从Java访问Firefox的证书信任存储 [英] Access Firefox's certificate trust store from Java
问题描述
我几乎失去了对这一个的希望。
我试图从Java 7使用Firefox安装的NSS库通过PKCS#11访问Firefox信任存储。
I'm almost losing hope on this one. I'm trying to access the Firefox trust store from Java 7 using the NSS libraries that come with the Firefox installation, via PKCS#11.
这里是代码:
import java.security.KeyStore;
import java.security.Security;
import java.util.Enumeration;
import sun.security.pkcs11.SunPKCS11;
public class Test {
public static void main(String[] args) throws Exception {
String configName = "pkcs11.cfg";
SunPKCS11 p = new SunPKCS11(configName);
Security.addProvider(p);
KeyStore ks = KeyStore.getInstance("PKCS11", p);
ks.load(null, "apassword".toCharArray());
System.out.println("Size: " + ks.size());
Enumeration<String> aliases = ks.aliases();
while (aliases.hasMoreElements()) {
System.out.println(aliases.nextElement());
}
}
}
PKCS#11配置:
Here are the contents for the PKCS#11 config:
name = NSS
nssLibraryDirectory = /usr/lib/firefox/
nssSecmodDirectory = "/home/bogdan/.mozilla/firefox/x5d8wol9.default/"
nssModule =trustanchors
showInfo = true
当我运行应用程序时,我也设置属性 -Djava.library.path = / usr / lib / firefox /
When I run the application I also set the property -Djava.library.path=/usr/lib/firefox/
当我运行应用程序时,我得到以下:
When I run the application I get the following:
NSS modules: [NSS Internal PKCS #11 Module (CRYPTO, /usr/lib/firefox/libsoftokn3.so, slot 0), NSS Internal PKCS #11 Module (KEYSTORE, /usr/lib/firefox/libsoftokn3.so, slot 1)]
Exception in thread "main" java.security.ProviderException: NSS module not available: trustanchors
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:271)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:103)
at Test.main(Test.java:11)
你可以看到在初始化步骤中没有加载trustanchors模块,但是我不知道为什么。
此处的文档: http:/ /docs.oracle.com/javase/6/docs/technotes/guides/security/p11guide.html#NSS 说
You can actually see that the "trustanchors" module is not loaded at the initialisation step, but I have no idea why. The documentation here: http://docs.oracle.com/javase/6/docs/technotes/guides/security/p11guide.html#NSS says that
如果secmod.db已配置
以包括信任锚点库,则trustanchors模块允许通过PKCS11 KeyStore访问NSS信任锚
证书。
The trustanchors module enables access to NSS trust anchor certificates via the PKCS11 KeyStore, if secmod.db has been configured to include the trust anchor library.
但我不知道这是什么意思。
值得注意的是,我在Windows XP 32位和Ubuntu 11.10 64位上都有相同的行为。
似乎pkcs11.cfg是正确的,如果我更改任何路径应用程序将失败,并出现其他错误。
but I have no idea what that means. It's worth noting that I get the same behaviour with both Windows XP 32 bit and Ubuntu 11.10 64-bit. It seems that the pkcs11.cfg is correct as if I change any of the paths the application will fail with other errors.
任何明亮的想法? p>
Any bright ideas?
推荐答案
我已经设法通过使用JSS4 Mozilla库解决了这个问题。如果你想使用它,请确保你下载JSS4 JAR以及本机库实现和其它依赖项 - NSPR和NSS本机库。
I've managed to solve the problem in the end by using the JSS4 Mozilla library. If you want to use it make sure that you download the JSS4 JAR as well as native library implementation AND the other dependencies it has - the NSPR and NSS native libraries.
Make确保在Linux上本地库的位置在LD_LIBRARY_PATH中,在Windows上它们的位置在%PATH%变量中。
您可能会试图使用Firefox发行版附带的DLL / SO。 这不适用于Windows我发现(与事实,他们是编译为一个WIN95平台我认为)
Make sure that on Linux the location of the native libraries is in LD_LIBRARY_PATH and on Windows their location is in the %PATH% variable. You might be tempted to use the DLLs/SOs that come with the Firefox distribution. This doesn't work on Windows I found (something to do with the fact that they were compiled for a WIN95 platform I think)
其余的信息在JSS4库的文档中,但是你基本上需要使用 org.mozilla.jss.CryptoManager 类。
The rest of the information is in the documentation of the JSS4 library, but you basically need to use the org.mozilla.jss.CryptoManager class.
这篇关于从Java访问Firefox的证书信任存储的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
