Expand my Community achievements bar.

SOLVED

"HSM Support Not Available" Error

Avatar

Level 2

Hi,

I'm trying to configure an HSM credential under LiveCycle ES2.  I've done all the steps listed in the documentation (established a Network Trust Link, assigned the client to a partition, etc.).  I'm able to run the demo app provided by the HSM vendor and am able to talk to the HSM.  When I try and configure the credential from the LiveCycle adminui, the Test HSM Connectivity fails with the following error in the log:

2010-01-25 16:06:50,561 INFO  [com.adobe.truststore.crypto.CryptoUtil] encryptBytes: Building secret key for length: 16

2010-01-25 16:06:53,817 INFO  [com.adobe.truststore.crypto.CryptoUtil] encryptBytes: Building secret key for length: 16

2010-01-25 16:07:08,508 INFO  [com.adobe.truststore.crypto.CryptoUtil] encryptBytes: Building secret key for length: 16

2010-01-25 16:07:08,509 ERROR [com.adobe.livecycle.signatures.client.types.exceptions.SignaturesBaseRuntimeException] ALC-DSS-300-000 Generic SignaturesBaseException  HSM Support not available (in the operation : getCredential)

2010-01-25 16:07:08,594 INFO  [com.adobe.truststore.crypto.CryptoUtil] encryptBytes: Building secret key for length: 16

2010-01-25 16:07:17,329 INFO  [com.adobe.truststore.crypto.CryptoUtil] encryptBytes: Building secret key for length: 16

2010-01-25 16:07:17,332 ERROR [com.adobe.livecycle.signatures.client.types.exceptions.SignaturesBaseRuntimeException] ALC-DSS-300-000 Generic SignaturesBaseException  HSM Support not available (in the operation : getCredential)

2010-01-25 16:07:17,354 INFO  [com.adobe.truststore.crypto.CryptoUtil] encryptBytes: Building secret key for length: 16

2010-01-25 16:07:17,362 ERROR [com.adobe.livecycle.signatures.client.types.exceptions.SignaturesBaseRuntimeException] ALC-DSS-300-000 Generic SignaturesBaseException  HSM Support not available (in the operation : getSlotsWithTokens)

2010-01-25 16:07:17,363 ERROR [org.jboss.ejb.plugins.LogInterceptor] RuntimeException in method: public abstract java.lang.Object com.adobe.idp.dsc.transaction.impl.ejb.adapter.EjbTransactionBMTAdapterLocal.doRequiresNew(com.adobe.idp.dsc.transaction.TransactionDefinition,com.adobe.idp.dsc.transaction.TransactionCallback) throws com.adobe.idp.dsc.DSCException:

ALC-DSS-300-000 Generic SignaturesBaseException  HSM Support not available (in the operation : getSlotsWithTokens)

com.adobe.livecycle.signatures.hsm.HSMProvider.getSlotsWithTokens(HSMProvider.java:202)

com.adobe.truststore.dsc.HSMCredentialHelper.listSlots(HSMCredentialHelper.java:101)

com.adobe.truststore.dsc.CredentialServiceImpl.listSlots(CredentialServiceImpl.java:482)

sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

java.lang.reflect.Method.invoke(Method.java:597)

com.adobe.idp.dsc.component.impl.DefaultPOJOInvokerImpl.invoke(DefaultPOJOInvokerImpl.java:118)

com.adobe.idp.dsc.interceptor.impl.InvocationInterceptor.intercept(InvocationInterceptor.java:140)

com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptorChainImpl.java:60)

com.adobe.idp.dsc.interceptor.impl.DocumentPassivationInterceptor.intercept(DocumentPassivationInterceptor.java:53)

com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptorChainImpl.java:60)

com.adobe.idp.dsc.transaction.interceptor.TransactionInterceptor$1.doInTransaction(TransactionInterceptor.java:74)

com.adobe.idp.dsc.transaction.impl.ejb.adapter.EjbTransactionBMTAdapterBean.doRequiresNew(EjbTransactionBMTAdapterBean.java:218)

sun.reflect.GeneratedMethodAccessor388.invoke(Unknown Source)

sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

java.lang.reflect.Method.invoke(Method.java:597)

org.jboss.invocation.Invocation.performCall(Invocation.java:359)

org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionContainer.java:237)

org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:158)

org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)

org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)

org.jboss.ejb.plugins.AbstractTxInterceptorBMT.invokeNext(AbstractTxInterceptorBMT.java:173)

org.jboss.ejb.plugins.TxInterceptorBMT.invoke(TxInterceptorBMT.java:77)

org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstanceInterceptor.java:169)

org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:168)

org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)

org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:138)

org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:648)

org.jboss.ejb.Container.invoke(Container.java:960)

org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invoke(BaseLocalProxyFactory.java:430)

org.jboss.ejb.plugins.local.StatelessSessionProxy.invoke(StatelessSessionProxy.java:103)

$Proxy177.doRequiresNew(Unknown Source)

com.adobe.idp.dsc.transaction.impl.ejb.EjbTransactionProvider.execute(EjbTransactionProvider.java:133)

com.adobe.idp.dsc.transaction.interceptor.TransactionInterceptor.intercept(TransactionInterceptor.java:72)

com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptorChainImpl.java:60)

com.adobe.idp.dsc.interceptor.impl.InvocationStrategyInterceptor.intercept(InvocationStrategyInterceptor.java:55)

com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptorChainImpl.java:60)

com.adobe.idp.dsc.interceptor.impl.InvalidStateInterceptor.intercept(InvalidStateInterceptor.java:37)

com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptorChainImpl.java:60)

com.adobe.idp.dsc.interceptor.impl.AuthorizationInterceptor.intercept(AuthorizationInterceptor.java:188)

com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptorChainImpl.java:60)

com.adobe.idp.dsc.interceptor.impl.JMXInterceptor.intercept(JMXInterceptor.java:48)

com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptorChainImpl.java:60)

com.adobe.idp.dsc.engine.impl.ServiceEngineImpl.invoke(ServiceEngineImpl.java:121)

com.adobe.idp.dsc.routing.Router.routeRequest(Router.java:129)

com.adobe.idp.dsc.provider.impl.base.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:93)

com.adobe.idp.dsc.provider.impl.vm.VMMessageDispatcher.doSend(VMMessageDispatcher.java:225)

com.adobe.idp.dsc.provider.impl.base.AbstractMessageDispatcher.send(AbstractMessageDispatcher.java:66)

com.adobe.idp.dsc.clientsdk.ServiceClient.invoke(ServiceClient.java:208)

com.adobe.truststore.ui.impl.TrustStoreProxy.getSlots(TrustStoreProxy.java:903)

com.adobe.truststore.ui.struts.actions.UpdateHSMCommonAction.execute(UpdateHSMCommonAction.java:63)

org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)

org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)

org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)

org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)

javax.servlet.http.HttpServlet.service(HttpServlet.java:710)

javax.servlet.http.HttpServlet.service(HttpServlet.java:803)

org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)

org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

com.adobe.framework.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:173)

org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

com.adobe.truststore.ui.TSAuthFilter.doFilter(TSAuthFilter.java:63)

org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

org.apache.catalina.core.ApplicationFilterChain.doFilter

Any idea on what the problem might be?  Has anyone seen this before?

We've configured HSMs on previous versions of LiveCycle before however this is our first attempt under ES2.

Regards,

Rob

1 Accepted Solution

Avatar

Correct answer by
Level 2

Hi Rob,

Is this a 64 bit Windows with a 64 bit Sun JRE? In case of this combination, HSM is not supported in LiveCycle ES2 out of the box. This is since the 64 bit Windows Sun JRE does not ship with the PKCS#11 JNI Bridge. The support is done via deploying a separate Web Service in a 32 bit Sun JRE on the same machine and accessing this Web Service inside the Livecycle Digital Signature's service using an SPI. The mechanism to do this is available in the Livecycle Digital Signatures Documentation.

View solution in original post

3 Replies

Avatar

Correct answer by
Level 2

Hi Rob,

Is this a 64 bit Windows with a 64 bit Sun JRE? In case of this combination, HSM is not supported in LiveCycle ES2 out of the box. This is since the 64 bit Windows Sun JRE does not ship with the PKCS#11 JNI Bridge. The support is done via deploying a separate Web Service in a 32 bit Sun JRE on the same machine and accessing this Web Service inside the Livecycle Digital Signature's service using an SPI. The mechanism to do this is available in the Livecycle Digital Signatures Documentation.

Avatar

Level 2

Ouch!  That's exactly what the problem is.  I'm using a 64-bit OS and 64-bit JVM.

Can you point me to where in the docs this is?  The docs for 9.0 are not organized by product so I'm having some trouble finding it.  I've checked the
"Preparing to Install", the "Installing and Deploying on JBoss", the "Administration Help", and the "Release Notes".  None of these mention the issue.

Thanks for the help.

Regards,

Rob

Avatar

Level 1

Hi Guys,

Im trying to find this article but I can't found it: Configuring HSM support for LiveCycle ES using Sun JDK on Windows 64-bit platform

Can you please help me?

Regards,

Carlos