| Message |
|
|
This is a minor update containing:
- The JCAPI JAR file has been re-signed with a new code signing certificate since the former will expire at the 25th of May 2011. The new certificate is valid until 4th of June 2014. This will only affect you if you're using JCAPI in a trusted applet.
For a complete list of enhancements and bug fixes made, please read the version history.
Our customers can download the commercial (unrestricted) version from the customers download page. Others are welcome to download the evaluation version from our public download page.
|
 |
|
|
I've now executed our applet tests with Java 1.6.0_24 and JCAPI 1.2.5 on a fully patched Windows 7 machine. No problems was detected. It just works.
If you need more help with your issue, then provide the info I requested for in the previous post.
|
|
|
|
Hi Jainpa,
I've not tried JCAPI with JRE 1.6.0_24, so I can't certainly give you any good answers right now. I'll install it and make some applet tests to confirm your findings.
Meanwhile, I would like you to supply as much as possible of the following information:
1. The version of JCAPI you're using.
2. The stack trace generated by your client JRE (right-click on the java icon in your system tray and choose "Open 1.6.0_24 system window", and the Java console will open). Then download your applet again and an exception stack trace should be displayed in the console.
3. The output from executing method JCAPIUtil.getEnvironmentInfo() from within your Java applet. For more info, see page 35 in the JCAPI User's Guide.
4. A minimal applet which triggers your error.
We will try to get as close as possible to emulate your environment in order to reproduce your problem.
Thanks.
Regards,
Tommy
|
|
|
|
Our second release candidate of JCAPI v2.0.0 is now available for download.
Lots of effort has been put into this release. Much enough to consider it to be the last candidate before we launch it in a sharp revision.
Also, thank you for your input. Your findings and opinions are always welcome. Thanks once again.
For a full explanation of all new features available, and binary- & source compatibility issues, please read our JCAPI 2.0 - Delta Description document:
http://pheox.com/products/jcapi/2.0.0/JCAPI_v2_Delta_Description.pdf
You can find our updated JCAPI User's Guide here:
http://pheox.com/products/jcapi/2.0.0/JCAPI_Users_Guide.pdf
Here you can explore the new Javadoc information:
http://pheox.com/products/jcapi/2.0.0/javadoc/index.html
Want to test our new release? No problems, just download it from our public download page:
http://pheox.com/download
See you around.
|
|
|
|
Hi Igor,
Sorry for the delay of my answer. For some strange reason the system didn't notify me about your new post. I did reboot it and now the notifications work. Strange indeed.
Anyway, everything is fine here even though there is much work with JCAPI v2.0. All those unforeseen details to take care of  Thanks for asking. Hope everything goes well with your business too.
I'm glad to see that your problem was solved. Just let us know if any other issues arise.
Regards,
Tommy
|
|
|
|
Hi Igor,
Thanks for the code. It's much appreciated.
"Qui quaerit invenit" is latin and means "The one who search, will find". I think it fits rather well into this 
Regards,
Tommy
|
|
|
|
Hi Igor,
Qui quaerit invenit.
Very good. You saved me some time here.
Would it be possible to get the source code for your class loader test applet? You don't have to do it, but it would be nice to have a solution available if some other people would stumble into the same problem. Re-inventing the wheel is a nasty bitch.
Thanks.
Regards,
Tommy
|
|
|
|
Hi Igor,
The code I'm using for JAR file self integrity check is quite straight forward. This is how JCAPI gets the JarFile instance from through the class loader:
URL url = (URL)AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
CodeSource cs = JCAPIProvider.class.getProtectionDomain().getCodeSource();
return cs.getLocation();
}
});
url = url.getProtocol().equalsIgnoreCase("jar") ? url : new URL("jar:" + url.toString() + "!/");
JarFile jarFile = (JarFile)AccessController.doPrivileged(new PrivilegedExceptionAction() {
public Object run() throws Exception {
JarURLConnection conn = (JarURLConnection)url.openConnection();
conn.setUseCaches(false);
return conn.getJarFile();
}
});
System.out.println("JAR file name = " + jarFile.getName());
When I run the above code in JCAPI together with your example applet, the wrong JAR file name is returned:
JAR file name = C:\test\PheoxInterbatLoader.jar
I'm not an expert on class loaders, so I'm not really sure how to get the JCAPI.jar file using another approach than the current. Guess I have to read and test more.
Regards,
Tommy
|
|
|
|
Hi Igor,
I've made a quick analysis and it seems like there's something wrong with your class loader. I'm not 100% sure that's the problem, but when JCAPI executes the following code to list all certificates stored in the JCAPI.jar file:
...
JarEntry je = (JarEntry)e.nextElement();
Certificate[] certs = je.getCertificates();
Then only 2 certificates are available, and both of them belongs to you:
Num of certs = 2
CERT 0:
[
[
Version: V3
Subject: EMAILADDRESS=technique@interbat.com, CN=Application Web Interbat, OU=Application Web Interbat, O=Interbat, L=Paris, ST=IDF, C=FR
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 137794968023654729654789467242594964744389341626154165190545895723836858073154731430206825242767818974618019699399409500878261390076649357834576675795591879662431723076678174619371131704548131500588190149306154144697521599147653683846424392865284048700928506293411496325899032471567440472351825117843473823161
public exponent: 65537
Validity: [From: Fri Apr 10 12:30:24 CEST 2009,
To: Mon Apr 08 12:30:24 CEST 2019]
Issuer: EMAILADDRESS=casimir.decas@interbat.com, CN=Interbat CA, O=Interbat, L=Paris, ST=IDF, C=FR
SerialNumber: [ 0d]
Certificate Extensions: 6
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 20 16 1E 45 61 73 79 2D 52 53 41 20 47 65 6E . ..Easy-RSA Gen
0010: 65 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 erated Certifica
0020: 74 65 te
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 14 F4 9C 11 F7 CF 93 F4 CB 10 8B EC A1 42 53 91 .............BS.
0010: 83 85 D0 EF ....
]
]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: FA BD 5B 3A A7 D9 5D D8 86 7E 7E 10 D5 4E 71 73 ..[:..]......Nqs
0010: F0 39 46 A8 .9F.
]
[EMAILADDRESS=casimir.decas@interbat.com, CN=Interbat CA, O=Interbat, L=Paris, ST=IDF, C=FR]
SerialNumber: [ ec16f114 f868ca62]
]
[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
codeSigning
]
[5]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
]
[6]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 5B 84 57 C0 94 E6 60 D2 46 9F 31 DA 88 36 DD 72 [.W...`.F.1..6.r
0010: 53 04 D7 7C 45 8C 60 80 0A 96 8E C9 05 FF B7 42 S...E.`........B
0020: DA 20 C5 29 1B CE 11 C0 AF 43 0E B6 A2 42 4E 0B . .).....C...BN.
0030: D6 50 C5 35 21 10 DE 37 9B 22 DC 77 6E C1 B9 A3 .P.5!..7.".wn...
0040: 96 F7 79 E2 54 41 2F 8C D3 69 52 FC FB F9 EA 1F ..y.TA/..iR.....
0050: D8 6B D3 43 F8 D0 BB 7F CA 4D A5 9C D3 B4 56 9D .k.C.....M....V.
0060: 83 99 AC B5 E6 9E 2A 8B 5B 66 51 8C CF C6 78 A4 ......*.[fQ...x.
0070: 25 45 DE 8E AE B1 6C 48 F4 6F FA C2 E8 E9 03 9E %E....lH.o......
0080: 2F BA 60 FF 7C 7C 20 F9 1A 3C 39 6C 3E 15 05 E0 /.`... ..<9l>...
0090: 91 25 9F FA 9E BE B4 34 15 C0 B7 E1 CB 21 0F 35 .%.....4.....!.5
00A0: E0 44 65 C5 2B ED 16 3A BA 31 16 85 7A F6 13 8C .De.+..:.1..z...
00B0: 26 A6 F6 42 26 8B 45 1A E2 D3 D8 A6 E2 2E 56 3D &..B&.E.......V=
00C0: 54 04 30 49 37 09 E3 9C 4C 32 48 CE EE 87 3B 07 T.0I7...L2H...;.
00D0: FC CF 07 0F C2 30 8B 2A 23 6A CD 03 68 F9 9A B1 .....0.*#j..h...
00E0: A0 70 FB 0D 03 F1 5C 0F E9 3E F6 04 24 2D 0B 34 .p....\..>..$-.4
00F0: 4A CF B6 EB D5 9E B4 36 9E D1 47 BF BB B5 2A B9 J......6..G...*.
]
CERT 1:
[
[
Version: V3
Subject: EMAILADDRESS=casimir.decas@interbat.com, CN=Interbat CA, O=Interbat, L=Paris, ST=IDF, C=FR
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 24570560223099051414204543992170098153143649582105705289426611388874102011106661774130245038825936745624863030777819730986290816616934747382375866595103414297055942806030583581459891083326424433096128168394346224841230165855413803095284803730643378113747100319783553432138634828447164503179253857131493950411701360412120600909505374247344391863776184615557429734119320752462998437855543897064456848638037419480717270100521579691476421494868198750470521422545178604885596575531566216587379464061306031714626747665417723221617820999176386791934000309987105699196521894058708727771599447283132509729669110241698133899241
public exponent: 65537
Validity: [From: Thu Jan 08 14:02:41 CET 2009,
To: Sun Jan 06 14:02:41 CET 2019]
Issuer: EMAILADDRESS=casimir.decas@interbat.com, CN=Interbat CA, O=Interbat, L=Paris, ST=IDF, C=FR
SerialNumber: [ ec16f114 f868ca62]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: FA BD 5B 3A A7 D9 5D D8 86 7E 7E 10 D5 4E 71 73 ..[:..]......Nqs
0010: F0 39 46 A8 .9F.
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: FA BD 5B 3A A7 D9 5D D8 86 7E 7E 10 D5 4E 71 73 ..[:..]......Nqs
0010: F0 39 46 A8 .9F.
]
[EMAILADDRESS=casimir.decas@interbat.com, CN=Interbat CA, O=Interbat, L=Paris, ST=IDF, C=FR]
SerialNumber: [ ec16f114 f868ca62]
]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 59 98 F6 8E 92 BC 5A 09 84 08 1A 99 32 8C A3 A3 Y.....Z.....2...
0010: AB 19 3B D7 8E 65 4E 56 09 18 82 85 A2 47 75 7B ..;..eNV.....Gu.
0020: 2E 1B 41 CA 12 D2 89 31 47 1E 71 1A 5D 15 3B 48 ..A....1G.q.].;H
0030: 5F 12 82 BF 46 00 05 EC C8 E8 F4 6E B3 B3 B1 C1 _...F......n....
0040: C1 90 06 D4 7E FA 2D C3 44 FD 60 2D F3 FD 9F 5B ......-.D.`-...[
0050: 9B 23 8D CE FD 47 20 C1 56 17 84 0C 5C B9 9B 1F .#...G .V...\...
0060: E2 DD B3 B3 88 B8 C7 43 8E 3F D2 61 08 B4 7E A5 .......C.?.a....
0070: C9 28 B2 31 B6 12 75 F3 51 49 27 E8 63 95 1E A4 .(.1..u.QI'.c...
0080: 2F FA 8B 17 08 B7 90 84 63 16 AA 49 91 32 AC 56 /.......c..I.2.V
0090: 66 C5 EB E5 9D B2 5D E0 15 BD 85 CA DC 1B 9C 9C f.....].........
00A0: 71 0C E6 30 FF 4F 34 8A F3 C7 60 49 CD 71 1E F2 q..0.O4...`I.q..
00B0: 95 CE EC 7A 0E 16 DB 12 73 E0 6F E3 65 D9 5E D5 ...z....s.o.e.^.
00C0: A4 1F CD CA 7D 92 91 AB A5 5F 94 43 6F 9B E5 91 ........._.Co...
00D0: 71 56 10 C2 9D 51 72 46 5E BD 3D D7 B2 64 74 F6 qV...QrF^.=..dt.
00E0: 3A CF 3D 2C E1 CF 03 5E 4B 92 3E 10 5F 64 B4 64 :.=,...^K.>._d.d
00F0: D3 F4 95 61 7F 23 0D 9F A3 01 77 0D 16 CB B5 E2 ...a.#....w.....
I might add that I saw this result on a JCAPI.jar file that was not signed by you i.e. it's not the same as you included in your zip file.
I'll look further into this tomorrow to see if I can find the root cause for it.
Regards
Tommy
|
|
|
|
Hi Igor,
Thanks for your revised code.
I've managed to reproduce your problem. I'll start analyzing it immediately.
Regards,
Tommy
|
|
|
|
Hi Igor,
Nice to hear from you again.
The error message you get is actually generated by JCAPI, but I don't know exactly what triggers it yet. I've looked at your test code, but it's quite a lot of code here for me to filter out. Could you please help me out and create a small test applet which triggers this problem? I will try to get a fix for it a.s.a.p when I've gotten your new applet code.
Thanks.
Regards,
Tommy
|
|
|
|
Updated information!
A solution to the reported problem is now available in JCAPI v1.2.5.
Regards,
Tommy
|
|
|
|
Updated information!
The reported problem is now fixed in JCAPI v1.2.5.
Regards,
Tommy
|
|
|
|
JCAPI version 1.2.5 has been released today.
This is a minor update containing:
- Added new class JCAPIPKCS7 which supports encoding and decoding of PKCS#7 envelopes.
- Method 'JCAPIUtil.getCSP(String)' returned null for certificate entries. Now the name of the MS CAPI CSP used for encryption and signature verification is returned.
- Backwards compatibility was broken on legacy systems Windows 98/98SE/ME.
For a complete list of enhancements and bug fixes made, please read the version history.
Our customers can download the commercial (unrestricted) version from the customers download page. Others are welcome to download the evaluation version from our public download page.
|
|
|
|
Hi Igor,
No worries. I'm sorry if my response did trigger any bad feelings. It was not my meaning. I was just presenting facts in a short and concise way as I normally do when summarizing my answers.
Pheox will now system test JCAPI for the next release. Hopefully it will be delivered in the beginning of the next week. It's the second test round, so it should be fairly fast.
Good luck with your future work, and let us know if you stumble into any other problems with JCAPI.
Cheers,
Tommy
|
|
|
|
![[Search]](/templates/pheox/images/icon_mini_search.gif){kind=icon}
![[Recent Topics]](/templates/pheox/images/icon_mini_recentTopics.gif){kind=icon}
![[Groups]](/templates/pheox/images/icon_mini_groups.gif){kind=icon}
![[Register]](/templates/pheox/images/icon_mini_register.gif){kind=icon}
![[Login]](/templates/pheox/images/icon_mini_login.gif){kind=icon}