Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

SunPKCS11 and NSS on Mac OS X 10.5

843811Jul 10 2008 — edited Jun 21 2010
Hello there,

I've been scratching my head the whole day about how to use the SunPKCS11 provider and Mozilla's NSS framework under Mac OS X 10.5 (a.k.a Leopard).

Let me replay the whole movie for you...

So here I am, religiously following Sun's guidelines ([Java PKCS11 reference guide|http://java.sun.com/javase/6/docs/technotes/guides/security/p11guide.html#NSS]).

I have of course compiled and installed [Mozilla's NSS and NSP|http://www.mozilla.org/projects/security/pki/nss/].

So far, so good. Now, I followed Sun's instruction and wrote a configuration file for the SunPKCS11 provider. It looks like this:
name = NSS
nssLibraryDirectory = /Users/<path_to_lib_dir>/lib
nssDbMode = noDb
attributes = compatibility
where <path_to_lib_dir> refers of course to the real path on my Leopard machine.

To test my setup, I use a trivial program that I've found in this very forum if I remember correctly. Here is the error I (violently!) get when trying to run it:
$ java6 -cp /Users/<path_to_my_classes>/*:. MySmallProgram
java.security.ProviderException: Could not initialize NSS
	at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:183)
	at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:86)
	at MySmallProgram.test_nss_with_sunpkcs(MySmallProgram.java:214)
	at MySmallProgram.main(MySmallProgram.java:255)
Caused by: java.io.FileNotFoundException: /Users/<path_to_lib_dir>/lib/libnss3.jnilib
	at sun.security.pkcs11.Secmod.initialize(Secmod.java:169)
	at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:179)
	... 3 more
Of course, I checked the content of the /Users/<path_to_lib_dir>/lib/ directory and... I got a whole bunch of NSS libraries but not the one SunPKCS11 is looking for. I got a libnss3.dylib library (the equivalent to libnss3.so on a "regular" Unix machine) but no jnilib library. And indeed, why should I have a JNI library? I thought that the purpose of SunPKCS11 was to provide the JNI stuff required to bridge the gap between Java and native libraries.

After that, I tried to install [Mozilla's JSS|http://www.mozilla.org/projects/security/pki/jss/] but all I get is a libjss4.jnilib library and nothing like a libnss3.jnilib.

So, any guess about what's going on? Should I really have a JNI library instead of a pure, standard C library?

Any help will be reaaally appreciated.

Regards,

Ctrl-x-53
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Jul 19 2010
Added on Jul 10 2008
#cryptography
8 comments
2,260 views