Thread: [Jsdsi-users] Re: <Question about JSDSI>
Status: Pre-Alpha
Brought to you by:
sajma
From: Sameer A. <aj...@cs...> - 2004-04-27 12:23:22
|
Your error is here: > SexpString ss = new SexpString(certificate.toString()); > sos.writeCanonical(ss); You should not wrap the certificate in a SexpString. Instead, write the certificate as a Sequence: sos.writeCanonical(certificate.toSequence().toSexp()); [[[ NOTE TO ALL: This is pretty unintuitive; any suggestions on how to make it better? ]]] You should not access "engine" methods directly: > jsdsi.sexp.CertificateFactory cert_f = new > jsdsi.sexp.CertificateFactory(); while (sis.available() > 0) { > /* ========== Exception happens in next line >>> Caught exception > java.security.cert.CertificateParsingException */ > jsdsi.Certificate jcertificate = (jsdsi.Certificate) cert_f. > engineGenerateCertificate(sis); > /* ========== */ Instead, obtain a CertificateFactory via the provider: CertificateFactory cf = CertificateFactory.getInstance("SPKI/SEXP"); while (sis.available() > 0) { Certificate cert = cf.generateCertificate(sis); System.out.println(cert.toString()); } This signature is invalid, because "d" was not produced using any signature algorithm: > /* Put the Cert(NameCert) and the Signature together in a > jsdsi.Certificate*/ byte[] d = new byte[1024]; > jsdsi.Signature sig = new jsdsi.Signature(pub, new > Hash("SHA",ncert), "RSA", d); Use one of the jsdsi.Signature.create() methods instead (these were added last month). You should use Hash.create(), too. [[[ NOTE TO JSDSI DEVELOPERS: We should probably make the cosntructors for Hash and Signature package-private to avoid this problem in the future. But somehow we have to let the parsers in jsdsi.sexp access them. ]]] Sameer > Dear Sameer and Sean, > I know I should post questions on maillist but it seems take some time > to get subscription confirmation letter, so sorry that I choose to > send my question in e-mail directly. The question is when I try to > generate the certificate from underlying s-exp stream (I highlighted > that code in /*===== ), that seems something wrong with the encoding > scheme or maybe other problmes. Could you help me figure out what > might be the problem and how to correct it? > > Sincerely, > > Matt Chang > > Following is my testing code within main() which stores NameCert to > File then restores from File : > > try { > > /********** Client side ***********/ > /* Generate a RSA key pair */ > java.math.BigInteger m = new java.math.BigInteger("1024"); > java.math.BigInteger e = new java.math.BigInteger("3"); > RSAPublicKey rsapk = new RSAPublicKey(m, e, "RSA"); > > /* Creates a new RSA key pair whose public key is a Principal */ > KeyPair pair = rsapk.create(); > PrivateKey priv = pair.getPrivate(); > jsdsi.PublicKey pub = (jsdsi.PublicKey) pair.getPublic(); > > /* Creat a Name certificate */ > Validity v = new Validity(new Date(2004, 4, 24), new Date(2004, > 5, > 24)); NameCert ncert = new NameCert(pub, pub, v, "", "comment", > "name-string"); > > /* Put the Cert(NameCert) and the Signature together in a > jsdsi.Certificate*/ byte[] d = new byte[1024]; > jsdsi.Signature sig = new jsdsi.Signature(pub, new > Hash("SHA",ncert), "RSA", d); jsdsi.Certificate certificate = new > jsdsi.Certificate(pub, ncert, sig); > > /* Display this Certificate which includes Namecert and > signature > */ System.out.println("Client Agent: Certificate content: "); > System.out.println(certificate.toString()); > > /* Transfer Certificate in S-expOutStream -> FileOutputStream */ > FileOutputStream file_out = new FileOutputStream("namecert.txt"); > SexpOutputStream sos = new SexpOutputStream(file_out); > SexpString ss = new SexpString(certificate.toString()); > sos.writeCanonical(ss); > > file_out.close(); > > /**************** Server Side **************/ > /* Retrieve Certificate from S-exp InStream <- FileInputStream*/ > FileInputStream file_in = new FileInputStream("namecert.txt"); > SexpInputStream sis = new SexpInputStream(file_in); > jsdsi.sexp.CertificateFactory cert_f = new > jsdsi.sexp.CertificateFactory(); while (sis.available() > 0) { > /* ========== Exception happens in next line >>> Caught exception > java.security.cert.CertificateParsingException */ > jsdsi.Certificate jcertificate = (jsdsi.Certificate) cert_f. > engineGenerateCertificate(sis); > /* ========== */ > > jsdsi.PublicKey s_pk = > (jsdsi.PublicKey)jcertificate.getPublicKey(); > jcertificate.verify(s_pk); > > /* Display this Certificate which includes Namecert and > signature */ System.out.println("Server Agent: Certificate > content: "); System.out.println(jcertificate.toString()); > > NameCert n_cert = (NameCert) jcertificate.getCert(); > System.out.println("Server Agent: Name certificate: "); > System.out.println(n_cert.toString()); > } > > } > catch (Exception e) { > System.err.println("Caught exception " + e.toString()); > } > http://ajmani.net |
From: Feng-Shuo <fc...@an...> - 2004-04-28 03:21:48
|
Dear Sameer, Thanks for your answering that is very informative. However, I found that "create" method in "Hash" class isn't included in released jsdsi-0.5.jar(Although, the javadoc of this method is on the web). Therefore, I still can't create valid hash value. Could you check on this, please? or I misunderstood something still? Sincerely, Matt ----- Original Message ----- From: "Sameer Ajmani" <aj...@cs...> To: <fc...@an...> Cc: <jsd...@li...> Sent: Tuesday, April 27, 2004 8:23 AM Subject: Re: <Question about JSDSI> > Your error is here: > > SexpString ss = new SexpString(certificate.toString()); > > sos.writeCanonical(ss); > > You should not wrap the certificate in a SexpString. Instead, > write the certificate as a Sequence: > > sos.writeCanonical(certificate.toSequence().toSexp()); > > [[[ NOTE TO ALL: This is pretty unintuitive; any suggestions on how to > make it better? ]]] > > > > You should not access "engine" methods directly: > > > jsdsi.sexp.CertificateFactory cert_f = new > > jsdsi.sexp.CertificateFactory(); while (sis.available() > 0) { > > /* ========== Exception happens in next line >>> Caught exception > > java.security.cert.CertificateParsingException */ > > jsdsi.Certificate jcertificate = (jsdsi.Certificate) cert_f. > > engineGenerateCertificate(sis); > > /* ========== */ > > Instead, obtain a CertificateFactory via the provider: > > CertificateFactory cf = CertificateFactory.getInstance("SPKI/SEXP"); > > while (sis.available() > 0) { > Certificate cert = cf.generateCertificate(sis); > System.out.println(cert.toString()); > } > > > > This signature is invalid, because "d" was not produced using any > signature algorithm: > > > /* Put the Cert(NameCert) and the Signature together in a > > jsdsi.Certificate*/ byte[] d = new byte[1024]; > > jsdsi.Signature sig = new jsdsi.Signature(pub, new > > Hash("SHA",ncert), "RSA", d); > > Use one of the jsdsi.Signature.create() methods instead (these were added > last month). You should use Hash.create(), too. [[[ NOTE TO JSDSI > DEVELOPERS: We should probably make the cosntructors for Hash and > Signature package-private to avoid this problem in the future. But > somehow we have to let the parsers in jsdsi.sexp access them. ]]] > > Sameer > > > Dear Sameer and Sean, > > I know I should post questions on maillist but it seems take some time > > to get subscription confirmation letter, so sorry that I choose to > > send my question in e-mail directly. The question is when I try to > > generate the certificate from underlying s-exp stream (I highlighted > > that code in /*===== ), that seems something wrong with the encoding > > scheme or maybe other problmes. Could you help me figure out what > > might be the problem and how to correct it? > > > > Sincerely, > > > > Matt Chang > > > > Following is my testing code within main() which stores NameCert to > > File then restores from File : > > > > try { > > > > /********** Client side ***********/ > > /* Generate a RSA key pair */ > > java.math.BigInteger m = new java.math.BigInteger("1024"); > > java.math.BigInteger e = new java.math.BigInteger("3"); > > RSAPublicKey rsapk = new RSAPublicKey(m, e, "RSA"); > > > > /* Creates a new RSA key pair whose public key is a Principal */ > > KeyPair pair = rsapk.create(); > > PrivateKey priv = pair.getPrivate(); > > jsdsi.PublicKey pub = (jsdsi.PublicKey) pair.getPublic(); > > > > /* Creat a Name certificate */ > > Validity v = new Validity(new Date(2004, 4, 24), new Date(2004, > > 5, > > 24)); NameCert ncert = new NameCert(pub, pub, v, "", "comment", > > "name-string"); > > > > /* Put the Cert(NameCert) and the Signature together in a > > jsdsi.Certificate*/ byte[] d = new byte[1024]; > > jsdsi.Signature sig = new jsdsi.Signature(pub, new > > Hash("SHA",ncert), "RSA", d); jsdsi.Certificate certificate = new > > jsdsi.Certificate(pub, ncert, sig); > > > > /* Display this Certificate which includes Namecert and > > signature > > */ System.out.println("Client Agent: Certificate content: "); > > System.out.println(certificate.toString()); > > > > /* Transfer Certificate in S-expOutStream -> FileOutputStream */ > > FileOutputStream file_out = new FileOutputStream("namecert.txt"); > > SexpOutputStream sos = new SexpOutputStream(file_out); > > SexpString ss = new SexpString(certificate.toString()); > > sos.writeCanonical(ss); > > > > file_out.close(); > > > > /**************** Server Side **************/ > > /* Retrieve Certificate from S-exp InStream <- FileInputStream*/ > > FileInputStream file_in = new FileInputStream("namecert.txt"); > > SexpInputStream sis = new SexpInputStream(file_in); > > jsdsi.sexp.CertificateFactory cert_f = new > > jsdsi.sexp.CertificateFactory(); while (sis.available() > 0) { > > /* ========== Exception happens in next line >>> Caught exception > > java.security.cert.CertificateParsingException */ > > jsdsi.Certificate jcertificate = (jsdsi.Certificate) cert_f. > > engineGenerateCertificate(sis); > > /* ========== */ > > > > jsdsi.PublicKey s_pk = > > (jsdsi.PublicKey)jcertificate.getPublicKey(); > > jcertificate.verify(s_pk); > > > > /* Display this Certificate which includes Namecert and > > signature */ System.out.println("Server Agent: Certificate > > content: "); System.out.println(jcertificate.toString()); > > > > NameCert n_cert = (NameCert) jcertificate.getCert(); > > System.out.println("Server Agent: Name certificate: "); > > System.out.println(n_cert.toString()); > > } > > > > } > > catch (Exception e) { > > System.err.println("Caught exception " + e.toString()); > > } > > > > > http://ajmani.net > > > > > |
From: Sean R. <sra...@ae...> - 2004-04-28 08:58:43
|
Hi, The Hash.create(String, byte[], URI[]) method was added on 26th May, 4 days after the 0.5 release. If you need (would like) this method then I would suggest the latest 'snapshot' jar from the jsdsi maven repository. http://jsdsi.sourceforge.net/maven/jsdsi/jars/ Hope that helps, regards, Sean On Wed, 2004-04-28 at 04:21, Feng-Shuo wrote: > Dear Sameer, > > Thanks for your answering that is very informative. > However, I found that "create" method in "Hash" class isn't included in > released jsdsi-0.5.jar(Although, the javadoc of this method is on the web). > Therefore, I still can't create valid hash value. Could you check on this, > please? or I misunderstood something still? > > Sincerely, > > Matt > > ----- Original Message ----- > From: "Sameer Ajmani" <aj...@cs...> > To: <fc...@an...> > Cc: <jsd...@li...> > Sent: Tuesday, April 27, 2004 8:23 AM > Subject: Re: <Question about JSDSI> > > > > Your error is here: > > > SexpString ss = new SexpString(certificate.toString()); > > > sos.writeCanonical(ss); > > > > You should not wrap the certificate in a SexpString. Instead, > > write the certificate as a Sequence: > > > > sos.writeCanonical(certificate.toSequence().toSexp()); > > > > [[[ NOTE TO ALL: This is pretty unintuitive; any suggestions on how to > > make it better? ]]] > > > > > > > > You should not access "engine" methods directly: > > > > > jsdsi.sexp.CertificateFactory cert_f = new > > > jsdsi.sexp.CertificateFactory(); while (sis.available() > 0) { > > > /* ========== Exception happens in next line >>> Caught exception > > > java.security.cert.CertificateParsingException */ > > > jsdsi.Certificate jcertificate = (jsdsi.Certificate) cert_f. > > > engineGenerateCertificate(sis); > > > /* ========== */ > > > > Instead, obtain a CertificateFactory via the provider: > > > > CertificateFactory cf = CertificateFactory.getInstance("SPKI/SEXP"); > > > > while (sis.available() > 0) { > > Certificate cert = cf.generateCertificate(sis); > > System.out.println(cert.toString()); > > } > > > > > > > > This signature is invalid, because "d" was not produced using any > > signature algorithm: > > > > > /* Put the Cert(NameCert) and the Signature together in a > > > jsdsi.Certificate*/ byte[] d = new byte[1024]; > > > jsdsi.Signature sig = new jsdsi.Signature(pub, new > > > Hash("SHA",ncert), "RSA", d); > > > > Use one of the jsdsi.Signature.create() methods instead (these were added > > last month). You should use Hash.create(), too. [[[ NOTE TO JSDSI > > DEVELOPERS: We should probably make the cosntructors for Hash and > > Signature package-private to avoid this problem in the future. But > > somehow we have to let the parsers in jsdsi.sexp access them. ]]] > > > > Sameer > > > > > Dear Sameer and Sean, > > > I know I should post questions on maillist but it seems take some time > > > to get subscription confirmation letter, so sorry that I choose to > > > send my question in e-mail directly. The question is when I try to > > > generate the certificate from underlying s-exp stream (I highlighted > > > that code in /*===== ), that seems something wrong with the encoding > > > scheme or maybe other problmes. Could you help me figure out what > > > might be the problem and how to correct it? > > > > > > Sincerely, > > > > > > Matt Chang > > > > > > Following is my testing code within main() which stores NameCert to > > > File then restores from File : > > > > > > try { > > > > > > /********** Client side ***********/ > > > /* Generate a RSA key pair */ > > > java.math.BigInteger m = new java.math.BigInteger("1024"); > > > java.math.BigInteger e = new java.math.BigInteger("3"); > > > RSAPublicKey rsapk = new RSAPublicKey(m, e, "RSA"); > > > > > > /* Creates a new RSA key pair whose public key is a Principal */ > > > KeyPair pair = rsapk.create(); > > > PrivateKey priv = pair.getPrivate(); > > > jsdsi.PublicKey pub = (jsdsi.PublicKey) pair.getPublic(); > > > > > > /* Creat a Name certificate */ > > > Validity v = new Validity(new Date(2004, 4, 24), new Date(2004, > > > 5, > > > 24)); NameCert ncert = new NameCert(pub, pub, v, "", "comment", > > > "name-string"); > > > > > > /* Put the Cert(NameCert) and the Signature together in a > > > jsdsi.Certificate*/ byte[] d = new byte[1024]; > > > jsdsi.Signature sig = new jsdsi.Signature(pub, new > > > Hash("SHA",ncert), "RSA", d); jsdsi.Certificate certificate = new > > > jsdsi.Certificate(pub, ncert, sig); > > > > > > /* Display this Certificate which includes Namecert and > > > signature > > > */ System.out.println("Client Agent: Certificate content: "); > > > System.out.println(certificate.toString()); > > > > > > /* Transfer Certificate in S-expOutStream -> FileOutputStream */ > > > FileOutputStream file_out = new FileOutputStream("namecert.txt"); > > > SexpOutputStream sos = new SexpOutputStream(file_out); > > > SexpString ss = new SexpString(certificate.toString()); > > > sos.writeCanonical(ss); > > > > > > file_out.close(); > > > > > > /**************** Server Side **************/ > > > /* Retrieve Certificate from S-exp InStream <- FileInputStream*/ > > > FileInputStream file_in = new FileInputStream("namecert.txt"); > > > SexpInputStream sis = new SexpInputStream(file_in); > > > jsdsi.sexp.CertificateFactory cert_f = new > > > jsdsi.sexp.CertificateFactory(); while (sis.available() > 0) { > > > /* ========== Exception happens in next line >>> Caught exception > > > java.security.cert.CertificateParsingException */ > > > jsdsi.Certificate jcertificate = (jsdsi.Certificate) cert_f. > > > engineGenerateCertificate(sis); > > > /* ========== */ > > > > > > jsdsi.PublicKey s_pk = > > > (jsdsi.PublicKey)jcertificate.getPublicKey(); > > > jcertificate.verify(s_pk); > > > > > > /* Display this Certificate which includes Namecert and > > > signature */ System.out.println("Server Agent: Certificate > > > content: "); System.out.println(jcertificate.toString()); > > > > > > NameCert n_cert = (NameCert) jcertificate.getCert(); > > > System.out.println("Server Agent: Name certificate: "); > > > System.out.println(n_cert.toString()); > > > } > > > > > > } > > > catch (Exception e) { > > > System.err.println("Caught exception " + e.toString()); > > > } > > > > > > > > > http://ajmani.net > > > > > > > > > > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: Oracle 10g > Get certified on the hottest thing ever to hit the market... Oracle 10g. > Take an Oracle 10g class now, and we'll give you the exam FREE. > http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click > _______________________________________________ > Jsdsi-users mailing list > Jsd...@li... > https://lists.sourceforge.net/lists/listinfo/jsdsi-users -- Dr. Sean Radford, MBBS, MSc sra...@ae... http://www.aegeus-technology.com |