Hello all. During a refactor of our crypto applet, we have found an issue on OSX 10.6 (more OS pending to try), and ill like to know if we're doing the correct things. Before this refactor, we were parsing secmod.db to get all pkcs11 modules configured on NSS (We did it, altough we got some which were already removed !?).
Do you know a proper way of getting pkcs11 modules configured on firefox? Theres is an "official" way in java? There is any documentation on how the modules are stored on secmod, or if theres any flag to mark enabled, or...? (to help parsing) Before doing all that, we also used JSS, but was problematic and some people suggested not to use it for Applets. Anyway, we found sun.security.pkcs11.Secmod class and become very happy at first. Quite soon, that happiness dissapeared, cause it doesnt work as expected. On OSX 10.6, this is what happends: nssDir="/Applications/Firefox.app/Contents/MacOS"; profile="/Users/user/Library/Application Support"; Secmod secmod = Secmod.getInstance(); try { if (!secmod.isInitialized()) { secmod.initialize(profile, nssDir); //exception raised here } for (int i = 0; i < secmod.getModules().size(); i++) { Secmod.Module mod = secmod.getModules().get(i); System.out.println("Library: "+mod.getLibraryName()); //... java.io.FileNotFoundException: /Applications/Firefox.app/Contents/MacOS/libnss3.jnilib at sun.security.pkcs11.Secmod.initialize(Secmod.java:169) at sun.security.pkcs11.Secmod.initialize(Secmod.java:143) Looking a bit on the code at [1] we have noticed: -The System.mapLibraryName returns "libnss3.jnilib", altough it doesnt exists. libnss3.dylib exists and a "file" command shows its a i386+x86_64 valid library. -If a symlink is created, the code still fails with an "image not found error", cause is not able to find @executable_name/libnss3.dylib (Which exists). Why this is not set to @loader_path??? On Windows, for example, all this work, altought the Module class seems badly implemented, cause the getLibraryName() returns "D:\Users\User\Desktop\Mozilla Firefox\C:\Windows\SysWOW64\ourpkcs11.dll" Should we connect to NSS using slot+library...instead of nssModule = keystore on our sunPKCS11 config files? Should we parse the secmod file instead of using the Secmod class? Does sunPKCS11 configs accept whitespaces? Thanks a lot for your patience and help. [1] http://www.docjar.com/html/api/sun/security/pkcs11/Secmod.java.html -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto