I get output from an ajax request as below:
<div style='font-size:12px; font-weight:bold; line-height:17px;'>These results were cached from March 10, 2021, 1:11 pm PST to conserve server resources. <br/>If you are diagnosing a certificate installation problem,
you can get uncached results by clicking here.</div><table class='checker_messages'><tr><td class='passed'> </td><td><h3>www.Google.com resolves to 172.217.11.36</h3><</h3></td><tr><tr><td class='passed'> </td><td><h3>The certificate should be trusted by all major web browsers (all the correct intermediate certificates are installed).</h3></td><tr><tr><td class='passed'> </td><td><h3><table class=""><tr><td>The certificate will expire in <span id="cert_expiration_days">62</span> days. </td>
<td style="padding-left:10px;">Remind me</td></tr></table><input type="hidden" id="cert_valid_to" value="1620822887" /></h3></td><tr><tr><td class='passed'> </td><td><h3>The hostname (www.Google.com) is correctly listed in the certificate.</h3></td><tr></table><table class='checker_certs'><tr><td class='cert'><img src='/assets/templates/sslshopper/images/sslchecker/certificate_good_server.png' height='128' width='128' /></td><td><b>Common name:</b> www.google.com<br/><b>SANs:</b> www.google.com<br/><b>Organization:</b> Google LLC<br/><b>Location:</b> Mountain View, California, US<br/><b>Valid</b> from February 17, 2021 to May 12, 2021<br/><b>Serial Number:</b> 46638b76e6854ad205000000008779ef<br/><b>Signature Algorithm:</b> sha256WithRSAEncryption<br/><b>Issuer:</b> GTS CA 1O1<td></tr><tr><td class='chain'><img src='/assets/templates/sslshopper/images/sslchecker/arrow_down.png' height='48' width='48' /></td><td> </td></tr><tr><td class='cert'><img src='/assets/templates/sslshopper/images/sslchecker/certificate_good_chain.png' height='128' width='128' /></td><td><b>Common name:</b> GTS CA 1O1<br/><b>Organization:</b> Google Trust Services<br/><b>Location:</b> US<br/><b>Valid</b> from June 14, 2017 to December 14, 2021<br/><b>Serial Number:</b> 01e3b49aa18d8aa981256950b8<br/><b>Signature Algorithm:</b> sha256WithRSAEncryption<br/><b>Issuer:</b> GlobalSign<td></tr></table><input type='hidden' id='reminderCertID' value='58366913' /><input type='hidden' id='expirationDate' value='1620822887' /><input type='hidden' id='clean_hostname' value='www.Google.com' />
When I try to parse td using goquery using below snippet:
doc, err := goquery.NewDocumentFromReader(strings.NewReader(pageContent))
if err != nil {
panic(err)
}
doc.Find("td").Each(func(i int, s *goquery.Selection) {
fmt.Printf("%s\n", s.Text())
})
Output:
www.Google.com resolves to 172.217.11.36
Server Type: gws
The certificate should be trusted by all major web browsers (all the correct intermediate certificates are installed).
The certificate will expire in 62 days.
Remind me
The certificate will expire in 62 days.
Remind me
The hostname (www.Google.com) is correctly listed in the certificate.
Common name: www.google.comSANs: www.google.comOrganization: Google LLCLocation: Mountain View, California, USValid from February 17, 2021 to May 12, 2021Serial Number: 46638b76e6854ad205000000008779efSignature Algorithm: sha256WithRSAEncryptionIssuer: GTS CA 1O1
Common name: GTS CA 1O1Organization: Google Trust ServicesLocation: USValid from June 14, 2017 to December 14, 2021Serial Number: 01e3b49aa18d8aa981256950b8Signature Algorithm: sha256WithRSAEncryptionIssuer: GlobalSign
When I try using b tag instead of td i get output as below:
Common name:
SANs:
Organization:
Location:
Valid
Serial Number:
Signature Algorithm:
Issuer:
Common name:
Organization:
Location:
Valid
Serial Number:
Signature Algorithm:
Issuer:
The output I am trying to achieve is to get only Organization: Google LLC.
I recently started using StackOverflow and new to golang so I am not familiar with the environment if I make mistake then let me know.
I was able to achieve the proper output by adding some replacement.
res1 := strings.ReplaceAll(pageContent, "</b>", "")
res2 := strings.ReplaceAll(res1, "<br/>", "</b>")
doc, err := goquery.NewDocumentFromReader(strings.NewReader(res2))
if err != nil {
panic(err)
}
doc.Find("b").Each(func(i int, s *goquery.Selection) {
fmt.Println(s.Nodes[0].FirstChild.Data)
})
Output:
Common name: www.google.com
SANs: www.google.com
Organization: Google LLC
Location: Mountain View, California, US
Valid from February 17, 2021 to May 12, 2021
Serial Number: 46638b76e6854ad205000000008779ef
Signature Algorithm: sha256WithRSAEncryption
Issuer: GTS CA 1O1
Common name: GTS CA 1O1
Organization: Google Trust Services
Location: US
Valid from June 14, 2017 to December 14, 2021
Serial Number: 01e3b49aa18d8aa981256950b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: GlobalSign
But now only want Organization: Google LLC line.
Related
Hi we are trying to use NodeJS to return IP address WHOIS information before we send the requesting IP address to the rest of our app - That part is easy.
However the part that is not easy is, selecting only the Organization part of the whois information.
for example this is a whois and what it returns
whois 137.184.236.168
% IANA WHOIS server
% for more information on IANA, visit http://www.iana.org
% This query returned 1 object
refer: whois.arin.net
inetnum: 137.0.0.0 - 137.255.255.255
organisation: Administered by ARIN
status: LEGACY
whois: whois.arin.net
changed: 1993-05
source: IANA
# whois.arin.net
NetRange: 137.184.0.0 - 137.184.255.255
CIDR: 137.184.0.0/16
NetName: DIGITALOCEAN-137-184-0-0
NetHandle: NET-137-184-0-0-1
Parent: NET137 (NET-137-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS14061
Organization: DigitalOcean, LLC (DO-13)
RegDate: 2019-11-13
Updated: 2020-04-03
Comment: Routing and Peering Policy can be found at https://www.as14061.net
Comment:
Comment: Please submit abuse reports at https://www.digitalocean.com/company/contact/#abuse
Ref: https://rdap.arin.net/registry/ip/137.184.0.0
OrgName: DigitalOcean, LLC
OrgId: DO-13
Address: 101 Ave of the Americas
Address: FL2
City: New York
StateProv: NY
PostalCode: 10013
Country: US
RegDate: 2012-05-14
Updated: 2022-05-19
Ref: https://rdap.arin.net/registry/entity/DO-13
OrgAbuseHandle: ABUSE5232-ARIN
OrgAbuseName: Abuse, DigitalOcean
OrgAbusePhone: +1-347-875-6044
OrgAbuseEmail: abuse#digitalocean.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE5232-ARIN
OrgTechHandle: NOC32014-ARIN
OrgTechName: Network Operations Center
OrgTechPhone: +1-347-875-6044
OrgTechEmail: noc#digitalocean.com
OrgTechRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN
OrgNOCHandle: NOC32014-ARIN
OrgNOCName: Network Operations Center
OrgNOCPhone: +1-347-875-6044
OrgNOCEmail: noc#digitalocean.com
OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN
The only thing we are interested in is Organization: DigitalOcean, LLC (DO-13)
As we want to drop all IP addresses from this host provider.
We noticed that we have been successful at stopping Google and AWS via using host command but Digital Ocean does not work this way and we need to do it via Whois.
I know in NodeJS I would request the information
exec("whois "+ip, (error, stdout, stderr) => {
console.log(stdout);
}
Could use a regular expression:
const organizationPattern = /^organization:\s*(.+)$/im;
const match = organizationPattern.exec(stdout);
const organization = match ? match[1] : 'unknown';
console.log(organization);
I am using nodejs sdk for hyperledger fabric, inside my chaincode i need to get name of the identity (sam) who is execting the transaction.
{"name":"sam","mspid":"Org1MSP","roles":null,"affiliation":"","enrollmentSecret":"","enrollment":{"signingIdentity":"5aad871581d63447218743ee79289c0c6f531a032d3cf1f0be32083e8c0cbaea","identity":{"certificate":"-----BEGIN CERTIFICATE-----\nMIICizCCAjGgAwIBAgIUQq0tPLPFsLujCsRclZc9POmAh6EwCgYIKoZIzj0EAwIw\nczELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNh\nbiBGcmFuY2lzY28xGTAXBgNVBAoTEG9yZzEuZXhhbXBsZS5jb20xHDAaBgNVBAMT\nE2NhLm9yZzEuZXhhbXBsZS5jb20wHhcNMTkxMTE5MDU0ODAwWhcNMjAxMTE4MDU1\nMzAwWjBAMTAwDQYDVQQLEwZjbGllbnQwCwYDVQQLEwRvcmcxMBIGA1UECxMLZGVw\nYXJ0bWVudDExDDAKBgNVBAMTA3NhbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBGbtyGsC9QNBlO0Z5sumDzEaYR4m8GJpXW2f8Qlvjt79IzCWDjGwFePAIOfnUojz\naDbr0VHgpnWOtUIKUqTVPOujgdUwgdIwDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB\n/wQCMAAwHQYDVR0OBBYEFCR78iTBbBSCYjxajhOMyYrWDO8iMCsGA1UdIwQkMCKA\nIHWD+xHmJ7l80nLYW67w4+Bftya5oeDfD9d4KXfnqn3NMGYGCCoDBAUGBwgBBFp7\nImF0dHJzIjp7ImhmLkFmZmlsaWF0aW9uIjoib3JnMS5kZXBhcnRtZW50MSIsImhm\nLkVucm9sbG1lbnRJRCI6InNhbSIsImhmLlR5cGUiOiJjbGllbnQifX0wCgYIKoZI\nzj0EAwIDSAAwRQIhAJcIBDcygI6Z67ueo46b3WnJCZr+D1HzhaWNp6Lj/+7oAiA6\nRRc9JjnWFvaFaqIJTyNaE7/HFXTXKr+HIkig/UEZpQ==\n-----END CERTIFICATE-----\n"}}}
I have used the below code
async approve(ctx) {
try {
const owId = new clientIdentity(ctx.stub).getAttributeValue('name')
return owId.toString();
} catch(error) {
console.log(error);
throw new Error(`Low on amount`);
}
}
but the above code is not returning the name or any other attributes.
Help will be appreciated!!!
The attributes you retrieve with getAttributeValue() in the Smart Contract are created as follows with the command line:
fabric-ca-client register --id.name clare --id.secret hursley1 --id.maxenrollments -1 --id.attrs 'department=Finance:ecert,location=Berkshire:ecert'
So I'm creating 2 attributes for department and location. Note the :ecert on the end which means that I want the attributres written to the certificate, not just stored in the CA database. Note also that the attributes aren't added to existing certificates, but only "appear" when you have enrolled or renrolled.
Using the node SDK this is a snippet of code that would add the department attribute when registering an Identity:
//create user attr array
let registerAttrs = [];
let registerAttribute = {
name: "department",
value: "Finance",
ecert: true
};
registerAttrs.push(registerAttribute);
// at this point we should have the admin user
// first need to register the user with the CA server
return fabric_ca_client.register(
{
enrollmentID: username,
affiliation: "org1",
role: "client",
attrs: registerAttrs
},
admin_user
);
In your smart contract you can then access the attribute:
ctx.clientIdentity.getAttributeValue('department');
Note that with the fabric-contract-api the clientIdentity object is already populated so you don't need a new clientIdentity object.
You have no attribute named "name". If you analyze your X.509 certificate...
openssl x509 -text -noout -in yourcert.pem
...you get...
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
42:ad:2d:3c:b3:c5:b0:bb:a3:0a:c4:5c:95:97:3d:3c:e9:80:87:a1
Signature Algorithm: ecdsa-with-SHA256
Issuer: C = US, ST = California, L = San Francisco, O = org1.example.com, CN = ca.org1.example.com
Validity
Not Before: Nov 19 05:48:00 2019 GMT
Not After : Nov 18 05:53:00 2020 GMT
Subject: OU = client + OU = org1 + OU = department1, CN = sam
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:66:ed:c8:6b:02:f5:03:41:94:ed:19:e6:cb:a6:
0f:31:1a:61:1e:26:f0:62:69:5d:6d:9f:f1:09:6f:
8e:de:fd:23:30:96:0e:31:b0:15:e3:c0:20:e7:e7:
52:88:f3:68:36:eb:d1:51:e0:a6:75:8e:b5:42:0a:
52:a4:d5:3c:eb
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
24:7B:F2:24:C1:6C:14:82:62:3C:5A:8E:13:8C:C9:8A:D6:0C:EF:22
X509v3 Authority Key Identifier:
keyid:75:83:FB:11:E6:27:B9:7C:D2:72:D8:5B:AE:F0:E3:E0:5F:B7:26:B9:A1:E0:DF:0F:D7:78:29:77:E7:AA:7D:CD
1.2.3.4.5.6.7.8.1:
{"attrs":{"hf.Affiliation":"org1.department1","hf.EnrollmentID":"sam","hf.Type":"client"}}
Signature Algorithm: ecdsa-with-SHA256
30:45:02:21:00:97:08:04:37:32:80:8e:99:eb:bb:9e:a3:8e:
9b:dd:69:c9:09:9a:fe:0f:51:f3:85:a5:8d:a7:a2:e3:ff:ee:
e8:02:20:3a:45:17:3d:26:39:d6:16:f6:85:6a:a2:09:4f:23:
5a:13:bf:c7:15:74:d7:2a:bf:87:22:48:a0:fd:41:19:a5
Your attribute keys are:
hf.Affiliation
hf.EnrollmentID
hf.Type
There is no "name" attribute. You are probably looking for "hf.EnrollmentID".
EDIT: You yourself indicated your certificate in your question, in enrollment.identity.certificate field. I have only saved...
-----BEGIN CERTIFICATE-----
MIICizCCAjGgAwIBAgIUQq0tPLPFsLujCsRclZc9POmAh6EwCgYIKoZIzj0EAwIw
czELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNh
biBGcmFuY2lzY28xGTAXBgNVBAoTEG9yZzEuZXhhbXBsZS5jb20xHDAaBgNVBAMT
E2NhLm9yZzEuZXhhbXBsZS5jb20wHhcNMTkxMTE5MDU0ODAwWhcNMjAxMTE4MDU1
MzAwWjBAMTAwDQYDVQQLEwZjbGllbnQwCwYDVQQLEwRvcmcxMBIGA1UECxMLZGVw
YXJ0bWVudDExDDAKBgNVBAMTA3NhbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA
BGbtyGsC9QNBlO0Z5sumDzEaYR4m8GJpXW2f8Qlvjt79IzCWDjGwFePAIOfnUojz
aDbr0VHgpnWOtUIKUqTVPOujgdUwgdIwDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB
/wQCMAAwHQYDVR0OBBYEFCR78iTBbBSCYjxajhOMyYrWDO8iMCsGA1UdIwQkMCKA
IHWD+xHmJ7l80nLYW67w4+Bftya5oeDfD9d4KXfnqn3NMGYGCCoDBAUGBwgBBFp7
ImF0dHJzIjp7ImhmLkFmZmlsaWF0aW9uIjoib3JnMS5kZXBhcnRtZW50MSIsImhm
LkVucm9sbG1lbnRJRCI6InNhbSIsImhmLlR5cGUiOiJjbGllbnQifX0wCgYIKoZI
zj0EAwIDSAAwRQIhAJcIBDcygI6Z67ueo46b3WnJCZr+D1HzhaWNp6Lj/+7oAiA6
RRc9JjnWFvaFaqIJTyNaE7/HFXTXKr+HIkig/UEZpQ==
-----END CERTIFICATE-----
...as yourcert.pem to check it via openssl.
I'm running a sever in NodeJs whose certificate will be stored in DB as a string (for security purposes). I would like to validate it and it's expiration date, how can I do that?
I looked into 'Crypto' but I could not find a method that can do that.
For example:
-----BEGIN CERTIFICATE-----
MIIDNTCCAh2gAwIBAgIUJqrw/9EDZbp4DExaLjh0vSAHyBgwDQYJKoZIhvcNAQEL
BQAwFjEUMBIGA1UEAxMLbXl2YXVsdC5jb20wHhcNMTcxMjA4MTkyMzIwWhcNMjcx
MjA2MTkyMzQ5WjAWMRQwEgYDVQQDEwtteXZhdWx0LmNvbTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAKY/vJ6sRFym+yFYUneoVtDmOCaDKAQiGzQw0IXL
BT55jevSPVVu
-----END CERTIFICATE-----
Resolved the issue by using package x509.
https://www.npmjs.com/package/x509
const x509 = require('x509');
var cert = x509.parseCert(__dirname + '/certs/nodejitsu.com.crt');
/*
cert = { subject:
{ countryName: 'US',
postalCode: '10010',
stateOrProvinceName: 'NY',
localityName: 'New York',
streetAddress: '902 Broadway, 4th Floor',
organizationName: 'Nodejitsu',
organizationalUnitName: 'PremiumSSL Wildcard',
commonName: '*.nodejitsu.com' },
issuer:
{ countryName: 'GB',
stateOrProvinceName: 'Greater Manchester',
localityName: 'Salford',
organizationName: 'COMODO CA Limited',
commonName: 'COMODO High-Assurance Secure Server CA' },
notBefore: Sun Oct 28 2012 20:00:00 GMT-0400 (EDT),
notAfter: Wed Nov 26 2014 18:59:59 GMT-0500 (EST),
altNames: [ '*.nodejitsu.com', 'nodejitsu.com' ],
signatureAlgorithm: 'sha1WithRSAEncryption',
fingerPrint: 'E4:7E:24:8E:86:D2:BE:55:C0:4D:41:A1:C2:0E:06:96:56:B9:8E:EC',
publicKey: {
algorithm: 'rsaEncryption',
e: '65537',
n: '.......' } }
*/
I'm trying to parse the certificate chain using Node's HTTPS request. I'm testing it on npmjs.com (not www.npmjs.com). When I test it on OpenSSL, it shows me that the chain is in the incorrect order.
openssl s_client -connect npmjs.com:443 -showcerts
OpenSSL Response First Certificate
subject: /OU=GT40876434/OU=See www.rapidssl.com/resources/cps (c)14/OU=Domain Control Validated - RapidSSL(R)/CN=*.npmjs.com
issuer: /C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
Next Certificate ->
subject: /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
issuer: /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
Next Certificate ->
subject: /C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
issuer: /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
However, when I go to step through the certificate chain using my Node's HTTPS request, when the socket is emitted and I do
socket.getPeerCertificate(true)
the chain is in the correct order and I'm getting one different certificate on the Node request than I am on the openssl request.
Node's Response First Certificate:
subject
{ OU:
[ 'GT40876434',
'See www.rapidssl.com/resources/cps (c)14',
'Domain Control Validated - RapidSSL(R)' ],
CN: '*.npmjs.com' }
issuer
{ C: 'US', O: 'GeoTrust Inc.', CN: 'RapidSSL SHA256 CA - G3' }
Next Certificate ->
subject
{ C: 'US', O: 'GeoTrust Inc.', CN: 'RapidSSL SHA256 CA - G3' }
issuer
{ C: 'US', O: 'GeoTrust Inc.', CN: 'GeoTrust Global CA' }
Next Certificate ->
subject
{ C: 'US', O: 'GeoTrust Inc.', CN: 'GeoTrust Global CA' }
issuer
{ C: 'US', O: 'GeoTrust Inc.', CN: 'GeoTrust Global CA' }
Why is this happening?
It looks like node is reordering the certificates for returning in getPeerCertificates so that they reflect the correct order in the trust chain (*). But in reality the certificates are in the wrong order, as can be seen by openssl s_client and also in the analysis of SSLLabs:
Chain issues Incorrect order
(*) the relevant code in node-4.5.0 (LTS) is in src/node_crypto.cc function void SSLWrap<Base>::GetPeerCertificate. There it retrieves the leaf certificate and the original peer certificates from the openssl library using SSL_get_peer_certificate (leaf certificate) and SSL_get_peer_cert_chain (chain). It then does not return the certificates in the original chain order but scans through the chain and adds the certificates in the order how they are depend on each other by checking with X509_check_issued.
This way it returns the certificates in proper dependency order instead of the original order as send by the peer. It also automatically skips any certificates which don't belong in the chain.
It will also add the issuer of the certificate even if it is not contained it the chain (which it usually isn't). This way you not only get a different order of certificates as seen in your example but actually different certificates. The server sends the following certificates in this order:
[A] /OU=GT40876434/OU=See www.rapidssl.com/resources/cps (c)14/OU=Domain Control Validated - RapidSSL(R)/CN=*.npmjs.com
[B] /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA, issued by Equifax
[C] /C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
But getPeerCertificate returns the following:
[A] /OU=GT40876434/OU=See www.rapidssl.com/resources/cps (c)14/OU=Domain Control Validated - RapidSSL(R)/CN=*.npmjs.com
[C] /C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
[R] CA/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA, self-signed
Thus certificate [B] will not be included but instead certificate [R] which is the root certificate contained in the trust store. Both have the same subject and key, but are signed by different entities. [B] is signed by Equifax while [R] is self-signed.
My applet crashed when I call the following line of code
RandomData rd = RandomData.getInstance(RandomData.ALG_SECURE_RANDOM);
I get the following output:
OffCard Installer [v3.0.2]
Copyright (c) 2009 Sun Microsystems, Inc.
All rights reserved.
Use is subject to license terms.
[ INFO: ] [Creating an instance of ClassicApplet1 with instance ID //aid/E96473AB62/DF on http://localhost:8019/cardmanager]
[ INFO: ] "Off Card Installer validating create information"
[ INFO: ] "Off Card Installer preparing create information"
[ INFO: ] "Off Card Installer sending create request"
[ INFO: ] Create failed: null
run-client:
run-script:
Invoking apdutool on C:\Users\Daniel\Documents\NetBeansProjects\ClassicApplet1/scripts/classicapplet1.scr
ApduTool [v3.0.2]
Copyright (c) 2009 Sun Microsystems, Inc.
All rights reserved.
Use is subject to license terms.
Opening connection to localhost on port 9025.
Connected.
Received ATR = 0x3b 0xf0 0x11 0x00 0xff 0x00
CLA: 00, INS: a4, P1: 04, P2: 00, Lc: 06, e9, 64, 73, ab, 62, df, Le: 00, SW1: 69, SW2: 99
run-for-debug:
BUILD SUCCESSFUL (total time: 25 seconds)
What is the cause/reason for the crash. Notice: I am new to the java smart cart ecosystem.
What's up with Off Card Installer sending create request
Your card probably does not support RandomData.ALG_SECURE_RANDOM.
To prove it, try surrounding the line with a try-catch block like this:
try {
RandomData.getInstance(RandomData.ALG_SECURE_RANDOM);
} catch(CryptoException e) {
if (e.getReason() != CryptoException.NO_SUCH_ALGORITHM) {
throw e;
}
}
You will have to use RandomData.ALG_PSEUDO_RANDOM instead. Unfortunately, the security of this algorithm is not guaranteed, so you must be very careful and you should contact your card vendor.