[Jsdsi-users] Re: <Question about JSDSI>

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Your error is here:
>       SexpString ss = new SexpString(certificate.toString());
>       sos.writeCanonical(ss);

You should not wrap the certificate in a SexpString.  Instead,
write the certificate as a Sequence:

sos.writeCanonical(certificate.toSequence().toSexp());

[[[ NOTE TO ALL: This is pretty unintuitive; any suggestions on how to
make it better? ]]]

You should not access "engine" methods directly:

>       jsdsi.sexp.CertificateFactory cert_f = new
> jsdsi.sexp.CertificateFactory(); while (sis.available() > 0) {
> /* ========== Exception happens in next line >>> Caught exception
> java.security.cert.CertificateParsingException */
>         jsdsi.Certificate jcertificate = (jsdsi.Certificate) cert_f.
>             engineGenerateCertificate(sis);
> /* ========== */

Instead, obtain a CertificateFactory via the provider:

 CertificateFactory cf = CertificateFactory.getInstance("SPKI/SEXP");

 while (sis.available() > 0) {
    Certificate cert = cf.generateCertificate(sis);
    System.out.println(cert.toString());
 }

This signature is invalid, because "d" was not produced using any
signature algorithm:

>       /* Put the Cert(NameCert) and the Signature together in a
> jsdsi.Certificate*/ byte[] d = new byte[1024];
>       jsdsi.Signature sig = new jsdsi.Signature(pub, new
> Hash("SHA",ncert), "RSA", d);

Use one of the jsdsi.Signature.create() methods instead (these were added
last month).  You should use Hash.create(), too. [[[ NOTE TO JSDSI
DEVELOPERS: We should probably make the cosntructors for Hash and
Signature package-private to avoid this problem in the future.  But
somehow we have to let the parsers in jsdsi.sexp access them. ]]]

Sameer

> Dear Sameer and Sean,
> I know I should post questions on maillist but it seems take some time
> to get subscription confirmation letter, so sorry that I choose to
> send my question in e-mail directly. The question is when I try to
> generate the certificate from underlying s-exp stream (I highlighted
> that code in /*===== ), that seems something wrong with the encoding
> scheme or maybe other problmes. Could you help me figure out what
> might be the problem and how to correct it?
>
> Sincerely,
>
> Matt Chang
>
> Following is my testing code within main() which stores NameCert to
> File then restores from File :
>
> try {
>
>       /********** Client side ***********/
>       /* Generate a RSA key pair */
>       java.math.BigInteger m = new java.math.BigInteger("1024");
> java.math.BigInteger e = new java.math.BigInteger("3");
>       RSAPublicKey rsapk = new RSAPublicKey(m, e, "RSA");
>
>       /* Creates a new RSA key pair whose public key is a Principal */
> KeyPair pair = rsapk.create();
>       PrivateKey priv = pair.getPrivate();
>       jsdsi.PublicKey pub = (jsdsi.PublicKey) pair.getPublic();
>
>       /* Creat a Name certificate */
>       Validity v = new Validity(new Date(2004, 4, 24), new Date(2004,
> 5,
> 24)); NameCert ncert = new NameCert(pub, pub, v, "", "comment",
>                                     "name-string");
>
>       /* Put the Cert(NameCert) and the Signature together in a
> jsdsi.Certificate*/ byte[] d = new byte[1024];
>       jsdsi.Signature sig = new jsdsi.Signature(pub, new
> Hash("SHA",ncert), "RSA", d); jsdsi.Certificate certificate = new
> jsdsi.Certificate(pub, ncert, sig);
>
>       /* Display this Certificate which includes Namecert and
> signature
> */ System.out.println("Client Agent: Certificate content: ");
>       System.out.println(certificate.toString());
>
>       /* Transfer Certificate in S-expOutStream -> FileOutputStream */
> FileOutputStream file_out = new FileOutputStream("namecert.txt");
> SexpOutputStream sos = new SexpOutputStream(file_out);
>       SexpString ss = new SexpString(certificate.toString());
>       sos.writeCanonical(ss);
>
>       file_out.close();
>
>       /**************** Server Side **************/
>       /* Retrieve Certificate from S-exp InStream <- FileInputStream*/
> FileInputStream file_in = new FileInputStream("namecert.txt");
> SexpInputStream sis = new SexpInputStream(file_in);
>       jsdsi.sexp.CertificateFactory cert_f = new
> jsdsi.sexp.CertificateFactory(); while (sis.available() > 0) {
> /* ========== Exception happens in next line >>> Caught exception
> java.security.cert.CertificateParsingException */
>         jsdsi.Certificate jcertificate = (jsdsi.Certificate) cert_f.
>             engineGenerateCertificate(sis);
> /* ========== */
>
>         jsdsi.PublicKey s_pk =
> (jsdsi.PublicKey)jcertificate.getPublicKey();
> jcertificate.verify(s_pk);
>
>         /* Display this Certificate which includes Namecert and
> signature */ System.out.println("Server Agent: Certificate
> content: "); System.out.println(jcertificate.toString());
>
>         NameCert n_cert = (NameCert) jcertificate.getCert();
>         System.out.println("Server Agent: Name certificate: ");
>         System.out.println(n_cert.toString());
>       }
>
>     }
>     catch (Exception e) {
>       System.err.println("Caught exception " + e.toString());
>     }
>

http://ajmani.net