Adobe Experience Manager Forms

dannyd21850928 · 9/27/21

Hi, to be able to put a certificate on our 'legal' documents (PDF-documents are generated with AEM Forms 6.5) we are using a Luna HSM-server in the cloud.

We are able to make a connection with that server and get the certificate working. So far so good, however after a certain time, when we do a new request to the HSM-server we get a timeout error:

[2021-09-27 11:26:26 5232@dev-aemforms-01 default task-18 KG_Signatures_Common.TekenVeldPDF invoke INFO] [CRLID-20210927112626238] Certify PDF (1/5)
[2021-09-27 11:26:26 5232@dev-aemforms-01 default task-18 com.adobe.truststore.crypto.CryptoUtil logImpl INFO] encryptBytes: Building secret key for length: 16
[2021-09-27 11:26:27 5232@dev-aemforms-01 default task-18 com.adobe.livecycle.signatures.client.types.exceptions.SignaturesBaseException logImpl WARN] ALC-DSS-310-007 Could not create transport provider. (in the operation : getTransportManager)
[2021-09-27 11:26:27 5232@dev-aemforms-01 default task-18 com.adobe.livecycle.signatures.client.types.exceptions.SignaturesBaseException logImpl WARN] ALC-DSS-310-002 Transport Error. (in the operation : obtainByURI)
Caused By: ALC-DSS-310-007 Could not create transport provider. (in the operation : getTransportManager)
[2021-09-27 11:26:27 5232@dev-aemforms-01 ProcessResource@4c783e1b(name=java.exe,pid=0) Error Reader stderr write ERROR] Exception in thread "Thread-10" com.safenetinc.luna.exception.LunaCryptokiException: function 'C_OpenSession' returns 0x30 on slot=1 (CKR_DEVICE_ERROR)
[2021-09-27 11:26:27 5232@dev-aemforms-01 ProcessResource@4c783e1b(name=java.exe,pid=0) Error Reader stderr write ERROR] at com.safenetinc.luna.exception.LunaCryptokiException.ThrowNew(LunaCryptokiException.java:91)
[2021-09-27 11:26:27 5232@dev-aemforms-01 ProcessResource@4c783e1b(name=java.exe,pid=0) Error Reader stderr write ERROR] at com.safenetinc.luna.LunaAPI.OpenSession(Native Method)
[2021-09-27 11:26:27 5232@dev-aemforms-01 ProcessResource@4c783e1b(name=java.exe,pid=0) Error Reader stderr write ERROR] at com.safenetinc.luna.LunaSession.<init>(LunaSession.java:44)
[2021-09-27 11:26:27 5232@dev-aemforms-01 ProcessResource@4c783e1b(name=java.exe,pid=0) Error Reader stderr write ERROR] at com.safenetinc.luna.LunaSlot.getMasterSession(LunaSlot.java:390)
[2021-09-27 11:26:27 5232@dev-aemforms-01 ProcessResource@4c783e1b(name=java.exe,pid=0) Error Reader stderr write ERROR] at com.safenetinc.luna.LunaSlot.logout(LunaSlot.java:356)
[2021-09-27 11:26:27 5232@dev-aemforms-01 ProcessResource@4c783e1b(name=java.exe,pid=0) Error Reader stderr write ERROR] at com.safenetinc.luna.LunaSlotManager.freeAllResources(LunaSlotManager.java:236)
[2021-09-27 11:26:27 5232@dev-aemforms-01 ProcessResource@4c783e1b(name=java.exe,pid=0) Error Reader stderr write ERROR] at com.safenetinc.luna.LunaSlotManager.access$000(LunaSlotManager.java:51)
[2021-09-27 11:26:27 5232@dev-aemforms-01 ProcessResource@4c783e1b(name=java.exe,pid=0) Error Reader stderr write ERROR] at com.safenetinc.luna.LunaSlotManager$1.run(LunaSlotManager.java:220)
[2021-09-27 11:26:27 5232@dev-aemforms-01 ProcessResource@4c783e1b(name=java.exe,pid=0) Error Reader com.adobe.service.ProcessResource logImpl WARN] ALC-BMC-001-024: Service HSMBMCMgmtService: Process ProcessResource@4c783e1b(name=java.exe,pid=0) terminated abnormally with error code {3}
[2021-09-27 11:26:27 5232@dev-aemforms-01 default task-18 com.adobe.livecycle.signatures.client.types.exceptions.SignaturesBaseException logImpl WARN] PKI Generic Exception: (in the operation : executeSign)
Caused By: exception obtaining signature: Exception in signing(null-1)
Caused By: Exception in signing(BMCDelegatorJCESigner.java102)
Caused By: (ORBUtilSystemException.java2400)
Caused By: (ORBUtilSystemException.java2484)
Caused By: An existing connection was forcibly closed by the remote host(SocketDispatcher.java-2)

When we do the same request immediately after the first request, it works fine.

Anybody an idea what could be the cause of this time-out error?

Pulkit_Jain_ · 9/27/21

@dannyd21850928

Please test the same use-case with the latest AEM Forms 6.5.10.0 and raise a support ticket with us, in case the issue persists.

View solution in original post

Pulkit_Jain_ · 9/27/21

@dannyd21850928

I don't see any msg pointing to timeout issues in the stack shared. Did you notice a delay in response/error msg after the new request is sent?

Error code reference specifies ALC-DSS-310-007 "Could not create transport provider" as we do not support HTTPs/LDAPs in FIPS mode but as per the stack, this could be an issue with the device (CKR_DEVICE_ERROR) as AEM Forms makes a connection with the device. More information here[0]. What version of AEM Forms 6.5.x you're testing?

[2021-09-27 11:26:27 5232@dev-aemforms-01 ProcessResource@4c783e1b(name=java.exe,pid=0) Error Reader stderr write ERROR] Exception in thread "Thread-10" com.safenetinc.luna.exception.LunaCryptokiException: function 'C_OpenSession' returns 0x30 on slot=1 (CKR_DEVICE_ERROR)
[2021-09-27 11:26:27 5232@dev-aemforms-01 ProcessResource@4c783e1b(name=java.exe,pid=0) Error Reader stderr write ERROR] at com.safenetinc.luna.exception.LunaCryptokiException.ThrowNew(LunaCryptokiException.java:91)

A subsequent connection is working so shouldn't be an issue with the configuration. If you're able to replicate the issue with the latest 6.5.x, at will, then please log a support ticket to get this issue reviewed by the experts.

[0] - https://stackoverflow.com/questions/22186066/connection-failed-to-hsm-luna-sa-c-initialize-returns-0...