What the shit is WCF?

I've been a long time user of ASMX. It worked so easily. Fire up a web service project in VS, implement some function. It's done. Share the WSDL to someone. They create a client. Test. Job completed. Now I'm having to learn WCF because some signing features are needed. Do the same thing with WCF. Well it works... but everything is different. All these new terms. It's no longer web service, its service. Also bindings and endpoints, contracts, URIs and Metadata. So here's my task. I've a WSDL file. I need a web service following that WSDL that signs it's messages and validates the client. So far, I've gotten svcutil to generate the code - in VB.

svcutil /sc "MyWSDLFile].wsdl" /language:vb

This generated a vb file. Containing an interface and some data classes. Next I created a WCF Service Library and added the vb.file. I added a new vb class that implements the interface of the vb.file.

Public Class MyClassImpl Implements MyServiceSoap

Great. Now test and it works in the WCF Test client. Oh I skipped over 2 days of trouble shooting. Also you have to edit the app.config file to modify the service details. Now to get it hosted on IIS. Ok what you gotta go is create an SVC file. This is a text file. It has no template in VS which is crazy. Anyway. Create a text file, call it Something.svc. Only 1 line in the file.

<%@ ServiceHost Service="[Namespace].MyClassImpl" %>

Browse it and you got the service up and ready to be tested. That took a long time. Now to get signing working.

I started coding again, and I realized that a major headache of our system is the handling of dates. I think in future the design of a new system must cater very specifically for how dates are written. It's just like how using imperial measurements caused the mars lander to disintegrate - different date formats just cause more trouble then any supposed benefit they may have. So from now on, use letters for the month element. Anyway this post is about how IIS manages your dates and how SQL Server manages your dates. If the two don't align, then you have a problem. IIS runs under a service account and that account has its own regional setting which is set at the time you installed your OS. Can't change that without changing the registry settings. The best option is to set the value explicitly in the web.config setting like so: SQL Server sets its regional setting via the language option of the user credential which you used to run queries. There, my first post in many months. Back to programming.

How to sign stuff and then verify it using PKCS7

You'd think security is about obfuscation when trying to find resources on how to do stuff. We end up with people not really knowing how to implement security and implement it wrongly.
I might be one of those people so be warned, but if you need to a resource to get started at least, you can look here. So let's begin.

What we're doing is creating a pair of X509 keys; a private key and a public key. Both keys will be stored in a file called a keystore file. This file exists on your computer and is unlocked by a password. Once the file is unlocked, you need to unlock the key as well, so two passwords are needed, unless you use the same password for both.

You can use the private key to sign data and public key to verify the signature. Here's what I think happens during the process.

1. Sign some data using the private.
2. Optionally include the public key and data in the signature so that it can be verified.
3. Send the signature to the recipient.
4. Recipient verifies the data in the signature
5. Recipient verifies the signature with the certificate containing the Public key shared earlier.
6. If both 4 and 5 are verified correct, then the data can be considered to the signed.

Here's some code using the free bouncy castle library for Java.

Here we open the keyfile and unlock it using the keyfile password.

    KeyStore keystore = KeyStore.getInstance("jks");
    InputStream input = new FileInputStream("c:\\keyfile.jks");
    try {
  keystore.load(input, password);
    } catch (IOException e) {
    }

Now we get the private key for the key pair that we have in the keystore. The keypair is identified by an alias. Again we use the password to unlock the private key.

    PrivateKey privateKey = (PrivateKey) keystore.getKey(alias, password.toCharArray());

Next we get the Certificate for the key pair to include in the signature. The certificate is not protected by a password. This means its OK to share it with others. It's not ok to share the Private key as it will enable others to sign stuff on your behalf.

    Certificate cert = keystore.getCertificate(alias);

Here is the signing code. First we add the provider to the Security Manager. It will then be reference using the provider code "BC". We create a data generator, initialize it with a signer, wrap our data in a content wrapper and finally generate the signature based on the content, and the "BC" security provider.

    // Create the provider
    Security.addProvider(new BouncyCastleProvider());
    // Create a generator
    CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
    // initialize the signer
    generator.addSigner(privateKey, (X509Certificate) cert, CMSSignedDataGenerator.DIGEST_SHA1);
    // turn our data into content
    byte[] data = "ABC123".getBytes();
    CMSProcessable content = new CMSProcessableByteArray(data);
    // sign the data
    CMSSignedData signedData = generator.generate(content, true, "BC")

The results gets put into bytes and sent out. You probably want to encode it somewhat using BASE64. I'll leave that to you.

    byte[] result = signedData.getEncoded();

That's it for signing. Now what about verification of the signature. Remember that we will share the certificate containing the Public key with the recipient - probably ahead of time. If not you need to verify the credentials within the certificate. This will probably involve a Certificate authority. If the certificate was exchanged securely the CA should not be an issue.

Next comes the data and the signature. We receive the signature as an array of bytes and we wrap it.

    CMSSignedData s = new CMSSignedData(result);

We extract the public key from the keystore in the usual way. But this would be the keystore of the recipient. It would not have the private key.

    PublicKey publicKey = cert.getPublicKey();

We can extract the content from the signature in this way. Notice its an array of bytes so, re-encode it in ASCII or other format. This covers step 4 above. I will not go into details of how to verify it. For me, it was sufficient to print it out and verify it was indeed what I signed in the first place.

    byte[] signedContent = (byte[]) s.getSignedContent().getContent();

Now we verify. We iterate the list of signers, and ensure one of the signers is the party we expect. If verified returns true for at least one signer, that's ok for us. Your rules for verification may be different. For example, it may need to be signed by three people or at least two out of three.

    java.util.Iterator i = signers.getSigners().iterator();
    while ( i.hasNext()) {
        SignerInformation signer = (SignerInformation) i.next();
        verified = signer.verify(publicKey, "BC");
    }

That's it. Take it for what you paid for it. Nothing.

MobileXT for Nokia 5800 XM

Here's what you need to know to get Garmin working for Nokia 5800 XM.
The guides I found suck. It took a long time to get things working.

1. Get the latest version of Garmin MobileXT. Doesn't matter where you get it from. Because its gonna be locked.

2. Install it. The installer is basically an unzipper and it unzips to a removable drive - that means your phone. So on your phone there will be a Garmin folder. There should be an MobileXT icon. If not look for the SIS file to install.

3. You need your IMEI. On the Nokia 5800 XM, key this in *#06# your imei appears. This is whats used to tie the app to your phone so its used to generate the product code.

4. You need a couple programs. First one converts your IMEI to a unit ID. Second one converts your unit ID to an unlock code. Once you have the unlock code - write it into a text file named SW.UNL This is the application unlock file. Copy this to the Garmin folder.

5. You need VirtualKey because your phone is a touch screen and lacks the hardware keys required to control the app. Virtual key remaps hardware keys to other hardware keys. The nokia 5800 has at least 4 hardware keys and these need to be remapped to YES/NO UP and DOWN. Go find a config file which already does the mapping. Copy it into the Virtual Key private folder and off you go. Getting VirtualKey to work is another exercise but the other guides cover this sufficiently.

6. Now run VirtualKey. Put it in the background. Then run MobileXT. It should be unlocked - if you followed all the steps. Hey you're done. Oh yea you should load a map into the garmin folder.

Useful Tip of the day #1

Here's how to generate W3C time format from XSL using an Java enabled XSLT parser.

Step 1. create four variables


<xsl:variable name="s1" select="java:format(java:java.text.SimpleDateFormat.new('yyyy-MM-dd'),java:java.util.Date.new())"/>

<xsl:variable name="s2" select="java:format(java:java.text.SimpleDateFormat.new('HH:mm:ssZ'), java:java.util.Date.new())" />

<xsl:variable name="s3" select="substring($s2,1,11)" />

<xsl:variable name="s4" select="substring($s2,12)" />



Step 2. Concatenate variables s1,s3,s4 and include a T and a colon (:)

<xsl:value-of select="$s1"/>T<xsl:value-of select="$s3"/>:<xsl:value-of select="$s4"/>


This will yield: 2008-12-04T11:05:35+08:00
Which is kinda like the W3C format without the milliseconds.

Installing XP from a USB drive

I searched this on Google and found a few guides which listed 15 steps in 3 parts. How about we make it less daunting?

Step 1. CHECKLIST - Assuming you already have a PC here is what you need: A windows XP Install CD and a 1GB USB drive

Step 2. DOWNLOAD - this and unzip it.

Step 3. FORMAT - Run usb_prep8.cmd from the usb_prep8 folder. Use default options to format your USB drive. Keep the DOS box open. Its a script which runs step 5.

Step 4. INITIALIZE - the boot sector by running "bootsect.exe /nt52 R:" from the bootsect folder. Replace R: with the drive letter of your USB disk.

Step 5. SETUP - Go back to the DOS box. There is a menu here. Set up items 1-3. Then run 4.

Step 6. SELECT - YES YES YES! You're done, your USB disk is ready. Plug it into your PC and install XP.

Sometimes you can't binary

Lately I've messed around with EBCDIC and ASCII. So I've got my head around the concept of encoding and sometimes its useful to encode data from one format into another. Now lets say you need to encode something in Base64.
Here are some pointers:
In .NET
Dim buf() As Byte
Dim strResult as String
buf = System.Text.ASCIIEncoding.ASCII.GetBytes("Some text")
Convert.ToBase64String(buf)
buf = Convert.FromBase64String(strResult)

In Java (Go here)
Get Base64Coder.java
String s;
s = Base64Coder.encodeString("some text");
s = Base64Coder.decodeString(s);

To verify, decode the encoded output from .NET in Java and vice-versa.