Codedrop™ Weblog » Programming

Use Java to disable certificate validation in an HTTPS Connection

groll — Thu, 22 Dec 2011 15:26:57 +0000

By default, accessing an HTTPS URL using the URL class results in an exception if the server’s certificate chain cannot be validated has not previously been installed in the truststore. If you want to disable the validation of certificates for testing purposes, you need to override the default trust manager with one that trusts all certificates.

// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[]{
    new X509TrustManager() {
        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
            return null;
        }
        public void checkClientTrusted(
            java.security.cert.X509Certificate[] certs, String authType) {
        }
        public void checkServerTrusted(
            java.security.cert.X509Certificate[] certs, String authType) {
        }
    }
};

// Install the all-trusting trust manager
try {
    SSLContext sc = SSLContext.getInstance("SSL");
    sc.init(null, trustAllCerts, new java.security.SecureRandom());
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
}

// Now you can access an https URL without having the certificate
// in the truststore
try {
    URL url = new URL("https://hostname/index.html");
} catch (MalformedURLException e) {
}

Tweet This Post

Crontab Reference

groll — Wed, 29 Sep 2010 15:58:54 +0000

I continually forget the format for a crontab entry… here’s a quick reference for those of you who do too!

Tweet This Post

Grails and Oracle XMLDB (XMLType)

groll — Fri, 30 Apr 2010 22:09:28 +0000

Trying to integrate support for Oracle XMLDB in a grails app didn’t turn out to be as straightforward as you might think. By putting the xmlparserv2.jar file in the $GRAILS_HOME/lib folder I was suddenly presented with SAX parse errors…

Luckily I stumbled across this post by Graeme Rocher who had a similar problem and identified how to resolve it…

Essentially to solve the problem, you need to make sure that library is only picked up at runtime, and not compile time. You need to put the xmlparserv2.jar on the system classpath instead of the lib directory.

1) When running standalone from grails command line:
grails -cp lib/runtime/xmlparserv2.jar run-app or modifying the CLASSPATH environment variable

2) When running from within a container, add the .jar to the lib folder
(ie: $TOMCAT_HOME/lib)

Another possible solution is documented here.

Tweet This Post

SelectorGadget makes identifying page elements a breeze!

admin — Tue, 12 Jan 2010 04:51:14 +0000

A recent railscast pointed me at a handy tool that has helped tremendously in speeding up my UI development efforts. In past, I would use FireBug to highlight items on a page and identify the associated id / class. This worked ok, but did not aid in narrowing down my selector in the efficient mannter this one does. You can easily select/deselect fields on your page and dynamically generate your css selector. Very cool!.. I encourage you to check it out!

Introducing SelectorGadget: point and click CSS selectors

Tweet This Post

Add some color to your Capistrano scripts

groll — Fri, 27 Nov 2009 23:05:15 +0000

The beauty of ruby makes it simple to add some colorful syntax highlighting to log messages that are displayed in your capistrano scripts. Here’s a chunk of code I added to my utility.rb file that is included by my capfile that performs the magic.

def colorize(text, color_code) "#{color_code}#{text}\033[0m" end
def red(text); colorize(text, "\033[31m"); end def boldred(text); colorize(text, "\033[1;31m"); end def green(text); colorize(text, "\033[32m"); end def boldgreen(text); colorize(text, "\033[1;32m"); end def yellow(text); colorize(text, "\033[33m"); end def boldyellow(text); colorize(text, "\033[1;33m"); end def blue(text); colorize(text, "\033[34m"); end def boldblue(text); colorize(text, "\033[1;34m"); end def purple(text); colorize(text, "\033[35m"); end def boldpurple(text); colorize(text, "\033[1;35m"); end def cyan(text); colorize(text, "\033[36m"); end def boldcyan(text); colorize(text, "\033[1;36m"); end def white(text); colorize(text, "\033[37m"); end def boldwhite(text); colorize(text, "\033[1;37m"); end
def inform(text); green(text); end def highlight(text); boldgreen(text); end def warning(text); yellow(text); end def alert(text); red(text); end def section(text); "\n\n#{"*" * 50}\n#{text}\n#{"*" * 50}";
Now by utilizing the wrapper methods like this:
task :testconfig do logoutputDir = Logging.initialize("#{$deployDir}/logs", $envNameName, $envNameNum) Logging.info inform("*" * 75) Logging.info inform(" Starting... ") Logging.info " Env: " + highlight('development') Logging.info " Date: " + highlight(Time.now.to_s) Logging.info " User: " + highlight('jsmith') Logging.info " Logs Dir: " + highlight('/tmp/projectX/log') Logging.info inform("*" * 75) Logging.info inform(".. informational message ...") Logging.info warning(".. warning message ...") Logging.info alert(".. alert message ...") Logging.info highlight(".. highlighted message ..") Logging.info inform("*" * 75) Logging.info inform(" Done! ") Logging.info " Date: " + highlight(Time.now.to_s) Logging.info " Dist: " + highlight('/tmp/projectX/dist') Logging.info inform("*" * 75) end
You'll get pretty output like this:

Sample console output

Tweet This Post

Capistrano Callbacks

groll — Wed, 18 Nov 2009 18:51:10 +0000

Neat way to pre-initalize something in capistrano before a task is run

on :start do verifyParametersAndInitialize() end

callback options:

:before, triggered before a task is invoked
:after, triggered after a task is invoked
:start, triggered before a top-level task is invoked via the command-line
:finish, triggered when a top-level task completes
:load, triggered after all recipes have loaded
:exit, triggered after all tasks have completed

Tweet This Post

Automate your non-rails db migrations with Capistrano and AutoPatch

groll — Tue, 10 Nov 2009 20:53:38 +0000

After working in a rails environment for the past year I found it terribly difficult to go back to traditional database deployment / upgrade practices.

Migrations are a beautiful way to properly version, co-ordinate and apply the changes you need to your various database environments. I never knew of a way to do this in a non-rails environment, until now. Step in AutoPatch.

Some alternatives to AutoPatch exist such as migrate4j and Liquibase. Each with their own flavor of how to tackle the problem. AutoPatch was the winner for me as you don’t have to write your migrations in some custom DSL (xml in the case of Liquibase, or java for migrate4j). Our existing .sql scripts worked just fine!

Our shop is currently using Capistrano for deployments. Blending Autopatch with Capistrano was relatively straightforward. Below are two sample tasks that can be added to facilitate AutoPatch’s cmd line info and migrate calls.

desc "Display database migration levels." task :dbinfo do cmdAPClasspath = "#{deployDir}/applications/database/lib/oracle/ojdbc14_g.jar" \ + ":#{deployDir}/dist/prepare/database" \ + ":#{deployDir}/lib/java/tk-autopatch-1.2-b-cvs.jar" \ + ":#{deployDir}/lib/java/log4j-1.2.8.jar" \ + ":#{deployDir}/lib/java/commons-logging-1.0.3.jar" \ + ":#{deployDir}/lib/java/commons-collections-3.2.1.jar" \ + ":#{deployDir}/lib/java/commons-lang-2.2.jar" \ + ":#{deployDir}/lib/java/tk-util-1.1.2.jar" cmdAPPatchInfo = "java -cp #{cmdAPClasspath} " \ + "com.tacitknowledge.util.migration.jdbc.MigrationInformation#{systemName}" system(cmdAPPatchInfo) end

desc "Apply database migrations." task :dbmigrate do cmdAPClasspath = "#{deployDir}/applications/database/lib/oracle/ojdbc14_g.jar" \ + ":#{deployDir}/dist/prepare/database" \ + ":#{deployDir}/lib/java/tk-autopatch-1.2-b-cvs.jar" \ + ":#{deployDir}/lib/java/log4j-1.2.8.jar" \ + ":#{deployDir}/lib/java/commons-logging-1.0.3.jar" \ + ":#{deployDir}/lib/java/commons-collections-3.2.1.jar" \ + ":#{deployDir}/lib/java/commons-lang-2.2.jar" \ + ":#{deployDir}/lib/java/tk-util-1.1.2.jar" cmdAPPatchInfo = "java -cp #{cmdAPClasspath} " \ + "com.tacitknowledge.util.migration.jdbc.StandaloneMigrationLauncher #{systemName}" system(cmdAPPatchInfo) end

Tweet This Post

OpenSSL Certificate Formats / Conversion

groll — Tue, 15 Sep 2009 20:45:55 +0000

This past week has left me having to learn much more about https certificates then I ever thought I would care to know… Here’s a synopsis of some of the highlights of my learnings as pulled from various resources on the web.

OpenSSL supports several certificate formats. Certificates are based on the DSA signature algorithm and the RSA algorithm for public-key cryptography according to PKCS algorithms. The certificate format depends on the application, as there is no agreement on file format standards.

Private keys are usually available in the PEM and DER format. The related files have names of the following type:

*key-rsa.pem for pem files
*key-rsa.der for der files

For OpenSSL applications, the PEM format should suffice. For Java applications, the DER format might be more suitable for importing the private key and certificates.

For certificates, the available formats are PEM, DER and PKCS12 with file names of the following type:

*cert.pem for pem files
*cert.der for der files
*cert.p12 for pkcs12 files

In general, the PEM formats are mostly used in the Unix world, PCKS12 in the Microsoft world and DER in the Java world.

Certificate files are ASN.1-encoded objects that may be encrypted according to DES (Data Encryption Standard). The files can optionally be encrypted using a symmetric cipher algorithm, such as 3DES.

An unencrypted PEM file might look something like this:

    —–BEGIN CERTIFICATE—–
    MB4CGQDUoLoCULb9LsYm5+/WN992xxbiLQlEuIsCAQM=
    —–END CERTIFICATE—–

The string beginning with MB4C… is the Base64-encoded, ASN.1-encoded object.

An encrypted file would have headers describing the type of encryption used, and the initialization vector:

    —–BEGIN RSA PRIVATE KEY—–
    Proc-Type: 4,ENCRYPTED
    DEK-Info: DES-EDE3-CBC,C814158661DC1449
    AFAZFbnQNrGjZJ/ZemdVSoZa3HWujxZuvBHzHNoesxeyqqidFvnydA==
    —–END RSA PRIVATE KEY—–

The two headers Proc-Type and DEK-Info declare the type of encryption, and the string starting with AFAZ… is the Base64-encoded, encrypted, ASN.1-encoded object.

As web browsers make use of Java applications, they import/export certificates in pkcs12 file format, i.e. public and private keys are packed in one single file using the PKCS#12 algorithm. Other applications require the pem format with unpacked public and private keys, thus the user must remember the appropriate file format for each application and must perform format conversions as appropriate.

The following tables report a summary of formats used for INFN-Grid applications and two simple scripts with format conversion commands.

INFN-Grid Certificates Format Summary
Certificate Type     Certificate Format
CA Authority Certificate     DER
Personal Certificate from CA     PKCS12
Grid Access Certificate     PEM

=========================
CONVERT pkcs12 to pem
=========================
#!/bin/sh
echo “copy your cert to cert.p12 – then run this script”
openssl pkcs12 -clcerts -nokeys -in cert.p12 -out usercert.pem
openssl pkcs12 -nocerts -in cert.p12 -out userkey.pem

=========================
CONVERT pem to pkcs12
=========================
#!/bin/sh
echo “Verify that you are using the correct certificate pair (key/cert)”
openssl pkcs12 -export -out one.identity.neteller.com.p12 -inkey ./one.identity.neteller.com.key -in ./one.identity.neteller.com.cert

** NOTE: specify the -in and -inkey parameters as PEM format files…

If your running JRockit, you might also be interested in how to update Verisign CA root certificates.

This might be required if you start seeing errors such as this:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Tweet This Post

Create a default ‘usage’ target for your ANT project builds

groll — Fri, 14 Aug 2009 17:14:13 +0000

I keep coming across instances of ant build files where developers have hard coded a usage target that outputs target actions. This is not required and should be avoided as it is often not maintained. Instead, properly maintain the description attribute of each target and use a default target as below:

Tweet This Post

PERL script for identifying installed modules.

groll — Fri, 31 Jul 2009 15:30:45 +0000

Trying to identify all modules installed on your local server?… try this command:
Note: First time you run you might have to configure CPAN… for the most part defaults are good but pick a good local mirror.

perl -MCPAN -e 'print CPAN::Shell->r '

Package namespace    installed    latest  in CPAN file
Archive::Tar              1.30      1.52  K/KA/KANE/Archive-Tar-1.52.tar.gz
Attribute::Handlers    0.78_01      0.85  S/SM/SMUELLER/Attribute-Handlers-0.85.tar.gz
AutoLoader                5.60      5.68  S/SM/SMUELLER/AutoLoader-5.68.tar.gz
B                         1.02      1.19  N/NW/NWCLARK/perl-5.8.9.tar.gz
B::Debug                  1.01      1.11  R/RU/RURBAN/B-Debug-1.11.tar.gz

Tweet This Post