Robert and helpcrypto
Thank you so much for your help. With your help this problem was solved.
My mistake was to call CryptoManager.initialize(".")
As Robert said, "." refers to Firefox installation folder, not user profile
folder. The personal certificates database lives there. In my case path may
be
"C:\\Users\\admin\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\kapg3pwk.de
fault"
However, another problem emerged from the depths of dlls of jss.
When I run my code, even in an isolated standalone test application, I get a
fatal error from jvm.
This error occurs when method oCryptoToken.login(new
Password(poPass.toCharArray())) is called.
Versions of libraries:
- nss3.dll 3.12.9.0 (provided by firefox)
- jss3.dll 3.4.0.0 (added by me)
- libnspr4.dll 4.2.2.0 (added by me)
- libplc4.dll 4.2.2.0 (added by me)
- libplds4.dll 4.2.2.0 (added by me)
- jss34.jar (added by me)
This site http://www.mozilla.org/projects/security/pki/jss/using_jss.html
says component versions that can be combined with each other.
Someone knows something about this problem?
#
# A fatal error has been detected by the Java Runtime Environment:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x77a12262, pid=4164,
tid=5808
#
# JRE version: 6.0_24-b07
# Java VM: Java HotSpot(TM) Client VM (19.1-b02 mixed mode, sharing
windows-x86 )
# Problematic frame:
# C [ntdll.dll+0x22262]
#
# If you would like to submit a bug report, please visit:
# http://java.sun.com/webapps/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#
_____________________________________
Walter do Valle
-----Mensagem original-----
De: dev-tech-crypto-bounces+wvl=jfsc.jus...@lists.mozilla.org
[mailto:dev-tech-crypto-bounces+wvl=jfsc.jus...@lists.mozilla.org] Em nome
de Robert Relyea
Enviada em: quarta-feira, 31 de agosto de 2011 21:28
Para: dev-tech-crypto@lists.mozilla.org
Cc: Matthew Harmsen
Assunto: Re: Problem on accessing a smart card in Firefox with JSS
On 08/31/2011 11:01 AM, Walter do Valle wrote:
> With this scenario, I can run my applet (digitally signed), my applet
> can access some certificate repositories from Firefox, but it cannot
> locate my digital certificate in a smart card.
> When I run the code below, I see a list of three PK11Token objects:
> - Internal Crypto Services Token
> - Internal Key Storage Token
> - Builtin Object Token
This means the PKCS #11 module for your smart card is not loaded. There can
be a couple of reasons for that.
1. The most obvious would be that you've never install the PKCS #11 module
in your browser, however, we can see that this is not the case from your
screen shots.
2. You are someone calling your java applet before FF initializes NSS.
I'm going to assume this isn't the case, sinse you've been playing with it
all week and you would have ran into some interesting cases where it works
sometimes and not others.
3. The most likely at this stage is you are using a relatively modern
version of FF. FF (IIRC) now runs certain types of applets (like Java and
Flash) inside their own processes. This isolates unfriendly behavior or bugs
in these systems from the browser itself. On these systems, when you call
CryptoManager.init(".") you are telling NSS to look in your current working
directory for your cert, key, and secomd (pkcs11) databases. There is most
likely not cert, key and secomd .db, so you are just getting the default JSS
evidently knows enough to find the builtins for you and load them.
If it's #3, what can you do? Well, obviously, you can open your firefox
profile directory (rather then "."). That is where the NSS databases
currently live. Now the issue: You should *NOT* open these R/W. I'm not sure
what the JSS default action is for initialize, but if you open these R/W,
you will corrupt the databases stored there. There is still a chance that FF
changes will cause your application to crash, but that risk is much smaller
than the risk of corruption. The good news is for your purpose, I suspect
you do not need to write new certs or keys into the database, so you should
be fine.
NOTE: At some point FF will be moving to the new NSS shared DB. At that
point, it's likely the NSS databases would move to a location shared with tb
and other mozilla apps. At that point your application would have to
explicitly change it's init directory to the new shared location.
bob
> First two have size 0 (zero). Third token has more than 100 CA
certificates.
>
> Where is my digital certificate? How can I access it? What I'm doing
wrong?
> I spent more than a week in this problem without any solution.
> Any help will be welcome.
>
> Here is the code snipet:
>
> CryptoManager.initialize(".");
> oCryptoMgr = CryptoManager.getInstance(); oDispKeys = new Hashtable();
> Enumeration oAllCryptoTokens = oCryptoMgr.getAllTokens();
>
> while(oAllCryptoTokens.hasMoreElements()) {
> CryptoToken oCryptoToken = (CryptoToken)
> oAllCryptoTokens.nextElement();
> CryptoStore oCryptoStore = oCryptoToken.getCryptoStore();
> org.mozilla.jss.crypto.X509Certificate oCertsArray[] =
> oCryptoStore.getCertificates();
> for(int i=0; i < oCertsArray.length; i++) {
> try {
> System.out.println("the certificate:
> "+((PK11InternalTokenCert)oCertsArray[i]).getNickname() );
> PrivateKey oPKey =
oCryptoMgr.findPrivKeyByCert(oCertsArray[i]);
> System.out.println("oPKey: "+oPKey );
> oDispKeys.put(oCertsArray[i].getNickname(),oPKey);
> } catch (ObjectNotFoundException e){
> System.out.println("ObjectNotFoundException");
> } catch (Exception e){
> e.printStackTrace();
> }
> }
>
> _____________________________________
> Walter do Valle
>
>
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
