Skip to main content

Problems with security.jar?

5 replies [Last post]
mihailm
Offline
Joined: 2008-01-24

Hi all,

We think that we might've found a problem inside the security.jar and more specifically in the CredentialUtil.class file. We were trying to create credentials for our application and upon building and signing the jar we got error messages: "Exception in thread "main" java.lang.NumberFormatException: For input string: "ffffff01"". We think that the problem is caused by this piece of code in the class file mentioned above:
// int granteeOrgId = Integer.parseInt(granteeOrgIdStr.substring(2), 16);

it seems that when we read the OrgID = "0xffffff01" the value returned is not integer but a BigInteger instead and this causes the build to fail as the value returned is out scope for the Integer type. We did the following changes to the code in the CredentialUtil.class file :

instead of :

// int granteeOrgId = Integer.parseInt(granteeOrgIdStr.substring(2), 16);

we are using :

// BigInteger bi1 = new BigInteger(granteeOrgIdStr.substring(2), 16);
// int granteeOrgId = bi1.intValue();

and

// int grantorOrgId = Integer.parseInt(grantorOrgIdStr.substring(2), 16);

was replaced by :

// BigInteger bi2 = new BigInteger(grantorOrgIdStr.substring(2), 16);
// int grantorOrgId = bi2.intValue();

Can someone take a look at this issue and advise?

Thank you very much.

Mihail Markov

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
jaya_h
Offline
Joined: 2005-07-11

Mihail,

I'm very glad that you are using CredentialSigner.
We are curious about knowing how the tool works for you, we are looking
for that feedback.
Please let us know the enhancements/fixes (like the one you posted here) that you
consider should be supported by the tool.
Also let us know if you are able to run your Xlets successfully with credentials
generated by this tool.

Thanks,
Jaya

mihailm
Offline
Joined: 2008-01-24

Hi Jaya,

Thanks for the answer. We are still testing the credentials part and as soon as we have some results that we can share I will post them here. So far the whole Security package has been working just fine.

tsui
Offline
Joined: 2008-02-05

Hi Jaya,

while still in the testing process, right now I keep on getting the following exception in Power DVD's Javalog while executing:

[code]
[JarAuthenication.extractJarImp()] 00000.jar is signed jar = true
[JarAuthenication.extractJar()] end extract C:\MY_INSTALL\Temp\Cyberlink\BDJRoot\VFSCache\00000\0\00000.jar, IsSignedApplication: true, isSecurityClosed: false
[b]java.io.IOException: extra data given to DerValue constructor[/b]
at sun.security.util.DerValue.init(Unknown Source)
at sun.security.util.DerValue.(Unknown Source)
at com.cl.bdj.jar.BDJSecurityUtil.getPermRootCertDigest(Unknown Source)
at com.cl.bdj.appmanager.BDJAppProxy.loadResources(Unknown Source)
at com.cl.bdj.appmanager.BDJAppProxy.startBDJApp(Unknown Source)
at com.cl.bdj.appmanager.BDJAppManager.runAutoStartApps(Unknown Source)
at com.cl.bdj.appmanager.BDJAppManager.startTitle(Unknown Source)
at com.cl.bdj.appmanager.BDJAppManager.initTitle(Unknown Source)
at com.cl.bdj.main.BDJCFacade.initTitle(Unknown Source)
[/code]

My application works alright in PowerDVD but it bugs my mind that there could occur problems on hardware players because of that.

Any suggestions?

Thanks,
Jochen

Message was edited by: tsui

jaya_h
Offline
Joined: 2005-07-11

Jochen,

This specific error is a bug in PowerDVD. It does not parse the field
of the PRF properly. It's expecting it to contain only one der value. However, this field
has Certificate Issuer and Serial Number which correspond to two Der entities.

I've been seeing this error since a long time with PDVD, it's still not fixed.
For verifying credentials, this player can be eliminated for now, until a new version comes out.
The one I've currently installed on my laptop is verson: 7.3

I've had success with TMT (Arcsoft player). I however, get AccessControlException
when accessing files on PS3. We don't have a developer version of PS3, but I'm
experimenting with other possible file accesses on PS3 to check out how it behaves.

I see some posts on this forum where some people have successfully used credentials
that worked on PS3. I'm curious about which tool they used to generate the credentials.

Thanks,
Jaya

jaya_h
Offline
Joined: 2005-07-11

Hi Mihail,

I'm happy that you are bringing up this issue and are using CredentialSigner.
Yes, this issue is known and will be fixed asap.
It's being tracked by the issue #72 on hdcookbook issue tracker.

https://hdcookbook.dev.java.net/issues/show_bug.cgi?id=72

I should have fixed it immediately, but let it go for a reason, which perhaps
does not seem quite right upon a hindsight. The BDJ spec guideline does not
recommend using Org IDs between 0x80000000 - 0xFFFFFFFF for interoperability reasons.
This was the reason I didn't fix the bug immediately. However, the CredentialUtil
can be generous enough to accept the Org ID in that range.The verifiers can
potentially warn about the Org ID's value.

Thanks,
Jaya