How to get number of password retries in eToken SafeNet by IAIK PKCS#11
I use Java and IAIK to read eToken info.
Module pkcs11Module = Module.getInstance("PKCS11.dll");
pkcs11Module.initialize(null);
Slot[] slotsWithToken = pkcs11Module.getSlotList(Module.SlotRequirement.TOKEN_PRESENT);
log.info("number of slots: {}", slotsWithToken.length);
Token[] tokens = new Token[slotsWithToken.length];
for (int i = 0; i < slotsWithToken.length; i++) {
Session session = null;
TokenInfo tokenInfo = null;
try {
tokens[i] = slotsWithToken[i].getToken();
tokenInfo = tokens[i].getTokenInfo();
This is the information I took out:
Information returned only 'Security Officer PIN final Try' true of false. However I need to know how many times I have to re-enter the password so that I can notify the user. I've searched online but there's no positive result.
Solution
Using standard pkcs#11 calls, there is no way to get the actual number of (possible) retries.
For the user's pin, there are the flags:
- CKF_USER_PIN_COUNT_LOW and
- CKF_USER_PIN_FINAL_TRY
For the SO pin, there are the flags:
- CKF_SO_PIN_COUNT_LOW and
- CKF_SO_PIN_FINAL_TRY
Which you can check on the TokenInfo class. So you can 'only' display a warning on the final try. Please also refer to the pkcs#11 specification.
However, as Alexander mentioned in another answer there might be a vendor defined api for this.
- Is there a java.time equivalent of DateTime.dayOfYear().isLeap()?
- WordNet Java API
- Why use a ReentrantLock if one can use synchronized(this)?
- How to format a ZonedDateTime to a String?
- How to short circuit when using a parallel stream with filter and findFirst
- Stream distinct with nested list counts and matching nested list item counts
- Timezone changes are not being persisted in Spring-Boot application
- how to convert decimal to hexadecimal in java
- Why does pattern matching with switch on InetAddress fail with 'does not cover all possible input values'?
- Jackson to parse bean<t> with list of T beans
- Catch a generic exception in Java?
- How to get the whole text of StAX XMLEvent object?
- The www-authenticate header breaks JettyClientHttpConnector
- Why should I use @NaturalId?
- Can't reproduce virtual thread pinning (jdk 21), yet mysql not as parallel as should be
- how to move slider towards left and right using selenium java
- Format of Date in the JavaFX.TableView
- Launch Jetty 9 Programmatically
- Spring JdbcTemplate fail to convert String to Enum (that extend specific interface), since default converter is called even if removed
- GET Request Returning Empty Object in SpringBoot
- Trying to draw box around checkbox and display text using pdfbox
- Extracting date, hour and minute from Instant.now() generated date
- Tail Call Optimisation in Java
- Spring Boot Angular18 Uploading Photo
- What is a IOException, and how do I fix it?
- What does %5B and %5D in POST requests stand for?
- Why couldn't Integer type convert to Double type automatically in Java8 stream API?
- Spring Boot default H2 jdbc connection (and H2 console)
- No content to map due to end-of-input jackson parser
- How to properly add HTTP header in WebService Client (Spring Web Services)