Search in sources :

Example 16 with P11TokenException

use of org.xipki.security.pkcs11.P11TokenException in project xipki by xipki.

the class IaikP11SlotUtil method singleLogin.

static void singleLogin(Session session, long userType, char[] pin) throws P11TokenException {
    char[] tmpPin = pin;
    // some driver does not accept null PIN
    if (pin == null) {
        tmpPin = new char[] {};
    }
    String userTypeText = getUserTypeText(userType);
    try {
        session.login(userType, tmpPin);
        LOG.info("login successful as user " + userTypeText);
    } catch (TokenException ex) {
        // 0x100: user already logged in
        if (ex instanceof PKCS11Exception && ((PKCS11Exception) ex).getErrorCode() == 0x100) {
            LOG.info("user already logged in");
        } else {
            LOG.info("login failed as user " + userTypeText);
            throw new P11TokenException("login failed as user " + userTypeText + ": " + ex.getMessage(), ex);
        }
    }
}
Also used : PKCS11Exception(iaik.pkcs.pkcs11.wrapper.PKCS11Exception) P11TokenException(org.xipki.security.pkcs11.P11TokenException) P11TokenException(org.xipki.security.pkcs11.P11TokenException) DEROctetString(org.bouncycastle.asn1.DEROctetString)

Example 17 with P11TokenException

use of org.xipki.security.pkcs11.P11TokenException in project xipki by xipki.

the class IaikP11SlotUtil method getMechanism.

// method digestKey0
static Mechanism getMechanism(long mechanism, P11Params parameters) throws P11TokenException {
    Mechanism ret = Mechanism.get(mechanism);
    if (parameters == null) {
        return ret;
    }
    Parameters paramObj;
    if (parameters instanceof P11Params.P11RSAPkcsPssParams) {
        P11Params.P11RSAPkcsPssParams param = (P11Params.P11RSAPkcsPssParams) parameters;
        paramObj = new RSAPkcsPssParameters(param.getHashAlgorithm(), param.getMaskGenerationFunction(), param.getSaltLength());
    } else if (parameters instanceof P11Params.P11ByteArrayParams) {
        paramObj = new OpaqueParameters(((P11Params.P11ByteArrayParams) parameters).getBytes());
    } else if (parameters instanceof P11Params.P11IVParams) {
        paramObj = new InitializationVectorParameters(((P11Params.P11IVParams) parameters).getIV());
    } else {
        throw new P11TokenException("unknown P11Parameters " + parameters.getClass().getName());
    }
    ret.setParameters(paramObj);
    return ret;
}
Also used : InitializationVectorParameters(iaik.pkcs.pkcs11.parameters.InitializationVectorParameters) RSAPkcsPssParameters(iaik.pkcs.pkcs11.parameters.RSAPkcsPssParameters) OpaqueParameters(iaik.pkcs.pkcs11.parameters.OpaqueParameters) InitializationVectorParameters(iaik.pkcs.pkcs11.parameters.InitializationVectorParameters) Parameters(iaik.pkcs.pkcs11.parameters.Parameters) RSAPkcsPssParameters(iaik.pkcs.pkcs11.parameters.RSAPkcsPssParameters) P11TokenException(org.xipki.security.pkcs11.P11TokenException) P11Params(org.xipki.security.pkcs11.P11Params) Mechanism(iaik.pkcs.pkcs11.Mechanism) OpaqueParameters(iaik.pkcs.pkcs11.parameters.OpaqueParameters)

Example 18 with P11TokenException

use of org.xipki.security.pkcs11.P11TokenException in project xipki by xipki.

the class IaikP11SlotUtil method getObjects.

static List<Storage> getObjects(Session session, Storage template, int maxNo) throws P11TokenException {
    List<Storage> objList = new LinkedList<>();
    try {
        session.findObjectsInit(template);
        while (objList.size() < maxNo) {
            PKCS11Object[] foundObjects = session.findObjects(1);
            if (foundObjects == null || foundObjects.length == 0) {
                break;
            }
            for (PKCS11Object object : foundObjects) {
                logPkcs11ObjectAttributes("found object: ", object);
                objList.add((Storage) object);
            }
        }
    } catch (TokenException ex) {
        throw new P11TokenException(ex.getMessage(), ex);
    } finally {
        try {
            session.findObjectsFinal();
        } catch (Exception ex) {
            LogUtil.error(LOG, ex, "session.findObjectsFinal() failed");
        }
    }
    return objList;
}
Also used : P11TokenException(org.xipki.security.pkcs11.P11TokenException) P11TokenException(org.xipki.security.pkcs11.P11TokenException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) PKCS11Exception(iaik.pkcs.pkcs11.wrapper.PKCS11Exception) P11TokenException(org.xipki.security.pkcs11.P11TokenException) CertificateException(java.security.cert.CertificateException) XiSecurityException(org.xipki.security.XiSecurityException)

Example 19 with P11TokenException

use of org.xipki.security.pkcs11.P11TokenException in project xipki by xipki.

the class P11ProxyResponder method processRequest.

/**
 * The request is constructed as follows.
 * <pre>
 * 0 - - - 1 - - - 2 - - - 3 - - - 4 - - - 5 - - - 6 - - - 7 - - - 8
 * |    Version    |        Transaction ID         |   Body ...    |
 * |   ... Length  |     Action    |   Module ID   |   Content...  |
 * |   .Content               | &lt;-- 10 + Length (offset).
 *
 * </pre>
 *
 * @param pool
 *          The pool that holds the P11CryptService.
 * @param request
 *          The request.
 * @return response.
 */
public byte[] processRequest(LocalP11CryptServicePool pool, byte[] request) {
    int reqLen = request.length;
    // TransactionID
    byte[] transactionId = new byte[4];
    if (reqLen > 5) {
        System.arraycopy(request, 2, transactionId, 0, 4);
    }
    // Action
    short action = ACTION_NOPE;
    if (reqLen > 11) {
        action = IoUtil.parseShort(request, 10);
    }
    if (reqLen < 14) {
        LOG.error("response too short");
        return getResp(VERSION_V1_0, transactionId, RC_BAD_REQUEST, action);
    }
    // Version
    short version = IoUtil.parseShort(request, 0);
    if (!versions.contains(version)) {
        LOG.error("unsupported version {}", version);
        return getResp(VERSION_V1_0, transactionId, RC_UNSUPPORTED_VERSION, action);
    }
    // Length
    int reqBodyLen = IoUtil.parseInt(request, 6);
    if (reqBodyLen + 10 != reqLen) {
        LOG.error("message length unmatch");
        return getResp(version, transactionId, RC_BAD_REQUEST, action);
    }
    short moduleId = IoUtil.parseShort(request, 12);
    int contentLen = reqLen - 14;
    byte[] content;
    if (contentLen == 0) {
        if (actionsRequireNonNullRequest.contains(action)) {
            LOG.error("content is not present but is required");
            return getResp(version, transactionId, RC_BAD_REQUEST, action);
        }
        content = null;
    } else {
        if (actionsRequireNullRequest.contains(action)) {
            LOG.error("content is present but is not permitted");
            return getResp(version, transactionId, RC_BAD_REQUEST, action);
        }
        content = new byte[contentLen];
        System.arraycopy(request, 14, content, 0, contentLen);
    }
    P11CryptService p11CryptService = pool.getP11CryptService(moduleId);
    if (p11CryptService == null) {
        LOG.error("no module {} available", moduleId);
        return getResp(version, transactionId, RC_UNKNOWN_MODULE, action);
    }
    try {
        switch(action) {
            case ACTION_ADD_CERT:
                {
                    AddCertParams asn1 = AddCertParams.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
                    X509Cert cert = new X509Cert(asn1.getCertificate());
                    slot.addCert(cert, asn1.getControl());
                    return getSuccessResp(version, transactionId, action, (byte[]) null);
                }
            case ACTION_DIGEST_SECRETKEY:
                {
                    DigestSecretKeyTemplate template = DigestSecretKeyTemplate.getInstance(content);
                    long mechanism = template.getMechanism().getMechanism();
                    P11Identity identity = p11CryptService.getIdentity(template.getSlotId().getValue(), template.getObjectId().getValue());
                    byte[] hashValue = identity.digestSecretKey(mechanism);
                    ASN1Object obj = new DEROctetString(hashValue);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case ACTION_GEN_KEYPAIR_DSA:
                {
                    GenDSAKeypairParams asn1 = GenDSAKeypairParams.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
                    P11IdentityId identityId = slot.generateDSAKeypair(asn1.getP(), asn1.getQ(), asn1.getG(), asn1.getControl());
                    ASN1Object obj = new IdentityId(identityId);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case ACTION_GEN_KEYPAIR_EC:
            case ACTION_GEN_KEYPAIR_EC_EDWARDS:
            case ACTION_GEN_KEYPAIR_EC_MONTGOMERY:
                {
                    GenECKeypairParams asn1 = GenECKeypairParams.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
                    P11IdentityId identityId = slot.generateECKeypair(asn1.getCurveId(), asn1.getControl());
                    ASN1Object obj = new IdentityId(identityId);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case ACTION_GEN_KEYPAIR_RSA:
                {
                    GenRSAKeypairParams asn1 = GenRSAKeypairParams.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
                    P11IdentityId identityId = slot.generateRSAKeypair(asn1.getKeysize(), asn1.getPublicExponent(), asn1.getControl());
                    ASN1Object obj = new IdentityId(identityId);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case ACTION_GEN_KEYPAIR_SM2:
                {
                    GenSM2KeypairParams asn1 = GenSM2KeypairParams.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
                    P11IdentityId identityId = slot.generateSM2Keypair(asn1.getControl());
                    ASN1Object obj = new IdentityId(identityId);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case ACTION_GEN_KEYPAIR_DSA_OTF:
                {
                    GenDSAKeypairParams asn1 = GenDSAKeypairParams.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
                    PrivateKeyInfo ki = slot.generateDSAKeypairOtf(asn1.getP(), asn1.getQ(), asn1.getG());
                    return getSuccessResp(version, transactionId, action, ki.getEncoded());
                }
            case ACTION_GEN_KEYPAIR_EC_OTF:
            case ACTION_GEN_KEYPAIR_EC_EDWARDS_OTF:
            case ACTION_GEN_KEYPAIR_EC_MONTGOMERY_OTF:
                {
                    GenECKeypairParams asn1 = GenECKeypairParams.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
                    PrivateKeyInfo ki = slot.generateECKeypairOtf(asn1.getCurveId());
                    return getSuccessResp(version, transactionId, action, ki.getEncoded());
                }
            case ACTION_GEN_KEYPAIR_RSA_OTF:
                {
                    GenRSAKeypairParams asn1 = GenRSAKeypairParams.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
                    PrivateKeyInfo ki = slot.generateRSAKeypairOtf(asn1.getKeysize(), asn1.getPublicExponent());
                    return getSuccessResp(version, transactionId, action, ki.getEncoded());
                }
            case ACTION_GEN_KEYPAIR_SM2_OTF:
                {
                    GenSM2KeypairParams asn1 = GenSM2KeypairParams.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
                    PrivateKeyInfo ki = slot.generateSM2KeypairOtf();
                    return getSuccessResp(version, transactionId, action, ki.getEncoded());
                }
            case ACTION_GEN_SECRET_KEY:
                {
                    GenSecretKeyParams asn1 = GenSecretKeyParams.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
                    P11IdentityId identityId = slot.generateSecretKey(asn1.getKeyType(), asn1.getKeysize(), asn1.getControl());
                    ASN1Object obj = new IdentityId(identityId);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case ACTION_GET_CERT:
                {
                    SlotIdAndObjectId identityId = SlotIdAndObjectId.getInstance(content);
                    P11SlotIdentifier slotId = identityId.getSlotId().getValue();
                    P11ObjectIdentifier certId = identityId.getObjectId().getValue();
                    X509Cert cert = p11CryptService.getCert(slotId, certId);
                    if (cert == null) {
                        throw new P11UnknownEntityException(slotId, certId);
                    }
                    return getSuccessResp(version, transactionId, action, cert.getEncoded());
                }
            case ACTION_GET_CERT_IDS:
            case ACTION_GET_PUBLICKEY_IDS:
            case ACTION_GET_IDENTITY_IDS:
                {
                    SlotIdentifier slotId = SlotIdentifier.getInstance(content);
                    P11Slot slot = p11CryptService.getModule().getSlot(slotId.getValue());
                    Set<P11ObjectIdentifier> objectIds;
                    if (ACTION_GET_CERT_IDS == action) {
                        objectIds = slot.getCertIds();
                    } else if (ACTION_GET_IDENTITY_IDS == action) {
                        objectIds = slot.getIdentityKeyIds();
                    } else {
                        Set<P11ObjectIdentifier> identityKeyIds = slot.getIdentityKeyIds();
                        objectIds = new HashSet<>();
                        for (P11ObjectIdentifier identityKeyId : identityKeyIds) {
                            objectIds.add(slot.getIdentity(identityKeyId).getId().getPublicKeyId());
                        }
                    }
                    ASN1EncodableVector vec = new ASN1EncodableVector();
                    for (P11ObjectIdentifier objectId : objectIds) {
                        vec.add(new ObjectIdentifier(objectId));
                    }
                    ASN1Object obj = new DERSequence(vec);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case ACTION_GET_MECHANISMS:
                {
                    P11SlotIdentifier slotId = SlotIdentifier.getInstance(content).getValue();
                    Set<Long> mechs = p11CryptService.getSlot(slotId).getMechanisms();
                    ASN1EncodableVector vec = new ASN1EncodableVector();
                    for (Long mech : mechs) {
                        vec.add(new ASN1Integer(mech));
                    }
                    ASN1Object obj = new DERSequence(vec);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case ACTION_GET_PUBLICKEY:
                {
                    SlotIdAndObjectId identityId = SlotIdAndObjectId.getInstance(content);
                    P11SlotIdentifier slotId = identityId.getSlotId().getValue();
                    P11ObjectIdentifier pubKeyId = identityId.getObjectId().getValue();
                    // find out the keyId
                    PublicKey pubKey = null;
                    P11Slot slot = getSlot(p11CryptService, slotId);
                    Set<P11ObjectIdentifier> identityKeyIds = slot.getIdentityKeyIds();
                    for (P11ObjectIdentifier identityKeyId : identityKeyIds) {
                        P11Identity identity = slot.getIdentity(identityKeyId);
                        if (pubKeyId.equals(identity.getId().getPublicKeyId())) {
                            pubKey = identity.getPublicKey();
                        }
                    }
                    if (pubKey == null) {
                        throw new P11UnknownEntityException(slotId, pubKeyId);
                    }
                    ASN1Object obj = KeyUtil.createSubjectPublicKeyInfo(pubKey);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case ACTION_GET_SERVER_CAPS:
                {
                    boolean readOnly = p11CryptService.getModule().isReadOnly();
                    ASN1Object obj = new ServerCaps(readOnly, versions);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case ACTION_GET_SLOT_IDS:
                {
                    List<P11SlotIdentifier> slotIds = p11CryptService.getModule().getSlotIds();
                    ASN1EncodableVector vector = new ASN1EncodableVector();
                    for (P11SlotIdentifier slotId : slotIds) {
                        vector.add(new SlotIdentifier(slotId));
                    }
                    ASN1Object obj = new DERSequence(vector);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case ACTION_IMPORT_SECRET_KEY:
                {
                    ImportSecretKeyParams asn1 = ImportSecretKeyParams.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
                    P11ObjectIdentifier keyId = slot.importSecretKey(asn1.getKeyType(), asn1.getKeyValue(), asn1.getControl());
                    P11IdentityId identityId = new P11IdentityId(asn1.getSlotId(), keyId, null, null);
                    ASN1Object obj = new IdentityId(identityId);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case ACTION_REMOVE_CERTS:
                {
                    SlotIdAndObjectId asn1 = SlotIdAndObjectId.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1.getSlotId().getValue());
                    slot.removeCerts(asn1.getObjectId().getValue());
                    return getSuccessResp(version, transactionId, action, (byte[]) null);
                }
            case ACTION_REMOVE_IDENTITY:
                {
                    SlotIdAndObjectId asn1 = SlotIdAndObjectId.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1.getSlotId().getValue());
                    slot.removeIdentityByKeyId(asn1.getObjectId().getValue());
                    return getSuccessResp(version, transactionId, action, (byte[]) null);
                }
            case ACTION_REMOVE_OBJECTS:
                {
                    RemoveObjectsParams asn1 = RemoveObjectsParams.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1.getSlotId());
                    int num = slot.removeObjects(asn1.getOjectId(), asn1.getObjectLabel());
                    ASN1Object obj = new ASN1Integer(num);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case ACTION_SIGN:
                {
                    SignTemplate signTemplate = SignTemplate.getInstance(content);
                    long mechanism = signTemplate.getMechanism().getMechanism();
                    org.xipki.security.pkcs11.proxy.asn1.P11Params asn1Params = signTemplate.getMechanism().getParams();
                    P11Params params = null;
                    if (asn1Params != null) {
                        switch(asn1Params.getTagNo()) {
                            case org.xipki.security.pkcs11.proxy.asn1.P11Params.TAG_RSA_PKCS_PSS:
                                params = RSAPkcsPssParams.getInstance(asn1Params).getPkcsPssParams();
                                break;
                            case org.xipki.security.pkcs11.proxy.asn1.P11Params.TAG_OPAQUE:
                                params = new P11ByteArrayParams(ASN1OctetString.getInstance(asn1Params).getOctets());
                                break;
                            case org.xipki.security.pkcs11.proxy.asn1.P11Params.TAG_IV:
                                params = new P11IVParams(ASN1OctetString.getInstance(asn1Params).getOctets());
                                break;
                            default:
                                throw new BadAsn1ObjectException("unknown SignTemplate.params: unknown tag " + asn1Params.getTagNo());
                        }
                    }
                    byte[] message = signTemplate.getMessage();
                    P11Identity identity = p11CryptService.getIdentity(signTemplate.getSlotId().getValue(), signTemplate.getObjectId().getValue());
                    if (identity == null) {
                        return getResp(version, transactionId, RC_UNKNOWN_ENTITY, action);
                    }
                    byte[] signature = identity.sign(mechanism, params, message);
                    ASN1Object obj = new DEROctetString(signature);
                    return getSuccessResp(version, transactionId, action, obj);
                }
            case ACTION_UPDATE_CERT:
                {
                    ObjectIdAndCert asn1 = ObjectIdAndCert.getInstance(content);
                    P11Slot slot = getSlot(p11CryptService, asn1.getSlotId().getValue());
                    slot.updateCertificate(asn1.getObjectId().getValue(), new X509Cert(asn1.getCertificate()));
                    return getSuccessResp(version, transactionId, action, (byte[]) null);
                }
            default:
                {
                    LOG.error("unsupported XiPKI action code '{}'", action);
                    return getResp(version, transactionId, RC_UNSUPPORTED_ACTION, action);
                }
        }
    } catch (BadAsn1ObjectException ex) {
        LogUtil.error(LOG, ex, "could not process decode requested content (tid=" + Hex.encode(transactionId) + ")");
        return getResp(version, transactionId, RC_BAD_REQUEST, action);
    } catch (P11TokenException ex) {
        LogUtil.error(LOG, ex, buildErrorMsg(action, transactionId));
        short rc;
        if (ex instanceof P11UnknownEntityException) {
            rc = RC_UNKNOWN_ENTITY;
        } else if (ex instanceof P11DuplicateEntityException) {
            rc = RC_DUPLICATE_ENTITY;
        } else if (ex instanceof P11UnsupportedMechanismException) {
            rc = RC_UNSUPPORTED_MECHANISM;
        } else {
            rc = RC_P11_TOKENERROR;
        }
        return getResp(version, transactionId, rc, action);
    } catch (Throwable th) {
        LogUtil.error(LOG, th, buildErrorMsg(action, transactionId));
        return getResp(version, transactionId, RC_INTERNAL_ERROR, action);
    }
}
Also used : P11Params(org.xipki.security.pkcs11.P11Params) List(java.util.List) PublicKey(java.security.PublicKey) P11IVParams(org.xipki.security.pkcs11.P11Params.P11IVParams) Set(java.util.Set) HashSet(java.util.HashSet) P11ByteArrayParams(org.xipki.security.pkcs11.P11Params.P11ByteArrayParams) X509Cert(org.xipki.security.X509Cert) PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo) BadAsn1ObjectException(org.xipki.security.BadAsn1ObjectException)

Example 20 with P11TokenException

use of org.xipki.security.pkcs11.P11TokenException in project xipki by xipki.

the class ProxyP11Slot method addCert0.

@Override
protected void addCert0(P11ObjectIdentifier objectId, X509Certificate cert) throws P11TokenException, CertificateException {
    Asn1EntityIdAndCert asn1 = new Asn1EntityIdAndCert(new P11EntityIdentifier(slotId, objectId), cert);
    module.send(P11ProxyConstants.ACTION_ADD_CERT, asn1);
}
Also used : Asn1EntityIdAndCert(org.xipki.p11proxy.msg.Asn1EntityIdAndCert) Asn1P11EntityIdentifier(org.xipki.p11proxy.msg.Asn1P11EntityIdentifier) P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier)

Aggregations

P11TokenException (org.xipki.security.exception.P11TokenException)15 P11EntityIdentifier (org.xipki.security.pkcs11.P11EntityIdentifier)11 P11TokenException (org.xipki.security.pkcs11.P11TokenException)11 P11ObjectIdentifier (org.xipki.security.pkcs11.P11ObjectIdentifier)9 XiSecurityException (org.xipki.security.exception.XiSecurityException)8 P11CryptService (org.xipki.security.pkcs11.P11CryptService)7 P11Module (org.xipki.security.pkcs11.P11Module)6 P11SlotIdentifier (org.xipki.security.pkcs11.P11SlotIdentifier)6 TokenException (iaik.pkcs.pkcs11.TokenException)4 PublicKey (java.security.PublicKey)4 DEROctetString (org.bouncycastle.asn1.DEROctetString)4 Asn1P11EntityIdentifier (org.xipki.p11proxy.msg.Asn1P11EntityIdentifier)4 P11Params (org.xipki.security.pkcs11.P11Params)4 P11Slot (org.xipki.security.pkcs11.P11Slot)4 Mechanism (iaik.pkcs.pkcs11.Mechanism)3 Session (iaik.pkcs.pkcs11.Session)3 PKCS11Exception (iaik.pkcs.pkcs11.wrapper.PKCS11Exception)3 IOException (java.io.IOException)3 HashSet (java.util.HashSet)3 BadAsn1ObjectException (org.xipki.security.exception.BadAsn1ObjectException)3