In my applet, key is hardcoded and i want to give this key as the parameter of install() method.
The install method takes 3 parameter as
install(byte[] bArray, short bOffset, byte bLength)
How can i give the key value as the parameter of the install method?
Normally a Java Card implementation also implements Global Platform. In that case the user parameters can be given as part of the INSTALL for INSTALL command. The Global Platform card specification is available for free, although registration is required.
You can find the specification of the parameters in 11.5.2.3.7 INSTALL Command Parameters of the provided document. It is important to provide the instance AID first. Then there is a specific format for the Application Specific Parameters (tag C9, then a length byte, then the parameters in binary). You need to parse this structure in the Java Card install method as well.
If you cannot debug the install method then return the parameters as response data of a test APDU.
Related
Using Argument setter by supplying the parameter value I want to make the Datafusion pipeline as resuable. As said by many other answer's have tried implementing using the cloud reusable pipeline example given in Google guide.I was not able to pass the parameter Json file.So how to create the API to that parameter Json file stored in Google storage.Please explain the values to be passed to Argument setter like URL,Request response etc., If any one of you had implemented in your projects.
Thank you.
ArgumentSetter plugin reads from a HTTP endpoint and it must be publicly accessible as is depicted within the GCP documentation. Currently, there is not a way to read from a non-public file stored in GCS. This behavior has been reported in order to be improved to CDAP through this ticket.
Can you please provide what you've tried so far and where you're stuck?
The URL field in argument setter would contain the API endpoint you're making a call to. Make sure you include any headers your call would need like Authorization, Accept etc.
If you're having issues with argument setter a good check is to use Curl or any other tool to make sure you're able to talk to the endpoint you're trying to use.
Here's some documentation about Argument setter: https://github.com/data-integrations/argument-setter
Define a JSON file with appropriate name/value pairs. Upload it in a GCS bucket - make it public by changing permissions (add "allUsers" in permissions list). When you save it, the file will say "Public to Internet"
Copy the https path to the file and use it in Arguments Setter. If you're able to access this path from curl/ your browser, Argument Setter will be able to do too..
There are other problems I've encountered while using Argument Setter though - the pipe doesn't supersede runtime arguments over default values provided in the URL many a times, specially when the pipe is duplicated.
To make file public
You have to make your bucket public, currently there is no other way.
gsutil iam ch allUsers:objectViewer gs://BUCKET_NAME
Reading a book on Yocto. Got to the following page, which says:
BitBake provides a very easy-to-use way to write conditional metadata.
It is done by a mechanism called overrides.
The OVERRIDES variable contains values separated by colons (:), and
each value is an item we want to satisfy conditions. So, if we have a
variable that is conditional on arm, and arm is in OVERRIDES, then the
version of the variable that is specific to arm is used rather than
the non-conditional version, as shown:
OVERRIDES = "architecture:os:machine"
TEST = "defaultvalue"
TEST_os = "osspecificvalue"
TEST_other = "othercondvalue"
In this example, TEST will be osspecificvalue due to the condition
of os being in OVERRIDES.
I'm unclear from this explanation how did TEST become equal to osspecificvalue. Would someone be able to explain it?
Bitbake implements it's own dictionary data structure based on Python's MutableMapping in lib/bb/data_smart.py. The goal is to create a dictionary with more flexibility in that each value in the "key,value" pair can be overridden based on specific identifiers.
If you look at how the variables in this dictionary are set, you will see that the datastore allows "overrides" of variables based on a list of override identifiers. These identifiers are expected to be appended with an underscore, like in your example of "TEST_os".
In the case you are referencing, "other" identifier is not in the list of OVERRIDES, so this "smart dictionary" does not override the value of TEST with "othercondvalue". However, because the "os" identifier is in the list of OVERRIDES, the value of TEST is indeed overridden with the value "osspecificvalue".
I would highly recommend reading through the DataSmart class as this is a very simplified explanation, but hopefully it helps.
Also, see the BitBake manual entry for OVERRIDES for more information.
I am working on a library which follows PKCS#11 standard.
https://www.cryptsoft.com/pkcs11doc/v220/
The library can generate RSA Keypair in token by the function C_GenerateKeyPair and returns appropriate object handles with return value CKR_OK.
The token(applet) not supports load of private/public key except generate key pair. What will be the appropriate return value of create RSA private/public key using C_CreateObject?
Now I am returning CKR_GENERAL_ERROR, is it okay?
Allowed return values are
CKR_ARGUMENTS_BAD, CKR_ATTRIBUTE_READ_ONLY,
CKR_ATTRIBUTE_TYPE_INVALID, CKR_ATTRIBUTE_VALUE_INVALID,
CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY,
CKR_DEVICE_REMOVED, CKR_DOMAIN_PARAMS_INVALID, CKR_FUNCTION_FAILED,
CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK, CKR_PIN_EXPIRED,
CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID, CKR_SESSION_READ_ONLY,
CKR_TEMPLATE_INCOMPLETE, CKR_TEMPLATE_INCONSISTENT,
CKR_TOKEN_WRITE_PROTECTED, CKR_USER_NOT_LOGGED_IN.
Thanks for your help
Update
I have two types of applet, one supports load of RSA private/public key to token and another not supports. It can only possible to identify if the token supports load of key is the response of transmitted APDU. So I can't take decision only to check the class attribute of C_CreateObject.
If your library does not support C_CreateObject at all then the best choice IMO is CKR_FUNCTION_NOT_SUPPORTED.
Chapter 11 in PKCS#11 v2.20 states:
A Cryptoki library need not support every function in the Cryptoki API. However, even an unsupported function must have a "stub" in the library which simply returns the value CKR_FUNCTION_NOT_SUPPORTED.
If your library does support C_CreateObject for creation of other object types (e.g. certificates, data objects etc.) then the best choice IMO is CKR_ATTRIBUTE_VALUE_INVALID.
Chapter 10.1.1 in PKCS#11 v2.20 states:
If the supplied template specifies an invalid value for a valid attribute, then the attempt should fail with the error code CKR_ATTRIBUTE_VALUE_INVALID.
UPDATE
Now that you have shared more details about your library in the comments I can add more detailed explanation:
It seems I can call your implementation of C_CreateObject with template containing CKA_CLASS=CKO_CERTIFICATE and it will create certificate object on this particular token and return CKR_OK. If I call it with template containing CKA_CLASS=CKO_PRIVATE_KEY then your code will decide to return an error right after the evaluation of the supplied value of this attribute. IMO there is no doubt that chapter 10.1.1 of PKCS#11 v2.20 recommends you to return CKR_ATTRIBUTE_VALUE_INVALID in this case.
However if are not willing to follow behavior recommended by the specification and there is no predefined error code you like, you can introduce your own vendor defined code (see my older answer for more details):
#define CKR_TOKEN_OPERATION_NOT_SUPPORTED (CKR_VENDOR_DEFINED|0x0000001)
IMO confusion level for inexperienced developer will be the same regardless of error code you return. In the end he/she will need to consult your documentation or logs produced by your library to find out the real reason why he/she received the error.
From ExecutableType we can inspect the types of parameters using getParameterTypes(). However, I cannot find a mechanism to inspect the parameter names.
I understand that in <= Java 7 the parameter names are not retained in the bytecode. However, I would still expect to be able to access the argument names arg0, arg1.
If the compiler is a Java 8 compiler running with the -parameters flag I would expect to get the original parameter names from the source code.
Is there a mechanism that I am overlooking? It seems strange that we are able to query this using the reflection API using Parameter.getName() if we are not capable of retrieving this information whilst annotation processing.
Instead of ExecutableType, use ExecutableElement. From this you can get it's parameters which should all have names. You can convert using Types.asElement.
I have tried an example in which i have inserted a user using insert method of UserAction class.
On insert I have redirected the success to loadAdd method of UserAction.
During redirect I have passed the parameter as
${user}
In struts 2.0.14 this gives an ognl exception.
whereas when I pass
${user.id}
it works.
My observation says this is a bug in struts or ognl that it does parse composite objects while it parses simple data types.
Any work-around please suggest.
Or
Is there any way by which I can forward the complete action context or value stack in the redirected action
It's not a bug.
Struts2 uses a type conversion system to convert between Strings (native HTTP) and other objects. It has default type converters for all of the standard primitives, boxed primitives, collections, maps, etc. If you want to allow Struts2 to automatically convert between a string and your User class, you need to create a type converter for it. Otherwise, you can use ${user.id}, which is a primitive or boxed primitive.
http://struts.apache.org/2.2.3/docs/type-conversion.html
Also, the ValueStack is per-request, so when you redirect and create a new request, the previous requests ValueStack is no longer available.