[Jsdsi-users] Re: <What's the correct way to send over Proof?>
Status: Pre-Alpha
Brought to you by:
sajma
Menu
▾
▴
[Jsdsi-users] Re: <What's the correct way to send over Proof?>
|
From: Feng-Shuo <fc...@an...> - 2004-05-05 23:43:29
|
Following up Mr. Ajmani's previous email, he suggested me to rewrite in
following way:
Client:
FileOutputStream pd_file_out = new
FileOutputStream("server_agent_queue.txt",
true);
jsdsi.sexp.ObjOutputStream pd_oos = new
jsdsi.sexp.ObjOutputStream(pd_file_out);
==> pd_oos.writeCanonical(proof.getSequence());
pd_file_out.close();
Server:
FileInputStream file_in = new FileInputStream("server_agent_queue.txt");
jsdsi.sexp.ObjInputStream ois = new jsdsi.sexp.ObjInputStream(fis);
while (true) {
if (ois.available() > 0) {
==> jsdsi.Proof pf = new Proof (Certificate.fromSequence
((jsdsi.Sequence) ois.readObj()));
break;
}
}
Then, I tried this method, and come up the following questions and output:
So the client's proof before send out is
(proof
Result cert ==>
(cert
(issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
(subject (public-key (rsa (e #03#) (n SCS_F)))))
5 Proof sequence ==>
(sequence
(cert
(issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
(subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
(signature
(hash md5 HASH-VALUE)
(public-key (rsa (e #03#) (n MATT)))
(rsa-pkcs1-md5 SIGNATURE-VALUE))
....
(cert
(issuer (name (public-key (rsa (e #03#) (n SCS))) scs_faculty))
(subject (public-key (rsa (e #03#) (n SCS_F)))))
(signature
(hash md5 HASH-VALUE)
(public-key (rsa (e #03#) (n SCS)))
(rsa-pkcs1-md5 SIGNATURE-VALUE))))
Then the result server get is:
(proof
(cert
(issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
(subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
(sequence
(cert
(issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
(subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
(signature
(hash md5 HASH-VALUE)
(public-key (rsa (e #03#) (n MATT)))
(rsa-pkcs1-md5 SIGNATURE-VALUE))))
which is only one of original proof certificates and its resutl proof cert
is changed also!
Then my questions again are:
1. If my client side supplies a proof that actually composes of 5 proofs
sequence certificates with 1 proof result cert in above fashion:
However, by using Mr. Ajmani's previous method, I can only receive one
proof which is the very first one and the result proof cert is changed too!
So my questions are how to maintain result proof cert intact and how to
compose serveral proofs into one proof
(I tried the way that client ship certifcates one by one which is from
proof.getCertificates() then server builds proofs by received certificates
then server uses proof.compose(proof) to concatenate those 5 proof
certificates to 1 proof but error is thrown when server try to compose and i
don't think the result cert will retain in such way neither)
2. When run the CertPathValidator, which cert and certstore I should feed
in CertPathParameters? (Is cert = (AclEntry which requests proofs)? Is
certstore = (client/server certstore)? )
Sorry about the confusion and thanks for your answering in advanced!
Matt
----- Original Message -----
From: "Sean Radford" <sra...@ae...>
To: "Feng-Shuo" <fc...@an...>
Cc: "Mr. Sameer Ajmani" <aj...@cs...>; "users jsdsi"
<jsd...@li...>
Sent: Wednesday, May 05, 2004 6:47 PM
Subject: Re: <What's the correct way to send over Proof?>
> Hi,
>
> Not entirely sure I follow what you mean, but do you mean that when you
> read a file (called 'file-from-client.txt' for example) containing:
>
> (proof
> (cert
> (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> (subject (public-key (rsa (e #03#) (n SCS_F)))))
> (sequence
> (cert
> (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> (subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
> (signature
> (hash md5 HASH-VALUE)
> (public-key (rsa (e #03#) (n MATT)))
> (rsa-pkcs1-md5 SIGNATURE-VALUE))
> ... [3 cert/signature pairs not included for brevity] ...
> (cert
> (issuer (name (public-key (rsa (e #03#) (n SCS))) scs_faculty))
> (subject (public-key (rsa (e #03#) (n SCS_F)))))
> (signature
> (hash md5 HASH-VALUE)
> (public-key (rsa (e #03#) (n SCS)))
> (rsa-pkcs1-md5 SIGNATURE-VALUE))))
>
>
> using something like:
>
> FileInputStream fis = new FileInputStream("file-from-client.txt");
> jsdsi.sexp.ObjInputStream ois = new
> jsdsi.sexp.ObjInputStream(fis);
> jsdsi.Proof proof = (jsdsi.Proof) ois.readObj();
>
> you get the Proof:
>
> (proof
> (cert
> (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> (subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
> (sequence
> (cert
> (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> (subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
> (signature
> (hash md5 HASH-VALUE)
> (public-key (rsa (e #03#) (n MATT)))
> (rsa-pkcs1-md5 SIGNATURE-VALUE))))
>
> ?
>
>
>
> On Wed, 2004-05-05 at 22:54, Feng-Shuo wrote:
> > Other questions about proof transmission:
> > 1. If my client side supplies a proof that actually composes of 5 proofs
> > sequence certificates with 1 proof result cert in following fashion:
> > However, by using above method, I can only receive one proof which
is
> > the very first one and the result proof cert is changed too!
> > So my questions are how to maintain result proof cert intact and how
to
> > compose serveral proofs into one proof
> > (I tried the way that client ship proof.getCertificates one by one
then
> > server build proofs by certificates then I use proof.compose to
concatenate
> > those 5 proof certificates but error is thrown when compose! and i don't
> > think the result cert will retain in such way neither)
> >
> > 2. When run the CertPathValidator, which cert and certstore I should
feed
> > in CertPathParameters? (Is cert = AclEntry which requestd proofs? Is
> > certstore = client/server certstore? )
> >
> > Client:
> > (proof
> >
> > Result cert ==>
> > (cert
> > (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> > (subject (public-key (rsa (e #03#) (n SCS_F)))))
> >
> > 5 Proof sequence ==>
> > (sequence
> > (cert
> > (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> > (subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
> > (signature
> > (hash md5 HASH-VALUE)
> > (public-key (rsa (e #03#) (n MATT)))
> > (rsa-pkcs1-md5 SIGNATURE-VALUE))
> > ....
> > (cert
> > (issuer (name (public-key (rsa (e #03#) (n SCS))) scs_faculty))
> > (subject (public-key (rsa (e #03#) (n SCS_F)))))
> > (signature
> > (hash md5 HASH-VALUE)
> > (public-key (rsa (e #03#) (n SCS)))
> > (rsa-pkcs1-md5 SIGNATURE-VALUE))))
> >
> > Server:
> > (proof
> > (cert
> > (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> > (subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
> > (sequence
> > (cert
> > (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> > (subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
> > (signature
> > (hash md5 HASH-VALUE)
> > (public-key (rsa (e #03#) (n MATT)))
> > (rsa-pkcs1-md5 SIGNATURE-VALUE))))
> >
> >
> >
> > ----- Original Message -----
> > From: "Sean Radford" <sra...@ae...>
> > To: "Mr. Sameer Ajmani" <aj...@cs...>
> > Cc: <fc...@an...>; "users jsdsi"
> > <jsd...@li...>
> > Sent: Wednesday, May 05, 2004 4:57 PM
> > Subject: Re: <What's the correct way to send over Proof?>
> >
> >
> > > On Wed, 2004-05-05 at 21:49, Sameer Ajmani wrote:
> > > > Good idea. The site should also include a HOWTO for several common
> > tasks:
> > > > creating keys, certificates, signatures, proofs, writing and reading
> > these
> > > > from a file or the network, etc.
> > > >
> > > Another good idea... I'll try to make a start on that this w/e (the
> > > HOWTO) - if the Proof stuff isn't done by then I'll try for that
too....
> > >
> > >
> > > Sean
> > >
> > > > Sameer
> > > >
> > > > > On Wed, 2004-05-05 at 12:16, Sameer Ajmani wrote:
> > > > >> You can transfer a Proof as a Sequence (using proof.getSequence).
> > But
> > > > >> we should probably add support for transferring it just as a
Proof.
> > > > >> The reason I didn't in the firts place is because Proof isn't
> > actually
> > > > >> an official SPKI/SDSI datatype---it's specific to JSDSI.
> > > > >>
> > > > >
> > > > > I'd vote for making Proof SExpression'able (and consequently
implement
> > > > > java.io.Serializable). Just seems sensible and thinking about
it... I
> > > > > hit the same problem (but never got round to raising the issue)
about
> > a
> > > > > year ago!
> > > > >
> > > > > Guess we should be adding things like this to the 'Future Work'
> > section
> > > > > of the site (so we don't forget them) - until we get an issue
tracking
> > > > > application going...
> > > > >
> > > > > Regards,
> > > > >
> > > > > Sean
> > > > >
> > > > >> Sameer
> > > > >>
> > > > >> > Dear Sameer, Sean, and jsdsi experts,
> > > > >> >
> > > > >> > Orignial NameCert or AuthCert which are be embedded in
Certifcate
> > > > >> can be sent and receive well by using CertificateFactory Engine
But
> > > > >> now, after the client generates proof from certificate discovery,
> > > > >> how should I send this over correctly? Currently, I try to use
> > > > >> jsdsi.ObjOutputStream and jsdsi.ObjInputStream: Client:
> > > > >> > FileOutputStream pd_file_out = new
> > > > >> > FileOutputStream("server_agent_queue.txt", true);
> > > > >> > jsdsi.sexp.ObjOutputStream pd_oos = new
> > > > >> > jsdsi.sexp.ObjOutputStream(pd_file_out);
> > > > >> > pd_oos.writeCanonical(proof);
> > > > >> > pd_file_out.close();
> > > > >> >
> > > > >> > Server:
> > > > >> > FileInputStream file_in = new
> > > > >> > FileInputStream("server_agent_queue.txt");
> > jsdsi.sexp.ObjInputStream
> > > > >> ois = new jsdsi.sexp.ObjInputStream(fis); while (true) {
> > > > >> > if (ois.available() > 0) {
> > > > >> > ===> jsdsi.Proof pf = (jsdsi.Proof) ois.readObj();
> > > > >> > break;
> > > > >> > }
> > > > >> > }
> > > > >> >
> > > > >> > But it occures following error on ===> line:
> > > > >> > jsdsi.sexp.SexpParseException: unrecognized object type: proof
> > > > >> >
> > > > >> > Any idea, please? and Thanks for answer in advanced!
> > > > >> >
> > > > >> > Sincerely,
> > > > >> >
> > > > >> > Matt
> > > > >>
> > > > >>
> > > > >> http://ajmani.net
> > > > >>
> > > > > --
> > > > > Dr. Sean Radford, MBBS, MSc
> > > > > sra...@ae...
> > > > > http://www.aegeus-technology.com
> > > >
> > > >
> > > > http://ajmani.net
> > > >
> > > --
> > > Dr. Sean Radford, MBBS, MSc
> > > sra...@ae...
> > > http://www.aegeus-technology.com
> > >
> > >
> > >
> --
> Dr. Sean Radford, MBBS, MSc
> sra...@ae...
> http://www.aegeus-technology.com
>
>
>
|
