How can I get the SHA1 fingerprint of a TlsCertificate in GJS? - x509

I'm trying to get a fingerprint of a Gio.TlsCertificate of a connection, which as I understand it is just a SHA1 checksum of the certificate in DER form. So I think I could use GLib.compute_checksum_for_data() on the certificate property of the Gio.TlsCertificate object, but any attempt to access that property results in:
JS ERROR: Error: Unable to introspect element-type of container in GValue
Is there a way I can access the certificate property, or an easier way to fingerprint a certificate in GLib?

This looks like a bug in the generated introspection XML for Gio.TlsCertificate.certificate. I’ve filed an upstream bug about it.
In the meantime, you may be able to work around this by retrieving the property manually using g_object_get() and handling things that way; I don’t know what workarounds are exactly possible in JS.

Related

iText7 and C# - X509Certificate2Signature port can't sign using RSAcng

I'm trying to sign a PDF using iText7 the way I did with iText5:
I took the Cert from Windows Personal Store.
I create an IExternalSignature based on the Cert.
I found that X509Certificate2Signature class is not present in iText7.
Because of that I've ported it, however when the Signer method SignDetached is invoked I get that nasty error telling that the classic RSA algorithm is not available because now it is a bit different (RSAcng).
Is there a workaround?
For sure, there must be a reason why the class was not ported to iText7 that I can't understand.
Thanks.

Send metadata with GCS signed url

Is it possible to set custom metadata to a file using when writing to a signed url? I tried adding a 'x-goog-meta-mything' but it didn't work.
I'm using the node client lib.
Update to be clearer:
Setting the header doesn't seem to be an issue, but when creating the signed URL I have to know the value of the meta-data ahead of time, which isn't useful. I.E. I have x-goog-meta-deltachanges and it could be a number any where between 1 and many thousands. In my signedUrl I have to set x-goog-meta-deltachanges:1,2,3,4,5,6... and it doesn't seem like a good idea.
As far as the Signed URLs docs go, it should be.
Have you set the Canonical extension headers bit as needed?
I mean, you need to both include the x-goog-meta-mything:VALUE in the StringToSign, and you need to then send the same x-goog-meta-mything:VALUE header in the PUT request.
Have you done this, is it not working?

NFC Plugin for Eclipse

I'm trying to use the NFC Plugin but i have an error "Signature could not verify". I write the code generating the signature of the data and a selfsigned certificate. But when I put all them together i shows me that error. Can you help me with this?
The Signature Record support is experimental at this point, so I advise you to check out the sources for a deeper investigation.

didReceiveAuthenticationChallenge not getting called

I am using iOS sdk5.0. I am hitting a link using NSURLConnection and creating a request. But my control is not going into didReceiveAuthenticationChallenge method. Is didReceiveAuthenticationChallenge not called in iOS5.0?
According to Docs of NSURLConnectionDelegate
connection:canAuthenticateAgainstProtectionSpace:
connection:didReciveAuthenticationChallenge:
connection:didCancelAuthenticationChallenge:
are deprecated and new code should adopt
connection:willSendRequestForAuthenticationChallenge
The older delegates will still be called for compatibility, but incur more latency in dealing with the authentication challenge.
I was having the same problem (see my comment above). In my searches, I came across this gist: https://gist.github.com/1675763 . I tried the code in the AUTH_NEW path. The delegate still wasn't being called. Then I noticed the comment on line 40:
"Perhaps iOS 5 can't support DSA signature algorism."
I did some searches, and found nothing to indicate that this was a limitation was a problem. Finally, in desperation, I changed this. I was using java's keytool (Java's reinvented version of openssl+) to generate my self-signed cert. It uses DSA by default. Out of desperation, I used a flag to force it to use RSA. Then the delegate got called, and the code in the gist above worked.
I still have yet to see any documentation that says you can't use DSA. openssl seems to use RSA by default, so folks using that probably never run into this.
Short story: check your cert and make sure it is signed with RSA and not DSA.
I'd like to emphasize the point Chris Westin makes. And beyond that, I actually created an RSA key, but accidentally copied the DSA one to the server. So when in doubt, you need to use the -v (verbose) command to make sure that you've got the proper cert in place. Example:
keytool -list -v -keystore <name of keystore here>

Doesn't zend openid auto clean nonce files?

I am using zend OpenID library:https://github.com/marcinwol/zfopenid works great. But, the issue is not cleaning tmp folder files[nonce files]. It seems purgeNonces members of Zend_OpenId_Consumer_Storage_File are
not being called anywhere in the execution. http://framework.zend.com/manual/1.11/en/zend.openid.consumer.html dbstorage seems to clear the expired data. But, that too is not clearing Nonce. I am planning to use dbstorage. Any examples would be appreciated.
Thanks
I found some info, we do not need to delete discovery files as it is for single id.
http://openid.net/specs/openid-authentication-2_0.html#verify_nonce
as per this, Zend_OpenId_Consumer_Storage_File doesn't delete nonce files. Whenever we want to call purgeNonce, we must use
"The time-stamp MAY be used to reject responses that are too far away from the current time".so I can delete old nonce files.
Also, dbstorage example's isUniqueNonce has to check for a duplicate nonce for the same OP, Not for all OP.
please correct my understanding if it is wrong.