Posts Tagged ‘J2EE’

Attach payload into detached pkcs#7 signature

If you are doing signature generation via a hardware token (for instance 3Skey) then, for large files it is impractical to send the file to the hardware token. Instead you send a hash (SHA256), get a detached PKCS#7 signature and you need to re-attach the payload in java code. For once this was easier to do with plain JCE code instead of my favorite BouncyCastle provider. However for really large files BC does provide the streaming mechanism required.

Of course the best commands to use to help debug the code bellow are:

Verify pkcs#7 signature

#the -noverify means do not verify the certificate chain, this will only verify the signature not the originating certificate
openssl smime -inform DER -verify -noverify -in signature.p7s

(more…)

openssl recipes

These last days I had to tinker with openssl a lot and this is a short memory reminder of the params.

PKCS#7 manipulation

Verify pkcs#7 signature

#the -noverify means do not verify the certificate chain, this will only verify the signature not the originating certificate
openssl smime -inform DER -verify -noverify -in signature.p7s

Show the structure of the file (applies to all DER files)

#for debuging
openssl asn1parse -inform DER -i -in signature.p7s

Extract certificate and public key

openssl pkcs7 -inform DER -in signature.p7s -print_certs > certificate.crt
openssl x509 -in certificate.crt -noout -pubkey > pubKey.key

JKS certificate import

Export private key from jks keystore

#convert jks to pkcs#12 format
keytool -importkeystore -srckeystore myKeystore.jks -destkeystore myKeystore.p12
-deststoretype PKCS12 -srcalias myAlias
#export private key (WARNING, manipulate with care)
openssl pkcs12 -in myKeystore.p12  -nodes -nocerts -out myKey.pem

Check .csr or .crt public key against a private key

This will generate the sha256 hash for the public key, compare manualy. Very useful if you lost your key or are getting “No certificate matches private key”.

#generate hash for pubKey generated from privateKey
openssl pkey -in myPrivateKey.key -pubout -outform pem | sha256sum 
#generate hash for pubKey from cert
openssl x509 -in myCertificate.crt -pubkey -noout -outform pem | sha256sum 
#generate hash for pubKey from csr
openssl req -in myCSR.csr -pubkey -noout -outform pem | sha256sum

Convert p7b signed certificate response to jks keystore

This is very useful if you lost your jks keystore containing the original .csr

#export certs from signed certificate response to .pem
openssl pkcs7 -print_certs -in myStore.p7b -out certs.pem
#combine certs and key in pkcs#12 format
openssl pkcs12 -export -name server -in certs.pem -out myKeystore.p12 -inkey myPrivateKey.key
#convert pkcs#12 to jks
keytool -importkeystore -srcstoretype pkcs12 -srckeystore myKeystore.p12 -destkeystore myKeystore.jks

An “obvious” improvement

It’s been a long time since I felt such satisfaction debuging something so I decided to write about it.

Let’s assume that you need to store (cache) in memory a large object tree during some operations. In practice this happens because some regulatory constraints so you end up having to parse a very large file and store the resulting object tree. Actually you have a single entry cache. You parse your object, store it in memory for search and processing while the current object tree is used.

public ObjectHandler getObjectHandler(Long id) throws Exception{
	if(cachedObjectHandler != null){
		if(cachedObjectHandler.getId().equals(id)){
			return cachedObjectHandler;
		}
	}
	//else
	cachedObjectHandler = parse(...)
	return cachedObjectHandler;
}

The code above is a simplified way to do it, no? Please note that the parse(…) function creates the object tree by parsing a stream and allocates a new object tree. In my particular case the object tree holded a max of 120k objects (~150Mb) and did some large xml parsing using stax.

So what is wrong with the code above? Take a look at what a single change can do:

public ObjectHandler getObjectHandler(Long id) throws Exception{
	if(cachedObjectHandler != null){
		if(cachedObjectHandler.getId().equals(id)){
			return cachedObjectHandler;
		}
	}
	//else
	cachedObjectHandler = null;
	cachedObjectHandler = parse(...)
	return cachedObjectHandler;
}

Did we just reduced the max needed memory by 2? In the first case since java does right to left assignment first a new object tree is allocated by the parse function and only when done it is assigned to the cachedObjectHandler object allowing for the old object tree to be gc-ed. However with the null assignment it can be gc-ed while the new allocation takes place if memory is needed.

As I said, a small change with a big smile.
 

Multicast pitfalls

Multicast might seem like a great idea for 2 problems: iptv and discovery. In my case it seemed like a very good idea for cluster node auto-discovery: no need to configure each node with all the other nodes, no need to know the number of nodes beforehand, use a single node configuration. However it seems that more and more nodes are discovered you can fall into some very dark pitfalls which could eat days and nights of your time until either you find a solution, either you revert to tcp or udp unicast. And the conclusion is that multicast at network level is not something you can assume working as is the case for tcp or udp unicast. Here are some pitfalls I found in various deployments and the solution or lack of, I could or could not find. (more…)

Replicated EhCache, the uneasy road

At first replicating EhCache seems a very easy task, just need to configure ehcache.xml with RMI and you are ready. Is it so?

(more…)

JBoss migration – Quartz

This is a continuation of the previous article regarding some migration points (1, 2) from JBoss 4.2.2-GA to JBoss 7.1.1 and, presumably, Tomcat 7.

3. Quartz

Quartz migration has been the simplest of all, by far.
(more…)

JBoss migration – the HAR archive

This is a continuation of the previous article regarding some migration points from JBoss 4.2.2-GA to JBoss 7.1.1 and, presumably, Tomcat 7.

2. The HAR archive

The HAR archive was a nice mechanism which allowed hibernate integration. A ${name}.har file was created, containing all the mappings (*.hbm.xml) and data classes (*.class), allong with a hibernate-service.xml (later renamed to service-hibernate.xml in JBoss 5). This took care of creating the SessionFactory and making it accessible through JNDI. Creating a session in code become:

InitialContext ctx = new InitialContext();
SessionFactory factory = (SessionFactory) ctx.lookup("XName");
return factory.openSession();

(more…)

JBoss migration – the data source

I have spent a lot of time lately trying to create a migration plan for an application currently running on JBoss 4.2.2. Since this application development started a few migration attempts to newer versions of JBoss have been done (see for 5.1) but as it seems each version has different style configuration files and this application is expected to have a long lifetime the work seems a bit futile so in parallel of
migrating to JBoss-7.1.1 I’ve tried to migrate to Tomcat since our use of EJB’s is limited and other MBeans can be refactored in simpler ways. Unlike JBoss, Tomcat configuration seems to be eternal and by all means simpler.
(more…)

RIA’s. Where to go from now?

I was a big fan of Flex. The code was clean, object-oriented, re-usable. We even had the bonus of E4X. We’ve wrote the interface of a huge project using it and I know there was no way we could have had such a rich client other than using native code. We developed multiplatform and the client ran multiplatform without a bit of change. The deployment was easy and the administration on the client side minimal. Everyone had flash.

(more…)

To migrate or not to migrate

This is not a guide, nor intended to help, it’s a steam valve for my efforts to migrate an application to jboss 7 as each exception can take minutes or hours to solve without altering the original code.

Caused by: org.jboss.jca.common.metadata.ParserException: IJ010061: Unexpected element: local-tx-datasource
        at org.jboss.jca.common.metadata.ds.DsParser.parseDataSources(DsParser.java:183)
        at org.jboss.jca.common.metadata.ds.DsParser.parse(DsParser.java:119)
        at org.jboss.jca.common.metadata.ds.DsParser.parse(DsParser.java:82)
        at org.jboss.as.connector.deployers.processors.DsXmlDeploymentParsingProcessor.deploy(DsXmlDeploymentParsingProcessor.java:80)

        at org.jboss.as.ee.metadata.MethodAnnotationAggregator.runtimeAnnotation
Information(MethodAnnotationAggregator.java:58)
        at org.jboss.as.ee.component.deployers.InterceptorAnnotationProcessor.ha
ndleAnnotations(InterceptorAnnotationProcessor.java:85)
        at org.jboss.as.ee.component.deployers.InterceptorAnnotationProcessor.pr
ocessComponentConfig(InterceptorAnnotationProcessor.java:70)
        at org.jboss.as.ee.component.deployers.InterceptorAnnotationProcessor.de
ploy(InterceptorAnnotationProcessor.java:55)
        at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:113) [jboss-as-server-7.1.1.Final.jar:7.1.1.Final]
        ... 5 more
Caused by: java.lang.NoClassDefFoundError: org/hibernate/HibernateException
        at java.lang.Class.getDeclaredFields0(Native Method) [rt.jar:1.6.0_23]
        at java.lang.Class.privateGetDeclaredFields(Class.java:2291) [rt.jar:1.6.0_23]
        at java.lang.Class.getDeclaredFields(Class.java:1743) [rt.jar:1.6.0_23]
        at org.jboss.as.server.deployment.reflect.ClassReflectionIndex.(ClassReflectionIndex.java:57) [jboss-as-server-7.1.1.Final.jar:7.1.1.Final]
        at org.jboss.as.server.deployment.reflect.DeploymentReflectionIndex.getClassIndex(DeploymentReflectionIndex.java:66) [jboss-as-server-7.1.1.Final.jar:7.1.1.Final]

        at org.apache.catalina.core.StandardContext.contextListenerStart(StandardContext.java:3392) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.core.StandardContext.start(StandardContext.java:3850) [jbossweb-7.0.13.Final.jar:]
        at org.jboss.as.web.deployment.WebDeploymentService.start(WebDeploymentService.java:90) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
        at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
        at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [rt.jar:1.6.0_23]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [rt.jar:1.6.0_23]
        at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_23]
Caused by: java.lang.ClassNotFoundException: org.jboss.as.jmx.PluggableMBeanServerBuilder from [Module "deployment.diapason.ear.diapason-web.war:main" from Service Module Loader]

(MSC service thread 1-6) Exception sending context initialize
d event to listener instance of class org.jbpm.web.JobExecutorLauncher: org.jbpm
.JbpmException: couldn't parse jbpm configuration from resource 'jbpm.cfg.xml'
        at org.jbpm.JbpmConfiguration.getInstance(JbpmConfiguration.java:292) [j
bpm-jpdl.jar:3.2.3 (date:18-Jun-2008 00:51)]
        at org.jbpm.web.JobExecutorLauncher.contextInitialized(JobExecutorLaunch
er.java:55) [jbpm-jpdl.jar:3.2.3 (date:18-Jun-2008 00:51)]
        at org.apache.catalina.core.StandardContext.contextListenerStart(StandardContext.java:3392) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.core.StandardContext.start(StandardContext.java:3850) [jbossweb-7.0.13.Final.jar:]
        at org.jboss.as.web.deployment.WebDeploymentService.start(WebDeploymentService.java:90) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
        at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
        at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)

host].[/dix]] (MSC service thread 1-4) StandardWrapper.Throwable: java.lang.NoClassDefFoundError: org/mozilla/javascript/WrappedException
        at java.lang.Class.forName0(Native Method) [rt.jar:1.6.0_23]
        at java.lang.Class.forName(Class.java:169) [rt.jar:1.6.0_23]

ava.lang.IllegalAccessError: tried to access class 
org.hibernate.cfg.Configuration$1 from class org.hibernate.cfg.Configuration
08:21:17,924 ERROR [stderr] (JbpmJobExecutor:127.0.1.1:1)       at org.hibernate
.cfg.Configuration.buildMapping(Configuration.java:2923)
08:21:17,925 ERROR [stderr] (JbpmJobExecutor:127.0.1.1:1)       at org.hibernate
.cfg.Configuration.(Configuration.java:269)
08:21:17,925 ERROR [stderr] (JbpmJobExecutor:127.0.1.1:1)       at org.hibernate
.cfg.Configuration.(Configuration.java:302)
08:21:17,925 ERROR [stderr] (JbpmJobExecutor:127.0.1.1:1)       at org.jbpm.db.h
ibernate.HibernateHelper.createConfiguration(HibernateHelper.java:74)

from Service Module Loader: java.lang.LinkageError:

Caused by: java.lang.NoClassDefFoundError: org/jboss/as/clustering/infinispan/subsystem/CacheConfigurationService
        at org.jboss.as.jpa.hibernate3.HibernatePersistenceProviderAdaptor.addProviderDependencies(HibernatePersistenceProviderAdaptor.java:104)
        at org.jboss.as.jpa.processor.PersistenceUnitDeploymentProcessor.deployPersistenceUnit(PersistenceUnitDeploymentProcessor.java:345)
        at org.jboss.as.jpa.processor.PersistenceUnitDeploymentProcessor.addPuService(PersistenceUnitDeploymentProcessor.java:258)
        at org.jboss.as.jpa.processor.PersistenceUnitDeploymentProcessor.handleEarDeployment(PersistenceUnitDeploymentProcessor.java:216)
        at org.jboss.as.jpa.processor.PersistenceUnitDeploymentProcessor.deploy(PersistenceUnitDeploymentProcessor.java:119)

And so on…