How to use NSS with Jetty? -

May 15, 2010

i trying setup jetty use nss cryptographic engine. have gotten point server starts client tries connect seems hang in browser.

the setup process / code following follows (32-bit windows 1.6 jvm).

nss database creation

modutil.exe -create -dbdir c:\nssdb modutil.exe -create -fips true -dbdir c:\nssdb modutil.exe -create -changepw "nss fips 140-2 certificate db" -dbdir c:\nssdb

load nss java

string config = "name = nss\n"; config += "nsslibrarydirectory = c:\\nss\\lib\n"; config += "nsssecmoddirectory = c:\\nssdb\n"; config += "nssdbmode = readwrite\n"; config += "nssmodule = fips";  inputstream stream = new bytearrayinputstream(config.getbytes("utf-8"));  provider nss = new sun.security.pkcs11.sunpkcs11(stream); security.addprovider(nss);  int sunjsseposition = -1; int currentindex = 0; (provider provider : security.getproviders()) {     if ("sunjsse".equals(provider.getname())) {         sunjsseposition = currentindex + 1;         break;     }      currentindex++; }  security.removeprovider("sunjsse");  provider sunjsse = new com.sun.net.ssl.internal.ssl.provider(nss); if (sunjsseposition == -1) {     security.addprovider(sunjsse); } else {     security.insertproviderat(sunjsse, sunjsseposition); }

nss self sign certificate generation

c:\nss\bin\certutil.exe -s -n 127.0.0.1 -x -t "u,u,u" -s "cn=127.0.0.1, ou=foo, o=bar, l=city, st=ny, c=us" -m 25001 -d c:\nssdb

jetty startup

    keystore ks = keystore.getinstance("pkcs11");     ks.load(null, "supersecret");      //start setting jetty     server server = new server();      sslcontextfactory sslcontextfactory = new sslcontextfactory();     //sslcontextfactory.setkeystoreprovider("sunpkcs11-nss");     sslcontextfactory.setkeystore(ks);     //sslcontextfactory.setkeystorepassword(new string("supersecret"));      sslselectchannelconnector sslconnector = new sslselectchannelconnector(sslcontextfactory);     sslconnector.setport(443);     server.addconnector(sslconnector);      webappcontext context = new webappcontext();      //blah blah blah, setup jetty      server.sethandler(context);      server.start();     server.join();

any ideas?

edit: seems extremely odd can access server using internet explorer fine. firefox seems 1 having issue.

i have solved issue. turns out there severe bugs in java 6 ssl implementation. solution? switch java 7!

Search This Blog

DIs

How to use NSS with Jetty? -

nss database creation

load nss java

nss self sign certificate generation

jetty startup

Comments

Post a Comment

Popular posts from this blog

php - cannot display multiple markers in google maps v3 from traceroute result -

c# - DetailsView in ASP.Net - How to add another column on the side/add a control in each row? -

javascript - firefox memory leak -