0

Session logic implemented with IAIK seems to be on top of token, but in case of Virtual Slot (like Luna HSM High Availability) where there is no token present how to obtain a session via the IAIK Java PKCS11 wrapper? Please find the code snippet as below which I use for non HA slots. In the below code if I change the Module.SlotRequirement.TOKEN_PRESENT to Module.SlotRequirement.ALL_SLOTS it will return me the HA slot, but the HA slot will not have a token as it is a virtual slot and hence I am not able to create a session for HA slot with IAIK wrapper

private Session initSession(Module wrapper, int slotId) throws Exception {
    Session session = null;
    try {
        Slot[] slots = wrapper.getSlotList(Module.SlotRequirement.TOKEN_PRESENT);
        Slot selectedSlot = slots[slotId];
        if (selectedSlot == null) {
            throw new Exception("Invalid slot Id" + slotId);
        }
        Token token = selectedSlot.getToken();
        if (token == null) {
            throw new Exception("There is no valid token present in the select slot.");
        }
        Long tokenID = new Long(token.getTokenID());
        TokenInfo tokenInfo = token.getTokenInfo();
        session = token.openSession(Token.SessionType.SERIAL_SESSION,
                Token.SessionReadWriteBehavior.RW_SESSION, null, null);
    }
Venkat
  • 19
  • 2
  • Your question lacks a lot of information. Are you talking about Luna HSM and its HA? As far as I know opening session to the HA slot works the same as for any other slot. You will have to update your question with actual code for opening the session and results/exceptions you are getting. Please add a list showing that HA slot is configured correctly for client (e.g. the output of `slot list` or `ha listGroups`). – vlp Aug 02 '23 at 09:22
  • @vlp 1. Yes I am asking about Luna HSM and HA 2. I have provided the code snippet that I am using for non HA 3. In the above code if I change the Module.SlotRequirement.TOKEN_PRESENT to Module.SlotRequirement.ALL_SLOTS it will return me the HA slot, but the HA slot will not have a token as it is a virtual slot and hence I am not able to create a session for HA slot with IAIK wrapper – Venkat Aug 03 '23 at 11:35

0 Answers0