Skip to main content

Creating a secure group using PSEMembershipService.

8 replies [Last post]
enygma2002
Offline
Joined: 2008-12-22
Points: 0

Hi!

I am using the default rdvs/relays. The default networkPeerGroup has NoneMembershipService enabled and not PSEMembershipService as stated in documentations.

I am creating a new peer group by following the tutorial.psesample example.

I create a new Module Impl Advertisement from the netPeerGroup and enable PSEMembershipService:

try {
newGroupImpl = base.getAllPurposePeerGroupImplAdvertisement();
} catch (Exception unlikely) {
// getAllPurposePeerGroupImplAdvertisement() doesn't really throw expections.
throw new IllegalStateException("Could not get All Purpose Peer Group Impl Advertisement.");
}

newGroupImpl.setDescription(newGroupName + " Peer Group Implementation");
newGroupImpl.setModuleSpecID(IDFactory.newModuleSpecID(PeerGroup.peerGroupClassID));

// FIXME bondolo Use something else to edit the params.
StdPeerGroupParamAdv params = new StdPeerGroupParamAdv(newGroupImpl.getParam());

Map newGroupServices = params.getServices();

ModuleImplAdvertisement baseGroupMembershipModuleAdv = (ModuleImplAdvertisement) newGroupServices.get(PeerGroup.membershipClassID);

newGroupServices.remove(PeerGroup.membershipClassID);

ModuleImplAdvertisement pseMembershipServiceImplAdv = (ModuleImplAdvertisement) AdvertisementFactory.newAdvertisement(
ModuleImplAdvertisement.getAdvertisementType());

pseMembershipServiceImplAdv.setModuleSpecID(PSEMembershipService.pseMembershipSpecID);
pseMembershipServiceImplAdv.setCompat(baseGroupMembershipModuleAdv.getCompat());
pseMembershipServiceImplAdv.setCode(PSEMembershipService.class.getName());
pseMembershipServiceImplAdv.setUri(baseGroupMembershipModuleAdv.getUri());
pseMembershipServiceImplAdv.setProvider(baseGroupMembershipModuleAdv.getProvider());
pseMembershipServiceImplAdv.setDescription("PSE Membership Service");

// Add our selected membership service to the peer group service as the
// group's default membership service.
newGroupServices.put(PeerGroup.membershipClassID, pseMembershipServiceImplAdv);

// Save the group impl parameters
newGroupImpl.setParam((Element) params.getDocument(MimeMediaType.XMLUTF8));

Then I publish it both remotely and locally:
disco.remotePublish(newGroupImpl);
disco.publish(newGroupImpl);

I generate a certificate and encode the private key with a password:

// Generate certificate.
PSEUtils.IssuerInfo groupAuthenticationData = PSEUtils.genCert(manager.getInstanceName(), null);
EncryptedPrivateKeyInfo encryptedGroupPrivateKey = PSEUtils.pkcs5_Encrypt_pbePrivateKey(
groupPassword, groupAuthenticationData.issuerPkey, 1000);

// Build PeerGroupAdvertisement for the new group with pse authentication data in it.
X509Certificate[] certificateChain = { groupAuthenticationData.cert };

I create a Peer Group Advertisement for this module Impl Adv and add a PSEConfig to it where I specify the certificate and encoded private key:

pseImpl = newGroupImpl;

PeerGroupAdvertisement newPGAdv = (PeerGroupAdvertisement) AdvertisementFactory.newAdvertisement(PeerGroupAdvertisement.getAdvertisementType());

newPGAdv.setPeerGroupID(IDFactory.newPeerGroupID());
newPGAdv.setModuleSpecID(pseImpl.getModuleSpecID());
newPGAdv.setName(groupName);
newPGAdv.setDescription(description);

PSEConfigAdv pseConfAdv = (PSEConfigAdv) AdvertisementFactory.newAdvertisement(PSEConfigAdv.getAdvertisementType());

pseConfAdv.setCertificateChain(certificateChain);
pseConfAdv.setEncryptedPrivateKey(encryptedGroupPrivateKey, certificateChain[0].getPublicKey().getAlgorithm());

XMLDocument pseDoc = (XMLDocument) pseConfAdv.getDocument(MimeMediaType.XMLUTF8);

newPGAdv.putServiceParam(PeerGroup.membershipClassID, pseDoc);

I publish the new pgAdvertisement, then I create a new Group from it:

pg = rootGroup.newGroup(newGroupAdv);

After this, I authenticate and join the grou. (authentication and join is classic and works).

The problem:

Jan 19, 2009 3:58:31 PM net.jxta.impl.membership.pse.PSEUtils
INFO: Loaded Security Providers into system class loader
Jan 19, 2009 3:58:32 PM net.jxta.impl.loader.RefJxtaLoader findModuleImplAdvertisement
WARNING: Failed to find class for urn:jxta:uuid-DEADBEEFDEAFBABAFEEDBABE00000001EA4E23C60F6C4E0AA2A98A83ED29B11906
java.lang.ClassNotFoundException: No matching class for : urn:jxta:uuid-DEADBEEFDEAFBABAFEEDBABE00000001EA4E23C60F6C4E0AA2A98A83ED29B11906
at net.jxta.impl.loader.RefJxtaLoader.findClass(RefJxtaLoader.java:240)
at net.jxta.impl.loader.RefJxtaLoader.findModuleImplAdvertisement(RefJxtaLoader.java:350)
at net.jxta.impl.peergroup.GenericPeerGroup.loadModule(GenericPeerGroup.java:781)
at net.jxta.impl.peergroup.GenericPeerGroup.newGroup(GenericPeerGroup.java:1408)
at net.jxta.impl.peergroup.PeerGroupInterface.newGroup(PeerGroupInterface.java:315)
at concerto.propagateMessage.JxtaP2PFace.createNewGroup(JxtaP2PFace.java:584)
at concerto.propagateMessage.ConcertoPeer.createAPrivateGroup(ConcertoPeer.java:234)
at concerto.propagateMessage.ConcertoPeer.main(ConcertoPeer.java:129)
Jan 19, 2009 3:58:32 PM net.jxta.impl.peergroup.GenericPeerGroup getInterface

The moduleImplAdvertisement seems not to register but it seems that the group is created and the peer that created the group joins it.

If another peer wants to join the group, the same thing happens when it creates a PeerGroup object using the advertised PeerGroupAdvertisement that contains certificate and key.

Jan 19, 2009 4:12:08 PM net.jxta.impl.peergroup.GenericPeerGroup getInterface
INFO: [urn:jxta:uuid-8115635258534A03AA41826A441B0C4902] GROUP REF COUNT INCREMENTED TO: 2 by
net.jxta.impl.peergroup.GenericPeerGroup.newGroup(GenericPeerGroup.java:1385)
Current Membership service: net.jxta.impl.membership.pse.PSEMembershipService@1d33a6b
Jan 19, 2009 4:12:08 PM net.jxta.impl.membership.pse.PSEMembershipService join
INFO: Initializing the PSE key store.
Jan 19, 2009 4:12:08 PM net.jxta.impl.membership.pse.PSEConfig initialize
INFO: Initializing new PSE keystore...
Member authentication successful.
Changing group...
Jan 19, 2009 4:12:08 PM net.jxta.impl.pipe.WirePipe forget
INFO: Deregistering wire pipe with pipe resolver

It seems that the peer can join the group, even though that warning is being showed, BUT IT CAN NOT SEE THE OTHER PEERS INSIDE THE GROUP.

Please help me with the answer to why the peers can't see each-other and why doesn't the impl module advertisement get published?

PS: If I do a netPeerGroup.loadModule(newGroupImpl.getID(), newGroupImpl) on the peer that creates the group, just befor a call to newGrou(...), the exception is no longer thrown and the moduleImplAdv gets registered to the JXTALoader.
On the client peer I can't do that because I don`t have the moduleImplAdv.

Please help me.

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
bondolo
Offline
Joined: 2003-06-11
Points: 0

> Hi!
>
> I am using the default rdvs/relays. The default
> networkPeerGroup has NoneMembershipService enabled
> and not PSEMembershipService as stated in
> documentations.

What version of JXSE are you using? The PSE Membership service has been the default Membership service for MANY MANY releases of JXSE so it is surprising to hear that you are using a version that does not have PSE as the default version.

I'll ignore your other issues for now because I think it is important to resolve this issue before trying to address the other problems.

iiggoorr
Offline
Joined: 2008-09-22
Points: 0

Hi, well i am using jxse version 2.5 and i am also getting none membership as default insted of psemebership.

bondolo
Offline
Joined: 2003-06-11
Points: 0

In the net peer group or some other peer group?

enygma2002
Offline
Joined: 2008-12-22
Points: 0

Hi bondolo,

As Igor, I am using JXTA 2.5 as well. That is the reason why I am saying that the documentation states that it is PSE by default and it's actually NONE.

Also, yes, we are talking about the netPeerGroup. I am also using the default seeds for testing and when I get an all purpose module impl adv from netPeerGroup(the one got from manager.startNetwork()), the membership service is none.

This is why I explicitly alter the module impl adv and set it to use PSE.

Is this a bug?

bondolo
Offline
Joined: 2003-06-11
Points: 0

Unless you are using a custom version of JXSE 2.5 I cannot understand how you could possibly have a net peer group with the NoneMembershipService for the network peer group. The choice of PSE for that group is hardcoded (see getDefaultModuleImplAdvertisement() in https://jxta-jxse.dev.java.net/source/browse/jxta-jxse/trunk/impl/src/ne...). Something VERY weird would have to occur for PSE to not be the netgroup membership service. I'd like to understand what's going wrong but have no ideas how what you describe could even be possible with JXSE 2.5. If you are able to generate a log of JXSE starting up there might be something in the log messages which provides a clue.

enygma2002
Offline
Joined: 2008-12-22
Points: 0

Tomorrow I will make a quick sample code that connects to a rdv using default seeds and gets the netPeerGroup.getDefaultModuleImplAdvertisement() and prints it.

All my tests so far have revealed a NoneMembershipService in its SVC list.

Maybe the default RVDs are running old JXTA code.

I will come back with code and output. Thanks for your involvement.

enygma2002
Offline
Joined: 2008-12-22
Points: 0

Hi bondolo,

As I promised, I have attached the output of my program related to group creation.

As you can see, I am using:
Root group: urn:jxta:jxta-NetGroup "NetPeerGroup"[1] / urn:jxta:jxta-WorldGroup "World PeerGroup"[1]
rootGroup.getAllPurposePeerGroupImplAdvertisement()

The relevant part of the group impl adv is:


urn:jxta:uuid-DEADBEEFDEAFBABAFEEDBABE000000050106
[b]None Membership Service[/b]

JDK1.4.1
V2.0 Ref Impl

[b] net.jxta.impl.membership.none.NoneMembershipService[/b]
http://jxta-jxse.dev.java.net/download/jxta.jar
sun.com

I use a Maven 2 project and I specify:


net.jxta
jxta-jxse
2.5


net.jxta
jxse-shell
2.5


junit
junit
3.8.1
test



maven2-repository.dev.java.net
Java.net Repository for Maven
http://download.java.net/maven/2/
default

So I am using jxta 2.5.

enygma2002
Offline
Joined: 2008-12-22
Points: 0

I am still getting that exception for not finding that class (the group's module impl advertisement ?) but it seems to be harmless.

As you can see from here: http://forums.java.net/jive/thread.jspa?threadID=56036&tstart=0 I have successfully managed to create a secure group using pseMembership.