Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failed to load the keystore when running in CI/CD Pipeline #132

Closed
mrshorten opened this issue Aug 25, 2022 · 3 comments
Closed

Failed to load the keystore when running in CI/CD Pipeline #132

mrshorten opened this issue Aug 25, 2022 · 3 comments
Labels
question

Comments

@mrshorten
Copy link

mrshorten commented Aug 25, 2022
edited
Loading

I am attempting to automate Code signing from our bamboo server. Everything seems to work well when remotely logged into the machine using this command:

java -jar C:\Users\USER\jsign-4.1.jar --keystore C:\Users\USER\eToken.cfg --alias "ALIAS" --storetype PKCS11 --storepass PASSWORD --alg SHA-256 --tsaurl http://timestamp.digicert.com --tsmode RFC3161 FILE_TO_SIGN

However when running that same command as part of a build task i get the following error. The bamboo service is running as the same user that i remotely logged into. Any thoughts would be greatly appreciated.

jsign: Failed to load the keystore C:\Users\USER\eToken.cfg
--
 java.security.KeyStoreException: keystore type 'PKCS11' is not supported
at net.jsign.KeyStoreUtils.load(KeyStoreUtils.java:77)
at net.jsign.SignerHelper.build(SignerHelper.java:388)
at net.jsign.SignerHelper.sign(SignerHelper.java:562)
at net.jsign.JsignCLI.execute(JsignCLI.java:117)
at net.jsign.JsignCLI.main(JsignCLI.java:40)
Caused by: java.security.KeyStoreException: PKCS11 not found
at java.security.KeyStore.getInstance(KeyStore.java:940)
at net.jsign.KeyStoreUtils.load(KeyStoreUtils.java:72)
 ... 4 more
Caused by: java.security.NoSuchAlgorithmException: no such algorithm: PKCS11 for provider SunPKCS11-eToken
at sun.security.jca.GetInstance.getService(GetInstance.java:101)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:218)
at java.security.Security.getImpl(Security.java:724)
at java.security.KeyStore.getInstance(KeyStore.java:937)
 ... 5 more
@ebourg
Copy link
Owner

ebourg commented Aug 27, 2022

It looks like Jsign can't access the hardware token. Are you sure the build is run in the same environment and not inside a container lacking access to the token?

@tresf
Copy link

tresf commented Mar 30, 2023

What Java version? It might be an upstream bug. corretto/corretto-8#306

@ebourg
Copy link
Owner

ebourg commented Mar 30, 2023

I don't think it'is related to this issue, this looks more like a bad SunPKCS11 configuration.

@mrshorten could you try again with the -Djava.security.debug=sunpkcs11 parameter?

Repository owner locked and limited conversation to collaborators Aug 10, 2023
@ebourg ebourg converted this issue into discussion #170 Aug 10, 2023

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ebourg @tresf @mrshorten