SunPKC11 Exception when signing PDF

------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
iText-questions mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/itext-questions

iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php

Hi Valentin,

my first remark is that iText is far away from PKCS11 session. The sun jac/plkcs11 bridge is obviously managing the sessions as you can see from the call stack.
Second remark: where is iText involved at all? Looks like you using a 'btrust' signer.Maybe you're better off at that mailing list ;-)

Greetings

Andreas

Hello,

when i sign hundreds of PDF files i got this exception :


	* java.security.ProviderException: Initialization failed  
	*     at sun.security.pkcs11.P11Signature.initialize(P11Signature.java:294)  
	*     at sun.security.pkcs11.P11Signature.engineInitSign(P11Signature.java:375)  
	*     at java.security.Signature$Delegate.engineInitSign(Unknown Source)  
	*     at java.security.Signature.initSign(Unknown Source)  
	*     at org.btrust.signer.PDFSigner.initSignPDF(PDFSigner.java:298)  
	*     at org.btrust.signer.PDFSigner.signPDF(PDFSigner.java:484)  
	*     at org.btrust.util.SignThread.run(SignThread.java:646)  
	* Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_SESSION_COUNT  
	*     at sun.security.pkcs11.wrapper.PKCS11.C_OpenSession(Native Method)  
	*     at sun.security.pkcs11.SessionManager.openSession(SessionManager.java:185)  
	*     at sun.security.pkcs11.SessionManager.getOpSession(SessionManager.java:123)  
	*     at sun.security.pkcs11.Token.getOpSession(Token.java:247)  
	*     at sun.security.pkcs11.P11Signature.initialize(P11Signature.java:283)  
	*     ... 6 more
I think that some of the iText classes are messing with the provider like creating/removing sessions. But i can not figure out if this is true.
I though it might be Provider problem and i wrote to them, but they ensure me the problem is not at the provider .dll file.

If I get the private Key and use it to sign many files i got this exception:

java.security.ProviderException: Could not obtain session
    at sun.security.pkcs11.SessionManager.getOpSession(SessionManager.java:130)
    at sun.security.pkcs11.Token.getOpSession(Token.java:247)
    at sun.security.pkcs11.P11Signature.initialize(P11Signature.java:283)
    at sun.security.pkcs11.P11Signature.engineInitSign(P11Signature.java:375)
    at java.security.Signature$Delegate.engineInitSign(Unknown Source)
    at java.security.Signature.initSign(Unknown Source)
    at org.btrust.signer.PDFSigner.initSignPDF(PDFSigner.java:299)
    at org.btrust.signer.PDFSigner.signPDF(PDFSigner.java:486)
    at org.btrust.util.SignThread.run(SignThread.java:664)

The exception is thrown at line : "Signature.initSign(PrivateKey);"And this happens at file 100 all the time. Does someone know why?


If I create new Provider every 90 files i get the first exception i posted.
The strange is that i get the exception at different file every time, but after file 100. 

Seems like some classes are playing with the provider sessions!!!


 
M. Cp. Eng. Valentin Ivanov

------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2

_______________________________________________
iText-questions mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/itext-questions

iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php

-- 
Andreas Kühne 
phone: +49 177 293 24 97 
mailto: [hidden email]

Trustable Ltd. Niederlassung Deutschland Ströverstr. 18 - 59427 Unna Amtsgericht Hamm HRB 5868

Directors Andreas Kühne, Heiko Veit

Company UK Company No: 5218868 Registered in England and Wales 

------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
iText-questions mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/itext-questions

iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php

Hi Andreas,

i know it looks strange, but I have write to my Provider and they told me nothing is wrong.
And there is something i would like to tell you :

if this line sap.setExternalDigest(new byte[128], new byte[20], "RSA"); exist in the code i can sign exactly 50 files, but if the line do not exist i can sign exactly 100 files. So could you tell me know whay this happens. I can poste the code here, it is the same as HERE (the part with external diges and signature). I wish I could give you the .dll provider but i am not allowed to!!!

And by the way the exception now is from line PdfSignatureAppearance.preClose()

ExceptionConverter: java.security.InvalidKeyException: Private keys must be instance of RSAPrivate(Crt)Key or have PKCS#8 encoding
        at sun.security.rsa.RSAKeyFactory.translatePrivateKey(Unknown Source)
        at sun.security.rsa.RSAKeyFactory.engineTranslateKey(Unknown Source)
        at sun.security.rsa.RSAKeyFactory.toRSAKey(Unknown Source)
        at sun.security.rsa.RSASignature.engineInitSign(Unknown Source)
        at sun.security.rsa.RSASignature.engineInitSign(Unknown Source)
        at java.security.Signature$Delegate.init(Unknown Source)
        at java.security.Signature$Delegate.chooseProvider(Unknown Source)
        at java.security.Signature$Delegate.engineInitSign(Unknown Source)
        at java.security.Signature.initSign(Unknown Source)
        at com.lowagie.text.pdf.PdfPKCS7.<init>(PdfPKCS7.java:410)
        at com.lowagie.text.pdf.PdfSigGenericPKCS.setSignInfo(PdfSigGenericPKCS.java:113)
        at com.lowagie.text.pdf.PdfSignatureAppearance.preClose(PdfSignatureAppearance.java:806)
        at com.lowagie.text.pdf.PdfSignatureAppearance.preClose(PdfSignatureAppearance.java:721)
        at org.btrust.ws.TestCVProvider.signPDFFile(TestCVProvider.java:178)
        at org.btrust.ws.TestCVProvider.testCryptovisionProvider(TestCVProvider.java:80)
        at org.btrust.ws.TestCVProvider.main(TestCVProvider.java:53)

Valentin,

as Andreas mentioned before, iText does not do any PKCS11 session handling.

More in detail: Your stack trace

java.security.ProviderException: Could not obtain session
    at sun.security.pkcs11.SessionManager.getOpSession(SessionManager.java:130)
    at sun.security.pkcs11.Token.getOpSession(Token.java:247)
    at sun.security.pkcs11.P11Signature.initialize(P11Signature.java:283)
    at sun.security.pkcs11.P11Signature.engineInitSign(P11Signature.java:375)
    at java.security.Signature$Delegate.engineInitSign(Unknown Source)
    at java.security.Signature.initSign(Unknown Source)
    at org.btrust.signer.PDFSigner.initSignPDF(PDFSigner.java:299)
    at org.btrust.signer.PDFSigner.signPDF(PDFSigner.java:486)
    at org.btrust.util.SignThread.run(SignThread.java:664)

shows that some org.btrust.* software obtains the PKCS11 session and, thus, is responsible for releasing it again (if there is a need for releasing it).

Your other stack trace

         [...]
         at com.lowagie.text.pdf.PdfSignatureAppearance.preClose(PdfSignatureAppearance.java:721)
         at org.btrust.ws.TestCVProvider.signPDFFile(TestCVProvider.java:178)
         at org.btrust.ws.TestCVProvider.testCryptovisionProvider(TestCVProvider.java:80)
         at org.btrust.ws.TestCVProvider.main(TestCVProvider.java:53)

indicates that some org.btrust.* software uses iText for signing, most likely after injecting the PKCS11 connection into it.

The org.btrust.* responsibility for releasing the PKCS11 session, therefore, might include releasing the iText objects used for signing. Otherwise the private key object might be locked in memory for a long time. It might suffice, though, if there was a way to explicitly close the session initially obtained.

Regards,   Michael

Sessions can be a pain in the a** in a garbage collection oriented memory handling environment...

I understand, but how can I clear the memory? sun.security.Provider have one method clear(), and sun.security.pkcs11.SunPKCS11 has no method for releasing the resources. I can not close the session explicitly! I am doing the sign in a method so when the method is done all variables are destroyed.

basically my logic is like:

Provider provider = getProvider();
Security.addProvider(provider);
PrivateKey pk = getPrivateKey();

for(5000 times){
signPDF(pk, provider);
}

i will get exception. I have tried with few providers and I always get exception.

Could you please try to sign one PDF file for thousands times and see if you get exception!!!?

I forgot to say something which by the way is very strange for me.
I  sign PDF, PKCS7, XADES, OPEN XADES with one Provider. ONLY with PDF signing i get exception. That is the reason I thought iText might be involved in this. Have no explanation why whith the others signings i have no problems

Valentin,

Valentin Ivanov wrote

I understand, but how can I clear the memory?

I had a look at the P11Signature class. It looks like it requests a session upon initialization and releases it upon sign() or verify(). Especially I didn't see any session release upon finalization.

Thus, if there are initialized Signature objects which are never used to sign() or verify(), they might drain your supply of sessions.

In the light of this I wonder why in your case both the org.btrust.signer.PDFSigner (in initSignPDF() called by signPDF()) and com.lowagie.text.pdf.PdfPKCS7 (in the constructor called by PdfSigGenericPKCS.setSignInfo() which in turn is called by PdfSignatureAppearance.preClose) initialize a P11Signature for signing. Either you allow iText to create the signature or do it yourself externally.

In the former case the P11Signature initialized by org.btrust.signer.PDFSigner might lock one session if never used, in the latter PdfPKCS7.

In any case simply change the code to not initialize a superfluous P11Signature, in the former case by fixing org.btrust.signer.PDFSigner and in the latter by not injecting your PrivateKey into iText.

(Or is there an actual requirement to double-sign?)

Regards,   Mikel

PS: Paulo, perhaps PdfPKCS7 should be changed here. It should make sure sign() or verify() is called for its Signature instance (if not null), either as intended or in the finalizer.

Valentin,

mkl wrote

I had a look at the P11Signature class. It looks like it requests a session upon initialization and releases it upon sign() or verify(). Especially I didn't see any session release upon finalization.

Other sources I just stumbled upon do release the session in a finalizer. The version I inspected seemed to rely on PhantomReference in Session to do auto clean up.

In either case that fallback clean might occur to late in your context. And it depends on your garbage collection settings and available memory anyway which isn't too predictable after all.

Regards,   Michael

PS: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/9f17abb48a34

Hi mkl,

In the light of this I wonder why in your case both the org.btrust.signer.PDFSigner (in initSignPDF() called by signPDF()) and com.lowagie.text.pdf.PdfPKCS7 (in the constructor called by PdfSigGenericPKCS.setSignInfo() which in turn is called by PdfSignatureAppearance.preClose) initialize a P11Signature for signing. Either you allow iText to create the signature or do it yourself externally.

no double signing is required, just the two exceptions are from SAME code but on different packages, I guess that is why you thought I double sign something in the code.

In any case simply change the code to not initialize a superfluous P11Signature, in the former case by fixing org.btrust.signer.PDFSigner and in the latter by not injecting your PrivateKey into iText.

I have never initialize "P11Signature" class by myself, this class is initialize internally by "java.security.Signature.initSign(Unknown Source)". And about the injection, this is the code I am using to sign PDF (it is 100% the same like HERE):

PdfReader reader = new PdfReader("original.pdf");
FileOutputStream fout = new FileOutputStream("signed.pdf");
PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0');
PdfSignatureAppearance sap = stp.getSignatureAppearance();
sap.setCrypto(key, chain, null, PdfSignatureAppearance.WINCER_SIGNED);
sap.setReason("I'm the author");
sap.setLocation("Lisbon");
// comment next line to have an invisible signature
sap.setVisibleSignature(new Rectangle(100, 100, 200, 200), 1, null);
sap.setExternalDigest(new byte[128], new byte[20], "RSA");
sap.preClose();
MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
byte buf[] = new byte[8192];
int n;
InputStream inp = sap.getRangeStream();
while ((n = inp.read(buf)) > 0) {
    messageDigest.update(buf, 0, n);
}
byte hash[] = messageDigest.digest();
PdfSigGenericPKCS sg = sap.getSigStandard();
PdfLiteral slit = (PdfLiteral)sg.get(PdfName.CONTENTS);
byte[] outc = new byte[(slit.getPosLength() - 2) / 2];
PdfPKCS7 sig = sg.getSigner();
Signature sign = Signature.getInstance("SHA1withRSA");
sign.initSign(key);
sign.update(hash);
sig.setExternalDigest(sign.sign(), hash, "RSA");
PdfDictionary dic = new PdfDictionary();
byte[] ssig = sig.getEncodedPKCS7();
System.arraycopy(ssig, 0, outc, 0, ssig.length);
dic.put(PdfName.CONTENTS, new PdfString(outc).setHexWriting(true));
sap.close(dic);

Please could you tell me what line is injecting PrivateKey into iText? Please understand me, I do not have so much knowledge on iText as I wish to.

In either case that fallback clean might occur to late in your context. And it depends on your garbage collection settings and available memory anyway which isn't too predictable after all.

Do you want to tell me that neither Java Providers nor iText have not made opportunity to manually clean the resources? And rely on Java GC. I hope this will be changed in future, otherwise it sounds like a hit under the belt regarding Java language.

I don't know what to do. My Provider tells me the dll is OK, here i understand the iText is OK, so where the hell I should look for that problem. I am going crazy.

I test this case

for(10 000 times) {
        Signature sign = Signature.getInstance("SHA1withRSA", provider);
        sign.initSign(getPrivKey);
        sign.update( "abc".getBytes() );
        byte[] bb = sign.sign();
}

that works perfect, therefore the problem is not in the provider. But when i add pdf signing it goes wrong the way i have described above!!! The only line i give PrivateKey to iText is PdfSignatureAppearance.setCrypto(PrivKey, chain, null, PdfSignatureAppearance.WINCER_SIGNED); The memory is continously rising, i guess something in PdfSignatureAppearance is not releasing the session. And this could be proven if you sign many times, the exception depends on the max session counter in your provider. That is why i have to create new Provider every few files.

Can someone confirm this by signing thousand times?
Am i the only one who is trying to sign thousands files?

Valentin,

Valentin Ivanov wrote

In the light of this I wonder why in your case both the org.btrust.signer.PDFSigner (in initSignPDF() called by signPDF()) and com.lowagie.text.pdf.PdfPKCS7 (in the constructor called by PdfSigGenericPKCS.setSignInfo() which in turn is called by PdfSignatureAppearance.preClose) initialize a P11Signature for signing. Either you allow iText to create the signature or do it yourself externally.

no double signing is required, just the two exceptions are from SAME code but on different packages, I guess that is why you thought I double sign something in the code.

Are you sure? In the former case java.security.Signature.initSign is directly called by org.btrust.signer.PDFSigner.initSignPDF without any iText class at all in the call hierarchy, in the latter it is called by the com.lowagie.text.pdf.PdfPKCS7 constructor where according to the source code of that ancient iText version the Signature instance is non-public and internal.

Anyways, the p11 session handling is done automatically by pairs of initSign and sign. Thus, if you run out of sessions, there seem to be many Signature instances which are initialized for signing but never actually sign. If it is not the duplicate Signature instance initialization I suspected in my prior mail, i.e. if only iText PdfPKCS7 calls Signature.initSign(), then you appear to have very many iText PDF signing attempts discontinued after PdfPKCS7 instantiation and before signature creation.

I have never initialize "P11Signature" class by myself, this class is initialize internally by "java.security.Signature.initSign()".

When I said some software "initialized a P11Signature for signing", I left out the cryptographic stack for brevity's sake.

And about the injection, this is the code I am using to sign PDF (it is 100% the same like HERE):

On the contrary, when I compare your code with the referenced sample, there are differences indeed! Your code:

PdfReader reader = new PdfReader("original.pdf");
[...]
sap.setCrypto(key, chain, null, PdfSignatureAppearance.WINCER_SIGNED);
[...]
PdfPKCS7 sig = sg.getSigner();
Signature sign = Signature.getInstance("SHA1withRSA");
sign.initSign(key);
sign.update(hash);
sig.setExternalDigest(sign.sign(), hash, "RSA");
PdfDictionary dic = new PdfDictionary();
byte[] ssig = sig.getEncodedPKCS7();

The sample:

[...]
PdfPKCS7 sig = sg.getSigner();
sig.setExternalDigest(null, hash, null);
PdfDictionary dic = new PdfDictionary();
byte[] ssig = sig.getEncodedPKCS7();

The sample uses "sig.setExternalDigest(null, hash, null)" which tells iText "Take this hash value and for everything else use the data you already have, especially sign the hash using the key I gave you in sap.setCrypto(key, ...)."

You use "sig.setExternalDigest(sign.sign(), hash, "RSA");" which tells iText "Take this hash value and this externally created signature, especially do not sign anything using the key I gave you in sap.setCrypto(key, ...)."

Thus, you initialize iText code for signing (which calls Signature.initSign() and, thus, requests a session) but then supply a signature yourself, making iText not use its Signature instance which, therefore, holds on to its session.

Here you have the duplicate Signature instance initialization I suspected in my prior mail.

Please could you tell me what line is injecting PrivateKey into iText?

sap.setCrypto(key, ...)

Do you want to tell me that neither Java Providers nor iText have not made opportunity to manually clean the resources? And rely on Java GC. I hope this will be changed in future, otherwise it sounds like a hit under the belt regarding Java language.

They rely on the GC only if someone forgets to use the session he initialized.

The only line i give PrivateKey to iText is PdfSignatureAppearance.setCrypto(PrivKey, chain, null, PdfSignatureAppearance.WINCER_SIGNED);

So you knew all along... ;)

In a nutshell: If you do "PdfSignatureAppearance.setCrypto(PrivKey, ...)", iText will do "Signature.initSign(PrivKey)" during preClose().

Am i the only one who is trying to sign thousands files?

I'm used to use cases with higher throughput.

Regards,   Michael

Hi Mikel, thank you for your attention, and I hope the problem will be resolved soon!

Could you please take a look at the link i have provided, I am sure you took a look at the wrong sample.
They are very close, actually one above another, and i guess you took a look at the one titled "An example with an external hash", but I use the one titled "An example with an external hash and signature"! If this sample has error, so do I.
Thank you in advance

Hi Mikel,

I am close to solve the problem,

I got ti to work this way:

sap.setExternalDigest(null, new byte[20], null);
sig.setExternalDigest(null, hash, null);

But this is "An example with an external hash in Windows Certificate Mode"

I want to do it "An example with an external hash and signature in Windows Certificate Mode", but it doesn't work, I can not figure out why, yet.

in the example is:

sap.setExternalDigest(new byte[128], new byte[20], "RSA");
sig.setExternalDigest(sign.sign(), hash, "RSA");

But this way leaks the sessions in the memory.
What is wrong?
Thank you

Valentin, Paulo,

Valentin Ivanov wrote

Could you please take a look at the link i have provided, I am sure you took a look at the wrong sample. They are very close, actually one above another, and i guess you took a look at the one titled "An example with an external hash", but I use the one titled "An example with an external hash and signature"! If this sample has error, so do I.

Valentin, I looked at the sample which was immediately visible when I followed your link: "An example with an external hash". So ok, let's have a look at the other sample below.

Yes, you are right, that sample does exactly what in my former mail has been recognized as a bad thing in context with sunpkcs11, it initializes iText code for signing (which calls Signature.initSign() and, thus, requests a session) but then supplies an external signature, making iText not use its Signature instance which, therefore, holds on to its session until GC releases it.
 
Paulo, maybe PdfPKCS7 should be changed to apply lazy initialization to its Signature member (at least for signing) --- even in contexts without sessions, initialization for some private key objects might require relevant amounts of resources.

And is the injection of the private key really required in this sample? (I don't use iText signature integration like this; so I do not know if some other required information is retrieved from the private key even if it is not used for actual signing.)

Regards,   Michael

I have set the Private Key to null in sap.setCrypto(), and all is OK now.
Thank you