firefoxpkcs#11nss

Where to find my FireFox profile? NSS cannot find external installed module/token in secmod.db

NOTE: I have found the answer to this question so I would close it. It's due to that the method returning the FireFox profile folder is not working, it just locates the directory where all profiles are located, but does not enter my profile folder. And under this folder (for example, /home/myUserName/.mozilla/firefox/, there are also key3.db, cert8.db and secmod.db, but it does not contain any user-specific settings, and I guess they serve as the base for creating all profiles the moment they are created. That's why they are not containing my added modules. Under this folder, I have 5yasix1g.default-1475600224376 where my profile is located, and that's where my key3.db, cert8.db and secmod.db are located.

I leave the question here and change the title to warn people who like me may have difficulties finding where their FF profiles are.

I managed to get NSS/JSS to work in my Ubuntu 16.04, but it only finds one module, the default NSS internal one.

I have these modules installed:

enter image description here

What I must load, is that one of Izenpe and DNIe. But when I debug, it only loads the first one.

With modutil shipped with NSS/NSPR, I have found the same. A checking of 

modutil -list -dbdir /home/myUserName/.mozilla/firefox

only shows one module.

(Another thing is that -dbdir's value should end with the directory where secmod.db is located, not the file itself, or modutil throws confusing error message, complaining: 

modutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.

)

I know I can add them and I am doing it, but it's weird that it's listed in FireFox but not in secmod.db. Isn't this file the database for all the installed modules that FF uses?

Also, after adding it, I cannot get access to external module. modutil -dbdir "/some/dir/properly/quoted" -list shows me this:

easternfox@easternfox-Ubuntu:~$ modutil -dbdir /home/easternfox/.mozilla/firefox -list
Listing of PKCS #11 Modules
-----------------------------------------------------------
  1. NSS Internal PKCS #11 Module
     slots: 2 slots attached
    status: loaded

     slot: NSS Internal Cryptographic Services
    token: NSS Generic Crypto Services

     slot: NSS User Private Key and Certificate Services
    token: NSS Certificate DB

  2. Izenpe PKCS#11
    library name: /usr/lib/libbit4ipki.so
     slots: 1 slot attached
    status: loaded

     slot: Cherry GmbH SmartBoard XX44 [Smart Card Reader USB] 00 00
    token: Izenpe 0

I use this code to load the PKCS#11 Provider:

if (OSUtil.isLinux()) {
    String config = "library=/usr/lib/i386-linux-gnu/nss/libsoftokn3.so\n"
    + "name=NSSCrypto-Firma\n"
    + "attributes=compatibility\n"
    + "slot=2\n"
    + "showInfo=true\n"
    + "allowSingleThreadedModules=true\n"
    + "nssArgs=\"configdir='" + NSS_JSS_Utils.getFireFoxProfilePath() + "' certPrefix='' keyPrefix='' secmod='secmod.db' + flags='readOnly'\" ";

    Provider provider = new SunPKCS11(new ByteArrayInputStream(config.getBytes()));
    Security.removeProvider("IAIK");
    //Security.addProvider(provider);
    Security.insertProviderAt(provider, 1);
    KeyStore.Builder builder = null;
    prevTryFailes = true;
    try {
        if (tries < 3 && prevTryFailes) {
            keystore = KeyStore.getInstance("PKCS11", provider);
            builder = KeyStore.Builder.newInstance("PKCS11", provider, new KeyStore.CallbackHandlerProtection(new UtilTarjetas(). new callback()));
            keystore = builder.getKeyStore();
            prevTryFailes = false;
        } 

        if (tries >= 3) {
            throw new KeyStoreException("Have entered 3 times password and not correct. ");
        }

    } catch (Exception e) {
        Traza.error(e);
        tries ++;
    }
}

Assuming from an exception thrown when specifying more then once the name property in the config, I suppose that I can load only one module in the Provider.

And, with these code I initialize the CryptoManager:

try {
    InitializationValues iv = new InitializationValues(NSS_JSS_Utils.getFireFoxProfilePath());
    iv.installJSSProvider = false;
    CryptoManager.initialize(iv);
    cm = CryptoManager.getInstance();
} catch (KeyDatabaseException | CertDatabaseException | GeneralSecurityException | NotInitializedException e) {
    e.printStackTrace();
} catch (AlreadyInitializedException e) {
    cm = CryptoManager.getInstance();
}
CustomPasswordCallback pcb = new CustomPasswordCallback();
cm.setPasswordCallback(pcb);

Enumeration< ? > emModules = cm.getModules();

When it reaches the final line, it only loads the internal module, not mine external ones.

Any help is appreciated. Thanks!

Solution

  • I have found the answer to this question.

    It's due to that the method returning the FireFox profile folder is not working, it just locates the directory where all profiles are located, but does not enter my profile folder. And under this folder (for example, /home/myUserName/.mozilla/firefox/, there are also key3.db, cert8.db and secmod.db, but they does not contain any user-specific settings, and I guess they serve as the base for creating all profiles the moment they are created. That's why they are not containing my added modules.

    Under this folder, I have 5yasix1g.default-1475600224376 where my profile is located, and that's where my key3.db, cert8.db and secmod.db are located.

    Edit

    To easily find your profile folder:

    Firefox Help - Troubleshooting information..., here you see "Profile directory", click Open directory.

    Or, just type in the direction bar:

    about:support