[Jsdsi-users] Re: <Question about JSDSI>

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

 Dear Sameer,

     Thanks for your answering that is very informative.
     However, I found that "create" method in "Hash" class isn't included in
released jsdsi-0.5.jar(Although, the javadoc of this method is on the web).
Therefore, I still can't create valid hash value. Could you check on this,
please? or I misunderstood something still?

Sincerely,

Matt

----- Original Message ----- 
From: "Sameer Ajmani" <aj...@cs...>
To: <fc...@an...>
Cc: <jsd...@li...>
Sent: Tuesday, April 27, 2004 8:23 AM
Subject: Re: <Question about JSDSI>


> Your error is here:
> >       SexpString ss = new SexpString(certificate.toString());
> >       sos.writeCanonical(ss);
>
> You should not wrap the certificate in a SexpString.  Instead,
> write the certificate as a Sequence:
>
> sos.writeCanonical(certificate.toSequence().toSexp());
>
> [[[ NOTE TO ALL: This is pretty unintuitive; any suggestions on how to
> make it better? ]]]
>
>
>
> You should not access "engine" methods directly:
>
> >       jsdsi.sexp.CertificateFactory cert_f = new
> > jsdsi.sexp.CertificateFactory(); while (sis.available() > 0) {
> > /* ========== Exception happens in next line >>> Caught exception
> > java.security.cert.CertificateParsingException */
> >         jsdsi.Certificate jcertificate = (jsdsi.Certificate) cert_f.
> >             engineGenerateCertificate(sis);
> > /* ========== */
>
> Instead, obtain a CertificateFactory via the provider:
>
>  CertificateFactory cf = CertificateFactory.getInstance("SPKI/SEXP");
>
>  while (sis.available() > 0) {
>     Certificate cert = cf.generateCertificate(sis);
>     System.out.println(cert.toString());
>  }
>
>
>
> This signature is invalid, because "d" was not produced using any
> signature algorithm:
>
> >       /* Put the Cert(NameCert) and the Signature together in a
> > jsdsi.Certificate*/ byte[] d = new byte[1024];
> >       jsdsi.Signature sig = new jsdsi.Signature(pub, new
> > Hash("SHA",ncert), "RSA", d);
>
> Use one of the jsdsi.Signature.create() methods instead (these were added
> last month).  You should use Hash.create(), too. [[[ NOTE TO JSDSI
> DEVELOPERS: We should probably make the cosntructors for Hash and
> Signature package-private to avoid this problem in the future.  But
> somehow we have to let the parsers in jsdsi.sexp access them. ]]]
>
> Sameer
>
> > Dear Sameer and Sean,
> > I know I should post questions on maillist but it seems take some time
> > to get subscription confirmation letter, so sorry that I choose to
> > send my question in e-mail directly. The question is when I try to
> > generate the certificate from underlying s-exp stream (I highlighted
> > that code in /*===== ), that seems something wrong with the encoding
> > scheme or maybe other problmes. Could you help me figure out what
> > might be the problem and how to correct it?
> >
> > Sincerely,
> >
> > Matt Chang
> >
> > Following is my testing code within main() which stores NameCert to
> > File then restores from File :
> >
> > try {
> >
> >       /********** Client side ***********/
> >       /* Generate a RSA key pair */
> >       java.math.BigInteger m = new java.math.BigInteger("1024");
> > java.math.BigInteger e = new java.math.BigInteger("3");
> >       RSAPublicKey rsapk = new RSAPublicKey(m, e, "RSA");
> >
> >       /* Creates a new RSA key pair whose public key is a Principal */
> > KeyPair pair = rsapk.create();
> >       PrivateKey priv = pair.getPrivate();
> >       jsdsi.PublicKey pub = (jsdsi.PublicKey) pair.getPublic();
> >
> >       /* Creat a Name certificate */
> >       Validity v = new Validity(new Date(2004, 4, 24), new Date(2004,
> > 5,
> > 24)); NameCert ncert = new NameCert(pub, pub, v, "", "comment",
> >                                     "name-string");
> >
> >       /* Put the Cert(NameCert) and the Signature together in a
> > jsdsi.Certificate*/ byte[] d = new byte[1024];
> >       jsdsi.Signature sig = new jsdsi.Signature(pub, new
> > Hash("SHA",ncert), "RSA", d); jsdsi.Certificate certificate = new
> > jsdsi.Certificate(pub, ncert, sig);
> >
> >       /* Display this Certificate which includes Namecert and
> > signature
> > */ System.out.println("Client Agent: Certificate content: ");
> >       System.out.println(certificate.toString());
> >
> >       /* Transfer Certificate in S-expOutStream -> FileOutputStream */
> > FileOutputStream file_out = new FileOutputStream("namecert.txt");
> > SexpOutputStream sos = new SexpOutputStream(file_out);
> >       SexpString ss = new SexpString(certificate.toString());
> >       sos.writeCanonical(ss);
> >
> >       file_out.close();
> >
> >       /**************** Server Side **************/
> >       /* Retrieve Certificate from S-exp InStream <- FileInputStream*/
> > FileInputStream file_in = new FileInputStream("namecert.txt");
> > SexpInputStream sis = new SexpInputStream(file_in);
> >       jsdsi.sexp.CertificateFactory cert_f = new
> > jsdsi.sexp.CertificateFactory(); while (sis.available() > 0) {
> > /* ========== Exception happens in next line >>> Caught exception
> > java.security.cert.CertificateParsingException */
> >         jsdsi.Certificate jcertificate = (jsdsi.Certificate) cert_f.
> >             engineGenerateCertificate(sis);
> > /* ========== */
> >
> >         jsdsi.PublicKey s_pk =
> > (jsdsi.PublicKey)jcertificate.getPublicKey();
> > jcertificate.verify(s_pk);
> >
> >         /* Display this Certificate which includes Namecert and
> > signature */ System.out.println("Server Agent: Certificate
> > content: "); System.out.println(jcertificate.toString());
> >
> >         NameCert n_cert = (NameCert) jcertificate.getCert();
> >         System.out.println("Server Agent: Name certificate: ");
> >         System.out.println(n_cert.toString());
> >       }
> >
> >     }
> >     catch (Exception e) {
> >       System.err.println("Caught exception " + e.toString());
> >     }
> >
>
>
> http://ajmani.net
>
>
>
>
>