Nelson B wrote: > Abraham wrote: > > >> I have a problem with client authentication when I try to run an applet. The >> java plugin requires authentication but shows me a empty list (i suppose it >> can´t load firefox keystore). Importing certificates with Java Control Panel >> isn´t a solution because i want to use the browser smartcard support. I´ve >> installed jss (jss4.dll and jss directory with jss4.jar) but it doesn´t >> work. >> > >
> In what manner doesn't it work? > > Does your applet initialize JSS with the location to the FireFox dbs? After installing JSS your next step would be to initialize JSS and view the certificates say modify the following to work in your applet as test http://mxr.mozilla.org/security/source/security/jss/org/mozilla/jss/tests/ListCACerts.java you could also choose not to use JSS and use SunPKCS11 to initialize NSS http://java.sun.com/javase/6/docs/technotes/guides/security/p11guide.html your applet would have to generate a pkcs11 config file for SunPKCS11 that would specify the location of Firefox's NSS libraries and the firefox database directory JSS does have an applet but does test the SunPKCS11-NSS http://mxr.mozilla.org/security/source/security/jss/org/mozilla/jss/tests/all.pl#317 - creates pkcs11 config file http://mxr.mozilla.org/security/source/security/jss/org/mozilla/jss/tests/JSSE_SSLServer.java - can be configured to use Sunpkcs11-NSS -glen > Long ago, in the Netscape Communicator 4 days, the Java engine was > integrated with the browser, and JSS was integral to the browser. > JSS was *the* means by which Java applet accessed the browser's > facilities for https and for using certs for signatures, encryption, etc. > > But today Java is not so integrated into the browser, and JSS is not a > standard part of the browser either, IINM. So today, the JRE has no > simple access to the browser's crypto capabilities. Installing JSS > should still work (I think), but it's separate software that the user > must install. The latest JDK/JRE has a new "JCE provider" that works > with any PKCS#11 module, including NSS's softoken (one of the PKCS#11 > modules built into mozilla browsers). It might work for you to use > that PKCS#11 JCE provider to access the certs and keys in the browser's > PKCS#11 module. > > I'll ask our JSS guru to add his own suggestions here. > > >> Thanks in advance (and sorry for my english :P). >> > > Your English was perfect. > > >> Regards, Abraham >> > > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
