Chapter 4   Developing your own applications

Component Overview

---

There are number of components shipped with iWSPTS:

Figure 4-1    Component Overview

We now list the components within the Plug-in

• The cookie authorisation module passes from the results of a certificate status check to the browser in order to avoid having to repeat the same certificate status check twice.

• The Access Control API controls what data gets passed from one part of the system to another. CSCConfigAdapter and getProperty.

• The Identrus DSMS protocol allows the status check to take place

These Authorisation Components cannot change. However there are options to develop your applications using the DSMS API. Examples of how this might be used are now illustrated

• Example 1 Verification of the DSMS process

• Example 2 Modification of the Config Adapter

• Example 3 Modification of the Transport Adapter

The Source code is listed at the end of this chapter and can be found in the examples directory for iWSPTS. We now discuss how to deploy your own examples. You should also consult your JavaDocs and the API Guide that accompanies this manual.

Certificate Verification

---

You need to study the API interface package CSCConfigAdapter that utilises the method getProperty. DSMS behaviour can be modified by considering the following properties defined in the class:

com.iplanet.trustbase.initiator.PropertyCodes

Figure 4-2    DSMS Verification Options

Property Name	Property Type	Default	Purpose
CSC_LOCATION_F ORCE_DEFAULT	Boolean	False	Determines if the DSMS will use the location specified in the AIA of its signing certificate for the OID specified in csc.prefered.oid or the default location provided.
CSC_LOCATION_D EFAULT	String	None	The hard coded location to use if csc.location.forceDefailt is set to true.
CSC_CREATE_SIG NED_OCSP	Boolean	False	Determines whether the DSMS will sign outgoing OCSP. This setting is not used when using XML wrapped OCSP.
CSC_VERIFY_SIG NED_OCSP	Boolean	False	Determines whether the DSMS should check OCSP that is received for correct signing. This setting is not used when using XML wrapped OCSP.
CSC_PREFERRED_ OID	String	1.2.840.114 021.4.1	Determines which type of transaction is carried out whether the DSMS carries out an identrus check or an OCSP check. The default setting indicates an Identrus check.
CSC_PREFERRED_ VERSION	String	0	Determines which version of a protocol should be used. If "0" is given as the version then the latest version is used.
CSC_PREFERRED_ PROTOCOL	String	Null	Determines the preferred protocol name to use - this takes priority over preferred.oid and is a more friendly way to specify it. Valid values are "identrus" and "ocsp".
CSC_LOCATION_R PRESPONDER- PROXY	String	Null	Determines What the url for rpRootResponderProxy.
CSC_MAX_PROOF _RESPONSE_AGE	String	240	The length of time that a freshness proof is considered valid for. If acquire proof is true and this time limit is passed then the DSMS will make a companion request for another Sign- ing Certificate proof.
CSC_CLIP_BASE64 _LINES	Boolean	True	Determines whether the DSMS will clip base64 generated lines.

Main Steps

---

The main steps to perform your own certificate Status Check are now listed:

1. Initialise the Cryptographic System

2. Initialise the TokenKeyStore

3. Initialise the SSL Subsystem

4. Initialise the Config Adapter

5. Initialise the CSCEngine with the Chosen ConfigAdapter

6. Once these steps have been done a CSC check may be performed using _cscEngine.getStatus

7. The check maybe controlled by settin g the appropriate Verification Constants mentioned in the previous section

Running the DSMS Examples.

---

Each of the examples can be run using the CLASSPATH that is set using the provided cp.sh script.

Example 1 DSMS Verification

This example is an extremely simple example showing the basic steps required to make the DSMS perform a certificate status check. It leaves all the configuration at the default values except for a few essential values such as the name of the certificate to sign the outgoing identrus message. To help with making it simple it can only check the status of certificates that have keys in the database, ie those certificates that the webserver describes as `own' - not the trusted certificate authorities. It takes five command line parameters which are :

•       Keystore password - the password of the database you created when you installed the webserver plugin.

•       Signing Certificate name - The nick name of the certificate you want to use to sign the identrus message

•       SSL Signing Certificate name - the nick name of the certificate you want to use in SSL Client transactions.

•       The Trust Anchor - usually the identrus root.

•       Check Certificate name - The nick name of the certificate you wish to use to check the status of.

The example should output something like this.

ragnarok# ./dsmsdemo.sh

In PKCS11SecureRandom constructor

In PKCS11SecureRandom constructor

*** Hostname: nescafe

Checking verification chain with leaf [ CN=Identrus Root Certification Authority,OU=Identrus Root Certification Authority,O=Identrus LLC ]

Checking verification chain with leaf [ CN=Identrus Root Certification Authority,OU=Identrus Root Certification Authority,O=Identrus LLC ]

DSMS result from validity check [ true ]

Example 2 Config Adapter Modification

This is a slightly more complex example. It illustrates how you can manipulate the behaviour of the DSMS by creating a new ConfigAdapter. In its extreme case this ability could be used to enable the DSMS to utilise a different kind of certificate store. However in this case the new ConfigAdapter simply returns an EngineLogger object when it is asked to provide one. This EngineLogger is then used to report the DSMS's progress through the transaction. It takes the same five command line parameters that the DSMSDemo from example 1 does. The example should output something like this.

ragnarok# ./dsmsdemo.sh

----Engine Logger-----

Engine Logger Message [ CSCEngine initialised ]

----Engine Logger Ends----

----Engine Logger-----

Engine Logger Message [ Performing a getStatus with preferred.oid [ 1.2.840.114021.4.1 ] preferredVersion [ 0 ] acquireProof is [ false ] generate nonce is [ false ] ]

----Engine Logger Ends----

----Engine Logger-----

Engine Logger Message [ ProtocolAdapterFactory : getInstance of [ 1.2.840.114021.4.1 ] with version [ 0 ] ]

----Engine Logger Ends----

----Engine Logger-----

Engine Logger Message [ GenericProtocolAdapter : Getting location for Protocol [ 1.2.840.114021.4.1 ] ]

----Engine Logger Ends----

----Engine Logger-----

Engine Logger Message [ IdentrusProtocolAdapter : Beginning transaction with [ https://nescafe.jcp.co.uk:1234/TC ] ]

----Engine Logger Ends----

----Engine Logger-----

Engine Logger Message [ GenericProtocolAdapter : Getting message factory with classname [ com.iplanet.trustbase.initiator.scheme.dsms.identrus.message.Identr usv2MessageFactory] ]

----Engine Logger Ends----

----Engine Logger-----

Engine Logger Message [ GenericProtocolAdapter : Getting Transport adapter with classname [ com.iplanet.trustbase.initiator.transport.XURLTransportAdapter] ]

----Engine Logger Ends----

----Engine Logger-----

Engine Logger Message [ Identrusv2MessageFactory : Building identrus message ]

----Engine Logger Ends----

In PKCS11SecureRandom constructor

----Engine Logger-----

Engine Logger Message [ Identrusv2MessageFactory : Created transaction id and constructed OCSP [ QTE3NDhBRkRFMkVFQjVBODU1QUMzOEMwOEIxNkQ4QTZGMDdEMDRFNQ== ] ]

----Engine Logger Ends----

In PKCS11SecureRandom constructor

----Engine Logger-----

Engine Logger Message [ Identrusv2MessageFactory : Completed construction of message ]

----Engine Logger Ends----

----Engine Logger-----

Engine Logger Message [ XURLTransportAdapter: sending to location [ https://nescafe.jcp.co.uk:1234/TC ] ]

----Engine Logger Ends----

*** Hostname: nescafe

----Engine Logger-----

Engine Logger Message [ Identrusv2MessageFactory : Beginning parse of message ]

----Engine Logger Ends----

Checking verification chain with leaf [ CN=Identrus Root Certification Authority,OU=Identrus Root Certification Authority,O=Identrus LLC ]

Checking verification chain with leaf [ CN=Identrus Root Certification Authority,OU=Identrus Root Certification Authority,O=Identrus LLC ]

----Engine Logger-----

Engine Logger Message [ Identrusv2MessageFactory : Completed parse of message ]

----Engine Logger Ends----

----Engine Logger-----

Engine Logger Message [ IdentrusProtocolAdapter : Completed transaction with [ https://nescafe.jcp.co.uk:1234/TC ] ]

----Engine Logger Ends----

----Engine Logger-----

Engine Logger Message [ DataConverterFactory : getConverter of [ identrus ] ]

----Engine Logger Ends----

----Engine Logger-----

Engine Logger Message [ Performing a validateStatus with preferred.oid [ 1.2.840.114021.4.1 ] preferred.version [ 0 ] acquireProof is [ false ] ]

----Engine Logger Ends----

----Engine Logger-----

Engine Logger Message [ ProtocolAdapterFactory : getInstance of [ 1.2.840.114021.4.1 ] with version [ 0 ] ]

----Engine Logger Ends----

----Engine Logger-----

Engine Logger Message [ IdentrusProtocolAdapter : Beginning status validation ]

----Engine Logger Ends----

----Engine Logger-----

Engine Logger Message [ IdentrusProtocolAdapter : Completed status validation status approved ]

----Engine Logger Ends----

DSMS result from validity check [ true ]

Example 3 Transport Adapter Modification


This again is a slightly more complex example. It illustrates how you can manipulate the behaviour of the DSMS by providing a different Transport Adapter. In its extreme case this ability could be used to allow the DSMS to perform certificate status checks over completely different transports to the ones it supports out of the box. However in this example the new Transport Adapter just used the EngineLogger to log the data that is being sent and received. This Transport Adapter will only work over HTTP. It takes the same five command line parameters that the DSMSDemo from example 2 does with the addition of a sixth parameter that specifies the http location of the TC to perform the checks. The example should output something like this :

ragnarok# ./dsmsdemo.sh

----Engine Logger-----

Engine Logger Message [ CSCEngine initialised ]

----Engine Logger Ends----

----Engine Logger-----

Engine Logger Message [ Performing a getStatus with preferred.oid [ 1.2.840.114021.4.1 ] preferredVersion [ 0 ] acquireProof is [ false ] generate nonce is [ false ] ]

----Engine Logger Ends----

----Engine Logger-----

Engine Logger Message [ ProtocolAdapterFactory : getInstance of [ 1.2.840.114021.4.1 ] with version [ 0 ] ]

----Engine Logger Ends----

----Engine Logger-----

Engine Logger Message [ GenericProtocolAdapter : Getting location for Protocol [ 1.2.840.114021.4.1 ] ]

----Engine Logger Ends----

----Engine Logger-----

Engine Logger Message [ IdentrusProtocolAdapter : Beginning transaction with [ http://nescafe.uk.sun.com/NASApp/NASAdapter/TbaseNASAdapter ] ]

----Engine Logger Ends----

----Engine Logger-----

Engine Logger Message [ GenericProtocolAdapter : Getting message factory with classname [ com.iplanet.trustbase.initiator.scheme.dsms.identrus.message.Identr usv2MessageFactory] ]

----Engine Logger Ends----

----Engine Logger-----

Engine Logger Message [ GenericProtocolAdapter : Getting Transport adapter with classname [ com.example.example3.ExampleTransportAdapter] ]

----Engine Logger Ends----

----Engine Logger-----

Engine Logger Message [ Identrusv2MessageFactory : Building identrus message ]

----Engine Logger Ends----

In PKCS11SecureRandom constructor

----Engine Logger-----

Engine Logger Message [ Identrusv2MessageFactory : Created transaction id and constructed OCSP [ RUIwNUUxQzZDMUI5NjhFQTFCNkI3MkIyNUFDNTA2RTRDREM2QzA5Rg== ] ]

----Engine Logger Ends----

In PKCS11SecureRandom constructor

----Engine Logger-----

Engine Logger Message [ Identrusv2MessageFactory : Completed construction of message ]

----Engine Logger Ends----

----Engine Logger-----

Engine Logger Message [ outgoing HTTP Data [ <!DOCTYPE CSCRequest PUBLIC "-//IDENTRUS//CERTIFICATE STATUS CHECK DTD//EN" "http://www.identrus.com/TC/2.0/CertificateStatusCheck.dtd"> <CSCRequest><NIB id="NIB_340ED3D166D00325EFCE5CAAD31C9EF9254B8656_1" version="2.0"><ContextInfo msggrpid="11F410055BD68EC8B4F1CC53F708764EC31D427D" msgid="RUIwNUUxQzZDMUI5NjhFQTFCNkI3MkIyNUFDNTA2RTRDREM2QzA5Rg=="></ ContextInfo><StartTime><LocalTime id="LocalTime_340ED3D166D00325EFCE5CAAD31C9EF9254B8656_1" time="20010921164029Z"/></StartTime><MsgTime><LocalTime id="LocalTime_340ED3D166D00325EFCE5CAAD31C9EF9254B8656_2" time="20010921164029Z"/></MsgTime></NIB><Signature xmlns="http://www.w3.org/2000/02/xmldsig#"><SignedInfo><Canonicaliz ationMethod Algorithm="http://search.ietf.org/internet-drafts/draft-ietf-trade- hiroshi-dom-hash-03.txt"></CanonicalizationMethod><SignatureMethod Algorithm="http://www.w3.org/2000/02/xmldsig#rsa-sha1"></SignatureM ethod><Reference URI="#NIB_340ED3D166D00325EFCE5CAAD31C9EF9254B8656_1"><Transforms>< Transform Algorithm="http://search.ietf.org/internet-drafts/draft-ietf-trade- hiroshi-dom-hash-03.txt"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/02/xmldsig#sha1"></DigestMethod>< DigestValue>pa5Gpq6WHuykS+/nPYKxJSfnPqM=</DigestValue></Reference>< Reference URI="#Request_340ED3D166D00325EFCE5CAAD31C9EF9254B8656_1"><Transfor ms><Transform Algorithm="http://search.ietf.org/internet-drafts/draft-ietf-trade- hiroshi-dom-hash-03.txt"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/02/xmldsig#sha1"></DigestMethod>< DigestValue>86TQw4GMkpMzrETaAIIGC/0jOXY=</DigestValue></Reference>< /SignedInfo><SignatureValue>Zm7E5pZ0eCmssbq0ZN0L6sjHKm04RV0WwFSDadM YLA4rBL1nFVMAg4JhTB7F2rLJ

It80HBGblXbUO+4sCUeqdi731+bmmMyWRxUoYjc+zDGfFZ0X/BfLFE31cNBzvYe+

IN8u+RRSvvuIR2qGfRUVzaP3LBYU9v2iW9MN8lwtxfo=</SignatureValue><KeyIn fo><X509Data><X509IssuerSerial><X509IssuerName>C=GB,O=Identrus LLC,OU=Development,CN=Nescafe CA Cert</X509IssuerName><X509SerialNumber>8294</X509SerialNumber></X50 9IssuerSerial></X509Data></KeyInfo></Signature><CertBundle><X509Dat a><X509IssuerSerial><X509IssuerName>C=GB,O=Identrus LLC,OU=Development,CN=Nescafe CA Cert</X509IssuerName><X509SerialNumber>8294</X509SerialNumber></X50 9IssuerSerial><X509Certificate>MIIDljCCAn6gAwIBAgICIGYwDQYJKoZIhvcN AQEEBQAwVDELMAkGA1UEBhMCR0Ix

FTATBgNVBAoTDElkZW50cnVzIExMQzEUMBIGA1UECxMLRGV2ZWxvcG1lbnQxGDAW

BgNVBAMTD05lc2NhZmUgQ0EgQ2VydDAeFw0wMTA4MjAwOTU1NTNaFw0wMjAxMTUx

NTQyNDdaMGAxCzAJBgNVBAYTAlVLMRAwDgYDVQQKEwdJcGxhbmV0MRIwEAYDVQQL

EwlUcnVzdGJhc2UxKzApBgNVBAMTIlJhZ25hcm9rLnVrLnN1bi5jb20gdjYgU2Vy

dmVyIENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOdvJbuKFyIq2QzE

yz5EfCC1S5im5GBFC4BdfHzckH5E34jbJjX/BMEKCjMjA6Q2OqUpeZqnHxXYjwVN

jq7OOCZHzhKIFnhY8RLnk1b7PZ99BRNfVPYg5AI2KoHD1Ni1B55cJ1ALzthYnCaY

0xla0V5kQ7a9sCGNGWVeDvdGu3t1AgMBAAGjgekwgeYwEQYJYIZIAYb4QgEBBAQD

AgXgMB0GA1UdDgQWBBSvXtrTQ9nhIcEw7HEiA7fCydmWajAfBgNVHSMEGDAWgBQN

C3QrQbClHv/qzvZ9v7URsWgjQjAOBgNVHQ8BAf8EBAMCBPAwFgYDVR0RBA8wDYEL

ZXpyYUBnaGVsbG8waQYIKwYBBQUHAQEEXTBbMCoGCCsGAQUFBzABhh5odHRwOi8v

bmVzY2FmZS5qY3AuY28udWs6MjM4OS8wLQYIKoZIhvplBAGGIWh0dHBzOi8vbmVz

Y2FmZS5qY3AuY28udWs6MTIzNC9UQzANBgkqhkiG9w0BAQQFAAOCAQEAdE6duzdw

Rfs0U2n9PGyEVbypJFxPsGmSjAK/9YSQHzaURYfHrR966NExxeTXjLClTrYpd+r8

ygqHNTzduIGEvkoCpfvxLtY9ilhDKsReJsE1NQlrnjCFjheR7AXzZVRix50ixl6E

LUXbfLiASucxtqLYGSQgMIquS8ZEaos+uJOlP9oaFbMGihoVwxBMnPEoDU7iM+PZ

pTobl0nMn6QD/hSIVrG3T50VH9A2jT8+6huCeYziJqP73YtTRvEmmX97L5gTbZUr

ddUdFsKWaVH9BmDKgNE1m/r1TpjuNg+Syg8jBK48nqrSZ64DU2Zr19t09F2RNIzO

3Z3ydZTXFNpZrw==</X509Certificate></X509Data><X509Data><X509IssuerS erial><X509IssuerName>O=Identrus LLC,OU=Identrus Root Certification Authority,CN=Identrus Root Certification Authority</X509IssuerName><X509SerialNumber>4101</X509SerialNumber> </X509IssuerSerial><X509Certificate>MIIEJjCCAw6gAwIBAgICEAUwDQYJKoZ IhvcNAQEEBQAwdzEVMBMGA1UEChMMSWRl

bnRydXMgTExDMS4wLAYDVQQLEyVJZGVudHJ1cyBSb290IENlcnRpZmljYXRpb24g

QXV0aG9yaXR5MS4wLAYDVQQDEyVJZGVudHJ1cyBSb290IENlcnRpZmljYXRpb24g

QXV0aG9yaXR5MB4XDTAxMDExNTE1NDI0N1oXDTAyMDExNTE1NDI0N1owVDELMAkG

A1UEBhMCR0IxFTATBgNVBAoTDElkZW50cnVzIExMQzEUMBIGA1UECxMLRGV2ZWxv

cG1lbnQxGDAWBgNVBAMTD05lc2NhZmUgQ0EgQ2VydDCCASIwDQYJKoZIhvcNAQEB

BQADggEPADCCAQoCggEBANV02B1G3Xk2yhpINqGr5tiCqAA0c+NaNq5PWRj/rSZ+

OcnXy1OpZL0tcGSFvOfQT5XE+PW79xSAidk8ye/okp8pUNOys9uVp0R1O5dkB198

HR0AKb6YQIcowi8mmUITGsBnN6mwZsIbq1zXCWZ8riPCMnJciwya5C2sWYUWRj5C

KYpr6bpJFKKPPG2jxiht2zG+eDQiAEHdcrquWQ4Shu07wqa0JzbHWv9gGRNoK6VF

1IzCD5P+E/MIxMDaCNLgex4LZQBNG1+xhpnFLJ3pLY3eLjECwjbq+HzzGHp1ylyF

rh9C0JXminVxxlMbgRJ+Fxd48cZJpIcpr0tZExaCyUECAwEAAaOB3jCB2zARBglg

hkgBhvhCAQEEBAMCAAcwHQYDVR0OBBYEFA0LdCtBsKUe/+rO9n2/tRGxaCNCMB8G

A1UdIwQYMBaAFH5yUfrWfaLG383YvkYU2E8UWLKmMA8GA1UdEwEB/wQFMAMBAf8w

DgYDVR0PAQH/BAQDAgHGMGUGCCsGAQUFBwEBBFkwVzAoBggrBgEFBQcwAYYcaHR0

cDovL2tlbmNvLmpjcC5jby51azoyMzg5LzArBggqhkiG+mUEAYYfaHR0cHM6Ly9r

ZW5jby5qY3AuY28udWs6MTIzNC9UQzANBgkqhkiG9w0BAQQFAAOCAQEAQ38IiCcp

VkvdiIe7Jc3rQtq/Nd3VHnwn9w2XIkofT63Lg6EXbpIOyoJ2P/9Sav5iPOqY0vKk

FlLTvxBJUyDQ8PmKWzZrVW1URUazKAOgjVMS/sTedSL8KZf8+u9UpbkBKNTkIFAs

jup9NRac+ad6vQ6Yhv0Xt/zP4OvU2P9ax5eqvYozvHKWZLJ2moppKHAEH5S39sWD

bsYmqngPxmTozyCf7BZfRcmJi+zD49x8YyvM1IU1fIjsbfyXGpjRsbN16h9ifZyP

doSwG+HkY88UegP6FvmaMYrf7xgbp9AiDviuPLOuhk2p54nULTjCVRN153H/1aD5

rcLtw3O2WLSazA==</X509Certificate></X509Data><X509Data><X509IssuerS erial><X509IssuerName>O=Identrus LLC,OU=Identrus Root Certification Authority,CN=Identrus Root Certification Authority</X509IssuerName><X509SerialNumber>4096</X509SerialNumber> </X509IssuerSerial><X509Certificate>MIID0DCCArigAwIBAgICEAAwDQYJKoZ IhvcNAQEFBQAwdzEVMBMGA1UEChMMSWRl

bnRydXMgTExDMS4wLAYDVQQLEyVJZGVudHJ1cyBSb290IENlcnRpZmljYXRpb24g

QXV0aG9yaXR5MS4wLAYDVQQDEyVJZGVudHJ1cyBSb290IENlcnRpZmljYXRpb24g

QXV0aG9yaXR5MB4XDTAxMDEwMTAwMDAwMFoXDTEwMDExNTAwMDAwMFowdzEVMBMG

A1UEChMMSWRlbnRydXMgTExDMS4wLAYDVQQLEyVJZGVudHJ1cyBSb290IENlcnRp

ZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVJZGVudHJ1cyBSb290IENlcnRp

ZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC

AQEAylTeEYsHamiJt1BFXoRVcUVRNX27nYikLo0w/Hp0Ad3kSIXM+bM24cNRpVs2

TvazA+vwiG/uFr9nj7yMTXM0gUUdZMmcumufmj49+gPOiDVHlYY6y8L+WkxrXCfp

LteFunmycMd28v9DuX/I0ZZl6y0l7VapgbjpeOCTRVDWs8t20mMgdzT5aHY7C+Xo

g6wIW+i0M+kUJXb0+Wibj5gwT3ltosS8xE0O+gD/sw7muiqwy2AfyL+86S0U7p2M

TtTFPnBX/UAvsA6xpP8Zg7txfIkTQAPnP5wjD/eYNOXaR1tDs0rEY3KVrQ28kK0Q

GVg/QaeD3LArWtq0/tVs4KrMQwIDAQABo2YwZDARBglghkgBhvhCAQEEBAMCAAcw

DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUfnJR+tZ9osbfzdi+RhTYTxRYsqYw

HwYDVR0jBBgwFoAUfnJR+tZ9osbfzdi+RhTYTxRYsqYwDQYJKoZIhvcNAQEFBQAD

ggEBACio1AsoYGDskG40Fzd/BEnLzvZSSq8CUpBYJXg4U+aqI0T3cq5N8Dx0fPqk

UvhVyoPYw6igHEmV+oGgsl7HFCTP3FSOD6kptfnUkiEhWsuoquAD1kM663ukedWY

c4pgh7lRNmJeX7JHuQVoxk6q/sePIfKX1gTXWNDIDkFJAmZYsQyY1YGH5H6g2m8e

vmrjak547lB4NeAhA0cZQI5/2084jsd5Uicatqp/1auOP8E8iZtBskHqOwH1ea60

hrqTjlcKckUzHKZugfPr8kK0tDg//xB6O9ZHlEu0mZiCzuD1ehMSwfcc9SiFYoXW

Qcpo2ejb7y9DzV0QSEm9XpCFB3s=</X509Certificate></X509Data></CertBund le><Request id="Request_340ED3D166D00325EFCE5CAAD31C9EF9254B8656_1"><RequestDat a>MIICqjCCAqagAwIBAaFkpGIwYDELMAkGA1UEBhMCVUsxEDAOBgNVBAoTB0lwbGFu

ZXQxEjAQBgNVBAsTCVRydXN0YmFzZTErMCkGA1UEAxMiUmFnbmFyb2sudWsuc3Vu

LmNvbSB2NiBTZXJ2ZXIgQ2VydDCCAjcwggEIMDkwBwYFKw4DAhoEFPo/jtp9Jijt

Zksi7LC6frCbW6YnBBQNC3QrQbClHv/qzvZ9v7URsWgjQgICIGaggcowgccwgcQG

CSsGAQUFBzABBwSBtjCBszBUMQswCQYDVQQGEwJHQjEVMBMGA1UEChMMSWRlbnRy

dXMgTExDMRQwEgYDVQQLEwtEZXZlbG9wbWVudDEYMBYGA1UEAxMPTmVzY2FmZSBD

QSBDZXJ0MFswKgYIKwYBBQUHMAGGHmh0dHA6Ly9uZXNjYWZlLmpjcC5jby51azoy

Mzg5LzAtBggqhkiG+mUEAYYhaHR0cHM6Ly9uZXNjYWZlLmpjcC5jby51azoxMjM0

L1RDMIIBJzA5MAcGBSsOAwIaBBQMln2wYrp7My2VSzTMFvuuwz4aHQQUdYx5Pcs8

rm8H3Voo4rbhlz/Rj/0CAhAFoIHpMIHmMIHjBgkrBgEFBQcwAQcEgdUwgdIwdzEV

MBMGA1UEChMMSWRlbnRydXMgTExDMS4wLAYDVQQLEyVJZGVudHJ1cyBSb290IENl

cnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVJZGVudHJ1cyBSb290IENl

cnRpZmljYXRpb24gQXV0aG9yaXR5MFcwKAYIKwYBBQUHMAGGHGh0dHA6Ly9rZW5j

by5qY3AuY28udWs6MjM4OS8wKwYIKoZIhvplBAGGH2h0dHBzOi8va2VuY28uamNw

LmNvLnVrOjEyMzQvVEM=</RequestData></Request></CSCRequest> ] ]

----Engine Logger Ends----

----Engine Logger-----

Engine Logger Message [ incoming HTTP Data [ <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE CSCResponse PUBLIC "-//IDENTRUS//CERTIFICATE STATUS CHECK DTD//EN" "http://www.identrus.com/TC/2.0/CertificateStatusCheck.dtd"><CSCRes ponse><NIB id="NIB_340ED3D166D00325EFCE5CAAD31C9EF9254B8656_1" version="2.0"><ContextInfo msggrpid="11F410055BD68EC8B4F1CC53F708764EC31D427D" msgid="1001090422879"></ContextInfo><StartTime><LocalTime id="LocalTime_340ED3D166D00325EFCE5CAAD31C9EF9254B8656_1" time="20010921164029Z"/></StartTime><MsgTime><LocalTime id="LocalTime_340ED3D166D00325EFCE5CAAD31C9EF9254B8656_2" time="20010921164022Z"/></MsgTime></NIB><Signature xmlns="http://www.w3.org/2000/02/xmldsig#"><SignedInfo><Canonicaliz ationMethod Algorithm="http://search.ietf.org/internet-drafts/draft-ietf-trade- hiroshi-dom-hash-03.txt"></CanonicalizationMethod><SignatureMethod Algorithm="http://www.w3.org/2000/02/xmldsig#rsa-sha1"></SignatureM ethod><Reference URI="#NIB_340ED3D166D00325EFCE5CAAD31C9EF9254B8656_1"><Transforms>< Transform Algorithm="http://search.ietf.org/internet-drafts/draft-ietf-trade- hiroshi-dom-hash-03.txt"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/02/xmldsig#sha1"></DigestMethod>< DigestValue>KX0xNDQYebVDgCXqwvVX/NZw9eA=</DigestValue></Reference>< Reference URI="#Response_752D24F5C2992DEBB4C339ED026145BB33F71DD3_1"><Transfo rms><Transform Algorithm="http://search.ietf.org/internet-drafts/draft-ietf-trade- hiroshi-dom-hash-03.txt"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/02/xmldsig#sha1"></DigestMethod>< DigestValue>cfYf+FXmmsKmdbdnIlDazFZRua4=</DigestValue></Reference>< /SignedInfo><SignatureValue>GittXG8ydDSc0fGAhjOpg9+d0QUbbugcdrZfZQO X03hwlK1O3ImwDO3o9rzddokp9jKHEm7ujBDvIUD/hWUk8/BiTjbxOLFvPO3aiUUgCw t11Aq5f//ncWKZCx9Hk2VlLKOHr6dZ90r3Mhz/nFqGKnKCHzlvYzEJvkRaZaSDnSE=< /SignatureValue><KeyInfo><X509Data><X509IssuerSerial><X509IssuerNam e>O=Identrus LLC,OU=Identrus Root Certification Authority,CN=Identrus Root Certification Authority</X509IssuerName><X509SerialNumber>4111</X509SerialNumber> </X509IssuerSerial></X509Data></KeyInfo></Signature><CertBundle><X5 09Data><X509IssuerSerial><X509IssuerName>O=Identrus LLC,OU=Identrus Root Certification Authority,CN=Identrus Root Certification Authority</X509IssuerName><X509SerialNumber>4111</X509SerialNumber> </X509IssuerSerial><X509Certificate>MIIDqzCCApOgAwIBAgICEA8wDQYJKoZ IhvcNAQEEBQAwdzEVMBMGA1UEChMMSWRlbnRydXMgTExDMS4wLAYDVQQLEyVJZGVudH J1cyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVJZGVudHJ1c yBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTAxMDExOTEwMTMxMloXDTAy MDExOTEwMTMxMlowYTEaMBgGA1UEChMRaVBsYW5ldCBUcnVzdGJhc2UxFDASBgNVBAs TC0RldmVsb3BtZW50MSAwHgYDVQQDExdOZXNjYWZlIEVFIFNpZ25pbmcgQ2VydDELMA kGA1UEBhMCR0IwgZ4wDQYJKoZIhvcNAQEBBQADgYwAMIGIAoGAPtIp/WrdbKdKIgfk2 3w9JLt+yM2/F9sEv5oXMAIvWUB25xMuxviniE2t5TgZFk66wxmgAqlGQppENK8ygNjP A4m+mlgxEUJK1A6AibaucxoL+23X7+QuZ7b0awaAAeFvmC462+4H1nzcI/J5y3xO+N8 2kvZdJh0IjNvgoSAeNwMCAwEAAaOB2zCB2DARBglghkgBhvhCAQEEBAMCBaAwHQYDVR 0OBBYEFHWpg/ujONid6t78XHEW/WPeUGoEMB8GA1UdIwQYMBaAFH5yUfrWfaLG383Yv kYU2E8UWLKmMA4GA1UdDwEB/wQEAwIF4DAMBgNVHREEBTADgQFhMGUGCCsGAQUFBwEB BFkwVzAoBggrBgEFBQcwAYYcaHR0cDovL2tlbmNvLmpjcC5jby51azoyMzg5LzArBgg qhkiG+mUEAYYfaHR0cHM6Ly9rZW5jby5qY3AuY28udWs6MTIzNC9UQzANBgkqhkiG9w 0BAQQFAAOCAQEAWuH6QwBQDyEs83DBL16im+Eu3ot2UI/1TsXl7mi9uuBR+3/4xpI53 IEikyhB4ICMRX9HySfaP2g1JNSJJyj8LMCWZAleltm3UNPojL23iiQCDO+09Zvn+M9g mkob6wlkf1/xTMAKr/eze19zNMIvRqypzgybPQt1JIwU3KjI6SE93EzP6MqqLuFz2hO vk+Uz7qBIFvnYKmG/x8x23/t+fC7+72/Q2ifsOftH08Thz6EL/eWXad9VYHJLdEhkTY 4r3XBS3dIZHVVPsWG4gHcfbbxfFagGRrUcBqjBVjEQmRjq2t+4LRu3nln7Sj+EIKpk5 sY8e8DHwUuaNcUPmtVzEA==</X509Certificate></X509Data><X509Data><X509 IssuerSerial><X509IssuerName>O=Identrus LLC,OU=Identrus Root Certification Authority,CN=Identrus Root Certification Authority</X509IssuerName><X509SerialNumber>4096</X509SerialNumber> </X509IssuerSerial><X509Certificate>MIID0DCCArigAwIBAgICEAAwDQYJKoZ IhvcNAQEFBQAwdzEVMBMGA1UEChMMSWRlbnRydXMgTExDMS4wLAYDVQQLEyVJZGVudH J1cyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVJZGVudHJ1c yBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTAxMDEwMTAwMDAwMFoXDTEw MDExNTAwMDAwMFowdzEVMBMGA1UEChMMSWRlbnRydXMgTExDMS4wLAYDVQQLEyVJZGV udHJ1cyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVJZGVudH J1cyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFA AOCAQ8AMIIBCgKCAQEAylTeEYsHamiJt1BFXoRVcUVRNX27nYikLo0w/Hp0Ad3kSIXM +bM24cNRpVs2TvazA+vwiG/uFr9nj7yMTXM0gUUdZMmcumufmj49+gPOiDVHlYY6y8L +WkxrXCfpLteFunmycMd28v9DuX/I0ZZl6y0l7VapgbjpeOCTRVDWs8t20mMgdzT5aH Y7C+Xog6wIW+i0M+kUJXb0+Wibj5gwT3ltosS8xE0O+gD/sw7muiqwy2AfyL+86S0U7 p2MTtTFPnBX/UAvsA6xpP8Zg7txfIkTQAPnP5wjD/eYNOXaR1tDs0rEY3KVrQ28kK0Q GVg/QaeD3LArWtq0/tVs4KrMQwIDAQABo2YwZDARBglghkgBhvhCAQEEBAMCAAcwDwY DVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUfnJR+tZ9osbfzdi+RhTYTxRYsqYwHwYDVR 0jBBgwFoAUfnJR+tZ9osbfzdi+RhTYTxRYsqYwDQYJKoZIhvcNAQEFBQADggEBACio1 AsoYGDskG40Fzd/BEnLzvZSSq8CUpBYJXg4U+aqI0T3cq5N8Dx0fPqkUvhVyoPYw6ig HEmV+oGgsl7HFCTP3FSOD6kptfnUkiEhWsuoquAD1kM663ukedWYc4pgh7lRNmJeX7J HuQVoxk6q/sePIfKX1gTXWNDIDkFJAmZYsQyY1YGH5H6g2m8evmrjak547lB4NeAhA0 cZQI5/2084jsd5Uicatqp/1auOP8E8iZtBskHqOwH1ea60hrqTjlcKckUzHKZugfPr8 kK0tDg//xB6O9ZHlEu0mZiCzuD1ehMSwfcc9SiFYoXWQcpo2ejb7y9DzV0QSEm9XpCF B3s=</X509Certificate></X509Data></CertBundle><Response id="Response_752D24F5C2992DEBB4C339ED026145BB33F71DD3_1"><ResponseD ata>MIIFfQoBAKCCBXYwggVyBgkrBgEFBQcwAQEEggVjMIIFXzCCARGgAwIBAaFWMFQ xCzAJBgNVBAYTAkdCMRUwEwYDVQQKEwxJZGVudHJ1cyBMTEMxFDASBgNVBAsTC0Rldm Vsb3BtZW50MRgwFgYDVQQDEw9OZXNjYWZlIENBIENlcnQYDzIwMDEwOTIxMTY0MDIyW jCBoDBOMDkwBwYFKw4DAhoEFPo/jtp9JijtZksi7LC6frCbW6YnBBQNC3QrQbClHv/q zvZ9v7URsWgjQgICIGaAABgPMjAwMTA5MjExNjMyMTlaME4wOTAHBgUrDgMCGgQUDJZ 9sGK6ezMtlUs0zBb7rsM+Gh0EFHWMeT3LPK5vB91aKOK24Zc/0Y/9AgIQBYAAGA8yMD AxMDkyMTE2MjMxN1owDQYJKoZIhvcNAQEEBQADgYEADE9QQTcq5N22oEnR1hiafahGG mwApCkq2gLZZf39XD+82VMd3Erc38MOCPR5o+V36Qi8wzwOj/MxtTwTzZ2uvuYdR3wz Wd15C+PAg/zoQGqg5jTUeZwHmz5WK8V0u2CV8aigoK9I7fCXKA8FVh6f4IPPKmWjGRR 671thadarbdqgggOzMIIDrzCCA6swggKToAMCAQICAhAOMA0GCSqGSIb3DQEBBAUAMH cxFTATBgNVBAoTDElkZW50cnVzIExMQzEuMCwGA1UECxMlSWRlbnRydXMgUm9vdCBDZ XJ0aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlSWRlbnRydXMgUm9vdCBDZXJ0 aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAxMTkxMDEyMzhaFw0wMjAxMTkxMDEyMzh aMGExGjAYBgNVBAoTEWlQbGFuZXQgVHJ1c3RiYXNlMRQwEgYDVQQLEwtEZXZlbG9wbW VudDEgMB4GA1UEAxMXTmVzY2FmZSBJUCBTaWduaW5nIENlcnQxCzAJBgNVBAYTAkdCM IGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgGUvCMy2kHckWjvuSFbyTiHI68N9QzLA kentHGyAh6UncC4s9yhyrFodScuU7E2+P0zWnINc2YN/9Jx9pieEa9rj5yqvPuWniJi WR1ekJHaPajAAqXlrRtanSqSaB1D2wJhnPQx9Whpp4K7Qk0GrFxVWGgrYMVVcC11uU3 o1CbFzAgMBAAGjgdswgdgwEQYJYIZIAYb4QgEBBAQDAgWgMB0GA1UdDgQWBBRNu+61f QPXswwl0sZ6LuwVaSqrUjAfBgNVHSMEGDAWgBR+clH61n2ixt/N2L5GFNhPFFiypjAO BgNVHQ8BAf8EBAMCBeAwDAYDVR0RBAUwA4EBYTBlBggrBgEFBQcBAQRZMFcwKAYIKwY BBQUHMAGGHGh0dHA6Ly9rZW5jby5qY3AuY28udWs6MjM4OS8wKwYIKoZIhvplBAGGH2 h0dHBzOi8va2VuY28uamNwLmNvLnVrOjEyMzQvVEMwDQYJKoZIhvcNAQEEBQADggEBA FsGDx1V3gNi8XxY0YgmHFt+vtEiehkVDF0+lMGaP+GKKDZkLyglEIuL14XaYege2Xt3 N3TNRK57UgI9U8Nrgtej2mepnevzhkdnaYGsjWbWPTjHDra5LTjKelO/tzh2Kyq8IuE hU6Uq6cA3HhB3TZR1IdoLxHEQHwejuYMYlDTY6Pd0edB8b/dSrSOMHL1Gg8SJjupBOZ f6JsBXeK2moT5mqIGn2+ljcmt6DkocE75vu9Uw9hQSr/iqgWMQjF0stUqQQ6qEhucLy La/eHk89+Mt8PEzoqF3ZYUAVIbW7N3lfXtS13sF/10X2JjO0WtexzZuBYjxcGtAdgB2 TaMPY3c=</ResponseData><CSCResponse><NIB id="NIB_2A02E495C2249C74E1F8750233C511D0615A2263_1" version="2.0"><ContextInfo msggrpid="182DFBAE53803E5B7A281BBD499804CBC7674C58" msgid="1001089853924"></ContextInfo><StartTime><LocalTime id="LocalTime_2A02E495C2249C74E1F8750233C511D0615A2263_1" time="20010921163142Z"/></StartTime><MsgTime><LocalTime id="LocalTime_2A02E495C2249C74E1F8750233C511D0615A2263_2" time="20010921163053Z"/></MsgTime></NIB><Signature xmlns="http://www.w3.org/2000/02/xmldsig#"><SignedInfo><Canonicaliz ationMethod Algorithm="http://search.ietf.org/internet-drafts/draft-ietf-trade- hiroshi-dom-hash-03.txt"></CanonicalizationMethod><SignatureMethod Algorithm="http://www.w3.org/2000/02/xmldsig#rsa-sha1"></SignatureM ethod><Reference URI="#NIB_2A02E495C2249C74E1F8750233C511D0615A2263_1"><Transforms>< Transform Algorithm="http://search.ietf.org/internet-drafts/draft-ietf-trade- hiroshi-dom-hash-03.txt"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/02/xmldsig#sha1"></DigestMethod>< DigestValue>TZDC1lo4dkk3mZBDu47rADVuHcg=</DigestValue></Reference>< Reference URI="#Response_DCF2930D3B4E9046741A9F52AD89EEA5C39B20DA_1"><Transfo rms><Transform Algorithm="http://search.ietf.org/internet-drafts/draft-ietf-trade- hiroshi-dom-hash-03.txt"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/02/xmldsig#sha1"></DigestMethod>< DigestValue>UvKzRQ67wgbl9ExfAkWvEaNA9fQ=</DigestValue></Reference>< /SignedInfo><SignatureValue>EqsZGlPlUmqW9nlKkcSLVxsvCzS700fyuKzXFwA znSi3TUOev3H8Uan4TnmuS5KSqdxd0o6KUxQqVxOMe3G1MVvlV/jNBpiECj/D+nv1Id 2YsL5pjtuE40O+vyNngm+6RS8yetHipb5K/4lyvXmcQss49TXZv+Y5QDVXC924V5U=< /SignatureValue><KeyInfo><X509Data><X509IssuerSerial><X509IssuerNam e>O=Identrus LLC,OU=Identrus Root Certification Authority,CN=Identrus Root Certification Authority</X509IssuerName><X509SerialNumber>4103</X509SerialNumber> </X509IssuerSerial></X509Data></KeyInfo></Signature><CertBundle><X5 09Data><X509IssuerSerial><X509IssuerName>O=Identrus LLC,OU=Identrus Root Certification Authority,CN=Identrus Root Certification Authority</X509IssuerName><X509SerialNumber>4103</X509SerialNumber> </X509IssuerSerial><X509Certificate>MIIDvzCCAqegAwIBAgICEAcwDQYJKoZ IhvcNAQEEBQAwdzEVMBMGA1UEChMMSWRlbnRydXMgTExDMS4wLAYDVQQLEyVJZGVudH J1cyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVJZGVudHJ1c yBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTAxMDExNjEyNTQzMloXDTAy MDExNjEyNTQzMlowXjEdMBsGA1UEAxMUUm9vdCBJUCBTaWduaW5nIENlcnQxGjAYBgN VBAoTEWlQbGFuZXQgVHJ1c3RiYXNlMRQwEgYDVQQLEwtEZXZlbG9wbWVudDELMAkGA1 UEBhMCR0IwgZ4wDQYJKoZIhvcNAQEBBQADgYwAMIGIAoGAZnTLq+nxMLSHkSlVw/zY7 91XiLYe9lkishAK/E6XmEjoei1gjk++FIUvZhSclF1VpURo7G7RYYzUTDv1HULEydRD DF3I0Ack8tkZpxtHivRd9RreUIxp7ubJ90uHU4UbSFCIKIvMltfNwG6u5nEYsrfxDvv kStCqydYZu1YjQeUCAwEAAaOB8jCB7zARBglghkgBhvhCAQEEBAMCBaAwHQYDVR0OBB YEFKES1GXwy4zv5gykMI/VJPWVtXaFMB8GA1UdIwQYMBaAFH5yUfrWfaLG383YvkYU2 E8UWLKmMA8GCSsGAQUFBzABBQQCBQAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDQYDVR0R BAYwBIECYXMwZQYIKwYBBQUHAQEEWTBXMCgGCCsGAQUFBzABhhxodHRwOi8va2VuY28 uamNwLmNvLnVrOjIzODkvMCsGCCqGSIb6ZQQBhh9odHRwczovL2tlbmNvLmpjcC5jby 51azoxMjM0L1RDMA0GCSqGSIb3DQEBBAUAA4IBAQA+TEf2oX3ovBXepCBAbnBViPe5a VxweBToBiSdvlpkFF9UnS+nFuqv/Zzi66/dMN4ZxRHKChzRAshJm41cnVK0sA6XZA7g wjghuWeMJ0M09bGqkhnRhPCC+QFnV4OrNhtBU9kv34Pdhsc6TqbO3I+SZe5MOskcn2w D8WdpRF8HQCTEci1dw+IeYhp8C5fk1EF2R+KZaKdi6EB2fKzLc61RSOJEBpnXpyJwij eI/cLWssZz64pGLEPo0Qac+I+XzQhc0w4IZBU+tQcOs/wwLwHQn8709Pcx2aoIgBrai 4nwCaCuky4NO7n5YFxt4hr7VO36Ont3gnQGK9uFUc7BtbXa</X509Certificate></ X509Data><X509Data><X509IssuerSerial><X509IssuerName>O=Identrus LLC,OU=Identrus Root Certification Authority,CN=Identrus Root Certification Authority</X509IssuerName><X509SerialNumber>4096</X509SerialNumber> </X509IssuerSerial><X509Certificate>MIID0DCCArigAwIBAgICEAAwDQYJKoZ IhvcNAQEFBQAwdzEVMBMGA1UEChMMSWRlbnRydXMgTExDMS4wLAYDVQQLEyVJZGVudH J1cyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVJZGVudHJ1c yBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTAxMDEwMTAwMDAwMFoXDTEw MDExNTAwMDAwMFowdzEVMBMGA1UEChMMSWRlbnRydXMgTExDMS4wLAYDVQQLEyVJZGV udHJ1cyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVJZGVudH J1cyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFA AOCAQ8AMIIBCgKCAQEAylTeEYsHamiJt1BFXoRVcUVRNX27nYikLo0w/Hp0Ad3kSIXM +bM24cNRpVs2TvazA+vwiG/uFr9nj7yMTXM0gUUdZMmcumufmj49+gPOiDVHlYY6y8L +WkxrXCfpLteFunmycMd28v9DuX/I0ZZl6y0l7VapgbjpeOCTRVDWs8t20mMgdzT5aH Y7C+Xog6wIW+i0M+kUJXb0+Wibj5gwT3ltosS8xE0O+gD/sw7muiqwy2AfyL+86S0U7 p2MTtTFPnBX/UAvsA6xpP8Zg7txfIkTQAPnP5wjD/eYNOXaR1tDs0rEY3KVrQ28kK0Q GVg/QaeD3LArWtq0/tVs4KrMQwIDAQABo2YwZDARBglghkgBhvhCAQEEBAMCAAcwDwY DVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUfnJR+tZ9osbfzdi+RhTYTxRYsqYwHwYDVR 0jBBgwFoAUfnJR+tZ9osbfzdi+RhTYTxRYsqYwDQYJKoZIhvcNAQEFBQADggEBACio1 AsoYGDskG40Fzd/BEnLzvZSSq8CUpBYJXg4U+aqI0T3cq5N8Dx0fPqkUvhVyoPYw6ig HEmV+oGgsl7HFCTP3FSOD6kptfnUkiEhWsuoquAD1kM663ukedWYc4pgh7lRNmJeX7J HuQVoxk6q/sePIfKX1gTXWNDIDkFJAmZYsQyY1YGH5H6g2m8evmrjak547lB4NeAhA0 cZQI5/2084jsd5Uicatqp/1auOP8E8iZtBskHqOwH1ea60hrqTjlcKckUzHKZugfPr8 kK0tDg//xB6O9ZHlEu0mZiCzuD1ehMSwfcc9SiFYoXWQcpo2ejb7y9DzV0QSEm9XpCF B3s=</X509Certificate></X509Data></CertBundle><Response id="Response_DCF2930D3B4E9046741A9F52AD89EEA5C39B20DA_1"><ResponseD ata>MIIBiAoBAKCCAYEwggF9BgkrBgEFBQcwAQEEggFuMIIBajCB1KFtMGsxCzAJBgN VBAYTAnV6MQswCQYDVQQIEwJ4eDELMAkGA1UEBxMCeHgxCzAJBgNVBAoTAnh4MQswCQ YDVQQLEwJ4eDELMAkGA1UEAxMCeHgxGzAZBgkqhkiG9w0BCQEWDGV6cmFAc3VuLmNvb RgPMjAwMTA5MjExNjMwNTNaMFIwUDA7MAkGBSsOAwIaBQAEFAyWfbBiunszLZVLNMwW +67DPhodBBR1jHk9yzyubwfdWijituGXP9GP/QICEA+AABgPMjAwMTA5MjExNjIzMTd aMA0GCSqGSIb3DQEBBQUAA4GBAGz0OtGDRHIdSpP1S95DQ9zF6FhqYO+3wmhdqM0lk7 Ennk+teu+nCfmqdhSscioQYAblsAx/VVZX2xewAdaJZC0sVD23tt/4t1bLHO1f0h/oV GZTllE2It/dK/IEfwiPV8XRnD27DwoSo02VHJ3/XhOMaK4w0mprTG1YUlslPglz</Re sponseData></Response></CSCResponse></Response></CSCResponse> ] ]

----Engine Logger Ends----

----Engine Logger-----

Engine Logger Message [ Identrusv2MessageFactory : Beginning parse of message ]

----Engine Logger Ends----

Checking verification chain with leaf [ CN=Identrus Root Certification Authority,OU=Identrus Root Certification Authority,O=Identrus LLC ]

Checking verification chain with leaf [ CN=Identrus Root Certification Authority,OU=Identrus Root Certification Authority,O=Identrus LLC ]

----Engine Logger-----

Engine Logger Message [ Identrusv2MessageFactory : Completed parse of message ]

----Engine Logger Ends----

----Engine Logger-----

Engine Logger Message [ IdentrusProtocolAdapter : Completed transaction with [ http://nescafe.uk.sun.com/NASApp/NASAdapter/TbaseNASAdapter ] ]

----Engine Logger Ends----

----Engine Logger-----

Engine Logger Message [ DataConverterFactory : getConverter of [ identrus ] ]

----Engine Logger Ends----

----Engine Logger-----

Engine Logger Message [ Performing a validateStatus with preferred.oid [ 1.2.840.114021.4.1 ] preferred.version [ 0 ] acquireProof is [ false ] ]

----Engine Logger Ends----

----Engine Logger-----

Engine Logger Message [ ProtocolAdapterFactory : getInstance of [ 1.2.840.114021.4.1 ] with version [ 0 ] ]

----Engine Logger Ends----

----Engine Logger-----

Engine Logger Message [ IdentrusProtocolAdapter : Beginning status validation ]

----Engine Logger Ends----

----Engine Logger-----

Engine Logger Message [ IdentrusProtocolAdapter : Completed status validation status approved ]

----Engine Logger Ends----

DSMS result from validity check [ true ]

Sample Source Code

---

The source code for each of these three examples can also be found in your examples iwstps <install_directory>. We now list some of the source code for each example. Note that the main java program DSMSDemo.java has to be modified slightly for each example.

Sample Code DSMSDemo.java

package com.example.example1;

import java.util.Properties;

import java.util.HashMap;

import java.util.Collection;

import java.util.ArrayList;

import java.util.Iterator;

import java.util.Date;

import java.security.cert.Certificate;

import java.security.cert.X509Certificate;

import com.iplanet.trustbase.initiator.ConfigAdapter;

import com.iplanet.trustbase.initiator.ConfigAdapterException;

import com.iplanet.trustbase.initiator.PropertyCodes;

import com.iplanet.trustbase.initiator.config.ConfigAdapterImpl;

import com.iplanet.trustbase.initiator.dsms.CSCEngine;

import com.iplanet.trustbase.initiator.dsms.StatusCheckData;

import com.iplanet.trustbase.initiator.dsms.CertStatus;

/*

* DSMSDemo :

* Is a simple demonstration application which

* takes in some command line parameters and performs

* a Certificate Status Check using the DSMS API based

* on these parameters.

* The command line parameters that are expected are :

* 1> The keystore password for opening the certificate database.

* 2> The siging certificate nick name - the nick name of the

* certificate to use when signing DSMS transactions.

* 3> The SSL Client transaction certificate nick name. The

* nick name of the certificate to use when performing

* SSL Transactions.

* 4> The Trust Anchor certificate. The Identrus Root in normal

* cases.

* 5> The nick name of the certificate to perform the status check on.

* The certificate you check must be a KeyEntry in that it

* must have a private key as well as a certificate this

* guarentee's that the store will have the entire certificate

* chain available to it and simplifies the example.

*/

public class DSMSDemo

{

protected ConfigAdapterImpl _configAdapter;

protected CSCEngine _cscEngine;

public static void main ( String [] args )

throws Exception

{

// check arguments before proceeding

if ( args.length < 5 )

{

System.out.println ( "usage : DSMSDemo keystorepassword , signingCertName , SSL Certificate , verificationCertName , chainToCheck" );

System.exit ( 1 );

}

// set up for the check.

DSMSDemo dsmsdemo = new DSMSDemo ( args );

System.out.println ( "DSMS result from validity check [ " + dsmsdemo.makeChecks ( args[4] ) + " ]" );

}

public DSMSDemo ( String [] args )

throws Exception

{

// initiatialise the properties object

// that will then initialise the ConfigAdapter

Properties props = new Properties ( );

props.put ( PropertyCodes.INITIATOR_KEYSTORE_PASSWORD , args[0] );

props.put ( PropertyCodes.INITIATOR_KEYSTORE_SIGNING_CERTIFICATE , args[1] );

props.put ( PropertyCodes.INITIATOR_KEYSTORE_SSLSIGNING_CERTIFICATE , args[2] );

props.put ( PropertyCodes.INITIATOR_KEYSTORE_VERIFICATION_CERTIFICATE + ".1" , args[3] );

// initialise the config Adapter.

_configAdapter = new ConfigAdapterImpl ( props );

// initialise the engine.

_cscEngine = new CSCEngine ( _configAdapter );

}

public boolean makeChecks ( String certificateToCheck )

throws Exception

{

// perform the check and return the validation status.

X509Certificate[] checkedCertificateChain = getCertificateChain ( certificateToCheck );

StatusCheckData [] sd = _cscEngine.getStatus ( checkedCertificateChain , false , (byte[]) null );

return _cscEngine.validateStatus ( sd , checkedCertificateChain , false , null );

}

protected X509Certificate [] getCertificateChain ( String certificateNickName )

throws Exception

{

// get the certificate chain from store.

return _configAdapter.getStore().getKeyEntry ( certificateNickName ).getCertificateChain ( );

}

}

Sample Code ExampleConfigAdapter.java

package com.example.example2;

import java.util.*;

import com.iplanet.trustbase.initiator.ConfigAdapter;

import com.iplanet.trustbase.initiator.ConfigAdapterException;

import com.iplanet.trustbase.initiator.EngineLogger;

import com.iplanet.trustbase.initiator.PropertyCodes;

import com.iplanet.trustbase.initiator.logger.DefaultEngineLogger;

import com.iplanet.trustbase.initiator.config.ConfigAdapterImpl;

/*

* A simple subclass of the provided config adapter that

* supplies a EngineLogger class.

*/

public class ExampleConfigAdapterImpl extends ConfigAdapterImpl

{

   private EngineLogger logger;

   public ExampleConfigAdapterImpl(Properties props)

      throws ConfigAdapterException

   {

      super ( props );

      logger = new DefaultEngineLogger ( );

   }

   public Object getObjectProperty ( String property )

      throws ConfigAdapterException

   {

   if ( property.equals ( PropertyCodes.INITIATOR_ENGINE_LOGGER ) )

         return logger;

      return super.getObjectProperty ( property );

   }

   }

Sample Code ExampleTransportAdapter.java

package com.example.example3;

import java.io.IOException;
import java.io.OutputStream;
import java.io.InputStream;
import java.io.ByteArrayOutputStream;

import com.iplanet.trustbase.initiator.ConfigAdapter;
import com.iplanet.trustbase.initiator.PropertyCodes;
import com.iplanet.trustbase.initiator.TransportAdapterException;
import com.iplanet.trustbase.initiator.ConfigAdapterException;

import com.iplanet.trustbase.initiator.transport.HTTPTransportAdapter;

public class ExampleTransportAdapter extends HTTPTransportAdapter
{
   private ConfigAdapter ourconfigadapter;
   public ExampleTransportAdapter(ConfigAdapter configAdapter)
   {
      super ( configAdapter );
      ourconfigadapter = configAdapter;
      
   }
   
   public byte[] sendReceive(byte[] data, String location, String mes- sageType) throws TransportAdapterException, ConfigAdapterException
   {
      byte[] outData = null;

      try
      {
         EngineLogger logger = ( EngineLogger ) ourconfigada- pter.getObjectProperty ( PropertyCodes.INITIATOR_ENGINE_LOGGER );
         if ( logger != null )
         {
            logger.log ( new String ( "outgoing HTTP Data [ " + new String ( data ) + " ] " ) , null , null );
         }
      }
      catch ( ConfigAdapterException cae )
      {

      }

      outData = super.sendReceive ( data , location , messageType );
      try
      {
         EngineLogger logger = ( EngineLogger ) ourconfigada- pter.getObjectProperty ( PropertyCodes.INITIATOR_ENGINE_LOGGER );
         if ( logger != null )
         {
            logger.log ( new String ( "incoming HTTP Data [ " + new String ( outData ) + " ] " ) , null , null );
         }
      }
      catch ( ConfigAdapterException cae )
      {

      }

   }
}