1

I tried to initialized dynamically SunPKCS11 provider using OpenJDK 8 1.8.0_322 (on Linux) but get the following exception:

java.lang.ExceptionInInitializerError at AES256.init(AES256.java:26) at AES256.encrypt(AES256.java:76) at AES256Example.main(AES256Example.java:20) Caused by: java.lang.NullPointerException at sun.security.pkcs11.SunPKCS11.(SunPKCS11.java:67)

the part of code that cause this issue:

File homedir = new File(System.getProperty("java.home"));
File fileToRead = new File(homedir, "/lib/security/nss.fips.cfg");
Provider p = new sun.security.pkcs11.SunPKCS11(fileToRead.getPath()); <<< this line causes exception

The content of nss.fips.cfg:

name = NSS-FIPS
nssLibraryDirectory = /usr/lib64
nssSecmodDirectory = sql:/etc/pki/nssdb
nssDbMode = readOnly
nssModule = fips

If I initialize SunPKCS11 with the same nss.fips.cfg it works correctly. The provider for SunPKCS11 is libsoftokn3.so.

What do I do wrong?

What is a solution of this issue?

user207421
  • 305,947
  • 44
  • 307
  • 483
Sinica87
  • 21
  • 3
  • 1
    Could you please include the complete stack trace? Also, are you sure about the version "OpenJDK 8 1.8.0_322"? Assuming [this is the code for that version](https://github.com/openjdk/jdk8u/blob/jdk8u322-ga/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java#L67), there is no Java code in line 67, only a comment. – Marcono1234 Apr 23 '23 at 13:26
  • 1
    Also, what do you mean by "If I initialize SunPKCS11 with the same nss.fips.cfg it works correctly"? Is that a typo in your question? Because as mentioned in your question you are trying to initialize SunPKCS11 and that does not work? – Marcono1234 Apr 23 '23 at 13:27
  • The [Note about `sun.*` classes](http://java.sun.com/products/jdk/faq/faq-sun-packages.html) has been there since at least Java 1.6, more than 20 years ago. Do not use. There are other correct ways to get what you want. – user207421 Apr 26 '23 at 10:03

1 Answers1

1

Thanks very much for your efforts, but I found the cause of this issue.

The issue occurs because in Suse 15, the constructor of the SunPKCS11 class was changed.

The constructor tries to determine if system fips is enabled but the object used to perform this checking was not initialized. This object is initialized in "Security" class.

mrblue6
  • 587
  • 2
  • 19
Sinica87
  • 21
  • 3