I am starting into NSS and I managed to build it. The outcome was placed in a folder named dist
and has several subfolders that contain several exe's dlls etc.
dist
/WINNT6.0_DBG.OBJ
/bin
/include
/lib
I am trying to try it but I am not sure what is the nssLibraryDirectory
and nssSecmodDirectory
.
For the nssLibraryDirectory
should I copy everything in the dist
in a single file and refer to it from nssLibraryDirectory
? What about nssSecmodDirectory
? I'm not sure how I am suppose to configure to start using sun's pkcs11.
For example this trivial:
String configName = "nss.cfg";
Provider p = new sun.security.pkcs11.SunPKCS11(configName );
Where nss.cfg is:
name = NSS
nssLibraryDirectory = E:\NSS\nss-3.12.4-with-nspr-4.8\mozilla\dist\WINNT6.0_DBG.OBJ\lib
nssDbMode = noDb
Gives exception
Caused by: java.io.IOException: The specified module could not be found. at sun.security.pkcs11.Secmod.nssLoadLibrary(Native Method)
Some note from my hard trying.... I think it would help anyone who want to use NSS.
I tend to construct a String
in Java code to know in which line the error occurs. I must say it's better because Eclipse can eliminate all String construction errors. Then you pay attention to values to fill in.
I use these code:
String config = "xxxxxxx" +
"xxxxxxx" +
"xxxxxxx" +
"\n";
provider = new SunPKCS11(new ByteArrayInputStream(config.getBytes()));
Security.insertProviderAt(provider, 1);
All flags for Provider config: (from http://j7a.ru/_config_8java_source.html , seems like openjdk 8 sun.security.pkcs11.Config.java
.)
name=xxxxxx //some text, " must be escaped with \
library=/location/of/your/.so/or/.dll/file //not compatible with NSS mode, must be quoted if contains space, and if quoted, " must be escaped
description=
slot= //not compatible with NSS mode
slotListIndex= //not compatible with NSS mode
enableMechanisms=
disableMechanisms=
attributes=
handleStartupErrors=
insertionCheckInterval=
showInfo=true/false
keyStoreCompatibilityMode=
explicitCancel=
omitInitialize=
allowSingleThreadedModules=
functionList=
nssUseSecmod=true/false //not campatible with 'library'
nssLibraryDirectory= //not campatible with 'library'
nssSecmodDirectory= //not campatible with 'library'
nssModule=some text //not campatible with 'library'
nssDbMode=readWrite, readOnly, noDb //not campatible with 'library'
nssNetscapeDbWorkaround=true/false //not campatible with 'library'
nssArgs="name1='value1' name2='value2' name3='value3' ... " //not compatible with NSS mode
nssUseSecmodTrust=true/false
Examples of nssArgs=
: (separated by space)
"nssArgs=\"configdir='" + NSS_JSS_Utils.getFireFoxProfilePath() + "' "
+ "certPrefix='' "
+ "keyPrefix='' "
+ "secmod='secmod.db' "
+ "flags='readOnly'\""
Some example of escaping in Java code:
String config = "name=\"NSS Module\"\n" +
"......" +
"\n";
If with space, must be quoted with " "
. ' '
is not able to be used. Every "
must be escaped with \
.
Now, some real examples.
To use Firefox security modules via NSS:
String config = "name=\"NSS Module\"\n"
+ "attributes=compatibility\n"
+ "showInfo=true\n"
+ "allowSingleThreadedModules=true\n"
+ "nssLibraryDirectory=" + NSS_JSS_Utils.NSS_LIB_DIR + "\n"
+ "nssUseSecmod=true\n"
+ "nssSecmodDirectory=" + NSS_JSS_Utils.getFireFoxProfilePath();
To use libsoftokn3.so
(I don't know what it's used for, but I see someone have used it like this with nssArgs
):
String config = "library=" + NSS_JSS_Utils.NSS_LIB_DIR + "/libsoftokn3.so" + "\n"
+ "name=\"Soft Token\"\n";
+ "slot=2\n"
+ "attributes=compatibility\n"
+ "allowSingleThreadedModules=true\n"
+ "showInfo=true\n"
+ "nssArgs=\"configdir='" + NSS_JSS_Utils.getFireFoxProfilePath() + "' "
+ "certPrefix='' "
+ "keyPrefix='' "
+ "secmod='secmod.db' "
+ "flags='readOnly'\""
+ "\n";
NSS_JSS_Utils.NSS_LIB_DIR
returns the directory where all the NSS library libs are. Sometimes they are installed by default(eg, in my RedHat 7.2), but sometimes you must install them manually.
NSS_JSS_Utils.getFireFoxProfilePath()
returns where your FireFox profile are located. If you use modutil
shipped with NSS/NSPR, you can see your installed security modules are stored in the secmod.db
in this folder. If you cannot find them, you may have taken the wrong file.
More info about how to fill these values:
nssLibraryDirectory should only contain the lib subdirectory. Its also has to appear in PATH - either by modifying environment variable or specifying it in JVM parameters.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.