[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-jce] [iaik-ssl] certificateTypes check in getCertificate() with RSAPublicKey i/f



hi , i am confused about the definition of certificate types. in the SSL
protocol specification, netscape has defined a valid certificate type
value as "X509certificate", so what is ur definition of a certificate
type? if you compare the algorithm to be a RSA algorithm then what is
the use of the negotiated cipher suite??
please clarify the correct definition of the certificate type list that
the SSL server sends during the handshake process.


Sundar Krishnan wrote:

> I think I may be wrong in my earlier email.
> The recommendation was to check for an instance of
> java.security.interfaces.RSAPublicKey, not
> javax.crypto.interfaces.RSAPublicKey. I am sorry for any confusion. So
> my logic now is :
>
>     // Note that we are using the single "full" |. A double
> short-ckted || should also be OK.
>     if (
> (clientCertChain[i].getPublicKey().getAlgorithm()).equalsIgnoreCase("RSA")
> |
>          (clientCertChain[i].getPublicKey() instanceof
> java.security.interfaces.RSAPublicKey) ) {
>              bCertType = true ;
>              break ;     // NOT continue here!   break out of for - j
> loop if we get a match.
>      }
>      else {
>              bCertType = false ;
>       }
>       ---
> This works !
>
> *********************************
> My earlier (wrong) email :
>
>> Sometime back, I had received a reply in the IAIK Mailing List
>> indicating something to this effect :
>> [During Client Authentication for certificateTypes' check within
>> getCertificate() method, we should preferably check :
>>     if (clientCertChain[i].getPublicKey() instanceof
>> javax.crypto.interfaces.RSAPublicKey)
>> ]
>

--
Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-jce/maillist.html

To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the folowing content: UNSUBSCRIBE iaik-jce