NOT_LOGGED_IN. Using the same USB token as in #210, i.e. Gemalto SafeNet eToken 5110 CC.
Here is the output:
> ./jsignpdf.sh -kst PKCS11 -ksp <redacted> -ki 0 -ha SHA256 /tmp/test.pdf
WARNING: package sun.security.action not in java.base
FINE Registering SunPKCS11 provider from configuration in /home/zegkljan/.config/jsignpdf/pkcs11.cfg
FINE PKCS11 provider registered with name SunPKCS11-SafeNet
SEVERE Unable to register SunPKCS11 security provider.
java.lang.reflect.InvocationTargetException
at java.base/jdk.internal.reflect.DirectConstructorHandleAccessor.newInstance(DirectConstructorHandleAccessor.java:74)
at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:499)
at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:483)
at net.sf.jsignpdf.utils.PKCS11Utils.initPkcs11Provider(PKCS11Utils.java:118)
at net.sf.jsignpdf.utils.PKCS11Utils.registerProviders(PKCS11Utils.java:75)
at net.sf.jsignpdf.utils.PKCS11Utils.registerProvidersFromDefaultLocation(PKCS11Utils.java:39)
at net.sf.jsignpdf.Signer.main(Signer.java:75)
Caused by: java.lang.NoClassDefFoundError: sun/security/action/GetPropertyAction
at com.github.kwart.jsign.pkcs11.Config.<clinit>(Config.java:64)
at com.github.kwart.jsign.pkcs11.JSignPKCS11.<init>(JSignPKCS11.java:130)
at com.github.kwart.jsign.pkcs11.JSignPKCS11.<init>(JSignPKCS11.java:104)
at java.base/jdk.internal.reflect.DirectConstructorHandleAccessor.newInstance(DirectConstructorHandleAccessor.java:62)
... 6 more
Caused by: java.lang.ClassNotFoundException: sun.security.action.GetPropertyAction
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:580)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:502)
... 10 more
INFO Checking input and output PDF paths.
INFO Getting key alias
INFO Used key alias: iSignum 20260709-001240
INFO Loading private key
INFO Getting certificate chain
INFO Opening input PDF file: /tmp/test.pdf
INFO Creating output PDF file: ./test_signed.pdf
INFO Creating signature
INFO Setting certification level
INFO Processing (it may take a while) ...
FINE KeyStore type PKCS11 is supported by the provider SunPKCS11-SafeNet
SEVERE Problem occured
java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_USER_NOT_LOGGED_IN
at jdk.crypto.cryptoki/sun.security.pkcs11.P11Signature.engineSign(P11Signature.java:685)
at java.base/java.security.Signature$Delegate.engineSign(Signature.java:1387)
at java.base/java.security.Signature.sign(Signature.java:700)
at org.openpdf.text.pdf.PdfPKCS7.getEncodedPKCS7(PdfPKCS7.java:1308)
at net.sf.jsignpdf.SignerLogic.signFile(SignerLogic.java:408)
at net.sf.jsignpdf.Signer.signFiles(Signer.java:223)
at net.sf.jsignpdf.Signer.main(Signer.java:110)
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_USER_NOT_LOGGED_IN
at jdk.crypto.cryptoki/sun.security.pkcs11.wrapper.PKCS11.C_SignFinal(Native Method)
at jdk.crypto.cryptoki/sun.security.pkcs11.P11Signature.engineSign(P11Signature.java:635)
... 6 more
INFO Finished: Creating of signature failed.
FINE Removing security provider with name SunPKCS11-SafeNet
#
# A fatal error has been detected by the Java Runtime Environment:
#
# SIGSEGV (0xb) at pc=0x00007fe600cdc340, pid=211271, tid=211283
#
# JRE version: OpenJDK Runtime Environment (26.0.1) (build 26.0.1)
# Java VM: OpenJDK 64-Bit Server VM (26.0.1, mixed mode, sharing, tiered, compressed oops, compressed class ptrs, g1 gc, linux-amd64)
# Problematic frame:
# C [libpcsclite_real.so.1+0x2340]
#
# Core dump will be written. Default location: Determined by the following: "/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %h %d %F %I" (alternatively, falling back to /tmp/jsignpdf-3.0.1/core.211271)
#
# An error report file with more information is saved as:
# /tmp/jsignpdf-3.0.1/hs_err_pid211271.log
#
# If you would like to submit a bug report, please visit:
# https://bugreport.java.com/bugreport/crash.jsp
#
./jsignpdf.sh: line 41: 211271 Aborted (core dumped) "$JAVA" $JAVA_OPTS "-Djsignpdf.home=$DIR" -jar "$DIR/JSignPdf.jar" "$@"
The contents of pkcs11.cfg:
name=SafeNet
library=/usr/lib/libeToken.so
I read that JSignPKCS11 should be used since a long time ago, which should deal with this problem, but that does not seem to happen.
Basically the same problem as in #210 - signing fails with
CKR_USER_NOT_LOGGED_IN. Using the same USB token as in #210, i.e. Gemalto SafeNet eToken 5110 CC.Here is the output:
The contents of
pkcs11.cfg:I read that JSignPKCS11 should be used since a long time ago, which should deal with this problem, but that does not seem to happen.