On 08/31/2011 11:01 AM, Walter do Valle wrote:
> With this scenario, I can run my applet (digitally signed), my applet can
> access some certificate repositories from Firefox, but it cannot locate my
> digital certificate in a smart card.
> When I run the code below, I see a list of three PK11Token objects:
> - Internal Crypto Services Token
> - Internal Key Storage Token
> - Builtin Object Token
This means the PKCS #11 module for your smart card is not loaded. There
can be a couple of reasons for that.
1. The most obvious would be that you've never install the PKCS #11
module in your browser, however, we can see that this is not the case
from your screen shots.
2. You are someone calling your java applet before FF initializes NSS.
I'm going to assume this isn't the case, sinse you've been playing with
it all week and you would have ran into some interesting cases where it
works sometimes and not others.
3. The most likely at this stage is you are using a relatively modern
version of FF. FF (IIRC) now runs certain types of applets (like Java
and Flash) inside their own processes. This isolates unfriendly behavior
or bugs in these systems from the browser itself. On these systems, when
you call CryptoManager.init(".") you are telling NSS to look in your
current working directory for your cert, key, and secomd (pkcs11)
databases. There is most likely not cert, key and secomd .db, so you are
just getting the default JSS evidently knows enough to find the builtins
for you and load them.
If it's #3, what can you do? Well, obviously, you can open your firefox
profile directory (rather then "."). That is where the NSS databases
currently live. Now the issue: You should *NOT* open these R/W. I'm not
sure what the JSS default action is for initialize, but if you open
these R/W, you will corrupt the databases stored there. There is still a
chance that FF changes will cause your application to crash, but that
risk is much smaller than the risk of corruption. The good news is for
your purpose, I suspect you do not need to write new certs or keys into
the database, so you should be fine.
NOTE: At some point FF will be moving to the new NSS shared DB. At that
point, it's likely the NSS databases would move to a location shared
with tb and other mozilla apps. At that point your application would
have to explicitly change it's init directory to the new shared location.
bob
> First two have size 0 (zero). Third token has more than 100 CA certificates.
>
> Where is my digital certificate? How can I access it? What I'm doing wrong?
> I spent more than a week in this problem without any solution.
> Any help will be welcome.
>
> Here is the code snipet:
>
> CryptoManager.initialize(".");
> oCryptoMgr = CryptoManager.getInstance();
> oDispKeys = new Hashtable();
> Enumeration oAllCryptoTokens = oCryptoMgr.getAllTokens();
>
> while(oAllCryptoTokens.hasMoreElements()) {
> CryptoToken oCryptoToken = (CryptoToken)
> oAllCryptoTokens.nextElement();
> CryptoStore oCryptoStore = oCryptoToken.getCryptoStore();
> org.mozilla.jss.crypto.X509Certificate oCertsArray[] =
> oCryptoStore.getCertificates();
> for(int i=0; i < oCertsArray.length; i++) {
> try {
> System.out.println("the certificate:
> "+((PK11InternalTokenCert)oCertsArray[i]).getNickname() );
> PrivateKey oPKey = oCryptoMgr.findPrivKeyByCert(oCertsArray[i]);
> System.out.println("oPKey: "+oPKey );
> oDispKeys.put(oCertsArray[i].getNickname(),oPKey);
> } catch (ObjectNotFoundException e){
> System.out.println("ObjectNotFoundException");
> } catch (Exception e){
> e.printStackTrace();
> }
> }
>
> _____________________________________
> Walter do Valle
>
>
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
