[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: Re[2]: [higgins-dev] Wrong PPID generation

Mike,


If it helps, you can take a look at the f_buildPeerCertificateList() routine in higgins/app/org.eclipse.higgins.cbselector/ftk/src/ftkopenssl_net.cpp for the code that the client-based selector uses to "normalize" the certificate chain.


Thanks,


Andy

>>> Michael McIntosh <mikemci@xxxxxxxxxx> 04/23/08 8:53 AM >>>
I discussed this problem in the recent Higgins developer call.

The problem is not that we use different algorithms to generate the PPID,
its that we use different methods to get the cert chain...

The Cert Chain that the Java code in our RCP Selector builds (from SSL
Server) looks like:

Certificate 0 :
  Subject: CN=wag.bandit-project.org, OU=Domain Control Validated,
O=wag.bandit-project.org
  modulus: 1396778137946571915903729684063700203338312...
  Validity: [From: Mon Nov 19 12:31:01 EST 2007, To: Thu Nov 19 12:31:01
EST 2009]
  Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification
Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com,
Inc.", L=Scottsdale, ST=Arizona, C=US
  SerialNumber: [    41bf25]

Certificate 1 :
  Subject: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification
Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com,
Inc.", L=Scottsdale, ST=Arizona, C=US
  modulus: 247653085524383982275769779297975807673397762829022...
  Validity: [From: Wed Nov 15 20:54:37 EST 2006, To: Sun Nov 15 20:54:37
EST 2026]
  Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy
Group, Inc.", C=US
  SerialNumber: [    0301]

Certificate 2 :
  Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy
Group, Inc.", C=US
  modulus:
28102739193587910144578747474926408217849460363800059769223951...
  Validity: [From: Tue Jun 29 13:06:20 EDT 2004, To: Sat Jun 29 13:06:20
EDT 2024].
  Issuer: EMAILADDRESS=info@xxxxxxxxxxxx, CN=http://www.valicert.com/,
OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.",
L=ValiCert Validation Network
  SerialNumber: [    010d]

Certificate 3 :
  Subject: EMAILADDRESS=info@xxxxxxxxxxxx, CN=http://www.valicert.com/,
OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.",
L=ValiCert Validation Network
  modulus:
14481843634109676198581120273749420671339167759522913399591996590...
  Validity: [From: Fri Jun 25 20:19:54 EDT 1999, To: Tue Jun 25 20:19:54
EDT 2019]
  Issuer: EMAILADDRESS=info@xxxxxxxxxxxx, CN=http://www.valicert.com/,
OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.",
L=ValiCert Validation Network
  SerialNumber: [    01]

The Cert Chain that the C++ code our IE HBX builds (from the IE Cert Store)
looks like:

Certificate 0 :
  Subject: CN=wag.bandit-project.org, OU=Domain Control Validated,
O=wag.bandit-project.org
  modulus:
13967781379465719159037296840637002033383122482451999325474027484547841230706963...
  Validity: [From: Mon Nov 19 12:31:01 EST 2007, To: Thu Nov 19 12:31:01
EST 2009]
  Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification
Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com,
Inc.", L=Scottsdale, ST=Arizona, C=US
  SerialNumber: [    41bf25]

Certificate 1 :
  Subject: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification
Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com,
Inc.", L=Scottsdale, ST=Arizona, C=US
  modulus:
24765308552438398227576977929797580767339776282902239170741272577289900957792121949411152...
  Validity: [From: Wed Nov 15 20:54:37 EST 2006, To: Sun Nov 15 20:54:37
EST 2026]
  Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy
Group, Inc.", C=US
  SerialNumber: [    0301]

Certificate 2 :
  Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy
Group, Inc.", C=US
  modulus:
28102739193587910144578747474926408217849460363800059769223951...
  Validity: [From: Tue Jun 29 13:06:20 EDT 2004, To: Thu Jun 29 13:06:20
EDT 2034].
  Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy
Group, Inc.", C=US
  SerialNumber: [    00]

We are working on a solution for this.

Regards,
Mike

higgins-dev-bounces@xxxxxxxxxxx wrote on 04/23/2008 10:22:59 AM:

> The problem we have now is that at the same conditions PPIDs generated
> by CardSpace and by Higgins are different.
>
> Valery
>
> Wednesday, April 23, 2008, 5:03:59 PM, you wrote:
>
> > In general the PPID algorithm is broken it not Higgins  Try a
> > scenario with a SSL router in front of the RP. So there many
> scenarios that break PPID
>
> > -----------------
> > Sent from my BlackBerry Handheld.
>
>
> > ----- Original Message -----
> > From: Peter Kimlach [pkimlach@xxxxxxxxxxxxxx]
> > Sent: 04/23/2008 04:50 PM ZE3
> > To: Higgins dev <higgins-dev@xxxxxxxxxxx>
> > Subject: [higgins-dev] Wrong PPID generation
>
>
>
> > Mike,
> > I find that managed cards that were imported from windows cardspace to
> > Higgins can not find required personal card by PPID. This happens for
> > cards imported from Higgins to windows cardspace too. Do you have any
> > ideas what is wrong with ppid generation algorithm?
> > Peter
> > _______________________________________________
> > higgins-dev mailing list
> > higgins-dev@xxxxxxxxxxx
> > https://dev.eclipse.org/mailman/listinfo/higgins-dev
> > _______________________________________________
> > higgins-dev mailing list
> > higgins-dev@xxxxxxxxxxx
> > https://dev.eclipse.org/mailman/listinfo/higgins-dev
>
> _______________________________________________
> higgins-dev mailing list
> higgins-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/higgins-dev

_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev