Sun PKCS#11 provider is caching PIN in applets

I am coding an applet which uses Sun PKCS#11 provider to encrypt data. But There I am getting a strange problem of PIN caching.
My Scenario_
1. User login: User enters correct pin and Password is encrypted and sent to server.
2. After log off button click, Login screen is displayed again. Now user enters wrong PIN.
3. STRANGE Behavior: The encryption works well with the wrong key.
1. I have removed the provider and readded it again.
2. Created KeyStore again,
But all this results in same problem.

The program is just to simulate the issue. I understand that user have to pass the pin. In our GUI we have our own dialog to get the pin from user and pass it to the PKCS#11 provider that uses the pin while loading the keystore.
cac.load(null, pin); // the pin passed in load method is not used at all
My problem here is even after the proper pin is supplied by the user the active client PIN dialog is prompted. Whereas in LInux JRE this works fine.
We have a command line application where active client dialog popup is not acceptable. We need to get the PIN from user as command argument and load the keystore.
Please let me know if this clarifies the confusion.
Thanks,
Ruhul

Similar Messages

Sun PKCS#11 provider ignores the PIN while loading keystore in Windows JRE

We are using smart card based login in our GUI application. We use active client for Card reader. We are using sun PKCS#11 provider to read certificate from the CARD. In the code we are passing PIN while loading the keystore. It seems the pin is getting ignored and we get active client pin dialog.
PS: In linux JRE the pin passed while loading keystore is working properly.
Below is the code snippet that i used for testing.
public static void main(String arg[]) throws Exception
       try
         //Create our certificates from our CAC Card
        String configName = "card.config";
         Provider p = new sun.security.pkcs11.SunPKCS11(configName);
         Security.addProvider(p);
         char[] pin = { '1', '2', '3', '4', '5', '6' };
         KeyStore cac = null;
         cac = KeyStore.getInstance("PKCS11");
         cac.load(null, pin);
         showInfoAboutCAC(cac);
      catch(Exception ex)
         ex.printStackTrace();
         System.exit(0);
   public static void showInfoAboutCAC(KeyStore ks) throws KeyStoreException, CertificateException, FileNotFoundException, IOException
      Enumeration<String> aliases = ks.aliases();
       int count = 0;
      while (aliases.hasMoreElements())
         String alias = aliases.nextElement();
         X509Certificate[] cchain = (X509Certificate[]) ks.getCertificateChain(alias);
         if (cchain != null){
         System.out.println("Certificate Chain for : " + alias);
         for (int i = 0; i < cchain.length; i ++)
            System.out.println(i + " SubjectDN: " + cchain.getSubjectDN());
System.out.println(i + " IssuerDN: " + cchain[i].getIssuerDN());
content of card.config is
name = myConfig
library = C:\\WINDOWS\\system32\\acpkcs211.dll
Alternative we can see the same behaviour if we run the following command
keytool -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg "E:\work1\card.config" -list
This command will ask ping in the command line and again active client PIN diaolog will be prompted.
Please let me know if this a bug in Sun PKCS#11 provider in Windows and is there any work around to fix the issue.
Enviornmnet Details::
OS Win XP sp3
Java version "1.6.0_17"
Active client library version :
P11 Library:
Name: acpkcs211.dll
Version: 4-0-0-12
Thanks in advanced
Ruhul

The program is just to simulate the issue. I understand that user have to pass the pin. In our GUI we have our own dialog to get the pin from user and pass it to the PKCS#11 provider that uses the pin while loading the keystore.
cac.load(null, pin); // the pin passed in load method is not used at all
My problem here is even after the proper pin is supplied by the user the active client PIN dialog is prompted. Whereas in LInux JRE this works fine.
We have a command line application where active client dialog popup is not acceptable. We need to get the PIN from user as command argument and load the keystore.
Please let me know if this clarifies the confusion.
Thanks,
Ruhul

Problem with Sun PKCS#11 Provider and Ativcard smart card.

Hi,
I'm trying to make a signature with a smartcard.
I have no problem signing with my card in applications such as Microsoft Office, Outlook (they probably use CAPICOM or MS CryptoAPI).
There is only one certificate on my card with non extractable pair of keys.
When I`m using Java based application I have the following problem:
I have Java 1.5.0 installed, and according to the reference guide on:
http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html
I configured "Sun PKCS#11 Provider".
In file:
%JAVA_HOME%/lib/security/java.security I inserted the following lines:
# Configuration for security providers 1..6 omitted
security.provider.7=sun.security.pkcs11.SunPKCS11 C:/pkcs11.cfg
In my case (I`m using ActivCard) The file "C:/pkcs11.cfg" contains:
name = ActivCard
library = c:\windows\system32\acpkcs211.dll
After that I try tu use configured provider with keytool.exe from jsdk.
In cmdline:
c:\Program Files\Java\jdk1.5.0_06\bin>keytool.exe -keystore NONE -storetype PKCS11 -list
Enter keystore password: 1111
Keystore type: PKCS11
Keystore provider: SunPKCS11-ActivCard
Your keystore contains 1 entry
Cinek's dp ID, keyEntry,
Certificate fingerprint (MD5): 36:19:DD:01:2E:A2:C5:F6:51:44:03:74:14:D5:62:C0
So till now everything looks ok. Certificate is accessible.
But when I trying to use jarsigner.exe to sign something:
c:\Program Files\Java\jdk1.5.0_06\bin>jarsigner.exe -keystore NONE -storetype PKCS11 D:\Applet.jar "Cinek's dp ID"
Enter Passphrase for keystore: 1111
jarsigner error: java.lang.NullPointerException
I`ve got the java.lang.NullPointerException !
To find reason of the exception I`ve written simple application, which signs a byte array:
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.util.Enumeration;
public class Main {
     public static void main(String[] args) throws Exception {
          PrivateKey privkey = null;
          char[] pin = { '1', '1', '1', '1' };
          KeyStore smartCardKeyStore = KeyStore.getInstance("PKCS11");
          smartCardKeyStore.load(null, pin);
          Enumeration aliasesEnum = smartCardKeyStore.aliases();
          if (aliasesEnum.hasMoreElements()) {
               String alias = (String) aliasesEnum.nextElement();
               privkey = (PrivateKey) smartCardKeyStore.getKey(alias, null);
               byte[] aDocument = new byte[100];
               Signature signatureAlgorithm = Signature.getInstance("SHA1withRSA");
               signatureAlgorithm.initSign(privkey);
               signatureAlgorithm.update(aDocument);
               byte[] digitalSignature = signatureAlgorithm.sign();
When I`ve run this application in last line in method signatureAlgorithm.sign() I got:
Exception in thread "main" java.lang.NullPointerException
     at java.math.BigInteger.modPow(Unknown Source)
     at sun.security.rsa.RSACore.crtCrypt(Unknown Source)
     at sun.security.rsa.RSACore.rsa(Unknown Source)
     at sun.security.rsa.RSASignature.engineSign(Unknown Source)
     at java.security.Signature$Delegate.engineSign(Unknown Source)
     at java.security.Signature.sign(Unknown Source)
     at Main.main(Main.java:31)
In debug, before this exception variables are:
alias= "Cinek's dp ID"
privkey =
SunPKCS11-ActivCard RSA private key, 1024 bits (id 192168768, token object, not sensitive, extractable)
modulus:          112271510887039102410124262012976131016781096451891854145879061791454872222254764386718257162446565027910080375427552248069203548913907633164297672417327888344423061606707834842776634133861005271620794248782338105033496749719965719732501903618453514554701005390412127008091861831421936757053019877456102263703
public exponent: 65537
private exponent: null
prime p:          null
prime q:          null
prime exponent p: null
prime exponent q: null
crt coefficient: null
As you can see, private key has extractable attribute set, what is wrong. Attribute is set and key has no values.
I think that can be the reason of NullPointerException. (Maybe when extractable = true, sign() methods expects key values filled).
So, I can not sign anything.
I tryed to add some additional attributes to file "C:/pkcs11.cfg":
attributes(*,CKO_PRIVATE_KEY,*) = {
CKA_EXTRACTABLE = false
but with no effect. Key was still extractable.
Can you help me to solve this problem?
PS. I`m using acpkcs211.dll (v3.2.102.0) as an implementation of PKCS#11. (Activcard says that it is PKCS#11 v2.11 implementation)
PS2. Sorry for my english

Can I ask you one question?
Which driver did you specify? I mean the smarcard reader driver or the smartcard itself driver?
If the second, does it come along with the card? because as far as I know I just got the smart card but no software at all (apart the smartcard reader driver).
Can you help me out with this?
thanks in advance,
Marco

How to retrieve public/ private from iKey token using Sun PKCS#11 provider

Dear all,
I'm trying to access one rainbow iKey 2032 token in Java 1.5 (Windows Environment) using Sun PKCS#11 provider. Token is stored with certificate. There is no problem to logging into the token using java.
     Provider p = new sun.security.pkcs11.SunPKCS11(configName);
     Security.addProvider(p);
     KeyStore ks = null;
     try{
          char[] pin = {'P','A','S','S','W','O','R','D'};
          ks = KeyStore.getInstance("pkcs11");
          ks.load(null,pin);
catch(Exception e) {}
Now I am wondering how to retrieve a public and private from token, so that I can encrypt and decrypt a plain text file. Could anyone give me a sample program for this?
Your help is very much appreciated!!

Hi Fred13
1. I have the same pkcs.cfg and get the following trace. Can you help me understand? Does this imply a bad dkck201.dll? I would really like to get this working for my implementation. tia.
lException in thread "main" java.security.ProviderException: Initialization failed
     at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:175)
     at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:76)
     at com.mkp.jce.chap1.ProviderDetail.main(ProviderDetail.java:38)
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_TOKEN_NOT_RECOGNIZED
     at sun.security.pkcs11.wrapper.PKCS11.C_GetTokenInfo(Native Method)
     at sun.security.pkcs11.Token.<init>(Token.java:105)
     at sun.security.pkcs11.SunPKCS11.initToken(SunPKCS11.java:555)
     at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:169)
2. (If I can be so indulgent of your time) Can you provide more information on cbp? I have done a search and there is little on it. It appears to be a new authentication framework tied in with sasl unique to 1.5. Any links for self education would be appreciated.

Problem working with Sun PKCS#11 provider - CKR_USER_NOT_LOGGED_IN

Hi I was trying out the new Sun PKCS#11 provider in J2SE1.5 RC, I am not able to generate RSA certificate and store into the pkcs#11 device (HSM) keystore.
Bellow is the command I gave
java sun.security.tools.KeyTool -genkey -keystore NONE -storetype PKCS11 -genkey -v -alias "acs_visa_server" -keyalg "RSA" -sigalg "SHA1WithRSA" -keysize "1024" -validity "800" -dname "cn=192.168.1.1,ou=Test Technology,o=Test Ltd.,l=Test,S=Test,c=IN"
The output is like this
Enter keystore password: 1234
Generating 1,024 bit RSA key pair and self-signed certificate (SHA1WithRSA)
for: CN=192.168.1.1, OU=Test Technology, O=Test Ltd., L=Test, ST=Test, C=IN
keytool error: java.security.KeyStoreException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_USER_NOT_LOGGED_IN
And is there a way to manage Private Keys i.e., store/delete/exprot to keystore using java code. Thanks in advance for the help.

I am a developer :-), The hsm vendor has just implemented the pkcs#11 dll compliant with PKCS#11 V 2.10. And I am able to access the tokens and generate the keys using there tools written in c++.
It looks like I need to give the user�s pin for the slot and don't know how to provide it. I even tried to do programmatically. Bellow is the code
//--------------- main code -----
char pin[] = "1234".toCharArray();
          KeyStore ks = KeyStore.getInstance("PKCS11", providerName);
          ks.load(null, pin);
          try {
               MyGuiCallbackHandler mcb = new MyGuiCallbackHandler();
               AuthProvider aprov = (AuthProvider)Security.getProvider("SunPKCS11");
               aprov.login(null, mcb);
          } catch (Exception e) {
               System.out.println("Error in login : "+e);
               //return;
String args1[] = new String[]{"-genkey", "-keystore", "NONE", "-storetype", "PKCS11",
               "-genkey", "-v", "-alias", "cert_alias", "-keyalg", "RSA", "-sigalg", "SHA1WithRSA",
               "-keysize", "1024", "-validity", "800", "-dname",
               "cn=192.168.1.1,ou=test,o=test Ltd.,l=test,S=test,c=IN"};
          sun.security.tools.KeyTool.main(args1);
//--------------- help class -----
class MyGuiCallbackHandler implements CallbackHandler {
     public void handle(Callback[] callbacks)
               throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof TextOutputCallback) {
// display the message according to the specified type
TextOutputCallback toc = (TextOutputCallback)callbacks;
switch (toc.getMessageType()) {
case TextOutputCallback.INFORMATION:
System.out.println(toc.getMessage());
break;
case TextOutputCallback.ERROR:
System.out.println("ERROR: " + toc.getMessage());
break;
case TextOutputCallback.WARNING:
System.out.println("WARNING: " + toc.getMessage());
break;
default:
throw new IOException("Unsupported message type: " +
toc.getMessageType());
} else if (callbacks[i] instanceof NameCallback) {
// prompt the user for a username
NameCallback nc = (NameCallback)callbacks[i];
// ignore the provided defaultName
System.err.print(nc.getPrompt());
System.err.flush();
nc.setName((new BufferedReader
(new InputStreamReader(System.in))).readLine());
} else if (callbacks[i] instanceof PasswordCallback) {
// prompt the user for sensitive information
PasswordCallback pc = (PasswordCallback)callbacks[i];
System.err.print(pc.getPrompt());
System.err.flush();
pc.setPassword(readPassword(System.in));
} else {
throw new UnsupportedCallbackException
(callbacks[i], "Unrecognized Callback");
     // Reads user password from given input stream.
     private char[] readPassword(InputStream in) throws IOException {
System.out.println(:"Sending pin has 9876");
return "9876".toCharArray();
And this is the output
Error in login : java.lang.NullPointerException
Generating 1,024 bit RSA key pair and self-signed certificate (SHA1WithRSA)
for: CN=192.168.1.1, OU=test, O=test., L=test, ST=test, C=IN
keytool error: java.security.KeyStoreException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_USER_NOT_LOGGED_IN
Thanks again

XML Digital Signature and sun PKCS#11

Hi,
I am trying to use xmldsig/xmlsec from Java Web Services Developer's Pack to do signing of XML documents. My goal is to use the keys from the card via sunpkcs11 to perform this signature.
At this stage, i'm able to get the correct key from the card via sun pkcs 11 (J2SE 5) and able to sign some data with it.
However, when i try to sign a xml document via xmldsig, i get the error which i believe to occur while trying to read the private key from the card as a string, which results in a "not a byte[]" exception.
At this stage, are there any ways to configure the xmldsig/xmlsec to use the pkcs11 provider?
I understand that the current implementation of XML Digital signature is using apache XML libraries. Is the source code for the wsdp downloadable from SUN?
If not, will it be possible to make use of the open-source apache XML jars, set it up for pkcs11 and use it instead?
Finally, has anyone done what I'm trying to do? Will be glad to know
Thank u in advance,
Louis

Hello
Did you resolve yout problem, because i have the same when i try to sign message
String testData = "Hello World";
p11KeyStore = KeyStore.getInstance("PKCS11");
p11KeyStore.load(null, new char[] {'1', '2', '3', '4'});
sig = Signature.getInstance("SHA1withRSA");
sig.initSign( (PrivateKey) p11KeyStore.getKey(myAlias, null));
sig.update(testData.getBytes());
signatureBytes = sig.sign()
This code fails and i get java.lang.RuntimeException: Not a byte[]
at sun.security.pkcs11.wrapper.CK_ATTRIBUTE.getBigInteger(CK_ATTRIBUTE.java:168)
at sun.security.pkcs11.P11Key$P11RSAPrivateKey.fetchValues(P11Key.java:419)

Sun PKCS#11 NSS Problem with CA Certificates

There appears to be a problem with the Sun PKCS#11 provider's NSS specific functionality.
If Firefox 2.x based KeyStore is loaded which contains CA Certificates which have been imported into the the standard "Software Security Device" (and are therefore not in the root store) they are not visible as Certificate Entries when enumerating the KeyStore aliases.
If a personal key/cert pair is present then the corresponding CA Certs can be obtained via KeyStore.getCertificateChain(alias) but this doesn't help when I have other CA's present that need to be accessed.
These additional CA Certificates are visible via the FireFox "Certificate Manager" and via the JSS API's - anyone aware of this problem ?

You need to use the trustanchors nssModule, read the JavaTM PKCS#11 Reference Guide at --
http://java.sun.com/javase/6/docs/technotes/guides/security/p11guide.html#Config
For example, you can write your config file like this --
name=NSS
nssSecmodDirectory=path_of_your_dbs
nssLibraryDirectory=path_of_dll_or_so
nssModule=trustanchors

How to clear the cache of an applet?

I m working on an applet displaying images for client side. So server will send me an image(picture),but for the first time i display the image,it will be successfully. when i want to view another new image ,it display the previous image, so i suspect the problem is the cache of the applet.so how do i clear the cache of an applet?

This is quiet clear:
http://java.sun.com/products/plugin/1.3/docs/appletcaching.html
On Windows platform the Java Control Panel has also a "clear cache" option.
Anyway you may find the cache on your harddrive.
Hope that helps.

JCE requires: java.lang.RuntimePermission requires accessClassInPackage.sun.security.provider

I'm trying to use the JCE with JWS1.0.2. All I want to do is generate a KeyPair and I can NOT use a signed application. The code is:
public static KeyPair genDHKeyPair() throws Exception {
// properties...
DHParameterSpec dhSkipParamSpec;
dhSkipParamSpec = new      DHParameterSpec(skip1024Modulus, skip1024Base);
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DH");
keyPairGenerator.initialize(dhSkipParamSpec);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
return keyPair;
I'm using JDK1.4. This code works fine outside of JWS.
If I call this code I get an exception that states I need the stated RuntimePermission. IMHO this is a bug because I should be able to make use of simple standard extension methods like this. Is getting an instance of a KeyPairGenerator and generating a key pair a security risk?
The fix for this should be a simple addition to the security policy for JWS which gives SUN javax.crypto code access to the appropriate RuntimePermission.
Can anyone think of a reason why NOT to do this?
Thank you.
BTW, here's the Exception you would get if you tried this:
java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.security.provider)
     at java.security.AccessControlContext.checkPermission(AccessControlContext.java:270)
     at java.security.AccessController.checkPermission(AccessController.java:401)
     at java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
     at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1513)
     at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:262)
     at java.lang.ClassLoader.loadClass(ClassLoader.java:299)
     at java.lang.ClassLoader.loadClass(ClassLoader.java:262)
     at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:322)
     at com.wss.calendar.client.swing.Main.main(Main.java:47)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:324)
     at com.sun.javaws.Launcher.executeApplication(Launcher.java:739)
     at com.sun.javaws.Launcher.executeMainClass(Launcher.java:701)
     at com.sun.javaws.Launcher.continueLaunch(Launcher.java:584)
     at com.sun.javaws.Launcher.handleApplicationDesc(Launcher.java:328)
     at com.sun.javaws.Launcher.handleLaunchFile(Launcher.java:166)
     at com.sun.javaws.Launcher.run(Launcher.java:134)
     at java.lang.Thread.run(Thread.java:536)

hi there,
Please I have the same problem in an applet that uses DSA with the following call:
pkey = (PublicKey) new DSAPublicKey(server_pub_key);
The Exception i am having on the console is
java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.security.provider)
Note that I am NOT using JCE and that both netscape and IE browsers gave this error
Can somebody help me please?
Thanks in advance,
JPDib

Library Cache Pin Wait Event (within the context of APEX)

Hello,
Firstly -
Oracle Version: 10.2.0.4.0
Apex Version: 3.0.1.00.08
Okay, my colleague (no really! This isn't one of those "Ahem ... A friend of mine has contracted something nasty +downstairs+..."-type questions) is having problems compiling a package (using TOAD incidentally, but it's the same in SQL Developer).
I've searched the forum and the web for a bit of help on what's maybe happening here and it appears to be related to a concurrency conflict with the package definition - from what I can understand it's a case of the package is in use by another session, therefore another session cannot alter it at the same time (which makes sense)
"What does this have to do with APEX?"... well, he is working on this package using the following methodology:
1. Compile the package body/spec (as necessary - body more often obviously)
2. run an apex page which uses the code in a process, which may or may not result in the error page being displayed
3. Making changes to the package body/spec
repeat steps 1-3 ad nauseum...
He is the only user directly accessing the schema (and the only user accessing the page via APEX too, although I appreciate this isn't quite the same thing).
I was wondering if, due to the architecture of APEX (the use of session pools etc), the state of a package might be being retained in some manner, thus resulting in this library cache pin wait event? If so, is there anything I can do to mitigate against this occurring?
p.s. the only difference I can see between this particular package and any other package in the schema is that this one interacts with blobs (including making references to the wwv_flow_files view) - with blobs being passed as parameters between procedures (thus potentially creating temporary blobs which may or may not being closed).
Any ideas?
p.p.s. there are also no DBMS_SCHEDULER jobs or anything that might potentially be running the code incidentally...
Edited by: Joel_C on 11-Nov-2011 11:58
We got our DBAs to run a bit of code to identify the blocking session:
select
         decode(lob.kglobtyp, 0, 'NEXT OBJECT', 1, 'INDEX', 2, 'TABLE', 3, 'CLUSTER',
                      4, 'VIEW', 5, 'SYNONYM', 6, 'SEQUENCE',
                      7, 'PROCEDURE', 8, 'FUNCTION', 9, 'PACKAGE',
                      11, 'PACKAGE BODY', 12, 'TRIGGER',
                      13, 'TYPE', 14, 'TYPE BODY',
                      19, 'TABLE PARTITION', 20, 'INDEX PARTITION', 21, 'LOB',
                      22, 'LIBRARY', 23, 'DIRECTORY', 24, 'QUEUE',
                      28, 'JAVA SOURCE', 29, 'JAVA CLASS', 30, 'JAVA RESOURCE',
                      32, 'INDEXTYPE', 33, 'OPERATOR',
                      34, 'TABLE SUBPARTITION', 35, 'INDEX SUBPARTITION',
                      40, 'LOB PARTITION', 41, 'LOB SUBPARTITION',
                      42, 'MATERIALIZED VIEW',
                      43, 'DIMENSION',
                      44, 'CONTEXT', 46, 'RULE SET', 47, 'RESOURCE PLAN',
                      48, 'CONSUMER GROUP',
                      51, 'SUBSCRIPTION', 52, 'LOCATION',
                      55, 'XML SCHEMA', 56, 'JAVA DATA',
                      57, 'SECURITY PROFILE', 59, 'RULE',
                      62, 'EVALUATION CONTEXT',
                     'UNDEFINED') object_type,
         lob.KGLNAOBJ object_name,
         pn.KGLPNMOD lock_mode_held,
         pn.KGLPNREQ lock_mode_requested,
         ses.sid,
         ses.serial#,
         ses.username
    FROM
       x$kglpn pn,
       v$session ses,
       x$kglob lob,
       v$session_wait vsw
WHERE
   pn.KGLPNUSE = ses.saddr and
   pn.KGLPNHDL = lob.KGLHDADR
   and lob.kglhdadr = vsw.p1raw
   and vsw.event = 'library cache pin'
order by lock_mode_held descresults as follows (I've changed some object names to protect the ignorant):
OBJECT_TYP OBJECT_NAME                   LOCK_MODE_HELD LOCK_MODE_REQUESTED        SID    SERIAL# USERNAME
PACKAGE    PKG_FOOBAR                             2                   0        356      21694 HTMLDB_PUBLIC_U
                                                                                                  SER
PACKAGE    PKG_FOOBAR                             0                   3        463      22309 FOOHTMLDB_PUBLIC_USER is the apex user incidentally. The session is marked in the v$session table as "inactive", the last statement being
Begin
   Dbms_session.reset_package;
End;Edited by: Joel_C on 11-Nov-2011 14:39

bump
No-one?
The problem seems to have 'resolved itself' over the weekend incidentally (although I don't believe anything truly resolves itself in this manner - something must have changed).

Error occurred during storage enumeration. The provider`s cache is empty.

Hello all,
I`m currently experimenting with Server 2012 and I faced an issue, while trying to play around with Storage Pools. My Server manager fails on refreshing disk volumes with the above mentioned error. More specifically:
Error occurred during storage enumeration.
Error occurred during enumeration of physical disk and storage pool associations: The provider's cache is empty. [Request = MSFT_SMDiskDriveToPool]
Error occurred during storage enumeration.
Error occurred during enumeration of physical disk: The provider's cache is empty. [Request = MSFT_SMDiskDrive]
There are 6 more errors with the same content, but for different things: Storage pools, Storage Pool capabilities; storage subsystem and pool associations;etc...
Also I see the same error in powershell:
PS C:\Users\Administrator> Get-PhysicalDisk
FriendlyName CanPool OperationalStatus HealthStatus Usage
Size
PhysicalDisk2 False OK Healthy Auto-Select
2 GB
PhysicalDisk3 False OK Healthy Auto-Select
2 GB
PhysicalDisk4 False OK Healthy Auto-Select
1 GB
PhysicalDisk5 False OK Healthy Auto-Select
1 GB
PhysicalDisk0 False OK Healthy Auto-Select
931.51 GB
PhysicalDisk1 False OK Healthy Auto-Select
931.51 GB
Get-PhysicalDisk : The provider's cache is empty. [Request = MSFT_SMDiskDrive]
At line:1 char:1
+ Get-PhysicalDisk
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (MSFT_SMDiskDrive:ROOT/Microsoft/...FT_PhysicalDisk) [Get-PhysicalDisk], C
imException
+ FullyQualifiedErrorId : 40003,Get-PhysicalDisk
I run Update-StorageProviderCache:
PS C:\Windows\system32> Update-StorageProviderCache -DiscoveryLevel Level3 -PassThru
Type Name
Manufacturer
SMP Storage Spaces Management Provider Microsoft
Corporation
with no luck.
What could be the problem. Could somebody also explain me what this cache is used for?
Thanks in advance.
BR,
Svilen

in what you pasted you didnt run powershell as admin with "Get-PhysicalDisk" while with "Update-StorageProviderCache
-DiscoveryLevel Level3 -PassThru" you did run it as admin
Run powershell as admin and please see if that makes a difference for you.
MCITP:SA:EA:EMA2010:VA2008R2

Library cache pin when accessing apex_application_page_regions

Hi,
Oracle 11.2.0.3.0, APEX 4.1.1.00.23.
I am trying to compile a procedure that access apex_application_page_regions to get the region source of a report :
BEGIN
     -- get report region source
     SELECT region_source
          INTO l_source
          FROM apex_application_page_regions
      WHERE application_id = p_app_id
           AND page_id = p_app_page_id
           AND static_id = p_report;
END;I can't compile the procedure. After some time I get ORA-04021: timeout occured while waiting to lock object.
From v$session :
STATUS     SERVER          PROGRAM          SQL_EXEC_START          BLOCKING_SESSION_STATUS     BLOCKING_INSTANCE     BLOCKING_SESSION     EVENT               P1TEXT          WAIT_CLASS     STATE
ACTIVE     DEDICATED     plsqldev.exe     07/02/2012 09:12:52     VALID               1               971               library cache pin     handle address     Concurrency     WAITINGI am forced to ask developers to close all APEX instances to kill sessions, to be able to compile the procedure...
Is there any way to bypass this ?
Thank you.
Yann.

Yann39 wrote:
Hi,
Oracle 11.2.0.3.0, APEX 4.1.1.00.23.
I am trying to compile a procedure that access apex_application_page_regions to get the region source of a report :
BEGIN
     -- get report region source
     SELECT region_source
          INTO l_source
          FROM apex_application_page_regions
      WHERE application_id = p_app_id
           AND page_id = p_app_page_id
           AND static_id = p_report;
END;I can't compile the procedure. After some time I get ORA-04021: timeout occured while waiting to lock object.
From v$session :
STATUS     SERVER          PROGRAM          SQL_EXEC_START          BLOCKING_SESSION_STATUS     BLOCKING_INSTANCE     BLOCKING_SESSION     EVENT               P1TEXT          WAIT_CLASS     STATE
ACTIVE     DEDICATED     plsqldev.exe     07/02/2012 09:12:52     VALID               1               971               library cache pin     handle address     Concurrency     WAITINGI am forced to ask developers to close all APEX instances to kill sessions, to be able to compile the procedure...
Is there any way to bypass this ?
Thank you.
Yann.I previously had a problem similar to this. (Un)fortunately, the issue appeared to solve itself...
Library Cache Pin Wait Event (within the context of APEX)

Problem in accessing 2 certificates in smart card using Sun PKCS11 Provider

I have stored 2 certificates in iKey. To acess and use them in Java I am using Sun PKCS11 Provider.
The program is .
1. The keyStore.aliases() is returning 1 alias only(instead of 2).
2. Throwing following error when accessing the private key using
code: PrivateKey pvt = keyStore.getKey(alias, null);
Error Message Detail:
"KeyStoreException: invalid KeyStore state: found 2 private keys sharing CKA_ID 0x00"
at Sun .. P11KeyStore.getTokenObject(P11KeyStore.java:2135)
at ...P11KeyStore.engineGetKey(P11KeyStore.java:292

Did you look at this, Does it help you, Since no one has answered all day, and I will assume you searched for that error first, perhaps you could provide some more detail?
http://forum.java.sun.com/thread.jspa?threadID=5195275&tstart=15
Message was edited by:
mdares

How to resolve Library Cache Pin waits?

Hai All,
I grant a select privilage on a table to another user. Then my session hangs. after 5 minutes a message present that is 'ORA-04021: timeout occurred while waiting to lock object....' etc.
I query the v$session_wait and see a Library Cache pin wait present in my session. I copy the p1raw column from here and put into some x$ tables and v$session then I can identify one session using a application using that table. I kill that session . then my grant privilage query works..
So what is library cache pin waits.. How to identify in application...How to resolve it? it resolve in database level or application level?
Please Help..
Shiju

Most common cause of library cache pin wait event are
-- Not use binding variables in the query
-- Some one keeps modify the schema objects
library cache pin
This event manages library cache concurrency. Pinning an object causes the heaps to be loaded into memory. If a client wants to modify or examine the object, the client must acquire a pin after the lock.
Wait Time: 3 seconds (1 second for PMON)
Parameter Description
handle address Address of the object being loaded
pin address Address of the load lock being used. This is not the same thing as a latch or an enqueue, it is basically a State Object.
mode Indicates which data pieces of the object that needs to be loaded
namespace See "namespace"

Error "java.lang.NoClassDefFoundError: sun/security/provider/Sun" in 10.1.2

Hi,
I developed an ADF UIX application in JDeveloper 10.1.2. It works fine when I run on embedded oc4j in my machine.
I deployed it to Oracle Application Server 10g in AIX. When I run the application from the Application Server and try to open a uix page with data I get the following error:
500 Internal Server Error
java.lang.NoClassDefFoundError: sun/security/provider/Sun at oracle.jbo.common.ampool.PoolMgr.createPool(PoolMgr.java:280) at oracle.jbo.common.ampool.PoolMgr.findPool(PoolMgr.java:482) at oracle.jbo.common.ampool.ContextPoolManager.findPool(ContextPoolManager.java:165) at oracle.adf.model.bc4j.DataControlFactoryImpl.findOrCreateSessionCookie(DataControlFactoryImpl.java(Compiled Code)) at oracle.adf.model.bc4j.DataControlFactoryImpl.createSession(DataControlFactoryImpl.java(Compiled Code)) at oracle.adf.model.binding.DCDataControlReference.getDataControl(DCDataControlReference.java(Compiled Code)) at oracle.adf.model.BindingContext.get(BindingContext.java(Compiled Code)) at oracle.adf.model.binding.DCUtil.findSpelObject(DCUtil.java:228) at oracle.adf.model.binding.DCUtil.findContextObject(DCUtil.java:308) at oracle.adf.model.binding.DCIteratorBinding.<init>(DCIteratorBinding.java:127) at oracle.jbo.uicli.binding.JUIteratorBinding.<init>(JUIteratorBinding.java:59) at oracle.jbo.uicli.binding.JUIteratorDef.createIterBinding(JUIteratorDef.java:58) at oracle.jbo.uicli.binding.JUIteratorDef.createIterBinding(JUIteratorDef.java:47) at oracle.adf.model.binding.DCBindingContainerDef.createIterBindings(DCBindingContainerDef.java(Compiled Code)) at oracle.adf.model.binding.DCBindingContainerDef.createBindingContainer(DCBindingContainerDef.java(Compiled Code)) at oracle.adf.model.binding.DCBindingContainerReference.getBindingContainer(DCBindingContainerReference.java(Inlined Compiled Code)) at oracle.adf.model.BindingContext.get(BindingContext.java(Compiled Code)) at oracle.adf.model.binding.DCUtil.findSpelObject(DCUtil.java:228) at oracle.adf.model.binding.DCUtil.findContextObject(DCUtil.java:308) at oracle.adf.model.binding.DCUtil.findBindingContainer(DCUtil.java:536) at oracle.adf.controller.lifecycle.LifecycleContext.initialize(LifecycleContext.java:121) at oracle.adf.controller.lifecycle.LifecycleContext.initialize(LifecycleContext.java:77) at oracle.adf.controller.struts.actions.DataActionContext.initialize(DataActionContext.java:51) at oracle.adf.controller.struts.actions.DataAction.execute(DataAction.java:150) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507) at javax.servlet.http.HttpServlet.service(HttpServlet.java(Compiled Code)) at javax.servlet.http.HttpServlet.service(HttpServlet.java(Compiled Code)) at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java(Compiled Code)) at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java(Compiled Code)) at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java(Compiled Code)) at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java(Compiled Code)) at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java(Compiled Code)) at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.AJPRequestHandler.run(AJPRequestHandler.java(Compiled Code)) at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.AJPRequestHandler.run(AJPRequestHandler.java(Compiled Code)) at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java(Compiled Code)) at java.lang.Thread.run(Thread.java:568)
Can anybody tell/help why I am getting this error?
Thanks
Syed

I believe this counts to be a bug in adf. I met with such errors as well in migration 1012 from NT to AIX platform, and after decompiling adf jar code and tak a look at it, the following code block indicates that In class- oracle.jbo.client.Configuration
, it is hard coded to get secure provider- sun/security/provider/Sun, as listed below...
import sun.security.provider.Sun;
static void checkSecurityProviders()
Provider aprovider[] = Security.getProviders();
boolean flag = false;
for(int i = 0; i < aprovider.length; i++)
if(!aprovider.getName().equals("SUN"))
continue;
flag = true;
break;
if(!flag)
try
Sun sun = new Sun();
Security.addProvider(sun);
catch(Exception exception)
exception.printStackTrace();
Adam

Sun PKCS#11 provider is caching PIN in applets

Similar Messages

Maybe you are looking for