Hello all.
During a refactor of our crypto applet, we have found an issue on OSX
10.6 (more OS pending to try), and ill like to know if we're doing the
correct things.
Before this refactor, we were parsing secmod.db to get all pkcs11
modules configured on NSS (We did it, altough we got some which were
already removed !?).
Do you know a proper way of getting pkcs11 modules configured on firefox?
Theres is an "official" way in java?
There is any documentation on how the modules are stored on secmod, or
if theres any flag to mark enabled, or...? (to help parsing)
Before doing all that, we also used JSS, but was problematic and some
people suggested not to use it for Applets.
Anyway, we found sun.security.pkcs11.Secmod class and become very
happy at first. Quite soon, that happiness dissapeared, cause it
doesnt work as expected.
On OSX 10.6, this is what happends:
nssDir="/Applications/Firefox.app/Contents/MacOS";
profile="/Users/user/Library/Application Support";
Secmod secmod = Secmod.getInstance();
try {
if (!secmod.isInitialized()) {
secmod.initialize(profile, nssDir); //exception raised here
}
for (int i = 0; i < secmod.getModules().size(); i++) {
Secmod.Module mod = secmod.getModules().get(i);
System.out.println("Library: "+mod.getLibraryName());
//...
java.io.FileNotFoundException:
/Applications/Firefox.app/Contents/MacOS/libnss3.jnilib
at sun.security.pkcs11.Secmod.initialize(Secmod.java:169)
at sun.security.pkcs11.Secmod.initialize(Secmod.java:143)
Looking a bit on the code at [1] we have noticed:
-The System.mapLibraryName returns "libnss3.jnilib", altough it
doesnt exists. libnss3.dylib exists and a "file" command shows its a
i386+x86_64 valid library.
-If a symlink is created, the code still fails with an "image not
found error", cause is not able to find @executable_name/libnss3.dylib
(Which exists). Why this is not set to @loader_path???
On Windows, for example, all this work, altought the Module class
seems badly implemented, cause the getLibraryName() returns
"D:\Users\User\Desktop\Mozilla
Firefox\C:\Windows\SysWOW64\ourpkcs11.dll"
Should we connect to NSS using slot+library...instead of nssModule =
keystore on our sunPKCS11 config files?
Should we parse the secmod file instead of using the Secmod class?
Does sunPKCS11 configs accept whitespaces?
Thanks a lot for your patience and help.
[1] http://www.docjar.com/html/api/sun/security/pkcs11/Secmod.java.html
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
