javax.security.auth.login.LoginException: Unable to perform password callback
michnovka opened this issue · 5 comments
michnovka commented
jSignPDF version 2.0.0
Kubuntu 20.04
java 17.0.1 2021-10-19 LTS
When signing with my card and TSA, I get the below exception. The final PDF looks fine and has valid timestamped signature.
superuser@TheTower:~/Applications/jsignpdf-2.0.0$ ./jsignpdf.sh
FINE Relaxing SSL security.
FINE Registering SunPKCS11 provider from configuration in conf/pkcs11.cfg
FINE PKCS11 provider registered with name SunPKCS11-eObcanka
FINE PKCS11 provider registered with name JSignPKCS11-eObcanka
INFO Starting JSignPdf
INFO Checking input and output PDF paths.
INFO Getting key alias
INFO Certificate Objekt 04/08/2020 00:16:43 expired already.
INFO Used key alias: Objekt 02/08/2021 18:24:39
INFO Loading private key
INFO Getting certificate chain
INFO Opening input PDF file: /home/superuser/Nextcloud2/Konevova/Dopis bonollo.pdf
INFO Creating output PDF file: /home/superuser/Nextcloud2/Konevova/Dopis bonollo_signed.pdf
INFO Creating signature
INFO Setting location: Praha
INFO Setting certification level
INFO Configuring visible signature
INFO Use only layers recommend by Acrobat 6: true
INFO Setting background image scale
INFO Setting Layer 2 text (description)
INFO Setting Layer 4 text (status)
INFO Setting Render mode
INFO Creating visible signature
INFO Processing (it may take a while) ...
INFO Reading CRLs
INFO Reading CRL distribution points from certificate XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX#redacted
INFO Found CRL URL in distribution point: http://qcrldp1.ica.cz/2qca16_rsa.crl
INFO Found CRL URL in distribution point: http://qcrldp2.ica.cz/2qca16_rsa.crl
INFO Found CRL URL in distribution point: http://qcrldp3.ica.cz/2qca16_rsa.crl
INFO Downloading CRL from http://qcrldp3.ica.cz/2qca16_rsa.crl
INFO Size of downloaded CRL: 146964
INFO Downloading CRL from http://qcrldp1.ica.cz/2qca16_rsa.crl
INFO Size of downloaded CRL: 146964
INFO Downloaded CRL is already present. Skipping.
INFO Downloading CRL from http://qcrldp2.ica.cz/2qca16_rsa.crl
INFO Size of downloaded CRL: 146964
INFO Downloaded CRL is already present. Skipping.
FINE KeyStore type JSIGNPKCS11 is not supported by the provider SunPKCS11-eObcanka
FINE KeyStore type JSIGNPKCS11 is supported by the provider JSignPKCS11-eObcanka
INFO Creating TSA client.
INFO Setting TSA hash algorithm: SHA256
INFO Setting TSA policy OID: 1.3.6.1.4.1.23624.10.1.50.2.0
javax.security.auth.login.LoginException: Unable to perform password callback
at com.github.kwart.jsign.pkcs11.JSignPKCS11.contextSpecificLogin(JSignPKCS11.java:1335)
at com.github.kwart.jsign.pkcs11.P11Signature.engineSign(P11Signature.java:604)
at java.base/java.security.Signature$Delegate.engineSign(Signature.java:1423)
at java.base/java.security.Signature.sign(Signature.java:712)
at com.lowagie.text.pdf.PdfPKCS7.getEncodedPKCS7(PdfPKCS7.java:1258)
at net.sf.jsignpdf.SignerLogic.signFile(SignerLogic.java:412)
at net.sf.jsignpdf.SignerLogic.run(SignerLogic.java:115)
at java.base/java.lang.Thread.run(Thread.java:833)
Caused by: java.lang.NullPointerException: Cannot invoke "javax.security.auth.callback.CallbackHandler.handle(javax.security.auth.callback.Callback[])" because "this.pHandler" is null
at com.github.kwart.jsign.pkcs11.JSignPKCS11.contextSpecificLogin(JSignPKCS11.java:1333)
... 7 more
INFO Closing result PDF stream
INFO Finished: Signature succesfully created.
michnovka commented
TSA settings below in screenshot
kwart commented
Does the SunPKCS11 keystore type work?
The JSignPKCS11 should only be used in cases where SunPKCS11 fails.
michnovka commented
I dont even have SunPKCS11 in the list. Only JSignPKCS11
kwart commented
Sorry, I wasn't clear. The SunPKCS11 is the implementation class name. The related keystone type name is just "PKCS11".
Try to run jsignpdf.sh -lkt, you should see the "PKCS11" in the output.
The JSignPKCS11 was not tested with Java 17 (yet) :)
michnovka commented
Yea, with SunPKCS11 the error is not present.