Hello Magnus,
Replies inline. ----- Original Message ----- > From: "Magnus K Karlsson" <[email protected]> > To: [email protected] > Sent: Saturday, September 14, 2019 4:15:49 AM > Subject: [Pki-devel] Newbie Getting Started with JSS > > Hi, > > I'm new to JSS and have a getting started question. I'm trying to run the > KeyStoreTest Cool, good luck! As an aside, we've started hosting Javadocs on GitHub pages for a little better searching/usage. Though, they aren't yet automatically rebuilt. https://dogtagpki.github.io/jss/ > https://github.com/dogtagpki/jss/blob/master/org/mozilla/jss/tests/KeyStoreTest.java Ah, the first problem... :-) That test isn't actually being run, and thus is likely broken. Here's a list of all tests we're currently running: https://github.com/dogtagpki/jss/blob/master/cmake/JSSTests.cmake (ctrl+f "jss_test_java") ~snip~ > Exception in thread "main" java.security.KeyStoreException: Mozilla-JSS not > found > at java.security.KeyStore.getInstance(KeyStore.java:851) > at se.magnuskkarlsson.example.nssdb.NSSJSSTool.main(NSSJSSTool.java:43) > Caused by: java.security.NoSuchAlgorithmException: Mozilla-JSS KeyStore not > available > at sun.security.jca.GetInstance.getInstance(GetInstance.java:159) > at java.security.Security.getImpl(Security.java:730) > at java.security.KeyStore.getInstance(KeyStore.java:848) > ... 1 more ~snip~ > KeyStore ks = KeyStore.getInstance("Mozilla-JSS"); So the problem is that this is always going to fail. The Java interfaces which utilize provider always takes one of the two forms: Class.getInstance(type_of_class); Class.getInstance(type_of_class, provider_of_class); (type_of_class is always a String, latter can either be a String name or an instance of the Provider class). E.g., if you're doing say, an HMAC and don't care which provider: Mac.getInstance("HmacSHA1"); Otherwise, if you explicitly want it from JSS: Mac.getInstance("HmacSHA1", "Mozilla-JSS"); Outside of the provider calling and explicitly setting a default, there is no well, "global" default instance to get. And, to get the default instance, you have to call getDefaultType(), not getInstance(...). For some things this makes sense (e.g., KeyStore you usually care less about than a HMAC where you usually have a very specific algorithm in mind). See: https://docs.oracle.com/javase/8/docs/api/java/security/KeyStore.html So, same thing applies here with the KeyStore. JSS's provider defines one type of KeyStore instance, PKCS11: https://github.com/dogtagpki/jss/blob/master/org/mozilla/jss/JSSProvider.java#L145-L149 To get it, you'd call it like so: KeyStore ks = KeyStore.getInstance("PKCS11", "Mozilla-JSS"); Hope that helps, Alex _______________________________________________ Pki-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/pki-devel
