[Webfunds-commits] java/webfunds/sox SOXException.java SimpleIssuer.java
Ian Grigg
iang@cypherpunks.ai
Tue, 5 Sep 2000 15:35:29 -0400 (AST)
iang 00/09/05 15:35:29
Modified: webfunds/sox SOXException.java SimpleIssuer.java
Log:
upgraded Exceptions to trace the failed-cert-sign bug
Revision Changes Path
1.6 +5 -2 java/webfunds/sox/SOXException.java
Index: SOXException.java
===================================================================
RCS file: /home/webfunds/cvsroot/java/webfunds/sox/SOXException.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- SOXException.java 2000/09/04 19:24:59 1.5
+++ SOXException.java 2000/09/05 19:35:28 1.6
@@ -1,5 +1,5 @@
/*
- * $Id: SOXException.java,v 1.5 2000/09/04 19:24:59 iang Exp $
+ * $Id: SOXException.java,v 1.6 2000/09/05 19:35:28 iang Exp $
*
* Copyright (c) Systemics Ltd 1995-1999 on behalf of
* the WebFunds Development Team. All Rights Reserved.
@@ -32,7 +32,10 @@
LATER_NET = -8, // no comms at all
LATER_DOWN = -9, // comms ok but not to server
- LAST_ERROR = -9;
+ SERVER_CERT = -10, // server cert not signed
+ COMMS_CERT = -11, // comms cert not signed
+
+ LAST_ERROR = -11;
public boolean isFrozen() { return (number == FROZEN); }
public boolean isServerDown() { return (number == SERVER_DOWN); }
1.16 +41 -18 java/webfunds/sox/SimpleIssuer.java
Index: SimpleIssuer.java
===================================================================
RCS file: /home/webfunds/cvsroot/java/webfunds/sox/SimpleIssuer.java,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- SimpleIssuer.java 2000/09/05 18:21:53 1.15
+++ SimpleIssuer.java 2000/09/05 19:35:28 1.16
@@ -1,5 +1,5 @@
/*
- * $Id: SimpleIssuer.java,v 1.15 2000/09/05 18:21:53 iang Exp $
+ * $Id: SimpleIssuer.java,v 1.16 2000/09/05 19:35:28 iang Exp $
*
* Copyright (c) Systemics Ltd 1995-1999 on behalf of
* the WebFunds Development Team. All Rights Reserved.
@@ -13,6 +13,10 @@
import webfunds.utils.Debug;
+import cryptix.openpgp.*;
+import cryptix.openpgp.util.PGPArmoury;
+import webfunds.ricardian.KeyUtil;
+
/**
* This class is a "SOX Agent" that passes basic requests to the Issuer.
* It should be passive until requested.
@@ -21,7 +25,7 @@
*/
public class SimpleIssuer
extends Debug
- implements Issuer // why?, Serializable
+ implements Issuer
{
protected String logfix = " i-";
@@ -54,10 +58,10 @@
protected PublicKey commsKey = null;
/**
- * The legal issuer's certificate.
- * This should be used to check to the primary cert is signed?
- * The connection between the legal issuer and the servers is
- * not done yet. Placemarker.
+ * The operator's certificate, as found in the contract.
+ * This should be used to check that the server key returned
+ * from the SOX Server is signed.
+ * The PKI is evolving...
*/
protected Certificate signer = null;
@@ -82,7 +86,11 @@
this.name = name;
this.signer = signer;
+ if (signer == null)
+ throw new IllegalArgumentException("signer <null>");
commsAgent = agent;
+ if (commsAgent == null)
+ throw new IllegalArgumentException("commsAgent <null>");
basicAgent = new BasicAgent(agent);
logmsg("SimpleIssuer(" + name + ", signer, " + agent + ", bug)");
@@ -141,7 +149,8 @@
throw ex ;
} catch (SOXPacketException ex) { // what was this for?
setDead(ex.getMessage());
- throw new SOXIssuerException("packet: " + ex.getMessage());
+ throw new SOXIssuerException(ex.getNumber(),
+ "SOXPE 1: " + ex.getMessage());
} catch (SOXIssuerException ex) {
setDead(ex.getMessage()); // BA thinks info is wrong
throw ex ;
@@ -157,13 +166,14 @@
try {
logmsg("Requesting serverCert...");
serverCert = basicAgent.getServerKey();
- logmsg("Got a serverCert!");
+ logmsg("Got a serverCert!" + serverCert);
} catch (SOXLaterException ex) {
setDead(ex.getMessage()); // URL is wrong or server is down
throw ex;
} catch (SOXPacketException ex) {
setDead(ex.getMessage());
- throw new SOXIssuerException("packet: " + ex.getMessage());
+ throw new SOXIssuerException(ex.getNumber(),
+ "SOXPE 2: " + ex.getMessage());
} catch (SOXIssuerException ex) {
setDead(ex.getMessage()); // BA thinks info is wrong
throw ex ;
@@ -172,14 +182,23 @@
PublicKey signerKey = Crypto.getPublicKeyFromCert(signer);
logmsg("Verifying ServerCert is signed by Server CA certificate");
if (!Crypto.verifyCertificate(serverCert, signerKey)) {
- throw new SOXIssuerException(
- "serverCert not signed by server CA");
+
+byte[] b = signerKey.getEncoded();
+PGPArmoury ok = new PGPArmoury(b, KeyUtil.PUBLIC_KEY_BLOCK);
+b = Crypto.getPublicKeyFromCert(serverCert).getEncoded();
+PGPArmoury sk = new PGPArmoury(b, KeyUtil.PUBLIC_KEY_BLOCK);
+logmsg(
+ "serverCert (first) not signed by operator Cert (2nd)\n\n"+
+ sk + "\n\n\n" + ok + "\n\n");
+
+ throw new SOXIssuerException(SOXException.SERVER_CERT,
+ "serverCert not signed by operator Cert");
}
PublicKey serverKey = Crypto.getPublicKeyFromCert(serverCert);
logmsg("Verifying CommsCert is signed by serverCert");
if (!Crypto.verifyCertificate(commsCert, serverKey)) {
- throw new SOXIssuerException(
+ throw new SOXIssuerException(SOXException.COMMS_CERT,
"commsCert not signed by serverCert");
}
@@ -225,14 +244,16 @@
// Let parent (SmartIssuer) sort it out.
//
setDead(ex.getMessage());
- throw new SOXIssuerException("request: " + ex.getMessage());
+ throw new SOXIssuerException(ex.getNumber(),
+ "request: " + ex.getMessage());
// } catch (java.net.ConnectException ex) { // from IOEx
// setDead(ex.getMessage()); // URL is wrong or server is down
// throw new SOXLaterException("internalRequest: " + ex.getMessage());
} catch (SOXPacketException ex) {
setDead(ex.getMessage());
- throw new SOXIssuerException("request: " + ex.getMessage());
+ throw new SOXIssuerException(ex.getNumber(),
+ "SOXPE 3: " + ex.getMessage());
// } catch (IOException ex) {
// ex.printStackTrace(err());
// setDead(ex.getMessage());
@@ -344,7 +365,8 @@
reply = new TimeSyncReply(packet);
} catch (SOXPacketException ex) {
setDead(ex.getMessage());
- throw new SOXIssuerException("TimeSyncReply: " + ex.getMessage());
+ throw new SOXIssuerException(ex.getNumber(),
+ "SOXPE TSR: " + ex.getMessage());
}
timediff = reply.getTimeDifference(); // as seen by SOX Server
@@ -357,9 +379,10 @@
deviation = lastsync - tim;
logmsg("Timediff = " + timediff + " +- " + deviation +
- " (complete at " + lastsync + ")");
- if ((deviation / 2 > timeLastRequest) || deviation > SECOND)
- logmsg("Warning: timesync is taking too long? " + timeLastRequest);
+ " (" + timeLastRequest + ", complete at " + lastsync + ")");
+ if ( (timeLastRequest > (2*SECOND)) || deviation > (3*SECOND) )
+ logmsg("Warning: timesync is taking too long? " +
+ "(dev == "+deviation+", last == "+timeLastRequest+")");
}
/**