Encoding Rules in JWSDP1.3

Similar Messages

• BER TLV Encoding Help needed

  Hi all,
  I am workig with personalization of Java card cardlet, I am building a desktop application for loading, installing and personalization of the CAP file.
  I need to build some personalisation data in BER TLV encoded as per ASN.1. So any one has code for encoding and deoding BER TLV objects in J2SE
  please share it.....
  Thanks and Regards,
  Anish

  Hi,
  That standard outlines how BER-TLV's are used in ISO7816-4 commands that have commands/responses as BER encoded objects. That is the same as how EMV formats data in a TLV. ASN.1 is just another structured data stream like XML and each standard that uses it will be the same, the only differences are the encoding methods use e.g. PER, DER, BER, XER etc. ASN.1 notation and the encoding rules are defined in ITU-T recommendations X.680–X.699.
  If you want a more complete example you should look at the links in my previous post for the layman's guide. This covers BER encoding rules for all data types.
  Cheers,
  Shane

• How is URL encoding done by Agentry for HTML Fields ?

  Hello All!
  I have an HTML Field that has a few url parameters defined and one of the values for a parameter contains a pipe delimiter i.e. " | ".
  When agentry constructs the final url for iPad platforms, the HTML field is not rendered at all and a page error shows up.
  If I manually encode | to %7C as per URL encoding rules Agentry in turn encodes the escape character '%'  to %25 by itself!
  How can I turn off encoding in value attribute of a html field ?
  Any help is appreciated
  Cheers
  Shaunak

  Hey Kevin,
  Nope. This would be a limitation in how Agentry handles urls.
  No workaround possible here so we had to make do with limited functionality.
  Cheers
  Shaunak

• Why do I get a file security error when downloading itunes.

  I try to download itunes, but about halfway through an error messge comes up that says error with file security:get lasterror:5

  Hi lizz4321,
  A digital ID is made up of three components; a private key, a corresponding public key, and some identifying information. The keys themselves are pretty straight forward, they are just big blobs of numbers used to encrypt and decrypt data. It's the identifying information that gets a bit tricky. On first look, the identifying information looks like plain text. You'll see your name and the issuer's name, a serial number, some dates for when the validity starts and ends. All pretty straight forward.
  However, all of this information is actually formatted using something called ASN.1 (it stands for Abstract Syntax Notation) and then encoded using BER (Basic Encoding Rules). When someone creates a digital ID they can put just about anything in there. Per specifications (RFC 5280 if you wanted to look it up) some items are required, and others are optional. Each piece of information that goes into the public-key certificate (the PKC is basically the digital ID without the private key) is contained in an extension. These extensions are identified using an OID (Object ID) and conform to a specification which may either be public or confidential.
  There are two possibilities in the case you are seeing. Either, some of the information that Acrobat knows about was formatted or encoded incorrectly, or, there is an optional entry that Acrobat doesn't understand how to decode. My guess is it's the latter possibility. There is a rule that states if an extension is marked as critical, and the application using the public-key certificate (in this case the application would be Acrobat), doesn't understand the extension, then the application is supposed to reject the certificate. It could be the former case (badly formatted data), but without seeing the certificate all I can do is guess.
  Steve

• A question about revoking certifcates from a retired CA

  Hello
  If I issued certificates from CA-1 (lets just say the CDP is AD LDAP)
  I then retired CA-1 (but leave its cert in AIA LDAP Location and in local Windows PCs X509 store)
  I then setup CA-2
  Next I want to revoke a cert issued by CA-1
  I understand the CRL needs to be signed by the CA (and therefore I am assuming the issuing CA, CA-1)
  As I need the CA-1 private key to sign the CRL (so it matches the public key), can I extract the private key from CA-1 keep it safe and use it so sign a new CRL
  I believe the CRL is a text file so assume I can add the relevant information for the cert I want to revoke to the CRL text file and then sign (if I have access to private key)
  That said I would normally create a code signing cert for signing files using Authenticode or JarSigner, so even if I could get the private key from the CA not sure how I could use it to sign CRL.
  I guess as I would have both the private and public key I could create a CSR with using the Public key and relevant Subject name and request a code signing cert which would then match with the private key
  Any ideas or am I going about this completely the wrong way?
  I just want to make sure I can revoke certs issues by a retired CA but the certs are still OK to use for now.
  Thanks All
  AAnotherUser__
  AAnotherUser__

  > As I need the CA-1 private key to sign the CRL (so it matches the public key), can I extract the private key from CA-1 keep it safe and use it so sign a new CRL
  technically, yes. But it is not that easy because:
  > I believe the CRL is a text file
  it is not. It is ASN.1-encoded file and you will have to carefully edit this file by conforming all ASN encoding rules.
  > That said I would normally create a code signing cert for signing files using Authenticode or JarSigner
  CRLs do not use authenticode signatures, it uses ASN signature format defined in the X.509 profile.
  There are workarounds, however, I would suggest to keep the existing CA, until it completely retire.
  My weblog: en-us.sysadmins.lv
  PowerShell PKI Module: pspki.codeplex.com
  PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
  Check out new: SSL Certificate Verifier
  Check out new:
  PowerShell FCIV tool.

• Assign error with complex type return message

  Dear all,
  I have an axis web service with complex type return message. When I invoke the web service, and try to assign one element of the result to other variable, it fails with following error message(BPEL Fault:{http://schemas.xmlsoap.org/ws/2003/03/business-process/}selectionFailure{}
  The invoking web service and assignment BPEL source is as follows:
  <invoke name="registerConference" partnerLink="conferenceCenter" portType="tns:ConfArrangementPort" operation="Conference_Register" inputVariable="registerInput" outputVariable="registerOutput"/>
  <copy>
  <from variable="registerOutput" part="Conference_RegisterReturn" query="/Conference_RegisterReturn/confcity"></from>
  <to variable="bookHotelInput" part="si" query="/si/city"/>
  </copy>
  I tunneled the response SOAP message:
  ==== Response ====
  HTTP/1.1 200 OK
  Content-Type: text/xml; charset=utf-8
  Date: Sun, 31 Oct 2004 08:28:27 GMT
  Server: Apache Coyote/1.0
  Connection: close
  <?xml version="1.0" encoding="UTF-8"?>
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <soapenv:Body>
  <ns1:Conference_RegisterResponse soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns1="http://conference.sjtu.edu">
  <ns1:Conference_RegisterReturn href="#id0"/>
  </ns1:Conference_RegisterResponse>
  <multiRef id="id0" soapenc:root="0" soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xsi:type="ns2:ConfInfo" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns2="http://conference.sjtu.edu">
  <confcity xsi:type="xsd:string">star</confcity>
  <confend xsi:type="xsd:string">20041120</confend>
  <confstart xsi:type="xsd:string">20041116</confstart>
  </multiRef>
  </soapenv:Body>
  </soapenv:Envelope>
  ==============
  However, when i check the invoke activity audit trail, it return the following info:
  <messages>
  <registerInput>
  <part xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance" name="gi">
  <gi xmlns="http://conference.sjtu.edu">
  <attendeename xmlns="">ss</attendeename>
  <confname xmlns="">hh</confname>
  </gi>
  </part>
  </registerInput>
  <registerOutput>
  <part xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance" name="Conference_RegisterReturn">
  <ns1:Conference_RegisterReturn xmlns:ns1="http://conference.sjtu.edu" href="#id0" />
  </part>
  </registerOutput>
  </messages>
  The detailed value of the return message lost, only leaving the href. Can I find the desired value again? should I try another XPATH expression? should I parse the result from the SOAP message directly? Or it's a problem of the system itself?
  Hope you can do me a favor, thanks.

  From Axis's user guide: RPC services default to the soap section 5 encoding rules, objects will be encoded via "multi-ref" serialization. Document services do not use any encoding (so in particular, you won't see multiref object serialization or SOAP-style arrays on the wire)
  May be I should try document service style instead of RPC. Thanks for your reply.

• Why do I get a BER decoding error when certifying a pdf file?

  I am trying to sign a PDF file with adobe acrobat pro 10.0.0. For signing I want to choose my email certificate which I use for signing and encrypting my mails. But as soon as I choose this certificate to sign a PDF, I get the following error message. I did not try other certificates, as these are mostly administrator certificates, the BlueX certificate for the smart card and the lancrypt certificate. The certificate chain seems to be ok. All the certificates are stored in the Windows certificate store.
  The text of the error message is something like this (as I have the German version of the program and therefor don’t know the exact words):
  Creation of this signature could not be completed.
  Certificate parsing error:
  Encountered while BER decoding:
  This error message comes up several times and then in the end the window with the digital IDs pops up. Each time I have a look at the certificate details, I get the same error message.
  Help would be appreciated.
  lizz4321

  Hi lizz4321,
  A digital ID is made up of three components; a private key, a corresponding public key, and some identifying information. The keys themselves are pretty straight forward, they are just big blobs of numbers used to encrypt and decrypt data. It's the identifying information that gets a bit tricky. On first look, the identifying information looks like plain text. You'll see your name and the issuer's name, a serial number, some dates for when the validity starts and ends. All pretty straight forward.
  However, all of this information is actually formatted using something called ASN.1 (it stands for Abstract Syntax Notation) and then encoded using BER (Basic Encoding Rules). When someone creates a digital ID they can put just about anything in there. Per specifications (RFC 5280 if you wanted to look it up) some items are required, and others are optional. Each piece of information that goes into the public-key certificate (the PKC is basically the digital ID without the private key) is contained in an extension. These extensions are identified using an OID (Object ID) and conform to a specification which may either be public or confidential.
  There are two possibilities in the case you are seeing. Either, some of the information that Acrobat knows about was formatted or encoded incorrectly, or, there is an optional entry that Acrobat doesn't understand how to decode. My guess is it's the latter possibility. There is a rule that states if an extension is marked as critical, and the application using the public-key certificate (in this case the application would be Acrobat), doesn't understand the extension, then the application is supposed to reject the certificate. It could be the former case (badly formatted data), but without seeing the certificate all I can do is guess.
  Steve

• Issue with Scripted Probe for LDAP

  I have the script LDAP_PROBE loaded into memory on my ACE 4710 (A4(2.0)) and th Probe is name is configured for the LDAP port the servers are listening on. So here is th econfiguration.
  probe scripted LDAP_PROBE_3389
    port 3389
    interval 5
    passdetect interval 5
    passdetect count 2
    receive 5
    script LDAP_PROBE 3389
  I have tried removing the argument of 3389 at the bottom as well but I continue to get the result:
  real      : LDAP02[3389]
                  10.220.31.81    3389  PROBE    2491     2491     0        FAILED
     Socket state        : RESET
     No. Passed states   : 0         No. Failed states : 1
     No. Probes skipped  : 0         Last status code  : 30002
     No. Out of Sockets  : 0         No. Internal error: 0
     Last disconnect err : Probe error: Server did not respond as expected
     Last probe time     : Thu Jul 12 16:24:41 2012
     Last fail time      : Thu Jul 12 12:56:59 2012
     Last active time    : Never
  The server log states this was successful however...
  Admin Acct Status: Not Locked
  AuditV3--2012-07-11-14:18:21.428+00:00DST--V3 anonymous Bind--bindDN: <*CN=NULLDN*>--client: 10.220.31.217:56908--connectionID: 8--received: 2012-07-11-14:18:21.428+00:00DST--Success
  name: <*CN=NULLDN*>
  authenticationChoice: simple
  Admin Acct Status: Not Locked
  Am I missing an argument? I have run debug on LDAP but really don't know what I am looking at...

  To update the script
  ==============
  Extract the Cisco-supplied LDAP script from the tar.gz or zip file. Rename it to something unique. Update it to use the
  new length and offset.
  Import the script into the LDAP contexts on both ACEs. Remember, scripts are not replicated and having mismatched scripts will cause replication to fail.
  ACE1/ldap# copy tftp: disk0:
  Enter source filename[]? UoN-LDAP_PROBE-iLDAP2
  Enter the destination filename[]? [UoN-LDAP_PROBE-iLDAP2]
  Address of remote host[]? [redacted]
  Trying to connect to tftp server......
  TFTP get operation was successful
  ACE2/ldap# copy tftp: disk0:
  Enter source filename[]? UoN-LDAP_PROBE-iLDAP2
  Enter the destination filename[]? [UoN-LDAP_PROBE-iLDAP2]
  Address of remote host[]? [redacted]
  Trying to connect to tftp server......
  TFTP get operation was successful
  script file 13 UoN-LDAP_PROBE-iLDAP2
  If you look at (for example) packet 651 in the capture in wireshark you'll see a
  successful bind response. You will need to tell wireshark to decode the packet as LDAP.
  The payload is:
  30 84 00 00 00 10 02 01 01 61 84 00 00 00 07 0a 01 00 04 00 04 00
  You need to have a basic understanding of ASN.1 and something called Basic Encoding Rules (BER) - whicj comes down to TLV format structures.
  The key to understanding this output is that there are three ways of specifying a length in ASN.1. The first way we have already seen in the Cisco script is to use a single byte. This known as the "definite" form and can be used for lengths of 127 bytes or less. Otherwise if the high bit is set to one, the low seven bits define the length of length. The length is then encoded in that many bytes. This is the "length of the length field" form. It looks like Microsoft Active Directory uses the indefinite form for all length encoding. The third form (for completeness is "indefinite" where the length is coded as x'80' and the end of the content is marked by x'0000'. Deconstructing the data:
  0x30    The start of a universal constructed sequence
  0x84    The length of the sequence in "length of the length" format. The next 4 bytes give the length.
  0x00000010    sequence length of 16 bytes
  0x02    Integer
  0x01    The length of the next field (1 byte)
  0x01    Value (this is the message ID which agrees with the ID in the BIND Request)
  0x61    Application, number 0, use RFC2251 to decode. This is a Bind Response
  0x84    The length of the sequence in "length of the length" format. The next 4 bytes give the length.
  0x00000007    bind response length of 7 bytes   
  0x0a    Enumeration
  0x01    Length 1
  0x03    0 - Success
  0x04    String
  0x00    Length 0 (null string)
  0x04    String
  0x00    Length 0 (null string)
  The patch given takes in 20 bytes from the bitstream,converts it into a hexadecimal string  and finds the 6 hexadecimal characters from the 16th byte onwards   (Tcl uses zero-based arrays). This is the response code.
  Kind Regards
  Cathy

• Storing Data in structure?

  Hi,
  i want to store some data in structure, but i don't no in which way i should do this.
  for example i send some data in adpu command.
  the first 4 bytes identify an id the next 4 bytes identify a subid and the next 4 bytes identify an value. but there is a variable amount of subids and values i send.
  the structure should look something like this.
  id
  - subid1
  - value1
  -subid2
  - value2
  -subidn
  - valuen
  i hope you can understand what i mean.
  has someyone an idea how can this be done? i'm thankful for any suggestion.
  it's a little bit urgent because it's for my final year project.
  thanks
  markus

  Markus,
  There are standards for doing this sort of thing. You should look into the following topics:
  BER-TLV (Basic Encoding Rules - Tag Length Value)
  Simple-TLV
  Basically, a BER-TLV may contain multiple simple TLV(s). Define tags for your data objects, then go ahead and construct messages.
  So:
  <ber-tag><ber-len>[<simple-tag><simple-len><simple-val>...]
  Good luck with that final project, I hope you pass.

• Future direction of BEA Web Services? - binary / attachments

  Hello,
  I'm looking at needing to transfer binary data through a web service,
  but can't handle the 4/3+ size increase that occurs when embedding the
  data with base64 encoding.
  I know that WL 8.1sp3 support SwA, but that standard is being deprecated
  in favor of newer technologies like Fast Web Services (based on ASN.1
  encoding rules), MTOM/XOP, Basic Attachments Profile.
  We'd prefer to be able to rely on the support of the application server.
  What is BEA's future direction in terms of this technology? Will they be
  supporting one or all of these binary standards? When is the estimated
  date for this technology to be implemented?
  If these technologies won't be implemented for a while, is it possible
  to plug in 3rd party web services solutions into BEA WL8.1 (e.g. Sun's
  JWSDP, Axis, etc)? I believe it is, but am just asking for the sake of a
  full answer.
  Thanks

  Steve,
  Due to BEA's award winning support they offer, I had to figure this out on my own. After weeks of dealing with a support case they provided me with absolutely nothing. Just as they have done in this thread. I will share what I have done for the mean time to get around their limitations using attachments.
  I used the Axis libraries to create a DIME attachment and call a BEA web service. Since BEA doesn't support Dime, a servlet filter had to be implemented and parse the DIME message prior to the web service received it. I'm sending 2GB files with transfer rates of 6MB/S.
  This is a response from BEA's award winning support:
  "We do not have good specification standard as yet as to how to best solve the issue. It appears like a pretty larger issue to solve because of the lack os standards and specification. Engineering is still researching on the issue and we don't know which version will have the fix."

• Double byte chars in URI

  Is it possible to send double byte chars through a URI? Is this possible to send from a servlet to a client browser then the client browser will just forward it on back to a server. What would have to happen on the server and client side for this to happen?
  I guess I have basic non-understanding on how encoding works through http, using a client browser and also sending a response to a servlet container. Can anyone tell me how this process works? What are the default encodings, what is configurable on the client side or server side, etc.? Thanks.

  I believe the rule is that you first have to encode the string into UTF-8 bytes, then apply the URL-encoding rules to that array of bytes. At least, that's how I understand the most recent rules for HTTP. But it's likely that most browsers don't follow this rule properly, so be prepared for a rough ride if you try this.

• Why do I get a message something like this following message in GarageBand? "Unexpected audio request...(Elastic audio)(-10024)"

  Why do I get a message something like this following message in GarageBand? "Unexpected audio request...(Elastic audio)(-10024)"

  Hi lizz4321,
  A digital ID is made up of three components; a private key, a corresponding public key, and some identifying information. The keys themselves are pretty straight forward, they are just big blobs of numbers used to encrypt and decrypt data. It's the identifying information that gets a bit tricky. On first look, the identifying information looks like plain text. You'll see your name and the issuer's name, a serial number, some dates for when the validity starts and ends. All pretty straight forward.
  However, all of this information is actually formatted using something called ASN.1 (it stands for Abstract Syntax Notation) and then encoded using BER (Basic Encoding Rules). When someone creates a digital ID they can put just about anything in there. Per specifications (RFC 5280 if you wanted to look it up) some items are required, and others are optional. Each piece of information that goes into the public-key certificate (the PKC is basically the digital ID without the private key) is contained in an extension. These extensions are identified using an OID (Object ID) and conform to a specification which may either be public or confidential.
  There are two possibilities in the case you are seeing. Either, some of the information that Acrobat knows about was formatted or encoded incorrectly, or, there is an optional entry that Acrobat doesn't understand how to decode. My guess is it's the latter possibility. There is a rule that states if an extension is marked as critical, and the application using the public-key certificate (in this case the application would be Acrobat), doesn't understand the extension, then the application is supposed to reject the certificate. It could be the former case (badly formatted data), but without seeing the certificate all I can do is guess.
  Steve

• Ber Decoding error in embedded OCSPResponse

  Hi,
  I'm trying to sign Pdf using iText and I'd like to embed the OCSPResponse in the autheticated attributes of the SignerInfo.
  When  the document is validated online by Reader everything is ok. The  offline certificate status verification is successfull using the  embedded crl, but it fails to check the embedded OCSPResponse because of  "a BER decoding error". I can't figure out what the error is....
  You can download my PKCS7 files (one contains only the OCSP response, the other has both the OCSP and the crl) here:
  http://www.adrive.com/public/e30000d3d7e4b097f7b7733cd35ddb6e3bb3b75c3 538942194461dd755a395ab.html
  http://www.adrive.com/public/21971967c579fc0b065e5e05951fa486309be66ac 844427e367dbbb68a5183aa.html
  Can anybody help me, please?
  Thanks
  Tania

  Hi lizz4321,
  A digital ID is made up of three components; a private key, a corresponding public key, and some identifying information. The keys themselves are pretty straight forward, they are just big blobs of numbers used to encrypt and decrypt data. It's the identifying information that gets a bit tricky. On first look, the identifying information looks like plain text. You'll see your name and the issuer's name, a serial number, some dates for when the validity starts and ends. All pretty straight forward.
  However, all of this information is actually formatted using something called ASN.1 (it stands for Abstract Syntax Notation) and then encoded using BER (Basic Encoding Rules). When someone creates a digital ID they can put just about anything in there. Per specifications (RFC 5280 if you wanted to look it up) some items are required, and others are optional. Each piece of information that goes into the public-key certificate (the PKC is basically the digital ID without the private key) is contained in an extension. These extensions are identified using an OID (Object ID) and conform to a specification which may either be public or confidential.
  There are two possibilities in the case you are seeing. Either, some of the information that Acrobat knows about was formatted or encoded incorrectly, or, there is an optional entry that Acrobat doesn't understand how to decode. My guess is it's the latter possibility. There is a rule that states if an extension is marked as critical, and the application using the public-key certificate (in this case the application would be Acrobat), doesn't understand the extension, then the application is supposed to reject the certificate. It could be the former case (badly formatted data), but without seeing the certificate all I can do is guess.
  Steve

• To create an x.509 certificate not using any tools

  I'm having a project, is to generate an x.509 certificate without using any other tools, did anyone know the bytes structure of an x.509 v1 certificate, please kindly help! thanks!

  x509 certificates are described using ASN.1 notation; see http://www.ietf.org/rfc/rfc2459.txt for all the gory options. The ASN.1 structures are encoded into bytes by following the Distinguished Encoding Rules (DER) for ASN.1. See "A Layman's Guide ..." at http://luca.ntop.org/Teaching/Appunti/asn1.html.

• Is JNLP an XML format?

  Hi everybody,
  I've a problem with the JNLP file syntax which makes me wonder, if JNLP is really an XML format. I need to store a servlet URL in a JNLP file as parameter for my application. This URL looks like "http://myserver/servlet?p1=v1&p2=v2", i.e. it contains an ampersand, which should be encoded as &amp; in an XML file.
  (I am not an XML guru, though.)
  I've 2 different places where I need to put this kind of URL,
  in the <resources/> section as property:
  <property name="myURL" value="..."/> and in the <applic-desc/> section as argument:
  <argument>...</argument>
  In both cases, I've found that the application gets the strings exactly as stored in the JNLP file, i.e. the "&amp;" is not replaced by "&". I can believe that this is o.k. for the <property> where the string is enclosed in quotes (but how to encode a quote in such a string?), but for the <argument/> case there should be the standard encoding rules used, replace 'less than', 'greater than' and 'ampersand'!
  How should I encode a "<" ">" inside a program argument?
  When I put the string into the JNLP file with the pure "&" JWS will happily pass the correct strings to the application. However, a XML syntax validator complains about a not well-formed XML file.
  How should I handle this? Should I replace standard XML entities inside property values and program arguments manually?
  Thanks in advance for any help on this.
  Udo Hempel

  This is a known bug in 1.4.2 and previous Java Web Starts.
  It is fixed in the upcoming 1.5 release.
  /Dietz