XML list elements, Sclerotic Internet
I hate XML almost as much as I hate ASN.1
To merely list elements, without knowing names in advance, which would surely defeat the purpose, you need xalan.jar
and the rather neat xpath concept
You cant use java javax.xml
you need org.apache.xpath.XPathAPI.
You need to download the entire 65MB of xalan just to get xalan.jar
Sadly, such sites as jarfinder and findjar now just point to ad-sites which dont actually find jars
After an afternoon searching for XML stuff on the Internet, I find it sclerotic, clogged with undated pages offering obsolete or deprecated methods
Without a means to die, evolution is impossible, and we are left with Stalinist relics pretending to function.
Anyway to converts an XML document into a comma separated list.
Comma separated is so much simpler, ergo better...
NodeList nodelist = null;
String xpath = "//*[not(*)]"; // Get all elements without a child element
nodelist = org.apache.xpath.XPathAPI.selectNodeList(doc, xpath);\
int z = nodelist.getLength();
for (int i=0; i < z ; i++) { print("\n " + postColon(nodelist.item(i).getNodeName())); // postcolon removes the ds: and dct: - what possible use are they?
print(", " + nodelist.item(i).getTextContent());
}
note the .item(i) syntax - this varies from xalan to Java - making a mockery of the idea of XML as a standard... exampledepot - lots of neat strings to select
20 March 2012
19 March 2012
DER encoded public key
DER encoded Public key [I hate ASN.1]
038181006BA216825F01E8A2E9015AAD9872B3BD68B453D29C7C4648C6653407111C1488D3E633EF07FEF90BA09BF90A94160091C24789FEDA738858C24B95949C844A4AB312B5F52250A9A234382F0B2E8402F260A54F065436632671B004737ED81B5EBE1003A71829C1D3ADEB5F17AB0BE58B6B8969FD6A115ADE4A615FA68B20E7E3]
Note the "extra length" byte 81 which is required if length >= 0x80 ???
if the actual length > 0xFF then more rules???
Note the 00 unused bits byte which follows the 03 bit string
03 81 bit string
8D 00 unused buts 0 L=8D
30 81 89 sequence L=89
02 81 81 Integer L= 81
(modulus)
00CE64E4BADC06A5D6D72FFB9A97E81EACC4C007864DE5FFCF5212FFC0433C7DDDD7042EDB2DBB97217170224A763D3FDDC92EF5447299243873070A84DCDA4392882D17BC61A0BC22D8DA46AD3C3F7A5EF430A34813F11B0C611D36DE4E54377716DE82B7E2AC21994244CDC406ADF83F32A685B5D925F2796FFF35F5B6DA19D1
02 03 integer (note NO "extra" length byte)
modulus
010001
Very few ASN.1 decoders will expand this
most of the online and Free decoders dont
bouncycastle DERObject to ASN1Object does NOT
java certificate object does return modulus and exponent
pumka mentions lipingshare ASN.1 Editor
which DOES expand... the msi installer is picky about its location..
oddly it shows modulus in Hex and Exponent in DEcimal
so to extract data (if length < 256 bytes)
must go something like this:
If ((raw[1] & 0x80) != 0)
lz = 2;
else
lz = 1;
length = raw[lz];
if (raw[0] == 0x03)
dz = lz+1;
else
dz = lz;
move(raw,dz,data,0,lz)

...now to spend a couple months writing ASN.1 de/encode??
038181006BA216825F01E8A2E9015AAD9872B3BD68B453D29C7C4648C6653407111C1488D3E633EF07FEF90BA09BF90A94160091C24789FEDA738858C24B95949C844A4AB312B5F52250A9A234382F0B2E8402F260A54F065436632671B004737ED81B5EBE1003A71829C1D3ADEB5F17AB0BE58B6B8969FD6A115ADE4A615FA68B20E7E3]
Note the "extra length" byte 81 which is required if length >= 0x80 ???
if the actual length > 0xFF then more rules???
Note the 00 unused bits byte which follows the 03 bit string
03 81 bit string
8D 00 unused buts 0 L=8D
30 81 89 sequence L=89
02 81 81 Integer L= 81
(modulus)
00CE64E4BADC06A5D6D72FFB9A97E81EACC4C007864DE5FFCF5212FFC0433C7DDDD7042EDB2DBB97217170224A763D3FDDC92EF5447299243873070A84DCDA4392882D17BC61A0BC22D8DA46AD3C3F7A5EF430A34813F11B0C611D36DE4E54377716DE82B7E2AC21994244CDC406ADF83F32A685B5D925F2796FFF35F5B6DA19D1
02 03 integer (note NO "extra" length byte)
modulus
010001
Very few ASN.1 decoders will expand this
most of the online and Free decoders dont
bouncycastle DERObject to ASN1Object does NOT
java certificate object does return modulus and exponent
pumka mentions lipingshare ASN.1 Editor
which DOES expand... the msi installer is picky about its location..
oddly it shows modulus in Hex and Exponent in DEcimal
so to extract data (if length < 256 bytes)
must go something like this:
If ((raw[1] & 0x80) != 0)
lz = 2;
else
lz = 1;
length = raw[lz];
if (raw[0] == 0x03)
dz = lz+1;
else
dz = lz;
move(raw,dz,data,0,lz)
...now to spend a couple months writing ASN.1 de/encode??
14 March 2012
Google Bucks, Myki, E-Fulusi
Google considered the possibility of creating its own currency called Google Bucks.. Eric Schmidt.. at Mobile World Congress in Barcelona on Tuesday.
“peer-to-peer” money system ..transfer cash to each other ..
the project was eventually nixed because of the various laws about currency
The concept would also make it easier for potential money laundering scandals. [confused journalese? easier scandals?]
..we didn’t want to get into that because of these issues,” Schmidt ..
digitaltrends
Google launched its e-Wallet, which comes with a prepaid card that you can top up from your bank account or credit card to pay for goods.
______________________________________________________
Myki
Queues grow as bugs plague new $1.35 billion myki system
With two weeks until weekly and monthly Metcards become extinct..
Metcard machines have started being pulled out of stations in Melbourne's west.
Daniel Bowen of the Public Transport Users Association said the readers worked most of the time ..
More than a third of commuters now used myki. heraldsun
__________________________________________________________
how to get it right, such as London’s Oyster and Singapore’s EZ-Link smartcards, and one close to home: Perth’s SmartRider wordpress zdnet
An error in Victoria's recently implemented Myki smart card system has seen two customers credited over $150,000 to their accounts.
why-transport-smart-card-projects-go-bad zdnet
_______________________________________________________
The Bank of Tanzania (BoT) has drafted mobile payment regulations ..
..February report, registered customers for mobile financial services 19.4 million November 2011, compared to 14,327 June 2008.
alue of transactions increased from TZS 1.42 million in 2007 to TZS 1.62 trillion in 2011,
trust accounts to facilitate transactions from TZS 3.04 billion in June 2009 to TZS 97.6 billion at end of 2011.
E Fulusi (T) pioneered 2008 M-Pesa started four service providers Vodacom (M-Pesa), Airtel (Airtel Money), Tigo (Tigo Pesa), and Zantel (Ezy-Pesa). telecompaper
E-Fulusi mobile wallet technology currently powers the Mobipawa and ZPESA services, the first two mobile banking services in Tanzania.
_____________________________________________________________________
“peer-to-peer” money system ..transfer cash to each other ..
the project was eventually nixed because of the various laws about currency
The concept would also make it easier for potential money laundering scandals. [confused journalese? easier scandals?]
..we didn’t want to get into that because of these issues,” Schmidt ..
digitaltrends
Google launched its e-Wallet, which comes with a prepaid card that you can top up from your bank account or credit card to pay for goods.
______________________________________________________
Myki
Queues grow as bugs plague new $1.35 billion myki system
With two weeks until weekly and monthly Metcards become extinct..
Metcard machines have started being pulled out of stations in Melbourne's west.
Daniel Bowen of the Public Transport Users Association said the readers worked most of the time ..
More than a third of commuters now used myki. heraldsun
__________________________________________________________
how to get it right, such as London’s Oyster and Singapore’s EZ-Link smartcards, and one close to home: Perth’s SmartRider wordpress zdnet
An error in Victoria's recently implemented Myki smart card system has seen two customers credited over $150,000 to their accounts.
why-transport-smart-card-projects-go-bad zdnet
_______________________________________________________
The Bank of Tanzania (BoT) has drafted mobile payment regulations ..
..February report, registered customers for mobile financial services 19.4 million November 2011, compared to 14,327 June 2008.
alue of transactions increased from TZS 1.42 million in 2007 to TZS 1.62 trillion in 2011,
trust accounts to facilitate transactions from TZS 3.04 billion in June 2009 to TZS 97.6 billion at end of 2011.
E Fulusi (T) pioneered 2008 M-Pesa started four service providers Vodacom (M-Pesa), Airtel (Airtel Money), Tigo (Tigo Pesa), and Zantel (Ezy-Pesa). telecompaper
E-Fulusi mobile wallet technology currently powers the Mobipawa and ZPESA services, the first two mobile banking services in Tanzania.
_____________________________________________________________________
06 March 2012
XML Canonicalizer
When signing an XML file, obviously all need to agree on "proper" form
so use a canonicalizer
Java doesnt have one, so use apache rather than sun
-so far I have included all the apache xml jars, ... several at least are required
public static String canon (String raw)
{
String cooked = null;
try
{
byte inputBytes[] = raw.getBytes();
org.apache.xml.security.c14n.Canonicalizer c14n = Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS);
byte result[] = c14n.canonicalize(inputBytes);
cooked = new String(result);
}
catch (Exception ex)
{
print("\n canon excptn " + ex.getMessage());
print("\n raw " + raw + "\n");
}
return cooked;
However this doesnt seem to do much:
raw
<dc:FileDataCollection xmlns:dc="http://www.fredrick.dc" xmlns:dca="http://www.fredrick.dc/AuditRegisters" xmlns:dce="http://www.fredrick.dc/Events" xmlns:dct="http://www.fredrick.dc/Transactions" xmlns:dcv="http://www.fredrick.dc/Versions" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<FileHeader >
<FileHeaderTag> FHTAG_EVENT_LOG</FileHeaderTag >
<FileCreationDate>2012-02-21T15:45:55</FileCreationDate>
<SignKeyVer>0</SignKeyVer>
</FileHeader>
<FileBody>
<FileMessage>
<MsgHeader>
<MsgSequenceNumber></MsgSequenceNumber>
<MsgReportDate>2012-02-21T15:45:55</MsgReportDate>
<DeviceID>65537</DeviceID>
<ComplementDeviceID>0</ComplementDeviceID>
=======================================
cooked Canonical
<dc:FileDataCollection xmlns:dc="http://www.fredrick.dc" xmlns:dca="http://www.fredrick.dc/AuditRegisters" xmlns:dce="http://www.fredrick.dc/Events" xmlns:dct="http://www.fredrick.dc/Transactions" xmlns:dcv="http://www.fredrick.dc/Versions" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<FileHeader>
<FileHeaderTag> FHTAG_EVENT_LOG</FileHeaderTag> indent spaces same, spaces in tag removed
<FileCreationDate>2012-02-21T15:45:55</FileCreationDate>
<SignKeyVer>0</SignKeyVer>
</FileHeader>
<FileBody>
<FileMessage>
<MsgHeader>
<MsgSequenceNumber></MsgSequenceNumber> empty tag left
line-seperator is LF 0x0A, no CR which is handy
The Client has sent me some demo XML signed files: the certificate is OK, has an OK public key, which verifies the Signature to a decent Digest. BUT the plaintext Digest is different!
One at least, probably both, have been cobbled together. And no SHA1 digest of a range of versions of the raw input produce a digest identical to either of the 2 received. Aint adversarial business grand!
so use a canonicalizer
Java doesnt have one, so use apache rather than sun
-so far I have included all the apache xml jars, ... several at least are required
public static String canon (String raw)
{
String cooked = null;
try
{
byte inputBytes[] = raw.getBytes();
org.apache.xml.security.c14n.Canonicalizer c14n = Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS);
byte result[] = c14n.canonicalize(inputBytes);
cooked = new String(result);
}
catch (Exception ex)
{
print("\n canon excptn " + ex.getMessage());
print("\n raw " + raw + "\n");
}
return cooked;
However this doesnt seem to do much:
raw
<dc:FileDataCollection xmlns:dc="http://www.fredrick.dc" xmlns:dca="http://www.fredrick.dc/AuditRegisters" xmlns:dce="http://www.fredrick.dc/Events" xmlns:dct="http://www.fredrick.dc/Transactions" xmlns:dcv="http://www.fredrick.dc/Versions" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<FileHeader >
<FileHeaderTag> FHTAG_EVENT_LOG</FileHeaderTag >
<FileCreationDate>2012-02-21T15:45:55</FileCreationDate>
<SignKeyVer>0</SignKeyVer>
</FileHeader>
<FileBody>
<FileMessage>
<MsgHeader>
<MsgSequenceNumber></MsgSequenceNumber>
<MsgReportDate>2012-02-21T15:45:55</MsgReportDate>
<DeviceID>65537</DeviceID>
<ComplementDeviceID>0</ComplementDeviceID>
=======================================
cooked Canonical
<dc:FileDataCollection xmlns:dc="http://www.fredrick.dc" xmlns:dca="http://www.fredrick.dc/AuditRegisters" xmlns:dce="http://www.fredrick.dc/Events" xmlns:dct="http://www.fredrick.dc/Transactions" xmlns:dcv="http://www.fredrick.dc/Versions" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<FileHeader>
<FileHeaderTag> FHTAG_EVENT_LOG</FileHeaderTag> indent spaces same, spaces in tag removed
<FileCreationDate>2012-02-21T15:45:55</FileCreationDate>
<SignKeyVer>0</SignKeyVer>
</FileHeader>
<FileBody>
<FileMessage>
<MsgHeader>
<MsgSequenceNumber></MsgSequenceNumber> empty tag left
line-seperator is LF 0x0A, no CR which is handy
The Client has sent me some demo XML signed files: the certificate is OK, has an OK public key, which verifies the Signature to a decent Digest. BUT the plaintext Digest is different!
One at least, probably both, have been cobbled together. And no SHA1 digest of a range of versions of the raw input produce a digest identical to either of the 2 received. Aint adversarial business grand!
Subscribe to:
Comments (Atom)