HSM: Error while opening connection to the HSM - pkcs#11

Receiving the CKR_GENERAL_ERROR when the application tries to open a connection to the H/W HSM.
The error in detail is:
50004-Crypto API could not be open.
Caused by: xxx.xxx.xxx.cryptoapi.CryptoApiSysException: Error opening session!!
Caused by: iaik.pkcs.pkcs11.wrapper.PKCS11Exception: CKR_GENERAL_ERROR
at iaik.pkcs.pkcs11.wrapper.PKCS11Implementation.C_Initialize(Native Method) ~[pkcs11Wrapper-1.2.18.jar:1.2.18]
at iaik.pkcs.pkcs11.Module.initialize(Module.java:307) ~[pkcs11Wrapper-1.2.18.jar:1.2.18]
Could anyone please tell what might be the reason for this error? The application works fine with the software HSM.
H/W HSM details:
ProtectToolkit C Key management utility : 4.2.0 (even tried with 4.3.0)
Manufacturer : Eracom
Hardware version : 66.00
Firmware version : 2.02

CKR_GENERAL_ERROR is the general error message thrown by most of the PKCS#11 complaint API. Since you have the error while connecting to the HSM hardware Please make sure you do the following things:
You have successfully done the client (you app) to h/w hsm NTL configuration. Here's a link!
Verify that you have a valid slot number and partition password (PIN) while opening the session and login to the hsm.
Also, you can check HSM logs (usually residing on your hsm client installation directory in your application) to know what is the exact cause for the problem. Here's You can refer to my previous response on finding luna safenet client logs!

Related

pkcs#11 CKR_DEVICE_REMOVED error logging in to HSM

I have the SmartCard HSM usb plugged in to my laptop. I can see it when I run a command thru an application using the PKCS#11 API:
Slot 0
Slot info:
Description: Identiv uTrust 3512 SAM slot Token [CCID Interface] (55511725602
Manufacturer ID: Identiv
Hardware version: 2.2
Firmware version: 0.0
Token present: yes
Token info:
Manufacturer ID: www.CardContact.de
Model: PKCS#15 emulated
Hardware version: 24.13
Firmware version: 2.5
Serial number: DECC0300697
Initialized: yes
User PIN init.: yes
Label: UserPIN (SmartCard-HSM)
Its been initialized with a SO-PIN and USER-PIN.
When I try to login in to the HSM using C_Login, I get a CKR_DEVICE_REMOVED error back. The usb HSM is still plugged in. I have googled the error but nothing fruitful came up.
login_token -LOGIN user -SLOT 0 -UPIN user-pin
EROR: rv=0x00000032: Could not log in on the token.
How can I login to the HSM ?
Following text is the description of CKR_DEVICE_REMOVED error from PKCS#11 v2.20 specification:
CKR_DEVICE_REMOVED: The token was removed from its slot during the
execution of the function.
If you did not attach/detach new reader and did not insert/remove smartcard once the PKCS#11 library was loaded then I don't see any obvious reason why you are receiving this error.
However you are using PKCS#11 library provided by OpenSC project so you can enable its debugging via environment variable or configuration file. You may be able to find the cause of the error by exploring the debug output yourself. If not, then your best bet is to open new OpenSC issue and discuss your problem with OpenSC project members.

Bluemix liberty runtime handshake failure while accessing dashDB datasource

Suddenly I am getting an SSL error message when I am trying to access a dashDb from an auto-configured liberty server, from somewhere deep in the DB2 driver. I have verified in the deployed files that the default keystore is auto-configured into the liberty server.
What is happening here?
java.security.cert.CertPathValidatorException: The certificate issued by CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US is not trusted; internal cause is:
[ERROR ] CWPKI0022E: SSL HANDSHAKE FAILURE: A signer with SubjectDN CN=*.services.dal.bluemix.net, O=International Business Machines Corporation, L=Armonk, ST=New York, C=US was sent from the target host. The signer might need to be added to local trust store /home/vcap/app/wlp/usr/servers/BluemixServer/resources/security/key.jks, located in SSL configuration alias defaultSSLConfig. The extended error message from the SSL handshake exception is: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is
[err] java.sql.SQLNonTransientException: [jcc][t4][2030][11211][4.19.49] A communication error occurred during operations on the connection's underlying socket, socket input stream,
or socket output stream. Error location: Reply.fill() - socketInputStream.read (-1). Message: java.security.cert.CertificateException: PKIXCertPathBuilderImpl could not build a valid CertPath.. ERRORCODE=-4499, SQLSTATE=08001 DSRA0010E: SQL State = 08001, Error Code = -4,499
[err] at com.ibm.db2.jcc.am.kd.a(Unknown Source)
There was a change to dashDB last Friday which enhanced security requirements for cipher specs of applications accessing dashDB. If your application was working before last week and is not now, you may need to update your cipher.
Please refer to IBM technical report via this link
We can connect to dashDB with one of the following Liberty for java buildpacks. Please try redeploying your application and make sure that database URI has :sslConnection=true at the end.
Build packs
buildpack_liberty-for-java_v3.8-20170308-1507.zip (newest)
buildpack_liberty-for-java_v3.4.1-20161030-2241.zip (oldest)

Error in setting up Google play services in unity

Following the instruction on google play games plugin for unity, I have not been able to set it up correctly. My application crashes on signing in, with the following log output (with no more details). I've got no luck in finding a probable cause and searches seems to be out of any useful tip.
The actual error is displayed as:
Application ID () must be a numeric value. Please verify that your manifest refers to the correct project ID
The complete log output:
10-08 19:43:49.581 25688-25734/? E/linker: readlink('/proc/self/fd/49') failed: Permission denied [fd=49]
10-08 19:43:49.581 25688-25734/? E/linker: warning: unable to get realpath for the library "/data/data/com.testcompany.testapp/app_.gpg.classloader/d75c8e1bbeab9e1ddffb9d332585db71.dex". Will use given name.
10-08 19:43:49.667 25688-25734/? W/PopupManager: You have not specified a View to use as content view for popups. Falling back to the Activity content view. Note that this may not work as expected in multi-screen environments
10-08 19:43:49.675 25688-26526/? I/GamesNativeSDK: Auth operation started: SIGN IN
10-08 19:43:49.675 25688-26526/? I/GamesNativeSDK: Connecting to Google Play...
10-08 19:43:49.802 10946-10956/? W/GamesServiceBroker: Client connected with SDK 9683000, Services 9683438, and Games 37240038
10-08 19:43:49.837 10946-26540/? E/ValidateServiceOp: Application ID () must be a numeric value. Please verify that your manifest refers to the correct project ID.
10-08 19:43:49.842 25688-25688/? D/AndroidRuntime: Shutting down VM
10-08 19:43:49.846 25688-25688/? E/AndroidRuntime: FATAL EXCEPTION: main
Process: com.testcompany.testapp, PID: 25688
java.lang.Error: FATAL EXCEPTION [main]
Unity version : 5.4.0f3
Device model : LGE Nexus 5
Device fingerprint: google/hammerhead/hammerhead:6.0/MRA58K/2256973:user/release-keys
Caused by: java.lang.IllegalStateException: A fatal developer error has occurred. Check the logs for further information.
at com.google.android.gms.common.internal.zze$zza.zzc(Unknown Source)
at com.google.android.gms.common.internal.zze$zza.zzv(Unknown Source)
at com.google.android.gms.common.internal.zze$zze.zzauc(Unknown Source)
at com.google.android.gms.common.internal.zze$zzd.handleMessage(Unknown Source)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loop(Looper.java:148)
at android.app.ActivityThread.main(ActivityThread.java:5417)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:726)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616)
I've taken the steps needed to generate OAuth2 client ID and I've successfully applied that to GooglePlayGame plugin in unity. What could be the reason of the error message?
If we refer to the actual error as shown in your log output, the problem is caused by the application ID declared in your Manifest which is actually one of the top setup mistakes committed by developers as shown in this video.
To troubleshoot this kind of error, please check the following:
For Android:
please verify that the value of the #string/app_id resource matches your application's numeric ID. The value of this resource should only contain digits. For example:
<string name="app_id">123456789012</string>
Warning: Do not use the full client ID (1233456789012.apps.googleusercontent.com) as your app ID. This will result in errors.
For iOS:
The application_ID is the number that Google Play Developer Console assigns to your project. Please note that is not the same as your Apple application_ID.
Then, after checking the application ID, please also check the certificate fingerprint. Please be noted that:
If you are debugging your game using your debug certificate but have configured games services using your release certificate, you should add a second linked app using the same package name and your debug certificate's SHA1 fingerprint. This will allow you to sign in to the application whether it's signed with the debug or release certificates.
For additional tips, refer to these related resources:
Top 7 Google Play games services setup mistakes - Video that describes common Google Play games services setup pitfalls and scenarios.
Android troubleshooting guide - Developer documentation that describes how to troubleshoot issues while developing Android games.
Lastly, this Q&A thread might also help wherein this GitHub post was suggested.
The problem was caused by multiple application configurations in Google play services. Although the game services panel was showing only one application with my package name, there were several instances of the same application configured in google cloud services previously for google cloud messaging and other services. The problem was only solved when I shut down all services, deleted the applications and patiently created one unified application configuration in Google play services.
I got this problem too. Here's My solution:
Delete old version of GooglePlayService and Admob plugins and import the new ones.
Open Android SDK Manager(In Unity, Window -> Google Play Games -> Downloads -> Google Play Gamse SDK(Android)), update the following ones:
Then try to set up Goole Play Service.
Additional, current verion of GooglPlayServices and Admob both import PlayServicesResolver/Editor/Google.JarResolverLib.dll(JarResolverLib.dll), just delete Google.JarResolerLib.dll.
Hope this can help you!

Socket error 10053 software caused connection abort

I have a application which will receive files from FTP and uploaded in to Mainframe server.
I am getting a "Socket error 10053 software caused connection abort" when I assign
FTPTransfertype = ftASCII
If I change this to FtBinary I'm not getting this error but data not uploaded properly in this mode.
I am getting this error only in application server (Production server) not in the development server (here I faced this issue only once in the FTPTransfertype = ftASCII assignment)
I have changed the FTP connectivity mode to Passive but its not working..
Please help me on this.
I recomment to see Microsoft Windows Socket Errors page:
https://msdn.microsoft.com/en-us/library/windows/desktop/ms740668(v=vs.85).aspx
In your case:
Software caused connection abort. An established connection was
aborted by the software in your host computer, possibly due to a data
transmission time-out or protocol error.

eclipse not starting because p4eclipse is throwing AccessException

I was running Eclipse Junos on Mac and had installed p4eclipse plugin. After system restart I am trying to restart Eclipse, but it is throwing exceptions (as seen in logs).
com.perforce.p4java.exception.AccessException: Your session has expired, please login again.
at com.perforce.p4java.impl.mapbased.server.Server.handleErrorStr(Server.java:4453)
at com.perforce.p4java.impl.mapbased.server.Server.getDepots(Server.java:2673)
at com.perforce.team.core.p4java.P4Connection$2.run(P4Connection.java:1057)
at com.perforce.team.core.p4java.P4Resource.runOperation(P4Resource.java:90)
at com.perforce.team.core.p4java.P4Connection.refresh(P4Connection.java:1060)
at com.perforce.team.core.p4java.P4Connection.isSandbox(P4Connection.java:1015)
at com.perforce.team.ui.decorator.PerforceDecorator.updateSandBoxAndStreamDecoration(PerforceDecorator.java:288)
at com.perforce.team.ui.decorator.PerforceDecorator.decorateProjectWithConnection(PerforceDecorator.java:275)
at com.perforce.team.ui.decorator.PerforceDecorator.getProjectText(PerforceDecorator.java:848)
at com.perforce.team.ui.decorator.PerforceDecorator.decorateProject(PerforceDecorator.java:562)
at com.perforce.team.ui.decorator.PerforceDecorator.decorateText(PerforceDecorator.java:812)
at org.eclipse.ui.internal.decorators.FullDecoratorDefinition.decorateText(FullDecoratorDefinition.java:134)
Also, below stack trace:
!ENTRY org.eclipse.equinox.security 4 0 2013-05-31 11:14:09.882
!MESSAGE Secure storage was unable to retrieve the master password from the OS keyring.
Make sure that this application has access to the OS keyring.
If the error persists, the password recovery feature could be used, or secure storage can be deleted and re-created.
java.lang.SecurityException: Could not obtain password. Result: -25300
at org.eclipse.equinox.internal.security.osx.OSXProvider.getPassword(Native Method)
at org.eclipse.equinox.internal.security.osx.OSXProvider.getPassword(OSXProvider.java:45)
at org.eclipse.equinox.internal.security.storage.PasswordProviderModuleExt.getPassword(PasswordProviderModuleExt.java:35)
at org.eclipse.equinox.internal.security.storage.SecurePreferencesRoot.getModulePassword(SecurePreferencesRoot.java:259)
at org.eclipse.equinox.internal.security.storage.SecurePreferencesRoot.getPassword(SecurePreferencesRoot.java:224)
at org.eclipse.equinox.internal.security.storage.SecurePreferences.get(SecurePreferences.java:262)
at org.eclipse.equinox.internal.security.storage.SecurePreferencesWrapper.get(SecurePreferencesWrapper.java:106)
at com.perforce.team.core.P4SecureStore.get(P4SecureStore.java:36)
at com.perforce.team.core.ConnectionParameters.getPassword(ConnectionParameters.java:265)
at com.perforce.team.ui.P4ConnectionManager.handleLoginError(P4ConnectionManager.java:374)
at com.perforce.team.ui.P4ConnectionManager.internalRetry(P4ConnectionManager.java:803)
at com.perforce.team.ui.P4ConnectionManager.shouldRetry(P4ConnectionManager.java:833)
at com.perforce.team.core.p4java.P4Connection.handleError(P4Connection.java:1649)
at com.perforce.team.core.p4java.P4Resource.runOperation(P4Resource.java:94)
at com.perforce.team.core.p4java.P4Connection.refresh(P4Connection.java:1060)
I have seen this issue before also, and at that time I was left with no other option but to reinstall Eclipse.
Please help me resolve this issue. Also, how to avoid hitting this issue again.
Thanks in advance.
UW.
This looks like Eclipse bug: https://bugs.eclipse.org/bugs/show_bug.cgi?id=391455
The bug suggests you go to 'Preferences / General / Security / Secure Storage' and turn of 'OS X Keystore Integration'