Quite funny that after a few months offline I find the fun in writing a small article about an investigation which is still about security. My task was to find how I could replicate the signature performed with an old applet and a proprietary library which used a hardware token in javascript using a new api provided by a different party. The old applet just signed a hash and I had to find the way to implement this with the new api....
If you are doing signature generation via a hardware token (for instance 3Skey) then, for large files it is impractical to send the file to the hardware token. Instead you send a hash (SHA256), get a detached PKCS#7 signature and you need to re-attach the payload in java code. For once this was easier to do with plain JCE code instead of my favorite BouncyCastle provider. However for really large files BC does provide the streaming mechanism required....
It’s been a long time since I felt such satisfaction debuging something so I decided to write about it. Let’s assume that you need to store (cache) in memory a large object tree during some operations. In practice this happens because some regulatory constraints so you end up having to parse a very large file and store the resulting object tree. Actually you have a single entry cache. You parse your object, store it in memory for search and processing while the current object tree is used....
The use case is as follows: the java application (SP) must use simplesamlphp as an IdP. I tested 2 libraries, these are the required configs. SimpleSAMLphp Please note that the default install from ubuntu (16.04.2) of simplesamlphp (14.0) does not work with the php version installed (php7) because of this bug so I ended installing everything from the tar.gz provided (14.14). Onelogin This is the first library I tested. To install it:...
I have spend a lot of time today trying to find and fix an issue which ended up to be a fun discovery at the end. The following java error occurred when loading a pdf file from an url stream: <pre lang="java">java.io.IOException: missing CR at sun.net.www.http.ChunkedInputStream.processRaw(ChunkedInputStream.java:405) at sun.net.www.http.ChunkedInputStream.readAheadBlocking(ChunkedInputStream.java:572) at sun.net.www.http.ChunkedInputStream.readAhead(ChunkedInputStream.java:609) at sun.net.www.http.ChunkedInputStream.read(ChunkedInputStream.java:696) at java.io.FilterInputStream.read(FilterInputStream.java:133) at sun.net.www.protocol.http.HttpURLConnection$HttpInputStream.read(HttpURLConnection.java:3066) at sun.net.www.protocol.http.HttpURLConnection$HttpInputStream.read(HttpURLConnection.java:3060) This looked like a java lib error since java version was a bit old so the first idea was to replace the code with some apache httpClient based code to load the URL....
After upgrading from 3.4 to 3.6 my JGroups code stopped working. On a 2 nodes setup when the second node tried to join I got the following errors: 2015-04-22 21:38:12,510 INFO [ViewHandler,monalisa,tux-7762|fr.mcc.test.TestJGroups] Detected a change in cluster members: [tux-7762, tux-9846] 2015-04-22 21:38:14,460 WARN [main|org.jgroups.protocols.pbcast.GMS] tux-9846: JOIN(tux-9846) sent to tux-7762 timed out (after 2000 ms), on try 1 2015-04-22 21:38:16,463 WARN [main|org.jgroups.protocols.pbcast.GMS] tux-9846: JOIN(tux-9846) sent to tux-7762 timed out (after 2000 ms), on try 2 2015-04-22 21:38:18,466 WARN [main|org....
Migrating from ojdbc14.jar to ojdbc6.jar is not, as one might think, completely seamless. Here are at least 3 points which required code change: Changes in class hierarchy error: OracleTypes is not public in oracle.jdbc.driver; cannot be accessed from outside package <span class="error">[javac]</span> private static Integer OracleRefCursorType = new Integer(oracle.jdbc.driver.OracleTypes.CURSOR); Behaviour is also not the same: java.sql.SQLException: Could not commit with auto-commit set on at oracle.jdbc.driver.PhysicalConnection.commit(PhysicalConnection.java:2356) at oracle.jdbc.driver.PhysicalConnection.commit(PhysicalConnection.java:2403) at org.apache.tomcat.dbcp.dbcp.DelegatingConnection.commit(DelegatingConnection.java:334) at org....
At first replicating EhCache seems a very easy task, just need to configure ehcache.xml with RMI and you are ready. Is it so? RMI At the beginning it seems so, the cache seems to be replicated, everything works. However at some point you notice in the log something like: Exception on replication of putNotification. Error unmarshaling return header; nested exception is: java.net.SocketTimeoutException: Read timed out. Continuing... java.rmi.UnmarshalException: Error unmarshaling return header; nested exception is: java....
This is a very simple example demonstrating a method to achieve a reliable lock in a cluster when the cluster shares a database connection. This example uses an Oracle database which has the following table/row: <pre lang="sql"> create table locked(shortname varchar2(100) primary key, info varchar2(100)); insert into locked values('TestLock', ''); commit; <pre lang="java"> package com.mccsoft.diapason.util; import java.sql.Connection; import java.sql.DriverManager; import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; public class TestLock implements Runnable{ static final String JDBC_DRIVER = "oracle....
AES encrypt in java and decrypt in java, flex, python, C#. Encrypt: java <pre lang="java">public static void encrypt(InputStream is, OutputStream out, String secret) throws Exception { SecretKey secretKey = new SecretKeySpec(Hex.decodeHex(secret.toCharArray()), "AES"); Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, secretKey); out.write(cipher.getParameters().getParameterSpec(IvParameterSpec.class).getIV()); CipherOutputStream cipherOutputStream = new CipherOutputStream(out, cipher); int bufLength = KEY_LENGTH/8 * 100; byte buf[] = new byte[bufLength]; int bytesRead = 0; while((bytesRead = is.read(buf)) != -1 ) { cipherOutputStream.write(buf, 0, bytesRead); } cipherOutputStream....