[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Java Applet Security Problem

Subject: Re: Java Applet Security Problem
From: "Prasad Rajagopal" <email@hidden>
Date: Mon, 1 May 2006 16:22:06 -0400
Delivered-to: email@hidden
Delivered-to: email@hidden
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type; b=H2GjwFOs27F8lNIca1JG27ETuEgb3pDlWHfMTiiEmL04KS5X166YV2w24ojNIdk2QM1dhWw+FcI4mgq5VLb7nLpNb1dh/HktwlzTdrZqi1dLBal9cIT2eaIExdXtk3cb8lIEhV36arETBGXDP3h4rDauAlm/IPwnIRAoy5yUH1I=

Thanks for the help so far.

Greg Guerin wrote:

>> See the API docs for the RuntimePermissions class, and search the page for
>> "loadLib" to see how the permission is named.

Its says "Dynamic linking of the specified Library"

>> It's very important that BOTH the jar that calls loadLibrary() AND its
>> properly-named JNI-lib file be placed in the same extensions directory.

I followed your suggestion of "applet-context" vs "java-extension" by moving both the
jar file and its JNI-lib to same directory (user's home /Library/Java/Extensions). Then tried to invoke the applet.But gave me same error.

>> if you've modified the pkcs11wrapper Java source at all, then you also need
>> to confirm that the loadLibrary() call is asking for "pkcs11wrapper". The
>> "lib" prefix and ".jnilib" suffix MUST NOT be part of the requested name.

I am using OO-java wrapper. My java application at the top layer calls getInstance() of the Module class (belongs to the java wrapper).

Here is a better picture of what's going on behind the screens

pkcs11ModuleName = "libetpkcs11.so" in /usr/local/lib

/**
   * Get an instance of this class by giving the name of the PKCS#11 module;
   * e.g. "slbck.dll".
   *
   * @param pkcs11ModuleName The name of the module; e.g. "slbck.dll".
   * @return An instance of Module that is connected to the given PKCS#11
   *         module.
   * @exception IOException If connecting to the named module fails.
   * @preconditions (pkcs11ModuleName <> null)
   *                and (pkcs11ModuleName is a valid PKCS#11 module name)
   * @postconditions
   */

public static Module getInstance(String pkcs11ModuleName)
      throws IOException
{
    if (pkcs11ModuleName == null) {
      throw new NullPointerException("Argument \"pkcs11ModuleName\" must not be null.");
    }
    PKCS11 pkcs11Module = PKCS11Connector.connectToPKCS11Module(pkcs11ModuleName);

return new Module(pkcs11Module) ;
}

*-----------------------------------------------------------------------------------------------------*

The getInstance() calls the connectToPKCS11Module() of PKCS11Connector class

/**
   * Connect to a PKCS#11 module and get an interface to it.
   *
   * @param pkcs11ModulePath The path to the PKCS#11 library.
   * @return The interface object to access the PKCS#11 module.
   * @exception IOException If finding the module or connecting to it fails.
   */

public static PKCS11 connectToPKCS11Module(String pkcs11ModulePath)
throws IOException
{
return new PKCS11Implementation(pkcs11ModulePath);
}

*-----------------------------------------------------------------------------------------------------*

Inturn creates an Object of PKCS11Implementation class

/**
   * Connects to the PKCS#11 driver given. The filename must contain the
   * path, if the driver is not in the system's search path.
   *
   * @param pkcs11ModulePath the PKCS#11 library path
   * @exception IOException If linking to the given module failed.
   * @preconditions (pkcs11ModulePath <> null)
   * @postconditions
   */

PKCS11Implementation(String pkcs11ModulePath)
      throws IOException
{
    ensureLinkedAndInitialized();
    connect(pkcs11ModulePath);
    pkcs11ModulePath_ = pkcs11ModulePath;
}

*------------------------------------------------------------------------------------------------------*

PKCS11Implementation class calls ensureLinkedAndInitialized() method and this is the method responsible for loading
the "libpkcs11wrapper.jnilib" file that in the

Users' home /Library/Java/Extensions folder as suggested.

/**
   * This method ensures that the library is linked to this class and that it
   * is initialized.
   *
   * @preconditions
   * @postconditions
   */
public static synchronized void ensureLinkedAndInitialized() {
    if (!linkedAndInitialized_) {
      /* We do not call loadLibrary in a static initializer to allow better use in
       * applets. Static initialization blocks have a differrent security context.
       */
      System.loadLibrary(PKCS11_WRAPPER);
      initializeLibrary();
      linkedAndInitialized_ = true;
    }
}

------------------------------------------------------------------------------------------------------------

Wondering if this comment makes any difference

     /* We do not call loadLibrary in a static initializer to allow better use in
       * applets. Static initialization blocks have a differrent security context.
       */
      System.loadLibrary(PKCS11_WRAPPER);

where PKCS11_WRAPPER = "pkcs11wrapper" and "libpkcs11wrapper.jnilib" is in users' home /Library/Java/Extensions (created this new folder, wasn't there before)

showing me the same error. Hope this helps to figure out what's the problem.

Thanks

Prasad

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Java-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/java-dev/email@hidden

This email sent to email@hidden

Prev by Date: JVM apparently hanging
Next by Date: Re: Java Applet Security Problem
Previous by thread: Re: Java Applet Security Problem
Next by thread: Re: Java Applet Security Problem
Index(es):
- Date
- Thread

Home