I have tried that and it fails also ----------------- Sent from my BlackBerry Handheld.
----- Original Message ----- From: "Andrew Hodgkinson" [ahodgkinson@xxxxxxxxxx] Sent: 04/23/2008 10:11 AM CST To: "Valery Kokhan" <vkokhan@xxxxxxxxxxxxxx>; <higgins-dev-bounces@xxxxxxxxxxx> Cc: "Higgins \(Trust Framework\) Project developer discussions" <higgins-dev@xxxxxxxxxxx> Subject: Re: Re[2]: [higgins-dev] Wrong PPID generation
Mike,
If it helps, you can take a look at the f_buildPeerCertificateList() routine in higgins/app/org.eclipse.higgins.cbselector/ftk/src/ftkopenssl_net.cpp for the code that the client-based selector uses to "normalize" the certificate chain.
Thanks,
Andy
>>> Michael McIntosh <mikemci@xxxxxxxxxx> 04/23/08 8:53 AM >>> I discussed this problem in the recent Higgins developer call.
The problem is not that we use different algorithms to generate the PPID, its that we use different methods to get the cert chain...
The Cert Chain that the Java code in our RCP Selector builds (from SSL Server) looks like:
Certificate 0 : Subject: CN=wag.bandit-project.org, OU=Domain Control Validated, O=wag.bandit-project.org modulus: 1396778137946571915903729684063700203338312... Validity: [From: Mon Nov 19 12:31:01 EST 2007, To: Thu Nov 19 12:31:01 EST 2009] Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US SerialNumber: [ 41bf25]
Certificate 1 : Subject: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US modulus: 247653085524383982275769779297975807673397762829022... Validity: [From: Wed Nov 15 20:54:37 EST 2006, To: Sun Nov 15 20:54:37 EST 2026] Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US SerialNumber: [ 0301]
Certificate 2 : Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US modulus: 28102739193587910144578747474926408217849460363800059769223951... Validity: [From: Tue Jun 29 13:06:20 EDT 2004, To: Sat Jun 29 13:06:20 EDT 2024]. Issuer: EMAILADDRESS=info@xxxxxxxxxxxx, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network SerialNumber: [ 010d]
Certificate 3 : Subject: EMAILADDRESS=info@xxxxxxxxxxxx, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network modulus: 14481843634109676198581120273749420671339167759522913399591996590... Validity: [From: Fri Jun 25 20:19:54 EDT 1999, To: Tue Jun 25 20:19:54 EDT 2019] Issuer: EMAILADDRESS=info@xxxxxxxxxxxx, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network SerialNumber: [ 01]
The Cert Chain that the C++ code our IE HBX builds (from the IE Cert Store) looks like:
Certificate 0 : Subject: CN=wag.bandit-project.org, OU=Domain Control Validated, O=wag.bandit-project.org modulus: 13967781379465719159037296840637002033383122482451999325474027484547841230706963... Validity: [From: Mon Nov 19 12:31:01 EST 2007, To: Thu Nov 19 12:31:01 EST 2009] Issuer: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US SerialNumber: [ 41bf25]
Certificate 1 : Subject: SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US modulus: 24765308552438398227576977929797580767339776282902239170741272577289900957792121949411152... Validity: [From: Wed Nov 15 20:54:37 EST 2006, To: Sun Nov 15 20:54:37 EST 2026] Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US SerialNumber: [ 0301]
Certificate 2 : Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US modulus: 28102739193587910144578747474926408217849460363800059769223951... Validity: [From: Tue Jun 29 13:06:20 EDT 2004, To: Thu Jun 29 13:06:20 EDT 2034]. Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US SerialNumber: [ 00]
We are working on a solution for this.
Regards, Mike
higgins-dev-bounces@xxxxxxxxxxx wrote on 04/23/2008 10:22:59 AM:
> The problem we have now is that at the same conditions PPIDs generated > by CardSpace and by Higgins are different. > > Valery > > Wednesday, April 23, 2008, 5:03:59 PM, you wrote: > > > In general the PPID algorithm is broken it not Higgins Try a > > scenario with a SSL router in front of the RP. So there many > scenarios that break PPID > > > ----------------- > > Sent from my BlackBerry Handheld. > > > > ----- Original Message ----- > > From: Peter Kimlach [pkimlach@xxxxxxxxxxxxxx] > > Sent: 04/23/2008 04:50 PM ZE3 > > To: Higgins dev <higgins-dev@xxxxxxxxxxx> > > Subject: [higgins-dev] Wrong PPID generation > > > > > Mike, > > I find that managed cards that were imported from windows cardspace to > > Higgins can not find required personal card by PPID. This happens for > > cards imported from Higgins to windows cardspace too. Do you have any > > ideas what is wrong with ppid generation algorithm? > > Peter > > _______________________________________________ > > higgins-dev mailing list > > higgins-dev@xxxxxxxxxxx > > https://dev.eclipse.org/mailman/listinfo/higgins-dev > > _______________________________________________ > > higgins-dev mailing list > > higgins-dev@xxxxxxxxxxx > > https://dev.eclipse.org/mailman/listinfo/higgins-dev > > _______________________________________________ > higgins-dev mailing list > higgins-dev@xxxxxxxxxxx > https://dev.eclipse.org/mailman/listinfo/higgins-dev
_______________________________________________ higgins-dev mailing list higgins-dev@xxxxxxxxxxx https://dev.eclipse.org/mailman/listinfo/higgins-dev
|