0 Replies Latest reply: Oct 30, 2012 9:08 AM by 941029 RSS

    Applet, CustomClassLoader and shared library (JSS)


      I have developed an signed applet which is used to sign XML and PDF documents in our online eBanking applications. It was requested that applet MUST support certificates on smartcards what it a mightmare, but OK security first.

      On Linux and Windows everything works fine with IE 8, 9, 10 and Chrome and Firefox with exceptions. Firefox uses its own NSS keystore. I have used Mozilla's JSS and NSS to enter Firefox keystore, what requires user to install JSS and NSS on its computer but OK, nothing to die for. As I mentioned I use JSS what is a Java wrapper to enter Firefox's keystore. It loads a library called jss4 (jss4.dll) with some dependant libraries. At first start everything IS OK, but on the second start a UnsatisfiedLinkError pops out - library jss4.dll is already loaded in another classloader. Woohoo. The only way to solve this problem is to TURN OFF (call System.exit(0)) JRE in destroy() method of an applet. It is an ungly solution, but it works for a cost of significat performance degradation (an applet must be completly reloaded every time...)

      My wish is to solve this problem - I have googled around and found potential solution: implementing a custom ClassLoader. A library jss4.dll is loaded by jss4.jar in class called CryptoManager. Currently this jar is part of my applet. But due need of CustomClassLoader and installation of JSS and NSPR dll libaries there is no problem to put this JAR on the client's hard drive. I followed http://codethesis.com/sites/default/index.php?servlet=4&content=2 tutorial and implemented as they did
      - the solution works if I load some library - for example C:/Windows/twain_32.dll. The classloader, library, and all other things get garbage colleted after I set them to the NULL and call System.gc() a few time (the same thing as is in the sample).
      - the solution do not work if I try to use the same thing on JSS library. I downloaded JSS4 source and added a proxy class which initializes CryptoManger and compiled it. Now I load modified jar with my customClassLoader and I still receive UnsatisfiedLinkError. I have overrided finalize() methods on some classes and found out why: a proxy class is finalized, but CryptoManager not - finalize method is never called - and perhaps that's why a customClassLoader is never finalized and garbage collected. Can be something wrong with CryptoManager implementation? The source of CryptoManager.java class is here: http://mxr.mozilla.org/mozilla/source/security/jss/org/mozilla/jss/CryptoManager.java. The class uses singelton pattern and lots of static variables - i also tried to add free method which sets all static variables to NULL, but it does not help. I would be very grateful if you can help solve this problem. Can be CryptoManager's implementation cause that this class is not garbage collected?

      Additional question: is there any other way, to load and unload this freakin' library - so when the applet will be started for the second time a JSS library will be available.

      I also can post source of my modifications if it may help solving this issue.