Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8165996

PKCS11 using NSS throws an error regarding secmod.db when NSS uses sqlite

    Details

    • Subcomponent:
    • Resolved In Build:
      b36
    • CPU:
      x86_64
    • OS:
      windows_7

      Backports

        Description

        FULL PRODUCT VERSION :
        java version "1.8.0_60"
        Java(TM) SE Runtime Environment (build 1.8.0_60-b27)
        Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)

        ADDITIONAL OS VERSION INFORMATION :
        Microsoft Windows [Version 6.3.9600]

        EXTRA RELEVANT SYSTEM CONFIGURATION :
        NSS functions correctly, and can query the smartcard for its four certificates. NSS version 3.20.1

        nss.properties file referenced in java.security:

        name = "NSS"
        nssLibraryDirectory = "c:\\ci-root\\pkcs11\\bin"
        nssSecmodDirectory = "c:\\ci-root\\pkcs11\\nssdb"

        A DESCRIPTION OF THE PROBLEM :
        When Mozilla NSS uses sqlite3 formatted databases the database names are different. Please see https://blogs.oracle.com/meena/entry/what_s_new_in_nss1

        key3.db -> key4.db
        cert8.db -> cert9.db
        secmod.db -> pkcs11.txt

        The JVM has a requirement for a file named secmod.db which does not exist when NSS uses sqlite.





        STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
        c:\ci-root\pkcs11\bin\modutil -create -dbdir sql:c:\ci-root\pkcs11\nssdb
        c:\ci-root\pkcs11\bin\modutil -add "SmartCard" -nocertdb -force -libfile "acpkcs211.dll" -dbdir sql:c:\ci-root\pkcs11\nssdb

        keytool -keystore NONE -storetype PKCS11 -providername SunPKCS11-NSS -list -v

        EXPECTED VERSUS ACTUAL BEHAVIOR :
        EXPECTED -
        I would not expect to receive this error.
        ACTUAL -
        See error message below regarding secmod.db not being found by sun.security.pkcs11.Secmod.initialize

        ERROR MESSAGES/STACK TRACES THAT OCCUR :
        keytool -keystore NONE -storetype PKCS11 -providername SunPKCS11-NSS -list -v
        keytool error: java.security.ProviderException: Could not initialize NSS
        java.security.ProviderException: Could not initialize NSS
                at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:212)
                at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:103)
                at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
                at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
                at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
                at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
                at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:224)
                at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:206)
                at java.security.AccessController.doPrivileged(Native Method)
                at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:206)
                at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:187)
                at sun.security.jca.ProviderList.getProvider(ProviderList.java:233)
                at sun.security.jca.ProviderList.getIndex(ProviderList.java:263)
                at sun.security.jca.ProviderList.getProviderConfig(ProviderList.java:247)
                at sun.security.jca.ProviderList.getProvider(ProviderList.java:253)
                at sun.security.jca.GetInstance.getService(GetInstance.java:81)
                at sun.security.jca.GetInstance.getInstance(GetInstance.java:206)
                at java.security.Security.getImpl(Security.java:698)
                at java.security.KeyStore.getInstance(KeyStore.java:896)
                at sun.security.tools.keytool.Main.doCommands(Main.java:768)
                at sun.security.tools.keytool.Main.run(Main.java:340)
                at sun.security.tools.keytool.Main.main(Main.java:333)
        Caused by: java.io.FileNotFoundException: c:\ci-root\pkcs11\nssdb\secmod.db
                at sun.security.pkcs11.Secmod.initialize(Secmod.java:205)
                at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:207)
                ... 21 more

        REPRODUCIBILITY :
        This bug can be reproduced always.

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  weijun Weijun Wang
                  Reporter:
                  webbuggrp Webbug Group
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: