Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
Security Level: Public (Public issues, viewable by everyone)
-
None
-
Operating System: other
Platform: Other
-
40826
Description
Hello
I am having a problem. My application is an applet that generate a xml and sign
it with PrivateKey from SmartCard.
The first time, it works fine! however when i try to sign again (second time), i
get this exception:
java.security.InvalidKeyException: Private keys must be instance of
RSAPrivate(Crt)Key or have PKCS#8 encoding
The exception occurs when calling the method: DOMSignContext dsc = new
DOMSignContext(pk, doc.getDocumentElement()); This method is part of the
following code:
Does any body know what could i do to solve this problem ?
======= code that generates the xml signature
String providerName = System.getProperty("jsr105Provider",
"org.jcp.xml.dsig.internal.dom.XMLDSigRI");
XMLSignatureFactory fac = XMLSignatureFactory.getInstance(
"DOM",
(Provider) Class.forName(providerName).newInstance());
Reference ref = fac.newReference(
"",
fac.newDigestMethod(DigestMethod.SHA1, null),
Collections.singletonList(fac.newTransform(
Transform.ENVELOPED,
(TransformParameterSpec) null)),
null,
null);
SignedInfo si = fac.newSignedInfo(
fac.newCanonicalizationMethod(
CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
(C14NMethodParameterSpec) null),
fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null),
Collections.singletonList(ref));
KeyInfoFactory kif = fac.getKeyInfoFactory();
X509Data x509 = kif.newX509Data(Collections.singletonList(cert));
KeyInfo ki = kif.newKeyInfo(Collections.singletonList(x509));
DOMSignContext dsc = new DOMSignContext(pk, doc.getDocumentElement());
XMLSignature signature = fac.newXMLSignature(si, ki);
signature.sign(dsc);
return doc;
}
======= code that get de PrivateKey and Certificate from Smart Card:
String configuracao = "name = SmartCard\n" +
"library = c:\\windows\\system32
aetpkss1.dll";
byte[] configuracaoBytes = configuracao.getBytes();
ByteArrayInputStream configuracaoStream = new
ByteArrayInputStream(configuracaoBytes);
sun.security.pkcs11.SunPKCS11 provider = new
sun.security.pkcs11.SunPKCS11(configuracaoStream);
Security.addProvider(provider);
this.nomeProvider = provider.getName();
this.repositorio = KeyStore.getInstance("PKCS11", provider);
repositorio.load(null, pin.toCharArray());
this.inicializarDados(pin);
String keyEntry = null;
boolean ok = false;
Enumeration en = repositorio.aliases();
while(en.hasMoreElements()) {
keyEntry = (String)en.nextElement();
if(repositorio.isKeyEntry(keyEntry)){
ok = true;
break;
}
}
if(ok){
certificado = (X509Certificate) repositorio.getCertificate(keyEntry);
chavePrivada = (PrivateKey) repositorio.getKey(keyEntry, pin.toCharArray());