i wanna create a crypto token with Pkcs11 on ejbca interface with Softhsmv2.

[Babacar98]

@primetomas

I have this problem when i wanna create a crypto token with Pkcs11 on ejbca interface .

2025-01-09 16:41:02,363+0000 ERROR [com.keyfactor.util.keys.token.pkcs11.SunP11SlotListWrapper] (default task-10) Method sun.security.pkcs11.wrapper.PKCS11.CK_C_INITIALIZE_ARGS.getInstance was not accessible, this may be due to a change in the underlying library.: java.lang.IllegalAccessException: class com.keyfactor.util.keys.token.pkcs11.SunP11SlotListWrapper cannot access class sun.security.pkcs11.wrapper.PKCS11 (in module jdk.crypto.cryptoki) because module jdk.crypto.cryptoki does not export sun.security.pkcs11.wrapper to unnamed module @7c10ea75
ejbca-ca | at java.base/jdk.internal.reflect.Reflection.newIllegalAccessException(Unknown Source)
ejbca-ca | at java.base/java.lang.reflect.AccessibleObject.checkAccess(Unknown Source)
ejbca-ca | at java.base/java.lang.reflect.Method.invoke(Unknown Source)
ejbca-ca | at deployment.ejbca.ear//com.keyfactor.util.keys.token.pkcs11.SunP11SlotListWrapper.(SunP11SlotListWrapper.java:144)
ejbca-ca | at deployment.ejbca.ear//com.keyfactor.util.keys.token.pkcs11.SunP11SlotListWrapperFactory.getInstance(SunP11SlotListWrapperFactory.java:74)

[Babacar98]

when i bash into the container and i test the commande "pkcs11-tool --module /usr/lib/softhsm/libsofthsm2.so -l -t"
i have this error :
root@ip-... :~/PKI/containers_ejbca# docker exec -it ejbca-container /bin/bash
I have no name!@********:/$ ls
bin boot dev etc home lib lib32 lib64 libx32 media mnt opt proc root run sbin srv sys tmp usr var
I have no name!@*******:/$ pkcs11-tool --module /usr/local/lib/softhsm/libsofthsm2.so -l -t
bash: pkcs11-tool: command not found

@primetomas,
I wanted to inform you that the library libsofthsm2.so is indeed present in the /usr/local/lib/softhsm directory of my container. Additionally, I have installed the pkcs11-tools module in my Dockerfile to ensure that all necessary tools are available.
However, when I try to execute the following command:
pkcs11-tool --module /usr/local/lib/softhsm/libsofthsm2.so -l -t
I still receive the following error:
bash: pkcs11-tool: command not found
This might indicate an issue with the path or the installation. Could you please help me resolve this issue?
Thank you in advance for your assistance!

[primetomas]

I think you should use p11-tool to initialize the token outside of the container. Then you can simply mount the files and the libsoftmsh2.so, and config files from the container (and multiple instances of the container). I have done that, initializing and locally testing softhsm on my laptop, and mounting the libsoftshm2.so and the files from /var/lib/softhsm into the container.