Previous Contents DocHome Index Next |
iPlanet Web Server: Plug-in for Trustbase services 1.0 Installation, Configuration and Developer's Guide |
Chapter 4 Developing your own applications
Component Overview
There are number of components shipped with iWSPTS:
Figure 4-1    Component Overview
We now list the components within the Plug-in
The cookie authorisation module passes from the results of a certificate status check to the browser in order to avoid having to repeat the same certificate status check twice.
These Authorisation Components cannot change. However there are options to develop your applications using the DSMS API. Examples of how this might be used are now illustratedThe Access Control API controls what data gets passed from one part of the system to another. CSCConfigAdapter and getProperty.
The Identrus DSMS protocol allows the status check to take place
The Source code is listed at the end of this chapter and can be found in the examples directory for iWSPTS. We now discuss how to deploy your own examples. You should also consult your JavaDocs and the API Guide that accompanies this manual.
Certificate Verification
You need to study the API interface package CSCConfigAdapter that utilises the method getProperty. DSMS behaviour can be modified by considering the following properties defined in the class:com.iplanet.trustbase.initiator.PropertyCodes
Figure 4-2    DSMS Verification Options
Main Steps
The main steps to perform your own certificate Status Check are now listed:
Initialise the Cryptographic System
Initialise the CSCEngine with the Chosen ConfigAdapter
Once these steps have been done a CSC check may be performed using _cscEngine.getStatus
The check maybe controlled by settin g the appropriate Verification Constants mentioned in the previous section
Running the DSMS Examples.
Each of the examples can be run using the CLASSPATH that is set using the provided cp.sh script.
Example 1 DSMS Verification
This example is an extremely simple example showing the basic steps required to make the DSMS perform a certificate status check. It leaves all the configuration at the default values except for a few essential values such as the name of the certificate to sign the outgoing identrus message. To help with making it simple it can only check the status of certificates that have keys in the database, ie those certificates that the webserver describes as `own' - not the trusted certificate authorities. It takes five command line parameters which are :
Keystore password - the password of the database you created when you installed the webserver plugin.
The example should output something like this.Signing Certificate name - The nick name of the certificate you want to use to sign the identrus message
SSL Signing Certificate name - the nick name of the certificate you want to use in SSL Client transactions.
The Trust Anchor - usually the identrus root.
Check Certificate name - The nick name of the certificate you wish to use to check the status of.
In PKCS11SecureRandom constructor
In PKCS11SecureRandom constructor
Checking verification chain with leaf [ CN=Identrus Root Certification Authority,OU=Identrus Root Certification Authority,O=Identrus LLC ]
Checking verification chain with leaf [ CN=Identrus Root Certification Authority,OU=Identrus Root Certification Authority,O=Identrus LLC ]
DSMS result from validity check [ true ]
Example 2 Config Adapter Modification
This is a slightly more complex example. It illustrates how you can manipulate the behaviour of the DSMS by creating a new ConfigAdapter. In its extreme case this ability could be used to enable the DSMS to utilise a different kind of certificate store. However in this case the new ConfigAdapter simply returns an EngineLogger object when it is asked to provide one. This EngineLogger is then used to report the DSMS's progress through the transaction. It takes the same five command line parameters that the DSMSDemo from example 1 does. The example should output something like this.Engine Logger Message [ CSCEngine initialised ]
Engine Logger Message [ Performing a getStatus with preferred.oid [ 1.2.840.114021.4.1 ] preferredVersion [ 0 ] acquireProof is [ false ] generate nonce is [ false ] ]
Engine Logger Message [ ProtocolAdapterFactory : getInstance of [ 1.2.840.114021.4.1 ] with version [ 0 ] ]
Engine Logger Message [ GenericProtocolAdapter : Getting location for Protocol [ 1.2.840.114021.4.1 ] ]
Engine Logger Message [ IdentrusProtocolAdapter : Beginning transaction with [ https://nescafe.jcp.co.uk:1234/TC ] ]
Engine Logger Message [ GenericProtocolAdapter : Getting message factory with classname [ com.iplanet.trustbase.initiator.scheme.dsms.identrus.message.Identr usv2MessageFactory] ]
Engine Logger Message [ GenericProtocolAdapter : Getting Transport adapter with classname [ com.iplanet.trustbase.initiator.transport.XURLTransportAdapter] ]
Engine Logger Message [ Identrusv2MessageFactory : Building identrus message ]
In PKCS11SecureRandom constructor
Engine Logger Message [ Identrusv2MessageFactory : Created transaction id and constructed OCSP [ QTE3NDhBRkRFMkVFQjVBODU1QUMzOEMwOEIxNkQ4QTZGMDdEMDRFNQ== ] ]
In PKCS11SecureRandom constructor
Engine Logger Message [ Identrusv2MessageFactory : Completed construction of message ]
Engine Logger Message [ XURLTransportAdapter: sending to location [ https://nescafe.jcp.co.uk:1234/TC ] ]
Engine Logger Message [ Identrusv2MessageFactory : Beginning parse of message ]
Checking verification chain with leaf [ CN=Identrus Root Certification Authority,OU=Identrus Root Certification Authority,O=Identrus LLC ]
Checking verification chain with leaf [ CN=Identrus Root Certification Authority,OU=Identrus Root Certification Authority,O=Identrus LLC ]
Engine Logger Message [ Identrusv2MessageFactory : Completed parse of message ]
Engine Logger Message [ IdentrusProtocolAdapter : Completed transaction with [ https://nescafe.jcp.co.uk:1234/TC ] ]
Engine Logger Message [ DataConverterFactory : getConverter of [ identrus ] ]
Engine Logger Message [ Performing a validateStatus with preferred.oid [ 1.2.840.114021.4.1 ] preferred.version [ 0 ] acquireProof is [ false ] ]
Engine Logger Message [ ProtocolAdapterFactory : getInstance of [ 1.2.840.114021.4.1 ] with version [ 0 ] ]
Engine Logger Message [ IdentrusProtocolAdapter : Beginning status validation ]
Engine Logger Message [ IdentrusProtocolAdapter : Completed status validation status approved ]
DSMS result from validity check [ true ]
Example 3 Transport Adapter Modification
This again is a slightly more complex example. It illustrates how you can manipulate the behaviour of the DSMS by providing a different Transport Adapter. In its extreme case this ability could be used to allow the DSMS to perform certificate status checks over completely different transports to the ones it supports out of the box. However in this example the new Transport Adapter just used the EngineLogger to log the data that is being sent and received. This Transport Adapter will only work over HTTP. It takes the same five command line parameters that the DSMSDemo from example 2 does with the addition of a sixth parameter that specifies the http location of the TC to perform the checks. The example should output something like this :Engine Logger Message [ CSCEngine initialised ]
Engine Logger Message [ Performing a getStatus with preferred.oid [ 1.2.840.114021.4.1 ] preferredVersion [ 0 ] acquireProof is [ false ] generate nonce is [ false ] ]
Engine Logger Message [ ProtocolAdapterFactory : getInstance of [ 1.2.840.114021.4.1 ] with version [ 0 ] ]
Engine Logger Message [ GenericProtocolAdapter : Getting location for Protocol [ 1.2.840.114021.4.1 ] ]
Engine Logger Message [ IdentrusProtocolAdapter : Beginning transaction with [ http://nescafe.uk.sun.com/NASApp/NASAdapter/TbaseNASAdapter ] ]
Engine Logger Message [ GenericProtocolAdapter : Getting message factory with classname [ com.iplanet.trustbase.initiator.scheme.dsms.identrus.message.Identr usv2MessageFactory] ]
Engine Logger Message [ GenericProtocolAdapter : Getting Transport adapter with classname [ com.example.example3.ExampleTransportAdapter] ]
Engine Logger Message [ Identrusv2MessageFactory : Building identrus message ]
In PKCS11SecureRandom constructor
Engine Logger Message [ Identrusv2MessageFactory : Created transaction id and constructed OCSP [ RUIwNUUxQzZDMUI5NjhFQTFCNkI3MkIyNUFDNTA2RTRDREM2QzA5Rg== ] ]
In PKCS11SecureRandom constructor
Engine Logger Message [ Identrusv2MessageFactory : Completed construction of message ]
Engine Logger Message [ outgoing HTTP Data [ <!DOCTYPE CSCRequest PUBLIC "-//IDENTRUS//CERTIFICATE STATUS CHECK DTD//EN" "http://www.identrus.com/TC/2.0/CertificateStatusCheck.dtd"> <CSCRequest><NIB id="NIB_340ED3D166D00325EFCE5CAAD31C9EF9254B8656_1" version="2.0"><ContextInfo msggrpid="11F410055BD68EC8B4F1CC53F708764EC31D427D" msgid="RUIwNUUxQzZDMUI5NjhFQTFCNkI3MkIyNUFDNTA2RTRDREM2QzA5Rg=="></ ContextInfo><StartTime><LocalTime id="LocalTime_340ED3D166D00325EFCE5CAAD31C9EF9254B8656_1" time="20010921164029Z"/></StartTime><MsgTime><LocalTime id="LocalTime_340ED3D166D00325EFCE5CAAD31C9EF9254B8656_2" time="20010921164029Z"/></MsgTime></NIB><Signature xmlns="http://www.w3.org/2000/02/xmldsig#"><SignedInfo><Canonicaliz ationMethod Algorithm="http://search.ietf.org/internet-drafts/draft-ietf-trade- hiroshi-dom-hash-03.txt"></CanonicalizationMethod><SignatureMethod Algorithm="http://www.w3.org/2000/02/xmldsig#rsa-sha1"></SignatureM ethod><Reference URI="#NIB_340ED3D166D00325EFCE5CAAD31C9EF9254B8656_1"><Transforms>< Transform Algorithm="http://search.ietf.org/internet-drafts/draft-ietf-trade- hiroshi-dom-hash-03.txt"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/02/xmldsig#sha1"></DigestMethod>< DigestValue>pa5Gpq6WHuykS+/nPYKxJSfnPqM=</DigestValue></Reference>< Reference URI="#Request_340ED3D166D00325EFCE5CAAD31C9EF9254B8656_1"><Transfor ms><Transform Algorithm="http://search.ietf.org/internet-drafts/draft-ietf-trade- hiroshi-dom-hash-03.txt"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/02/xmldsig#sha1"></DigestMethod>< DigestValue>86TQw4GMkpMzrETaAIIGC/0jOXY=</DigestValue></Reference>< /SignedInfo><SignatureValue>Zm7E5pZ0eCmssbq0ZN0L6sjHKm04RV0WwFSDadM YLA4rBL1nFVMAg4JhTB7F2rLJ
It80HBGblXbUO+4sCUeqdi731+bmmMyWRxUoYjc+zDGfFZ0X/BfLFE31cNBzvYe+
IN8u+RRSvvuIR2qGfRUVzaP3LBYU9v2iW9MN8lwtxfo=</SignatureValue><KeyIn fo><X509Data><X509IssuerSerial><X509IssuerName>C=GB,O=Identrus LLC,OU=Development,CN=Nescafe CA Cert</X509IssuerName><X509SerialNumber>8294</X509SerialNumber></X50 9IssuerSerial></X509Data></KeyInfo></Signature><CertBundle><X509Dat a><X509IssuerSerial><X509IssuerName>C=GB,O=Identrus LLC,OU=Development,CN=Nescafe CA Cert</X509IssuerName><X509SerialNumber>8294</X509SerialNumber></X50 9IssuerSerial><X509Certificate>MIIDljCCAn6gAwIBAgICIGYwDQYJKoZIhvcN AQEEBQAwVDELMAkGA1UEBhMCR0Ix
FTATBgNVBAoTDElkZW50cnVzIExMQzEUMBIGA1UECxMLRGV2ZWxvcG1lbnQxGDAW
BgNVBAMTD05lc2NhZmUgQ0EgQ2VydDAeFw0wMTA4MjAwOTU1NTNaFw0wMjAxMTUx
NTQyNDdaMGAxCzAJBgNVBAYTAlVLMRAwDgYDVQQKEwdJcGxhbmV0MRIwEAYDVQQL
EwlUcnVzdGJhc2UxKzApBgNVBAMTIlJhZ25hcm9rLnVrLnN1bi5jb20gdjYgU2Vy
dmVyIENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOdvJbuKFyIq2QzE
yz5EfCC1S5im5GBFC4BdfHzckH5E34jbJjX/BMEKCjMjA6Q2OqUpeZqnHxXYjwVN
jq7OOCZHzhKIFnhY8RLnk1b7PZ99BRNfVPYg5AI2KoHD1Ni1B55cJ1ALzthYnCaY
0xla0V5kQ7a9sCGNGWVeDvdGu3t1AgMBAAGjgekwgeYwEQYJYIZIAYb4QgEBBAQD
AgXgMB0GA1UdDgQWBBSvXtrTQ9nhIcEw7HEiA7fCydmWajAfBgNVHSMEGDAWgBQN
C3QrQbClHv/qzvZ9v7URsWgjQjAOBgNVHQ8BAf8EBAMCBPAwFgYDVR0RBA8wDYEL
ZXpyYUBnaGVsbG8waQYIKwYBBQUHAQEEXTBbMCoGCCsGAQUFBzABhh5odHRwOi8v
bmVzY2FmZS5qY3AuY28udWs6MjM4OS8wLQYIKoZIhvplBAGGIWh0dHBzOi8vbmVz
Y2FmZS5qY3AuY28udWs6MTIzNC9UQzANBgkqhkiG9w0BAQQFAAOCAQEAdE6duzdw
Rfs0U2n9PGyEVbypJFxPsGmSjAK/9YSQHzaURYfHrR966NExxeTXjLClTrYpd+r8
ygqHNTzduIGEvkoCpfvxLtY9ilhDKsReJsE1NQlrnjCFjheR7AXzZVRix50ixl6E
LUXbfLiASucxtqLYGSQgMIquS8ZEaos+uJOlP9oaFbMGihoVwxBMnPEoDU7iM+PZ
pTobl0nMn6QD/hSIVrG3T50VH9A2jT8+6huCeYziJqP73YtTRvEmmX97L5gTbZUr
ddUdFsKWaVH9BmDKgNE1m/r1TpjuNg+Syg8jBK48nqrSZ64DU2Zr19t09F2RNIzO
3Z3ydZTXFNpZrw==</X509Certificate></X509Data><X509Data><X509IssuerS erial><X509IssuerName>O=Identrus LLC,OU=Identrus Root Certification Authority,CN=Identrus Root Certification Authority</X509IssuerName><X509SerialNumber>4101</X509SerialNumber> </X509IssuerSerial><X509Certificate>MIIEJjCCAw6gAwIBAgICEAUwDQYJKoZ IhvcNAQEEBQAwdzEVMBMGA1UEChMMSWRl
bnRydXMgTExDMS4wLAYDVQQLEyVJZGVudHJ1cyBSb290IENlcnRpZmljYXRpb24g
QXV0aG9yaXR5MS4wLAYDVQQDEyVJZGVudHJ1cyBSb290IENlcnRpZmljYXRpb24g
QXV0aG9yaXR5MB4XDTAxMDExNTE1NDI0N1oXDTAyMDExNTE1NDI0N1owVDELMAkG
A1UEBhMCR0IxFTATBgNVBAoTDElkZW50cnVzIExMQzEUMBIGA1UECxMLRGV2ZWxv
cG1lbnQxGDAWBgNVBAMTD05lc2NhZmUgQ0EgQ2VydDCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBANV02B1G3Xk2yhpINqGr5tiCqAA0c+NaNq5PWRj/rSZ+
OcnXy1OpZL0tcGSFvOfQT5XE+PW79xSAidk8ye/okp8pUNOys9uVp0R1O5dkB198
HR0AKb6YQIcowi8mmUITGsBnN6mwZsIbq1zXCWZ8riPCMnJciwya5C2sWYUWRj5C
KYpr6bpJFKKPPG2jxiht2zG+eDQiAEHdcrquWQ4Shu07wqa0JzbHWv9gGRNoK6VF
1IzCD5P+E/MIxMDaCNLgex4LZQBNG1+xhpnFLJ3pLY3eLjECwjbq+HzzGHp1ylyF
rh9C0JXminVxxlMbgRJ+Fxd48cZJpIcpr0tZExaCyUECAwEAAaOB3jCB2zARBglg
hkgBhvhCAQEEBAMCAAcwHQYDVR0OBBYEFA0LdCtBsKUe/+rO9n2/tRGxaCNCMB8G
A1UdIwQYMBaAFH5yUfrWfaLG383YvkYU2E8UWLKmMA8GA1UdEwEB/wQFMAMBAf8w
DgYDVR0PAQH/BAQDAgHGMGUGCCsGAQUFBwEBBFkwVzAoBggrBgEFBQcwAYYcaHR0
cDovL2tlbmNvLmpjcC5jby51azoyMzg5LzArBggqhkiG+mUEAYYfaHR0cHM6Ly9r
ZW5jby5qY3AuY28udWs6MTIzNC9UQzANBgkqhkiG9w0BAQQFAAOCAQEAQ38IiCcp
VkvdiIe7Jc3rQtq/Nd3VHnwn9w2XIkofT63Lg6EXbpIOyoJ2P/9Sav5iPOqY0vKk
FlLTvxBJUyDQ8PmKWzZrVW1URUazKAOgjVMS/sTedSL8KZf8+u9UpbkBKNTkIFAs
jup9NRac+ad6vQ6Yhv0Xt/zP4OvU2P9ax5eqvYozvHKWZLJ2moppKHAEH5S39sWD
bsYmqngPxmTozyCf7BZfRcmJi+zD49x8YyvM1IU1fIjsbfyXGpjRsbN16h9ifZyP
doSwG+HkY88UegP6FvmaMYrf7xgbp9AiDviuPLOuhk2p54nULTjCVRN153H/1aD5
rcLtw3O2WLSazA==</X509Certificate></X509Data><X509Data><X509IssuerS erial><X509IssuerName>O=Identrus LLC,OU=Identrus Root Certification Authority,CN=Identrus Root Certification Authority</X509IssuerName><X509SerialNumber>4096</X509SerialNumber> </X509IssuerSerial><X509Certificate>MIID0DCCArigAwIBAgICEAAwDQYJKoZ IhvcNAQEFBQAwdzEVMBMGA1UEChMMSWRl
bnRydXMgTExDMS4wLAYDVQQLEyVJZGVudHJ1cyBSb290IENlcnRpZmljYXRpb24g
QXV0aG9yaXR5MS4wLAYDVQQDEyVJZGVudHJ1cyBSb290IENlcnRpZmljYXRpb24g
QXV0aG9yaXR5MB4XDTAxMDEwMTAwMDAwMFoXDTEwMDExNTAwMDAwMFowdzEVMBMG
A1UEChMMSWRlbnRydXMgTExDMS4wLAYDVQQLEyVJZGVudHJ1cyBSb290IENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVJZGVudHJ1cyBSb290IENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAylTeEYsHamiJt1BFXoRVcUVRNX27nYikLo0w/Hp0Ad3kSIXM+bM24cNRpVs2
TvazA+vwiG/uFr9nj7yMTXM0gUUdZMmcumufmj49+gPOiDVHlYY6y8L+WkxrXCfp
LteFunmycMd28v9DuX/I0ZZl6y0l7VapgbjpeOCTRVDWs8t20mMgdzT5aHY7C+Xo
g6wIW+i0M+kUJXb0+Wibj5gwT3ltosS8xE0O+gD/sw7muiqwy2AfyL+86S0U7p2M
TtTFPnBX/UAvsA6xpP8Zg7txfIkTQAPnP5wjD/eYNOXaR1tDs0rEY3KVrQ28kK0Q
GVg/QaeD3LArWtq0/tVs4KrMQwIDAQABo2YwZDARBglghkgBhvhCAQEEBAMCAAcw
DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUfnJR+tZ9osbfzdi+RhTYTxRYsqYw
HwYDVR0jBBgwFoAUfnJR+tZ9osbfzdi+RhTYTxRYsqYwDQYJKoZIhvcNAQEFBQAD
ggEBACio1AsoYGDskG40Fzd/BEnLzvZSSq8CUpBYJXg4U+aqI0T3cq5N8Dx0fPqk
UvhVyoPYw6igHEmV+oGgsl7HFCTP3FSOD6kptfnUkiEhWsuoquAD1kM663ukedWY
c4pgh7lRNmJeX7JHuQVoxk6q/sePIfKX1gTXWNDIDkFJAmZYsQyY1YGH5H6g2m8e
vmrjak547lB4NeAhA0cZQI5/2084jsd5Uicatqp/1auOP8E8iZtBskHqOwH1ea60
hrqTjlcKckUzHKZugfPr8kK0tDg//xB6O9ZHlEu0mZiCzuD1ehMSwfcc9SiFYoXW
Qcpo2ejb7y9DzV0QSEm9XpCFB3s=</X509Certificate></X509Data></CertBund le><Request id="Request_340ED3D166D00325EFCE5CAAD31C9EF9254B8656_1"><RequestDat a>MIICqjCCAqagAwIBAaFkpGIwYDELMAkGA1UEBhMCVUsxEDAOBgNVBAoTB0lwbGFu
ZXQxEjAQBgNVBAsTCVRydXN0YmFzZTErMCkGA1UEAxMiUmFnbmFyb2sudWsuc3Vu
LmNvbSB2NiBTZXJ2ZXIgQ2VydDCCAjcwggEIMDkwBwYFKw4DAhoEFPo/jtp9Jijt
Zksi7LC6frCbW6YnBBQNC3QrQbClHv/qzvZ9v7URsWgjQgICIGaggcowgccwgcQG
CSsGAQUFBzABBwSBtjCBszBUMQswCQYDVQQGEwJHQjEVMBMGA1UEChMMSWRlbnRy
dXMgTExDMRQwEgYDVQQLEwtEZXZlbG9wbWVudDEYMBYGA1UEAxMPTmVzY2FmZSBD
QSBDZXJ0MFswKgYIKwYBBQUHMAGGHmh0dHA6Ly9uZXNjYWZlLmpjcC5jby51azoy
Mzg5LzAtBggqhkiG+mUEAYYhaHR0cHM6Ly9uZXNjYWZlLmpjcC5jby51azoxMjM0
L1RDMIIBJzA5MAcGBSsOAwIaBBQMln2wYrp7My2VSzTMFvuuwz4aHQQUdYx5Pcs8
rm8H3Voo4rbhlz/Rj/0CAhAFoIHpMIHmMIHjBgkrBgEFBQcwAQcEgdUwgdIwdzEV
MBMGA1UEChMMSWRlbnRydXMgTExDMS4wLAYDVQQLEyVJZGVudHJ1cyBSb290IENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVJZGVudHJ1cyBSb290IENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MFcwKAYIKwYBBQUHMAGGHGh0dHA6Ly9rZW5j
by5qY3AuY28udWs6MjM4OS8wKwYIKoZIhvplBAGGH2h0dHBzOi8va2VuY28uamNw
LmNvLnVrOjEyMzQvVEM=</RequestData></Request></CSCRequest> ] ]
Engine Logger Message [ incoming HTTP Data [ <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE CSCResponse PUBLIC "-//IDENTRUS//CERTIFICATE STATUS CHECK DTD//EN" "http://www.identrus.com/TC/2.0/CertificateStatusCheck.dtd"><CSCRes ponse><NIB id="NIB_340ED3D166D00325EFCE5CAAD31C9EF9254B8656_1" version="2.0"><ContextInfo msggrpid="11F410055BD68EC8B4F1CC53F708764EC31D427D" msgid="1001090422879"></ContextInfo><StartTime><LocalTime id="LocalTime_340ED3D166D00325EFCE5CAAD31C9EF9254B8656_1" time="20010921164029Z"/></StartTime><MsgTime><LocalTime id="LocalTime_340ED3D166D00325EFCE5CAAD31C9EF9254B8656_2" time="20010921164022Z"/></MsgTime></NIB><Signature xmlns="http://www.w3.org/2000/02/xmldsig#"><SignedInfo><Canonicaliz ationMethod Algorithm="http://search.ietf.org/internet-drafts/draft-ietf-trade- hiroshi-dom-hash-03.txt"></CanonicalizationMethod><SignatureMethod Algorithm="http://www.w3.org/2000/02/xmldsig#rsa-sha1"></SignatureM ethod><Reference URI="#NIB_340ED3D166D00325EFCE5CAAD31C9EF9254B8656_1"><Transforms>< Transform Algorithm="http://search.ietf.org/internet-drafts/draft-ietf-trade- hiroshi-dom-hash-03.txt"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/02/xmldsig#sha1"></DigestMethod>< DigestValue>KX0xNDQYebVDgCXqwvVX/NZw9eA=</DigestValue></Reference>< Reference URI="#Response_752D24F5C2992DEBB4C339ED026145BB33F71DD3_1"><Transfo rms><Transform Algorithm="http://search.ietf.org/internet-drafts/draft-ietf-trade- hiroshi-dom-hash-03.txt"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/02/xmldsig#sha1"></DigestMethod>< DigestValue>cfYf+FXmmsKmdbdnIlDazFZRua4=</DigestValue></Reference>< /SignedInfo><SignatureValue>GittXG8ydDSc0fGAhjOpg9+d0QUbbugcdrZfZQO X03hwlK1O3ImwDO3o9rzddokp9jKHEm7ujBDvIUD/hWUk8/BiTjbxOLFvPO3aiUUgCw t11Aq5f//ncWKZCx9Hk2VlLKOHr6dZ90r3Mhz/nFqGKnKCHzlvYzEJvkRaZaSDnSE=< /SignatureValue><KeyInfo><X509Data><X509IssuerSerial><X509IssuerNam e>O=Identrus LLC,OU=Identrus Root Certification Authority,CN=Identrus Root Certification Authority</X509IssuerName><X509SerialNumber>4111</X509SerialNumber> </X509IssuerSerial></X509Data></KeyInfo></Signature><CertBundle><X5 09Data><X509IssuerSerial><X509IssuerName>O=Identrus LLC,OU=Identrus Root Certification Authority,CN=Identrus Root Certification Authority</X509IssuerName><X509SerialNumber>4111</X509SerialNumber> </X509IssuerSerial><X509Certificate>MIIDqzCCApOgAwIBAgICEA8wDQYJKoZ IhvcNAQEEBQAwdzEVMBMGA1UEChMMSWRlbnRydXMgTExDMS4wLAYDVQQLEyVJZGVudH J1cyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVJZGVudHJ1c yBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTAxMDExOTEwMTMxMloXDTAy MDExOTEwMTMxMlowYTEaMBgGA1UEChMRaVBsYW5ldCBUcnVzdGJhc2UxFDASBgNVBAs TC0RldmVsb3BtZW50MSAwHgYDVQQDExdOZXNjYWZlIEVFIFNpZ25pbmcgQ2VydDELMA kGA1UEBhMCR0IwgZ4wDQYJKoZIhvcNAQEBBQADgYwAMIGIAoGAPtIp/WrdbKdKIgfk2 3w9JLt+yM2/F9sEv5oXMAIvWUB25xMuxviniE2t5TgZFk66wxmgAqlGQppENK8ygNjP A4m+mlgxEUJK1A6AibaucxoL+23X7+QuZ7b0awaAAeFvmC462+4H1nzcI/J5y3xO+N8 2kvZdJh0IjNvgoSAeNwMCAwEAAaOB2zCB2DARBglghkgBhvhCAQEEBAMCBaAwHQYDVR 0OBBYEFHWpg/ujONid6t78XHEW/WPeUGoEMB8GA1UdIwQYMBaAFH5yUfrWfaLG383Yv kYU2E8UWLKmMA4GA1UdDwEB/wQEAwIF4DAMBgNVHREEBTADgQFhMGUGCCsGAQUFBwEB BFkwVzAoBggrBgEFBQcwAYYcaHR0cDovL2tlbmNvLmpjcC5jby51azoyMzg5LzArBgg qhkiG+mUEAYYfaHR0cHM6Ly9rZW5jby5qY3AuY28udWs6MTIzNC9UQzANBgkqhkiG9w 0BAQQFAAOCAQEAWuH6QwBQDyEs83DBL16im+Eu3ot2UI/1TsXl7mi9uuBR+3/4xpI53 IEikyhB4ICMRX9HySfaP2g1JNSJJyj8LMCWZAleltm3UNPojL23iiQCDO+09Zvn+M9g mkob6wlkf1/xTMAKr/eze19zNMIvRqypzgybPQt1JIwU3KjI6SE93EzP6MqqLuFz2hO vk+Uz7qBIFvnYKmG/x8x23/t+fC7+72/Q2ifsOftH08Thz6EL/eWXad9VYHJLdEhkTY 4r3XBS3dIZHVVPsWG4gHcfbbxfFagGRrUcBqjBVjEQmRjq2t+4LRu3nln7Sj+EIKpk5 sY8e8DHwUuaNcUPmtVzEA==</X509Certificate></X509Data><X509Data><X509 IssuerSerial><X509IssuerName>O=Identrus LLC,OU=Identrus Root Certification Authority,CN=Identrus Root Certification Authority</X509IssuerName><X509SerialNumber>4096</X509SerialNumber> </X509IssuerSerial><X509Certificate>MIID0DCCArigAwIBAgICEAAwDQYJKoZ IhvcNAQEFBQAwdzEVMBMGA1UEChMMSWRlbnRydXMgTExDMS4wLAYDVQQLEyVJZGVudH J1cyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVJZGVudHJ1c yBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTAxMDEwMTAwMDAwMFoXDTEw MDExNTAwMDAwMFowdzEVMBMGA1UEChMMSWRlbnRydXMgTExDMS4wLAYDVQQLEyVJZGV udHJ1cyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVJZGVudH J1cyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFA AOCAQ8AMIIBCgKCAQEAylTeEYsHamiJt1BFXoRVcUVRNX27nYikLo0w/Hp0Ad3kSIXM +bM24cNRpVs2TvazA+vwiG/uFr9nj7yMTXM0gUUdZMmcumufmj49+gPOiDVHlYY6y8L +WkxrXCfpLteFunmycMd28v9DuX/I0ZZl6y0l7VapgbjpeOCTRVDWs8t20mMgdzT5aH Y7C+Xog6wIW+i0M+kUJXb0+Wibj5gwT3ltosS8xE0O+gD/sw7muiqwy2AfyL+86S0U7 p2MTtTFPnBX/UAvsA6xpP8Zg7txfIkTQAPnP5wjD/eYNOXaR1tDs0rEY3KVrQ28kK0Q GVg/QaeD3LArWtq0/tVs4KrMQwIDAQABo2YwZDARBglghkgBhvhCAQEEBAMCAAcwDwY DVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUfnJR+tZ9osbfzdi+RhTYTxRYsqYwHwYDVR 0jBBgwFoAUfnJR+tZ9osbfzdi+RhTYTxRYsqYwDQYJKoZIhvcNAQEFBQADggEBACio1 AsoYGDskG40Fzd/BEnLzvZSSq8CUpBYJXg4U+aqI0T3cq5N8Dx0fPqkUvhVyoPYw6ig HEmV+oGgsl7HFCTP3FSOD6kptfnUkiEhWsuoquAD1kM663ukedWYc4pgh7lRNmJeX7J HuQVoxk6q/sePIfKX1gTXWNDIDkFJAmZYsQyY1YGH5H6g2m8evmrjak547lB4NeAhA0 cZQI5/2084jsd5Uicatqp/1auOP8E8iZtBskHqOwH1ea60hrqTjlcKckUzHKZugfPr8 kK0tDg//xB6O9ZHlEu0mZiCzuD1ehMSwfcc9SiFYoXWQcpo2ejb7y9DzV0QSEm9XpCF B3s=</X509Certificate></X509Data></CertBundle><Response id="Response_752D24F5C2992DEBB4C339ED026145BB33F71DD3_1"><ResponseD ata>MIIFfQoBAKCCBXYwggVyBgkrBgEFBQcwAQEEggVjMIIFXzCCARGgAwIBAaFWMFQ xCzAJBgNVBAYTAkdCMRUwEwYDVQQKEwxJZGVudHJ1cyBMTEMxFDASBgNVBAsTC0Rldm Vsb3BtZW50MRgwFgYDVQQDEw9OZXNjYWZlIENBIENlcnQYDzIwMDEwOTIxMTY0MDIyW jCBoDBOMDkwBwYFKw4DAhoEFPo/jtp9JijtZksi7LC6frCbW6YnBBQNC3QrQbClHv/q zvZ9v7URsWgjQgICIGaAABgPMjAwMTA5MjExNjMyMTlaME4wOTAHBgUrDgMCGgQUDJZ 9sGK6ezMtlUs0zBb7rsM+Gh0EFHWMeT3LPK5vB91aKOK24Zc/0Y/9AgIQBYAAGA8yMD AxMDkyMTE2MjMxN1owDQYJKoZIhvcNAQEEBQADgYEADE9QQTcq5N22oEnR1hiafahGG mwApCkq2gLZZf39XD+82VMd3Erc38MOCPR5o+V36Qi8wzwOj/MxtTwTzZ2uvuYdR3wz Wd15C+PAg/zoQGqg5jTUeZwHmz5WK8V0u2CV8aigoK9I7fCXKA8FVh6f4IPPKmWjGRR 671thadarbdqgggOzMIIDrzCCA6swggKToAMCAQICAhAOMA0GCSqGSIb3DQEBBAUAMH cxFTATBgNVBAoTDElkZW50cnVzIExMQzEuMCwGA1UECxMlSWRlbnRydXMgUm9vdCBDZ XJ0aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlSWRlbnRydXMgUm9vdCBDZXJ0 aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAxMTkxMDEyMzhaFw0wMjAxMTkxMDEyMzh aMGExGjAYBgNVBAoTEWlQbGFuZXQgVHJ1c3RiYXNlMRQwEgYDVQQLEwtEZXZlbG9wbW VudDEgMB4GA1UEAxMXTmVzY2FmZSBJUCBTaWduaW5nIENlcnQxCzAJBgNVBAYTAkdCM IGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgGUvCMy2kHckWjvuSFbyTiHI68N9QzLA kentHGyAh6UncC4s9yhyrFodScuU7E2+P0zWnINc2YN/9Jx9pieEa9rj5yqvPuWniJi WR1ekJHaPajAAqXlrRtanSqSaB1D2wJhnPQx9Whpp4K7Qk0GrFxVWGgrYMVVcC11uU3 o1CbFzAgMBAAGjgdswgdgwEQYJYIZIAYb4QgEBBAQDAgWgMB0GA1UdDgQWBBRNu+61f QPXswwl0sZ6LuwVaSqrUjAfBgNVHSMEGDAWgBR+clH61n2ixt/N2L5GFNhPFFiypjAO BgNVHQ8BAf8EBAMCBeAwDAYDVR0RBAUwA4EBYTBlBggrBgEFBQcBAQRZMFcwKAYIKwY BBQUHMAGGHGh0dHA6Ly9rZW5jby5qY3AuY28udWs6MjM4OS8wKwYIKoZIhvplBAGGH2 h0dHBzOi8va2VuY28uamNwLmNvLnVrOjEyMzQvVEMwDQYJKoZIhvcNAQEEBQADggEBA FsGDx1V3gNi8XxY0YgmHFt+vtEiehkVDF0+lMGaP+GKKDZkLyglEIuL14XaYege2Xt3 N3TNRK57UgI9U8Nrgtej2mepnevzhkdnaYGsjWbWPTjHDra5LTjKelO/tzh2Kyq8IuE hU6Uq6cA3HhB3TZR1IdoLxHEQHwejuYMYlDTY6Pd0edB8b/dSrSOMHL1Gg8SJjupBOZ f6JsBXeK2moT5mqIGn2+ljcmt6DkocE75vu9Uw9hQSr/iqgWMQjF0stUqQQ6qEhucLy La/eHk89+Mt8PEzoqF3ZYUAVIbW7N3lfXtS13sF/10X2JjO0WtexzZuBYjxcGtAdgB2 TaMPY3c=</ResponseData><CSCResponse><NIB id="NIB_2A02E495C2249C74E1F8750233C511D0615A2263_1" version="2.0"><ContextInfo msggrpid="182DFBAE53803E5B7A281BBD499804CBC7674C58" msgid="1001089853924"></ContextInfo><StartTime><LocalTime id="LocalTime_2A02E495C2249C74E1F8750233C511D0615A2263_1" time="20010921163142Z"/></StartTime><MsgTime><LocalTime id="LocalTime_2A02E495C2249C74E1F8750233C511D0615A2263_2" time="20010921163053Z"/></MsgTime></NIB><Signature xmlns="http://www.w3.org/2000/02/xmldsig#"><SignedInfo><Canonicaliz ationMethod Algorithm="http://search.ietf.org/internet-drafts/draft-ietf-trade- hiroshi-dom-hash-03.txt"></CanonicalizationMethod><SignatureMethod Algorithm="http://www.w3.org/2000/02/xmldsig#rsa-sha1"></SignatureM ethod><Reference URI="#NIB_2A02E495C2249C74E1F8750233C511D0615A2263_1"><Transforms>< Transform Algorithm="http://search.ietf.org/internet-drafts/draft-ietf-trade- hiroshi-dom-hash-03.txt"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/02/xmldsig#sha1"></DigestMethod>< DigestValue>TZDC1lo4dkk3mZBDu47rADVuHcg=</DigestValue></Reference>< Reference URI="#Response_DCF2930D3B4E9046741A9F52AD89EEA5C39B20DA_1"><Transfo rms><Transform Algorithm="http://search.ietf.org/internet-drafts/draft-ietf-trade- hiroshi-dom-hash-03.txt"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/02/xmldsig#sha1"></DigestMethod>< DigestValue>UvKzRQ67wgbl9ExfAkWvEaNA9fQ=</DigestValue></Reference>< /SignedInfo><SignatureValue>EqsZGlPlUmqW9nlKkcSLVxsvCzS700fyuKzXFwA znSi3TUOev3H8Uan4TnmuS5KSqdxd0o6KUxQqVxOMe3G1MVvlV/jNBpiECj/D+nv1Id 2YsL5pjtuE40O+vyNngm+6RS8yetHipb5K/4lyvXmcQss49TXZv+Y5QDVXC924V5U=< /SignatureValue><KeyInfo><X509Data><X509IssuerSerial><X509IssuerNam e>O=Identrus LLC,OU=Identrus Root Certification Authority,CN=Identrus Root Certification Authority</X509IssuerName><X509SerialNumber>4103</X509SerialNumber> </X509IssuerSerial></X509Data></KeyInfo></Signature><CertBundle><X5 09Data><X509IssuerSerial><X509IssuerName>O=Identrus LLC,OU=Identrus Root Certification Authority,CN=Identrus Root Certification Authority</X509IssuerName><X509SerialNumber>4103</X509SerialNumber> </X509IssuerSerial><X509Certificate>MIIDvzCCAqegAwIBAgICEAcwDQYJKoZ IhvcNAQEEBQAwdzEVMBMGA1UEChMMSWRlbnRydXMgTExDMS4wLAYDVQQLEyVJZGVudH J1cyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVJZGVudHJ1c yBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTAxMDExNjEyNTQzMloXDTAy MDExNjEyNTQzMlowXjEdMBsGA1UEAxMUUm9vdCBJUCBTaWduaW5nIENlcnQxGjAYBgN VBAoTEWlQbGFuZXQgVHJ1c3RiYXNlMRQwEgYDVQQLEwtEZXZlbG9wbWVudDELMAkGA1 UEBhMCR0IwgZ4wDQYJKoZIhvcNAQEBBQADgYwAMIGIAoGAZnTLq+nxMLSHkSlVw/zY7 91XiLYe9lkishAK/E6XmEjoei1gjk++FIUvZhSclF1VpURo7G7RYYzUTDv1HULEydRD DF3I0Ack8tkZpxtHivRd9RreUIxp7ubJ90uHU4UbSFCIKIvMltfNwG6u5nEYsrfxDvv kStCqydYZu1YjQeUCAwEAAaOB8jCB7zARBglghkgBhvhCAQEEBAMCBaAwHQYDVR0OBB YEFKES1GXwy4zv5gykMI/VJPWVtXaFMB8GA1UdIwQYMBaAFH5yUfrWfaLG383YvkYU2 E8UWLKmMA8GCSsGAQUFBzABBQQCBQAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDQYDVR0R BAYwBIECYXMwZQYIKwYBBQUHAQEEWTBXMCgGCCsGAQUFBzABhhxodHRwOi8va2VuY28 uamNwLmNvLnVrOjIzODkvMCsGCCqGSIb6ZQQBhh9odHRwczovL2tlbmNvLmpjcC5jby 51azoxMjM0L1RDMA0GCSqGSIb3DQEBBAUAA4IBAQA+TEf2oX3ovBXepCBAbnBViPe5a VxweBToBiSdvlpkFF9UnS+nFuqv/Zzi66/dMN4ZxRHKChzRAshJm41cnVK0sA6XZA7g wjghuWeMJ0M09bGqkhnRhPCC+QFnV4OrNhtBU9kv34Pdhsc6TqbO3I+SZe5MOskcn2w D8WdpRF8HQCTEci1dw+IeYhp8C5fk1EF2R+KZaKdi6EB2fKzLc61RSOJEBpnXpyJwij eI/cLWssZz64pGLEPo0Qac+I+XzQhc0w4IZBU+tQcOs/wwLwHQn8709Pcx2aoIgBrai 4nwCaCuky4NO7n5YFxt4hr7VO36Ont3gnQGK9uFUc7BtbXa</X509Certificate></ X509Data><X509Data><X509IssuerSerial><X509IssuerName>O=Identrus LLC,OU=Identrus Root Certification Authority,CN=Identrus Root Certification Authority</X509IssuerName><X509SerialNumber>4096</X509SerialNumber> </X509IssuerSerial><X509Certificate>MIID0DCCArigAwIBAgICEAAwDQYJKoZ IhvcNAQEFBQAwdzEVMBMGA1UEChMMSWRlbnRydXMgTExDMS4wLAYDVQQLEyVJZGVudH J1cyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVJZGVudHJ1c yBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTAxMDEwMTAwMDAwMFoXDTEw MDExNTAwMDAwMFowdzEVMBMGA1UEChMMSWRlbnRydXMgTExDMS4wLAYDVQQLEyVJZGV udHJ1cyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVJZGVudH J1cyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFA AOCAQ8AMIIBCgKCAQEAylTeEYsHamiJt1BFXoRVcUVRNX27nYikLo0w/Hp0Ad3kSIXM +bM24cNRpVs2TvazA+vwiG/uFr9nj7yMTXM0gUUdZMmcumufmj49+gPOiDVHlYY6y8L +WkxrXCfpLteFunmycMd28v9DuX/I0ZZl6y0l7VapgbjpeOCTRVDWs8t20mMgdzT5aH Y7C+Xog6wIW+i0M+kUJXb0+Wibj5gwT3ltosS8xE0O+gD/sw7muiqwy2AfyL+86S0U7 p2MTtTFPnBX/UAvsA6xpP8Zg7txfIkTQAPnP5wjD/eYNOXaR1tDs0rEY3KVrQ28kK0Q GVg/QaeD3LArWtq0/tVs4KrMQwIDAQABo2YwZDARBglghkgBhvhCAQEEBAMCAAcwDwY DVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUfnJR+tZ9osbfzdi+RhTYTxRYsqYwHwYDVR 0jBBgwFoAUfnJR+tZ9osbfzdi+RhTYTxRYsqYwDQYJKoZIhvcNAQEFBQADggEBACio1 AsoYGDskG40Fzd/BEnLzvZSSq8CUpBYJXg4U+aqI0T3cq5N8Dx0fPqkUvhVyoPYw6ig HEmV+oGgsl7HFCTP3FSOD6kptfnUkiEhWsuoquAD1kM663ukedWYc4pgh7lRNmJeX7J HuQVoxk6q/sePIfKX1gTXWNDIDkFJAmZYsQyY1YGH5H6g2m8evmrjak547lB4NeAhA0 cZQI5/2084jsd5Uicatqp/1auOP8E8iZtBskHqOwH1ea60hrqTjlcKckUzHKZugfPr8 kK0tDg//xB6O9ZHlEu0mZiCzuD1ehMSwfcc9SiFYoXWQcpo2ejb7y9DzV0QSEm9XpCF B3s=</X509Certificate></X509Data></CertBundle><Response id="Response_DCF2930D3B4E9046741A9F52AD89EEA5C39B20DA_1"><ResponseD ata>MIIBiAoBAKCCAYEwggF9BgkrBgEFBQcwAQEEggFuMIIBajCB1KFtMGsxCzAJBgN VBAYTAnV6MQswCQYDVQQIEwJ4eDELMAkGA1UEBxMCeHgxCzAJBgNVBAoTAnh4MQswCQ YDVQQLEwJ4eDELMAkGA1UEAxMCeHgxGzAZBgkqhkiG9w0BCQEWDGV6cmFAc3VuLmNvb RgPMjAwMTA5MjExNjMwNTNaMFIwUDA7MAkGBSsOAwIaBQAEFAyWfbBiunszLZVLNMwW +67DPhodBBR1jHk9yzyubwfdWijituGXP9GP/QICEA+AABgPMjAwMTA5MjExNjIzMTd aMA0GCSqGSIb3DQEBBQUAA4GBAGz0OtGDRHIdSpP1S95DQ9zF6FhqYO+3wmhdqM0lk7 Ennk+teu+nCfmqdhSscioQYAblsAx/VVZX2xewAdaJZC0sVD23tt/4t1bLHO1f0h/oV GZTllE2It/dK/IEfwiPV8XRnD27DwoSo02VHJ3/XhOMaK4w0mprTG1YUlslPglz</Re sponseData></Response></CSCResponse></Response></CSCResponse> ] ]
Engine Logger Message [ Identrusv2MessageFactory : Beginning parse of message ]
Checking verification chain with leaf [ CN=Identrus Root Certification Authority,OU=Identrus Root Certification Authority,O=Identrus LLC ]
Checking verification chain with leaf [ CN=Identrus Root Certification Authority,OU=Identrus Root Certification Authority,O=Identrus LLC ]
Engine Logger Message [ Identrusv2MessageFactory : Completed parse of message ]
Engine Logger Message [ IdentrusProtocolAdapter : Completed transaction with [ http://nescafe.uk.sun.com/NASApp/NASAdapter/TbaseNASAdapter ] ]
Engine Logger Message [ DataConverterFactory : getConverter of [ identrus ] ]
Engine Logger Message [ Performing a validateStatus with preferred.oid [ 1.2.840.114021.4.1 ] preferred.version [ 0 ] acquireProof is [ false ] ]
Engine Logger Message [ ProtocolAdapterFactory : getInstance of [ 1.2.840.114021.4.1 ] with version [ 0 ] ]
Engine Logger Message [ IdentrusProtocolAdapter : Beginning status validation ]
Engine Logger Message [ IdentrusProtocolAdapter : Completed status validation status approved ]
DSMS result from validity check [ true ]
Sample Source Code
The source code for each of these three examples can also be found in your examples iwstps <install_directory>. We now list some of the source code for each example. Note that the main java program DSMSDemo.java has to be modified slightly for each example.
Sample Code DSMSDemo.java
package com.example.example1;import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import com.iplanet.trustbase.initiator.ConfigAdapter;
import com.iplanet.trustbase.initiator.ConfigAdapterException;
import com.iplanet.trustbase.initiator.PropertyCodes;
import com.iplanet.trustbase.initiator.config.ConfigAdapterImpl;
import com.iplanet.trustbase.initiator.dsms.CSCEngine;
import com.iplanet.trustbase.initiator.dsms.StatusCheckData;
import com.iplanet.trustbase.initiator.dsms.CertStatus;
* Is a simple demonstration application which
* takes in some command line parameters and performs
* a Certificate Status Check using the DSMS API based
* The command line parameters that are expected are :
* 1> The keystore password for opening the certificate database.
* 2> The siging certificate nick name - the nick name of the
* certificate to use when signing DSMS transactions.
* 3> The SSL Client transaction certificate nick name. The
* nick name of the certificate to use when performing
* 4> The Trust Anchor certificate. The Identrus Root in normal
* 5> The nick name of the certificate to perform the status check on.
* The certificate you check must be a KeyEntry in that it
* must have a private key as well as a certificate this
* guarentee's that the store will have the entire certificate
* chain available to it and simplifies the example.
protected ConfigAdapterImpl _configAdapter;
protected CSCEngine _cscEngine;
public static void main ( String [] args )
// check arguments before proceeding
System.out.println ( "usage : DSMSDemo keystorepassword , signingCertName , SSL Certificate , verificationCertName , chainToCheck" );
DSMSDemo dsmsdemo = new DSMSDemo ( args );
System.out.println ( "DSMS result from validity check [ " + dsmsdemo.makeChecks ( args[4] ) + " ]" );
public DSMSDemo ( String [] args )
// initiatialise the properties object
// that will then initialise the ConfigAdapter
Properties props = new Properties ( );
props.put ( PropertyCodes.INITIATOR_KEYSTORE_PASSWORD , args[0] );
props.put ( PropertyCodes.INITIATOR_KEYSTORE_SIGNING_CERTIFICATE , args[1] );
props.put ( PropertyCodes.INITIATOR_KEYSTORE_SSLSIGNING_CERTIFICATE , args[2] );
props.put ( PropertyCodes.INITIATOR_KEYSTORE_VERIFICATION_CERTIFICATE + ".1" , args[3] );
// initialise the config Adapter.
_configAdapter = new ConfigAdapterImpl ( props );
_cscEngine = new CSCEngine ( _configAdapter );
public boolean makeChecks ( String certificateToCheck )
// perform the check and return the validation status.
X509Certificate[] checkedCertificateChain = getCertificateChain ( certificateToCheck );
StatusCheckData [] sd = _cscEngine.getStatus ( checkedCertificateChain , false , (byte[]) null );
return _cscEngine.validateStatus ( sd , checkedCertificateChain , false , null );
protected X509Certificate [] getCertificateChain ( String certificateNickName )
// get the certificate chain from store.
return _configAdapter.getStore().getKeyEntry ( certificateNickName ).getCertificateChain ( );
Sample Code ExampleConfigAdapter.java
package com.example.example2;import com.iplanet.trustbase.initiator.ConfigAdapter;
import com.iplanet.trustbase.initiator.ConfigAdapterException;
import com.iplanet.trustbase.initiator.EngineLogger;
import com.iplanet.trustbase.initiator.PropertyCodes;
import com.iplanet.trustbase.initiator.logger.DefaultEngineLogger;
import com.iplanet.trustbase.initiator.config.ConfigAdapterImpl;
* A simple subclass of the provided config adapter that
* supplies a EngineLogger class.
public class ExampleConfigAdapterImpl extends ConfigAdapterImpl
public ExampleConfigAdapterImpl(Properties props)
logger = new DefaultEngineLogger ( );
public Object getObjectProperty ( String property )
if ( property.equals ( PropertyCodes.INITIATOR_ENGINE_LOGGER ) )
return super.getObjectProperty ( property );
Sample Code ExampleTransportAdapter.java
package com.example.example3;
import java.io.IOException;
import java.io.OutputStream;
import java.io.InputStream;
import java.io.ByteArrayOutputStream;
import com.iplanet.trustbase.initiator.ConfigAdapter;
import com.iplanet.trustbase.initiator.PropertyCodes;
import com.iplanet.trustbase.initiator.TransportAdapterException;
import com.iplanet.trustbase.initiator.ConfigAdapterException;
import com.iplanet.trustbase.initiator.transport.HTTPTransportAdapter;
public class ExampleTransportAdapter extends HTTPTransportAdapter
{
private ConfigAdapter ourconfigadapter;
public ExampleTransportAdapter(ConfigAdapter configAdapter)
{
super ( configAdapter );
ourconfigadapter = configAdapter;
}
public byte[] sendReceive(byte[] data, String location, String mes- sageType) throws TransportAdapterException, ConfigAdapterException
{
byte[] outData = null;
try
{
EngineLogger logger = ( EngineLogger ) ourconfigada- pter.getObjectProperty ( PropertyCodes.INITIATOR_ENGINE_LOGGER );
if ( logger != null )
{
logger.log ( new String ( "outgoing HTTP Data [ " + new String ( data ) + " ] " ) , null , null );
}
}
catch ( ConfigAdapterException cae )
{
}
outData = super.sendReceive ( data , location , messageType );
try
{
EngineLogger logger = ( EngineLogger ) ourconfigada- pter.getObjectProperty ( PropertyCodes.INITIATOR_ENGINE_LOGGER );
if ( logger != null )
{
logger.log ( new String ( "incoming HTTP Data [ " + new String ( outData ) + " ] " ) , null , null );
}
}
catch ( ConfigAdapterException cae )
{
}
}
}
Previous Contents DocHome Index Next
Copyright © 2001 Sun Microsystems, Inc.
Last Updated September 24, 2001