Closed
Bug 132677
Opened 23 years ago
Closed 23 years ago
Fail to find ca cert using PK11_FindCertsByNickname()
Categories
(JSS Graveyard :: Library, defect, P1)
Tracking
(Not tracked)
RESOLVED
INVALID
3.2
People
(Reporter: mzhao, Assigned: jamie-bugzilla)
Details
import java.lang.*;
import java.lang.reflect.*;
import java.io.*;
import java.util.*;
import org.mozilla.jss.util.*;
import org.mozilla.jss.asn1.*;
import org.mozilla.jss.*;
import org.mozilla.jss.crypto.*;
public class test {
public test() {
}
public static void main(String[]av) {
try {
// initialize CryptoManager
CryptoManager.InitializationValues vals =
new CryptoManager.InitializationValues(".", "",
"", "secmod.db");
CryptoManager.initialize(vals);
CryptoManager cm = CryptoManager.getInstance();
CryptoToken token = cm.getInternalKeyStorageToken();
String pw = "netscape";
char[] testpw = pw.toCharArray();
Password pass = new Password(testpw);
token.login(pass);
}
catch (Exception e) {
e.printStackTrace();
System.exit(1);
}
try {
String nickname = "Thawte Personal Premium CA";
X509Certificate[] certs =
CryptoManager.getInstance().findCertsByNickname(nickname);
if ( (certs == null || certs.length == 0) ) {
System.out.println("xxx cert not found for " +nickname);
}
} catch (Exception e) {
System.out.println( e);
}
}
}
|
Assignee | |
Updated•23 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Target Milestone: --- → 3.2
|
|
Assignee | |
Updated•23 years ago
|
Priority: -- → P1
|
|
Assignee | |
Comment 1•23 years ago
|
||
I reproduced this and figured out what's going on.
Now that the builtin CA certificates live in a PKCS #11 module, if you want to
look them up by nickname, you have to precede the nickname with "Builtin Object
Token:", which is the name that NSS gives to libnssckbi.so when it is loaded as
a PKCS #11 module. If you modify the test program to lookup "Builtin Object
Token:Thawte Personal Premium CA", it successfully finds the cert.
So there is a workaround.
In any case, we are now encouraging everyone to stop using nicknames, because of
all the nasty problems (like this one) that they cause. So I am closing this as
invalid.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → INVALID
|
|
Assignee | |
Comment 2•23 years ago
|
||
Hi Steve, this was filed by a former member of your team. Not sure what you want
to do about it.
QA Contact: somni
You need to log in
before you can comment on or make changes to this bug.
Description
•