[英]Help to quick start NSS
I am starting into NSS and I managed to build it.我开始进入 NSS 并设法构建它。 The outcome was placed in a folder named
dist
and has several subfolders that contain several exe's dlls etc.结果被放置在一个名为
dist
的文件夹中,并有几个子文件夹,其中包含几个 exe 的 dll 等。
dist
/WINNT6.0_DBG.OBJ
/bin
/include
/lib
I am trying to try it but I am not sure what is the nssLibraryDirectory
and nssSecmodDirectory
.我正在尝试尝试,但我不确定
nssLibraryDirectory
和nssSecmodDirectory
是什么。
For the nssLibraryDirectory
should I copy everything in the dist
in a single file and refer to it from nssLibraryDirectory
?对于
nssLibraryDirectory
我应该将dist
中的所有内容复制到一个文件中并从nssLibraryDirectory
引用它吗? What about nssSecmodDirectory
? nssSecmodDirectory
呢? I'm not sure how I am suppose to configure to start using sun's pkcs11.我不确定我应该如何配置以开始使用 sun 的 pkcs11。
For example this trivial:例如这个微不足道的:
String configName = "nss.cfg";
Provider p = new sun.security.pkcs11.SunPKCS11(configName );
Where nss.cfg is: nss.cfg 在哪里:
name = NSS
nssLibraryDirectory = E:\NSS\nss-3.12.4-with-nspr-4.8\mozilla\dist\WINNT6.0_DBG.OBJ\lib
nssDbMode = noDb
Gives exception给出例外
Caused by: java.io.IOException: The specified module could not be found.
原因:java.io.IOException:找不到指定的模块。 at sun.security.pkcs11.Secmod.nssLoadLibrary(Native Method)
在 sun.security.pkcs11.Secmod.nssLoadLibrary(本机方法)
Some note from my hard trying.... I think it would help anyone who want to use NSS.我努力尝试的一些笔记....我认为它会帮助任何想要使用 NSS 的人。
I tend to construct a String
in Java code to know in which line the error occurs.我倾向于在 Java 代码中构造一个
String
以了解错误发生在哪一行。 I must say it's better because Eclipse can eliminate all String construction errors.我必须说它更好,因为 Eclipse 可以消除所有字符串构造错误。 Then you pay attention to values to fill in.
然后你注意要填写的值。
I use these code:我使用这些代码:
String config = "xxxxxxx" +
"xxxxxxx" +
"xxxxxxx" +
"\n";
provider = new SunPKCS11(new ByteArrayInputStream(config.getBytes()));
Security.insertProviderAt(provider, 1);
All flags for Provider config: (from http://j7a.ru/_config_8java_source.html , seems like openjdk 8 sun.security.pkcs11.Config.java
.)提供者配置的所有标志:(来自http://j7a.ru/_config_8java_source.html ,看起来像 openjdk 8
sun.security.pkcs11.Config.java
)
name=xxxxxx //some text, " must be escaped with \
library=/location/of/your/.so/or/.dll/file //not compatible with NSS mode, must be quoted if contains space, and if quoted, " must be escaped
description=
slot= //not compatible with NSS mode
slotListIndex= //not compatible with NSS mode
enableMechanisms=
disableMechanisms=
attributes=
handleStartupErrors=
insertionCheckInterval=
showInfo=true/false
keyStoreCompatibilityMode=
explicitCancel=
omitInitialize=
allowSingleThreadedModules=
functionList=
nssUseSecmod=true/false //not campatible with 'library'
nssLibraryDirectory= //not campatible with 'library'
nssSecmodDirectory= //not campatible with 'library'
nssModule=some text //not campatible with 'library'
nssDbMode=readWrite, readOnly, noDb //not campatible with 'library'
nssNetscapeDbWorkaround=true/false //not campatible with 'library'
nssArgs="name1='value1' name2='value2' name3='value3' ... " //not compatible with NSS mode
nssUseSecmodTrust=true/false
Examples of nssArgs=
: (separated by space) nssArgs=
示例:(以空格分隔)
"nssArgs=\"configdir='" + NSS_JSS_Utils.getFireFoxProfilePath() + "' "
+ "certPrefix='' "
+ "keyPrefix='' "
+ "secmod='secmod.db' "
+ "flags='readOnly'\""
Some example of escaping in Java code: Java 代码中 escaping 的一些示例:
String config = "name=\"NSS Module\"\n" +
"......" +
"\n";
If with space, must be quoted with " "
.如果有空格,必须用
" "
引用。 ' '
is not able to be used. ' '
无法使用。 Every "
must be escaped with \
.每个
"
必须用\
转义。
Now, some real examples.现在,一些真实的例子。
To use Firefox security modules via NSS:通过 NSS 使用 Firefox 安全模块:
String config = "name=\"NSS Module\"\n"
+ "attributes=compatibility\n"
+ "showInfo=true\n"
+ "allowSingleThreadedModules=true\n"
+ "nssLibraryDirectory=" + NSS_JSS_Utils.NSS_LIB_DIR + "\n"
+ "nssUseSecmod=true\n"
+ "nssSecmodDirectory=" + NSS_JSS_Utils.getFireFoxProfilePath();
To use libsoftokn3.so
(I don't know what it's used for, but I see someone have used it like this with nssArgs
):使用
libsoftokn3.so
(我不知道它的用途,但我看到有人用nssArgs
像这样使用它):
String config = "library=" + NSS_JSS_Utils.NSS_LIB_DIR + "/libsoftokn3.so" + "\n"
+ "name=\"Soft Token\"\n";
+ "slot=2\n"
+ "attributes=compatibility\n"
+ "allowSingleThreadedModules=true\n"
+ "showInfo=true\n"
+ "nssArgs=\"configdir='" + NSS_JSS_Utils.getFireFoxProfilePath() + "' "
+ "certPrefix='' "
+ "keyPrefix='' "
+ "secmod='secmod.db' "
+ "flags='readOnly'\""
+ "\n";
NSS_JSS_Utils.NSS_LIB_DIR
returns the directory where all the NSS library libs are. NSS_JSS_Utils.NSS_LIB_DIR
返回所有 NSS 库库所在的目录。 Sometimes they are installed by default(eg, in my RedHat 7.2), but sometimes you must install them manually.有时它们是默认安装的(例如,在我的 RedHat 7.2 中),但有时您必须手动安装它们。
NSS_JSS_Utils.getFireFoxProfilePath()
returns where your FireFox profile are located. NSS_JSS_Utils.getFireFoxProfilePath()
返回您的 FireFox 配置文件所在的位置。 If you use modutil
shipped with NSS/NSPR, you can see your installed security modules are stored in the secmod.db
in this folder.如果您使用 NSS/NSPR 附带的
modutil
,您可以看到已安装的安全模块存储在此文件夹的secmod.db
中。 If you cannot find them, you may have taken the wrong file.如果你找不到它们,你可能拿错了文件。
More info about how to fill these values:有关如何填充这些值的更多信息:
nssLibraryDirectory should only contain the lib subdirectory. nssLibraryDirectory 应该只包含 lib 子目录。 Its also has to appear in PATH - either by modifying environment variable or specifying it in JVM parameters.
它还必须出现在 PATH 中 - 通过修改环境变量或在 JVM 参数中指定它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.