[Jsdsi-users] Re: <What's the correct way to send over Proof?>
Status: Pre-Alpha
Brought to you by:
sajma
Menu
▾
▴
[Jsdsi-users] Re: <What's the correct way to send over Proof?>
|
From: Sameer A. <aj...@cs...> - 2004-05-06 00:18:54
|
Okay,
I've checked in a change that allows Proofs to be parsed via Obj.parseObj
(or Proof.parseProof), which means you can use ObjInput/OutputStreams to
transfer them. I haven't tested this yet, though, so just let me know if
it's broken :)
Sameer
> Following up Mr. Ajmani's previous email, he suggested me to rewrite in
> following way:
> Client:
> FileOutputStream pd_file_out = new
> FileOutputStream("server_agent_queue.txt",
> true);
> jsdsi.sexp.ObjOutputStream pd_oos = new
> jsdsi.sexp.ObjOutputStream(pd_file_out);
> ==> pd_oos.writeCanonical(proof.getSequence());
> pd_file_out.close();
>
> Server:
> FileInputStream file_in = new
> FileInputStream("server_agent_queue.txt"); jsdsi.sexp.ObjInputStream
> ois = new jsdsi.sexp.ObjInputStream(fis); while (true) {
> if (ois.available() > 0) {
> ==> jsdsi.Proof pf = new Proof (Certificate.fromSequence
> ((jsdsi.Sequence) ois.readObj()));
> break;
> }
> }
>
> Then, I tried this method, and come up the following questions and
> output: So the client's proof before send out is
> (proof
>
> Result cert ==>
> (cert
> (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> (subject (public-key (rsa (e #03#) (n SCS_F)))))
>
> 5 Proof sequence ==>
> (sequence
> (cert
> (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> (subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
> (signature
> (hash md5 HASH-VALUE)
> (public-key (rsa (e #03#) (n MATT)))
> (rsa-pkcs1-md5 SIGNATURE-VALUE))
> ....
> (cert
> (issuer (name (public-key (rsa (e #03#) (n SCS))) scs_faculty))
> (subject (public-key (rsa (e #03#) (n SCS_F)))))
> (signature
> (hash md5 HASH-VALUE)
> (public-key (rsa (e #03#) (n SCS)))
> (rsa-pkcs1-md5 SIGNATURE-VALUE))))
>
> Then the result server get is:
> (proof
> (cert
> (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> (subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
> (sequence
> (cert
> (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> (subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
> (signature
> (hash md5 HASH-VALUE)
> (public-key (rsa (e #03#) (n MATT)))
> (rsa-pkcs1-md5 SIGNATURE-VALUE))))
>
> which is only one of original proof certificates and its resutl proof
> cert is changed also!
>
> Then my questions again are:
> 1. If my client side supplies a proof that actually composes of 5 proofs
> sequence certificates with 1 proof result cert in above fashion:
> However, by using Mr. Ajmani's previous method, I can only receive
> one
> proof which is the very first one and the result proof cert is changed
> too!
> So my questions are how to maintain result proof cert intact and how
> to
> compose serveral proofs into one proof
> (I tried the way that client ship certifcates one by one which is
> from
> proof.getCertificates() then server builds proofs by received
> certificates then server uses proof.compose(proof) to concatenate those
> 5 proof certificates to 1 proof but error is thrown when server try to
> compose and i don't think the result cert will retain in such way
> neither)
>
> 2. When run the CertPathValidator, which cert and certstore I should
> feed
> in CertPathParameters? (Is cert = (AclEntry which requests proofs)? Is
> certstore = (client/server certstore)? )
>
> Sorry about the confusion and thanks for your answering in advanced!
>
> Matt
>
> ----- Original Message -----
> From: "Sean Radford" <sra...@ae...>
> To: "Feng-Shuo" <fc...@an...>
> Cc: "Mr. Sameer Ajmani" <aj...@cs...>; "users jsdsi"
> <jsd...@li...>
> Sent: Wednesday, May 05, 2004 6:47 PM
> Subject: Re: <What's the correct way to send over Proof?>
>
>
>> Hi,
>>
>> Not entirely sure I follow what you mean, but do you mean that when
>> you read a file (called 'file-from-client.txt' for example)
>> containing:
>>
>> (proof
>> (cert
>> (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
>> (subject (public-key (rsa (e #03#) (n SCS_F)))))
>> (sequence
>> (cert
>> (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
>> (subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
>> (signature
>> (hash md5 HASH-VALUE)
>> (public-key (rsa (e #03#) (n MATT)))
>> (rsa-pkcs1-md5 SIGNATURE-VALUE))
>> ... [3 cert/signature pairs not included for brevity] ...
>> (cert
>> (issuer (name (public-key (rsa (e #03#) (n SCS))) scs_faculty))
>> (subject (public-key (rsa (e #03#) (n SCS_F)))))
>> (signature
>> (hash md5 HASH-VALUE)
>> (public-key (rsa (e #03#) (n SCS)))
>> (rsa-pkcs1-md5 SIGNATURE-VALUE))))
>>
>>
>> using something like:
>>
>> FileInputStream fis = new FileInputStream("file-from-client.txt");
>> jsdsi.sexp.ObjInputStream ois = new
>> jsdsi.sexp.ObjInputStream(fis);
>> jsdsi.Proof proof = (jsdsi.Proof) ois.readObj();
>>
>> you get the Proof:
>>
>> (proof
>> (cert
>> (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
>> (subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
>> (sequence
>> (cert
>> (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
>> (subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
>> (signature
>> (hash md5 HASH-VALUE)
>> (public-key (rsa (e #03#) (n MATT)))
>> (rsa-pkcs1-md5 SIGNATURE-VALUE))))
>>
>> ?
>>
>>
>>
>> On Wed, 2004-05-05 at 22:54, Feng-Shuo wrote:
>> > Other questions about proof transmission:
>> > 1. If my client side supplies a proof that actually composes of 5
>> proofs sequence certificates with 1 proof result cert in following
>> fashion:
>> > However, by using above method, I can only receive one proof
>> which
> is
>> > the very first one and the result proof cert is changed too!
>> > So my questions are how to maintain result proof cert intact and
>> how
> to
>> > compose serveral proofs into one proof
>> > (I tried the way that client ship proof.getCertificates one by
>> one
> then
>> > server build proofs by certificates then I use proof.compose to
> concatenate
>> > those 5 proof certificates but error is thrown when compose! and i
>> don't think the result cert will retain in such way neither)
>> >
>> > 2. When run the CertPathValidator, which cert and certstore I
>> should
> feed
>> > in CertPathParameters? (Is cert = AclEntry which requestd proofs? Is
>> certstore = client/server certstore? )
>> >
>> > Client:
>> > (proof
>> >
>> > Result cert ==>
>> > (cert
>> > (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
>> (subject (public-key (rsa (e #03#) (n SCS_F)))))
>> >
>> > 5 Proof sequence ==>
>> > (sequence
>> > (cert
>> > (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
>> (subject (name (public-key (rsa (e #03#) (n NORMAN)))
>> advisee)))
>> > (signature
>> > (hash md5 HASH-VALUE)
>> > (public-key (rsa (e #03#) (n MATT)))
>> > (rsa-pkcs1-md5 SIGNATURE-VALUE))
>> > ....
>> > (cert
>> > (issuer (name (public-key (rsa (e #03#) (n SCS)))
>> scs_faculty)) (subject (public-key (rsa (e #03#) (n SCS_F)))))
>> > (signature
>> > (hash md5 HASH-VALUE)
>> > (public-key (rsa (e #03#) (n SCS)))
>> > (rsa-pkcs1-md5 SIGNATURE-VALUE))))
>> >
>> > Server:
>> > (proof
>> > (cert
>> > (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
>> (subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
>> > (sequence
>> > (cert
>> > (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
>> (subject (name (public-key (rsa (e #03#) (n NORMAN)))
>> advisee)))
>> > (signature
>> > (hash md5 HASH-VALUE)
>> > (public-key (rsa (e #03#) (n MATT)))
>> > (rsa-pkcs1-md5 SIGNATURE-VALUE))))
>> >
>> >
>> >
>> > ----- Original Message -----
>> > From: "Sean Radford" <sra...@ae...>
>> > To: "Mr. Sameer Ajmani" <aj...@cs...>
>> > Cc: <fc...@an...>; "users jsdsi"
>> > <jsd...@li...>
>> > Sent: Wednesday, May 05, 2004 4:57 PM
>> > Subject: Re: <What's the correct way to send over Proof?>
>> >
>> >
>> > > On Wed, 2004-05-05 at 21:49, Sameer Ajmani wrote:
>> > > > Good idea. The site should also include a HOWTO for several
>> common
>
>> > tasks:
>> > > > creating keys, certificates, signatures, proofs, writing and
>> reading
>> > these
>> > > > from a file or the network, etc.
>> > > >
>> > > Another good idea... I'll try to make a start on that this w/e
>> (the HOWTO) - if the Proof stuff isn't done by then I'll try for
>> that
> too....
>> > >
>> > >
>> > > Sean
>> > >
>> > > > Sameer
>> > > >
>> > > > > On Wed, 2004-05-05 at 12:16, Sameer Ajmani wrote:
>> > > > >> You can transfer a Proof as a Sequence (using
>> proof.getSequence).
>> > But
>> > > > >> we should probably add support for transferring it just as a
> Proof.
>> > > > >> The reason I didn't in the firts place is because Proof isn't
>> > actually
>> > > > >> an official SPKI/SDSI datatype---it's specific to JSDSI.
>> > > > >>
>> > > > >
>> > > > > I'd vote for making Proof SExpression'able (and consequently
> implement
>> > > > > java.io.Serializable). Just seems sensible and thinking about
> it... I
>> > > > > hit the same problem (but never got round to raising the
>> issue)
> about
>> > a
>> > > > > year ago!
>> > > > >
>> > > > > Guess we should be adding things like this to the 'Future
>> Work'
>> > section
>> > > > > of the site (so we don't forget them) - until we get an issue
> tracking
>> > > > > application going...
>> > > > >
>> > > > > Regards,
>> > > > >
>> > > > > Sean
>> > > > >
>> > > > >> Sameer
>> > > > >>
>> > > > >> > Dear Sameer, Sean, and jsdsi experts,
>> > > > >> >
>> > > > >> > Orignial NameCert or AuthCert which are be embedded in
> Certifcate
>> > > > >> can be sent and receive well by using CertificateFactory
>> Engine
> But
>> > > > >> now, after the client generates proof from certificate
>> discovery, how should I send this over correctly? Currently,
>> I try to use jsdsi.ObjOutputStream and jsdsi.ObjInputStream:
>> Client:
>> > > > >> > FileOutputStream pd_file_out = new
>> > > > >> > FileOutputStream("server_agent_queue.txt", true);
>> > > > >> > jsdsi.sexp.ObjOutputStream pd_oos = new
>> > > > >> > jsdsi.sexp.ObjOutputStream(pd_file_out);
>> > > > >> > pd_oos.writeCanonical(proof);
>> > > > >> > pd_file_out.close();
>> > > > >> >
>> > > > >> > Server:
>> > > > >> > FileInputStream file_in = new
>> > > > >> > FileInputStream("server_agent_queue.txt");
>> > jsdsi.sexp.ObjInputStream
>> > > > >> ois = new jsdsi.sexp.ObjInputStream(fis); while (true) {
>> > > > >> > if (ois.available() > 0) {
>> > > > >> > ===> jsdsi.Proof pf = (jsdsi.Proof)
>> ois.readObj();
>> > > > >> > break;
>> > > > >> > }
>> > > > >> > }
>> > > > >> >
>> > > > >> > But it occures following error on ===> line:
>> > > > >> > jsdsi.sexp.SexpParseException: unrecognized object type:
>> proof
>> > > > >> >
>> > > > >> > Any idea, please? and Thanks for answer in advanced!
>> > > > >> >
>> > > > >> > Sincerely,
>> > > > >> >
>> > > > >> > Matt
>> > > > >>
>> > > > >>
>> > > > >> http://ajmani.net
>> > > > >>
>> > > > > --
>> > > > > Dr. Sean Radford, MBBS, MSc
>> > > > > sra...@ae...
>> > > > > http://www.aegeus-technology.com
>> > > >
>> > > >
>> > > > http://ajmani.net
>> > > >
>> > > --
>> > > Dr. Sean Radford, MBBS, MSc
>> > > sra...@ae...
>> > > http://www.aegeus-technology.com
>> > >
>> > >
>> > >
>> --
>> Dr. Sean Radford, MBBS, MSc
>> sra...@ae...
>> http://www.aegeus-technology.com
http://ajmani.net
|
