我设法让SunPKCS11
与Windows下的Firefox ESR 52.0一起使用,但我无法在MacOS中加载它。我已经尝试了几种不同的配置,并通过PKCS11
直接加载,但没有任何工作,任何人都可以给我一些指针?MacOS的SunPKCS11提供商适用于Firefox
pkcs11.cfg配置如下:
name = FirefoxKeyStore
library = "/Applications/Firefox.app/Contents/MacOS/fixed-for-java-runtime/libsoftokn3.dylib"
attributes = compatibility
nssArgs = "configdir='/Users/helloworld/Library/Application Support/Firefox/Profiles/wasdwasd.default-1453211557245' certPrefix='' keyPrefix='' secmod='secmod.db' flags='readOnly' "
slot = 2
然后在Java中,我试图加载它是这样的:
FileInputStream fis = new FileInputStream("pkcs11.cfg");
Provider provider = new SunPKCS11(fis);
Security.addProvider(provider);
然而,这立即使我有以下错误:
sunpkcs11: Initializing PKCS#11 library /Applications/Firefox.app/Contents/MacOS/fixed-for-java-runtime/libsoftokn3.dylib
sunpkcs11: Multi-threaded initialization failed: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DEVICE_ERROR
Exception in thread "main" java.security.ProviderException: Initialization failed
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:376)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:107)
您可能会问为什么我要加载奇怪文件夹中的.dylib
,这是beca使用我在MacOS中使用install_name_tool
将@executable_path
更改为@loader_path
,以便获得库依赖性(因为我试图在Eclipse中而不是从Firefox本身运行它)。
我也尝试使用这里建议的解决方案:How to finalize SunPKCS11 Provider after it is initialized?,这是一个不行的...我得到同样的错误。这里提到
除了尝试各种不同的配置设置:https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/PKCS11/Module_Specs#Softoken_Specific_Parameters
EDIT1
我试图通过@FaithReaper提到的方法,但它仍然抛出了同样的错误。我尝试将槽值更改为0
,1
或-1
,结果相同。看起来像加载下层PKCS11
对象时出现问题。
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DEVICE_ERROR
at sun.security.pkcs11.wrapper.PKCS11.C_Initialize(Native Method)
at sun.security.pkcs11.wrapper.PKCS11$SynchronizedPKCS11.C_Initialize(PKCS11.java:1545)
at sun.security.pkcs11.wrapper.PKCS11.getInstance(PKCS11.java:157)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:330)
我不知道这是否会帮助,但我跑在Firefox的配置文件modutil
并倾倒这个信息:
modutil -dbdir "/Users/eto/Library/Application Support/Firefox/Profiles/ew2g332o.default-1453211557245" -rawlist
library= name="NSS Internal PKCS #11 Module"
parameters="configdir=/Users/eto/Library/Application Support/Firefox/Profiles/ew2g332o.default-1453211557245 certPrefix= keyPrefix= secmod=secmod.db flags=readOnly "
NSS="Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})"
Listing of PKCS #11 Modules
NSS Internal PKCS #11 Module uri: pkcs11:library-manufacturer=Mozilla%20Foundation;library-description=NSS%20Internal%20Crypto%20Services;library-version=3.33 slots: 2 slots attached status: loaded
slot: NSS Internal Cryptographic Services token: NSS Generic Crypto Services uri: pkcs11:token=NSS%20Generic%20Crypto%20Services;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203
slot: NSS User Private Key and Certificate Services token: NSS Certificate DB uri: pkcs11:token=NSS%20Certificate%20DB;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203
首先,感谢您的帮助。但问题似乎是在初始化'SunPKCS11'级别,它甚至在'insertProviderAt'或'addProvider'之前抛出'CKR_DEVICE_ERROR'。 ''CKR_DEVICE_ERROR'正在被'sun.security.pkcs11.wrapper.PKCS11.C_Initialize(Native Method)引发'见我在帖子中更新。 – codenamezero