Hello everybody, i got some issue running keymanager kernel service on branch 1.1.5
Here is the error
Caused by: io.mosip.kernel.core.keymanager.exception.NoSuchSecurityProviderException: KER-KMA-001 → Config file invalid; \nnested exception is java.security.ProviderException: Initialization failed\n\tat io.mosip.kernel.keymanager.hsm.impl.pkcs.PKCS11KeyStoreImpl.setupProvider(PKCS11KeyStoreImpl.java:182)\n\tat io.mosip.kernel.keymanager.hsm.impl.pkcs.PKCS11KeyStoreImpl.initKeystore(PKCS11KeyStoreImpl.java:147)\n\tat io.mosip.kernel.keymanager.hsm.impl.pkcs.PKCS11KeyStoreImpl.(PKCS11KeyStoreImpl.java:141)\n\t… 44 common frames omitted\nCaused by: java.security.ProviderException: Initialization failed\n\tat jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11.(SunPKCS11.java:382)\n\tat jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11$1.run(SunPKCS11.java:113)\n\tat jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11$1.run(SunPKCS11.java:110)\n\tat java.base/java.security.AccessController.doPrivileged(Native Method)\n\tat jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11.configure(SunPKCS11.java:110)\n\tat io.mosip.kernel.keymanager.hsm.impl.pkcs.PKCS11KeyStoreImpl.setupProvider(PKCS11KeyStoreImpl.java:179)\n\t… 46 common frames omitted\nCaused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_FUNCTION_NOT_SUPPORTED\n\tat jdk.crypto.cryptoki/sun.security.pkcs11.wrapper.PKCS11.C_Initialize(Native Method)\n\tat jdk.crypto.cryptoki/sun.security.pkcs11.wrapper.PKCS11$SynchronizedPKCS11.C_Initialize(PKCS11.java:1631)\n\tat jdk.crypto.cryptoki/sun.security.pkcs11.wrapper.PKCS11.getInstance(PKCS11.java:166)\n\tat jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11.(SunPKCS11.java:336)\n\t… 51 common frames omitted\n",“appName”:“kernel-keymanager-service”}
My config file
My kernel.default.properties file
mosip.kernel.keymanager.hsm.config-path=/home/mosip/hsm-client/pkcs11.cfg
swahsek
September 24, 2024, 6:25am
2
Dear @kishan_singh91 ,
We would like to inform that the community support for 1.1.5 has ended.
We reccomend using V3 which is 1.2.0, Please refer to documentation here and the ‘Release Notes ’
Best Regards
Team MOSIP
I got this error after few changes in my configs
Caused by: io.mosip.kernel.core.keymanager.exception.NoSuchSecurityProviderException: KER-KMA-001 → Config file invalid; \nnested exception is java.security.ProviderException: Initialization failed\n\tat io.mosip.kernel.keymanager.hsm.impl.pkcs.PKCS11KeyStoreImpl.setupProvider(PKCS11KeyStoreImpl.java:182)\n\tat io.mosip.kernel.keymanager.hsm.impl.pkcs.PKCS11KeyStoreImpl.initKeystore(PKCS11KeyStoreImpl.java:147)\n\tat io.mosip.kernel.keymanager.hsm.impl.pkcs.PKCS11KeyStoreImpl.(PKCS11KeyStoreImpl.java:141)\n\t… 44 common frames omitted\nCaused by: java.security.ProviderException: Initialization failed\n\tat jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11.(SunPKCS11.java:382)\n\tat jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11$1.run(SunPKCS11.java:113)\n\tat jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11$1.run(SunPKCS11.java:110)\n\tat java.base/java.security.AccessController.doPrivileged(Native Method)\n\tat jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11.configure(SunPKCS11.java:110)\n\tat io.mosip.kernel.keymanager.hsm.impl.pkcs.PKCS11KeyStoreImpl.setupProvider(PKCS11KeyStoreImpl.java:179)\n\t… 46 common frames omitted\nCaused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_TOKEN_NOT_RECOGNIZED\n\tat jdk.crypto.cryptoki/sun.security.pkcs11.wrapper.PKCS11.C_OpenSession(Native Method)\n\tat jdk.crypto.cryptoki/sun.security.pkcs11.SessionManager.openSession(SessionManager.java:220)\n\tat jdk.crypto.cryptoki/sun.security.pkcs11.SessionManager.getOpSession(SessionManager.java:148)\n\tat jdk.crypto.cryptoki/sun.security.pkcs11.Token.(Token.java:151)\n\tat jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11.initToken(SunPKCS11.java:1016)\n\tat jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11.(SunPKCS11.java:373)\n\t… 51 common frames omitted\n",“appName”:“kernel-keymanager-service”}
Hi @kishan_singh91 ,
Which version/release did you use and please let us know about the infra you deployed it over.
Regards
Team MOSIP
We are in the process of deploying MOSIP version 1.1.5 and planning to upgrade to version 1.2.0 afterward. Our environment is set up using multiple virtual machines, and we are running the services based on their respective Dockerfiles.
Currently, we have moved past an issue by updating the SoftHSM Dockerfile and converting the service to a proxy using the PKCS#11-proxy configuration.
However, we are now encountering a 401 error when attempting to log in using the client ID and secret with the authmanager service in order to utilize the ID authentication service. We would greatly appreciate your assistance in resolving this issue.
Best regards,
swahsek
October 16, 2024, 12:37pm
6
Dear @kishan_singh91 ,
Thank you for the response, let me ask one of our expert collegues to help you with this and respond to it with inputs.
Best Regards
Team MOSIP