I could reproduce the problem with the following configuration: - using nspr & nss from firefox 2.0.0.9 win32 (copied all nss & nspr files to C:\Program Files\Java\jre1.5.0_09\bin) - using nspr for nt ftp://ftp.mozilla.org/pub/mozilla.org/mozilla.org/nspr/releases/v4.6.4/msvc6.0/WINNT5.0_OPT.OBJ (copied libnspr4.dll libplds4.dll libplc4.dll to C:\Program Files\Java\jre1.5.0_09\bin) - using jss ftp://ftp.mozilla.org/pub/mozilla.org/security/jss/releases/JSS_4_2_5_RTM/WINNT5.0_OPT.OBJ/lib/ (copied jss4.dll to C:\Program Files\Java\jre1.5.0_09\bin)
When replacing jss4.dll with my own builded with win9x configuration it works like a charm :) Even more, when replacing nss with build from ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_11_4_RTM/msvc6.0/WINNT5.0_OPT.OBJ it also works. However when using jss4.dll (win9x) and nss (build winnt) JVM crashes with access violation. Conclusion is that nss & jss in mixed builds (win9x and winnt) can't work together nicely. If you consider this a bug I am going to report it. Matej Spiller-Muys "Matej Spiller-Muys" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > It seems when using my own build of jss (4.2.5 win9x) instead of official > from ftp.mozilla.org (4.2.5 winnt) the issue disappears. Maybe it could be > related to mixing firefox nss (win9x build) and jss (winnt build). Will > get back to you on that. > > "Glen Beasley" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] >> hi, >> >> I was not able to recreate this issue. I only tested on Solaris, I'll try >> other platforms >> when I have time. If you still have this issue, please create a bug and >> provide as much info as possible. >> >> thanks, >> >> glen >> >> >> Matej Spiller-Muys wrote: >>> Hi, >>> >>> can someone please confirm the following bug. It seems to be regression >>> in jss. >>> >>> signatureValue & publicKey & validData1 == valid signature (verify >>> return true in every version of jss) >>> >>> signatureValue & publicKey & validData2 == invalid signature (verify >>> should return false, since signatureValue is still in the same correct >>> format, but validData2 is different). >>> >>> Jss 3.3 and Jss 3.4 return true and false ... >>> >>> Jss 4.2.5 returns true and exception (instead of false) >>> >>> java.security.SignatureException: Failed to complete verification >>> operation >>> at >>> org.mozilla.jss.pkcs11.PK11Signature.engineVerifyNative(Native Method) >>> at >>> org.mozilla.jss.pkcs11.PK11Signature.engineVerify(PK11Signature.java:330) >>> at org.mozilla.jss.crypto.Signature.verify(Signature.java:156) >>> at >>> org.mozilla.jss.provider.java.security.JSSSignatureSpi.engineVerify(JSSSignatureSpi.java:171) >>> at java.security.Signature$Delegate.engineVerify(Unknown Source) >>> at java.security.Signature.verify(Unknown Source) >>> >>> please see: >>> http://java.sun.com/j2se/1.5.0/docs/api/java/security/Signature.html#verify(byte[]) >>> SignatureException - if this signature object is not initialized >>> properly, the passed-in signature is improperly encoded or of the wrong >>> type, if this signature algorithm is unable to process the input data >>> provided, etc. >>> >>> >>> >>> >>> >>> import java.security.InvalidKeyException; >>> >>> import java.security.NoSuchAlgorithmException; >>> >>> import java.security.NoSuchProviderException; >>> >>> import java.security.Signature; >>> >>> import java.security.SignatureException; >>> >>> >>> import org.apache.xml.security.exceptions.Base64DecodingException; >>> >>> import org.apache.xml.security.utils.Base64; >>> >>> import org.mozilla.jss.crypto.InvalidKeyFormatException; >>> >>> >>> >>> >>> >>> String signatureValue = >>> "kxtTIwIASGVZShKBYoRIEjG3ioFmVTi2Esa8dtP+nX71nyWCfPmTwXsjMbI6IMoLygTdDlH/wsjy81XnIPFGjLv8cyW9SCG4+l5pJq5ys1v2YJ+UT5Lb/vZAYZ5tMMHblGSmtzjxgo74zRGjGPfgCuo+SF/06hl6VFphj24F1zw="; >>> >>> String publicKey = >>> "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCfGkiYRb6lJOacUp8NcIbWZQ7sEbKc3+YGyx4\nn6yrIWKLzy0JSt8V84yeMXl43uxHDY41iQb+SJnamRSjGsZANl2WRONqlVsOVIik/PSzZHaRRxmD\nhB7mixO4DKg03Z90rPdml4C+86URxFzD+LxUyq1SXlbzUvWdHs2lPFwFXQIDAQAB"; >>> >>> String validData1 = >>> "PFNpZ25lZEluZm8geG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgo8Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnL1RSLzIwMDEvUkVDLXhtbC1jMTRuLTIwMDEwMzE1Ij48L0Nhbm9uaWNhbGl6YXRpb25NZXRob2Q+CjxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiPjwvU2lnbmF0dXJlTWV0aG9kPgo8UmVmZXJlbmNlIFVSST0iIj4KPFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIj48L1RyYW5zZm9ybT48L1RyYW5zZm9ybXM+CjxEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSI+PC9EaWdlc3RNZXRob2Q+CjxEaWdlc3RWYWx1ZT5jb2lya1MzOHB1UWg1blhpZEVsQmtIblpTUDA9PC9EaWdlc3RWYWx1ZT4KPC9SZWZlcmVuY2U+CiAgIDwvU2lnbmVkSW5mbz4="; >>> >>> String validData2 = >>> "PFNpZ25lZEluZm8geG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgo8Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnL1RSLzIwMDEvUkVDLXhtbC1jMTRuLTIwMDEwMzE1Ij48L0Nhbm9uaWNhbGl6YXRpb25NZXRob2Q+CjxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiPjwvU2lnbmF0dXJlTWV0aG9kPgo8UmVmZXJlbmNlIFVSST0iIj4KPFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIj48L1RyYW5zZm9ybT48L1RyYW5zZm9ybXM+CjxEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSI+PC9EaWdlc3RNZXRob2Q+CjxEaWdlc3RWYWx1ZT5jb2lya1MzOHB1UWg1blhpZEVsQmtIblpTUDA9PC9EaWdlc3RWYWx1ZT4KPC9SZWZlcmVuY2U+CjwvU2lnbmVkSW5mbz4="; >>> >>> >>> System.out.println(new String(Base64.decode(validData1))); >>> >>> System.out.println(new String(Base64.decode(validData2))); >>> >>> >>> Signature tmp = Signature.getInstance("SHA1withRSA", "Mozilla-JSS"); >>> >>> org.mozilla.jss.pkcs11.PK11PubKey pkConverted = >>> org.mozilla.jss.pkcs11.PK11RSAPublicKey.fromSPKI(Base64.decode(publicKey)); >>> >>> tmp.initVerify(pkConverted); >>> >>> tmp.update(Base64.decode(validData2)); >>> >>> System.out.println(tmp.verify(Base64.decode(signatureValue))); >>> >>> >>> tmp.initVerify(pkConverted); >>> >>> tmp.update(Base64.decode(validData1)); >>> >>> System.out.println(tmp.verify(Base64.decode(signatureValue))); >>> >>> >>> >>> >>> >>> Matej Spiller-Muys >>> >>> >>> _______________________________________________ >>> dev-tech-crypto mailing list >>> dev-tech-crypto@lists.mozilla.org >>> https://lists.mozilla.org/listinfo/dev-tech-crypto >>> >> > > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
