The Lowly Life of a Tech: 2013

Thursday, November 21, 2013

oracle and apache cxf

How to setup Ruby and new Oracle Instant Client on Leopard

http://blog.rayapps.com/2008/04/24/how-to-setup-ruby-and-new-oracle-instant-client-on-leopard/ ul>li*>a[href='$#']{$#}

Get Oracle Instant Client working on Mac. Then get it working with Ruby!

export DYLD_LIBRARY_PATH="/usr/local/oracle/instantclient_10_2"
export SQLPATH="/usr/local/oracle/instantclient_10_2"
export TNS_ADMIN="/usr/local/oracle/network/admin"
export NLS_LANG="AMERICAN_AMERICA.UTF8"
export PATH=$PATH:$DYLD_LIBRARY_PATH

RubyForge: ruby-oci8: Project Filelist

http://rubyforge.org/frs/?group_id=256

Download Ruby OCI8.

Tnsnames.ora - Oracle FAQ

http://www.orafaq.com/wiki/Tnsnames.ora

SERVICE_NAME is the same thing as SID?

ORA11 =
 (DESCRIPTION = 
   (ADDRESS_LIST =
     (ADDRESS = (PROTOCOL = TCP)(HOST = 127.0.0.1)(PORT = 1521))
   )
 (CONNECT_DATA =
   (SERVICE_NAME = ORA11)
 )
)

Another example

connection_label =
 (DESCRIPTION = 
   (ADDRESS_LIST =
     (ADDRESS = (PROTOCOL = TCP)(HOST = server.name.org)(PORT = 1521))
   )
 (CONNECT_DATA =
   (SERVICE_NAME = service.name)
 )
)

Class: OCI8 - Documentation by YARD 0.7.5

http://ruby-oci8.rubyforge.org/en/OCI8.html

Documentation for OCI8. What are the parameters for the constructor again?

 - (OCI8) initialize(username, password, dbname = nil, privilege = nil) constructor

Instant Client downloads for Mac OS X (Intel x86)

http://www.oracle.com/technetwork/topics/intel-macsoft-096467.html

You need a username/password to get access to these, but it's no big deal.

It might also be handy to have Oracle JDBC drivers around as well.

Markdown - Wikipedia, the free encyclopedia

http://en.wikipedia.org/wiki/Markdown

I finally checked out how to add markdown for SO (Stack Overflow) entries.

Text attributes *Italic*, **bold**, `monospace`.

<p>Text attributes <em>Italic</em>,
<strong>bold</strong>,
<code>monospace</code>.</p>

Bash - Manipulating Strings - Substring Extraction

http://tldp.org/LDP/abs/html/string-manipulation.html

Extracts $length characters of substring from $string at $position.

${string:position:length}

echo ${stringZ:0}                            # abcABC123ABCabc
echo ${stringZ:1}                            # bcABC123ABCabc
echo ${stringZ:7}                            # 23ABCabc

echo ${stringZ:7:3}                          # 23A
                                             # Three characters of substring.

Apache CXF -- FAQ

http://cxf.apache.org/faq.html#FAQ-HowcanIturnonschemavalidationforjaxwsendpoint%3F

It appears there is a configuration setting that can be used to have Apache CXF handle validation. It also appears that this will not be a turn-key solution for me. Something is not quite right as it seems CXF doesn't have access to the XSD files, even though they are included in the class path.

Thursday, November 14, 2013

attempts to work edit remote files locally

java

multithreading - kill -3 to get java thread dump - Stack Overflow

http://stackoverflow.com/questions/4876274/kill-3-to-get-java-thread-dump

jstack PID > outfile

css

Border-radius: create rounded corners with CSS! - CSS3 . Info

http://www.css3.info/preview/rounded-border/

Beautiful! Simple and effective. IE, why can't you conform?!

xterm

Setting up X Term

Trying to get xterm to work appears to be rather simple, even if Apple decided to not include X11 with it's OS anymore. XQuartz was simple enough to set up. I'm not currently using xterm right now, but it's there if I need it. One major bone to pick -- why can't I paste into an xterm window?! I don't have a middle mouse button (Magic Mouse) and I don't know how to overcome this obstacle.

ssh; xforward

Configuring xhost

The effort to use xhost to use an xterm session to work on remote resources should be relatively easy and straight forward. It's easy, that is, if you have control over the remote to turn the X Forward option on.

ssh

Speeding up SSH (ControlMaster) - nion's blog

http://nion.modprobe.de/blog/archives/502-Speeding-up-SSH-ControlMaster.html

Nearly two years passed and there are still people out there who don't know 'ControlMaster' which was introduced in OpenSSH 4.0.
http://nion.modprobe.de/blog/archives/502-Speeding-up-SSH-ControlMaster.html

vim - Using Macvim over ssh - Stack Overflow

http://stackoverflow.com/questions/5321594/using-macvim-over-ssh

Slick; just found out about this option. Open a single file remotely through my Vim client for editing. This works if you have already configured the remote with your ssh key.

:e scp://username@host.com/path/to/file

SSH Can Do That? Productivity Tips for Working with Remote Servers | Smylers [blogs.perl.org]

http://blogs.perl.org/users/smylers/2011/08/ssh-productivity-tips.html

Extensive resource on how ssh can be used to ease your burdens.

$ mkdir gallery_src
$ sshfs dev:projects/gallery/src gallery_src
$ cd gallery_src
$ ls

Setting up OXSFuse and SSHFS

This is just what I need to use my local editor to edit files on a remote system. I can open multiple files with a single call and I don't need to worry with scp'ing files over once I'm done editing them.

umount - Unmount the directory which is mounted by sshfs in Mac - Stack Overflow

http://stackoverflow.com/questions/14057830/unmount-the-directory-which-is-mounted-by-sshfs-in-mac

If this doesn't work, try using sudo.

umount -f <absolute pathname to the mount point>

c3p0 debugging/logging

c3p0-v0.9.5-pre5 - JDBC3 Connection and Statement Pooling - Documentation

http://www.mchange.com/projects/c3p0/#configuring_logging

Logging levels.

OFF
SEVERE
WARNING
INFO
CONFIG
FINE
FINER
FINEST
ALL

log4j.properties example

http://www.mkyong.com/logging/log4j-log4j-properties-examples/

Basic log4j.properties file. Log to STDOUT and to a file.

# Root logger option
log4j.rootLogger=INFO, file, stdout
 
# Direct log messages to a log file
log4j.appender.file=org.apache.log4j.RollingFileAppender
log4j.appender.file.File=C:\\loging.log
log4j.appender.file.MaxFileSize=1MB
log4j.appender.file.MaxBackupIndex=1
log4j.appender.file.layout=org.apache.log4j.PatternLayout
log4j.appender.file.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n
 
# Direct log messages to stdout
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.Target=System.out
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n

Using Maven to execute a Java class with Java options

I needed to run a Maven script, explicitly including both java options and application arguments. My boss gave me this sample which makes it possible to do so via a Maven call.

Note that the goal is changed from java to exec. There is no mainClass; instead, use executable. Then make sure the argument values are included in the order they should appear in the command. Maven makes it easy to include the classpath with the classpath element.

The system properties in the systemProperties section become superfulous since they are being included earlier in the argument values.

<plugin>
    <groupId>org.codehaus.mojo</groupId>
    <artifactId>exec-maven-plugin</artifactId>
    <executions>
        <execution>

            <phase>test</phase>

            <goals>
                <goal>exec</goal>
            </goals>

            <configuration>

                <!-- mainClass>jovial.Runner</mainClass -->
                <executable>java</executable>

                <arguments>
                    <argument>-classpath</argument>
                    <classpath />
                    <argument>-Dcom.mchange.v2.log.MLog=com.mchange.v2.log.log4j.Log4jMLog</argument>
                    <argument>jovial.Runner</argument>
                    <argument>${main.basedir}/jovial-config.xml</argument>
                </arguments>

                <systemProperties>
                  <systemProperty>
                    <key>com.mchange.v2.log.MLog</key>
                    <value>com.mchange.v2.log.log4j.Log4jMLog</value>
                  </systemProperty>
                </systemProperties>

            </configuration>
        </execution>
    </executions>
</plugin>

Accessing files remotely

Many developers get comfortable using tools on their own development machine. So much so that when asked to do some development on a remote machine, it may feel quite painful. "Gee, if I could only open this file and edit it with my favorite editor, I could get this job done a lot faster!" And it's the truth.

I tried setting up xterm on OSX 1.8, but I don't have control over the server I want to connect with, so xhost isn't going to work for me.

If you get the message "error: Can't open display: DISPLAY is not set," this usually means the administrator of the remote computer needs to enable the X11 Forwarding option in the sshd_config file before you log in.
http://stackoverflow.com/questions/5321594/using-macvim-over-ssh

I don't have access to this file and I don't want to make a big stink with the sys admins to turn it on. All I want to do is edit files with my favorite GUI editor -- MacVim!

So if not xhost and xterm, what other options do I have? First I found this little gem:

:e scp://username@host.com/path/to/file

Cody

I did not know you could do that. As stated by a few in the SO thread, you can only do this with one file at a time. Closer, yes. But I really want a little more flexibility. I often open files using mvim -p file1 file2 file3, so is there any other options?

Then I found an even more valuable gem -- SSHFS:

$ mkdir gallery_src
$ sshfs dev:projects/gallery/src gallery_src
$ cd gallery_src
$ ls

Smylers

Wow! Very cool.

This mounts a remote directory as a local directory that I can interact with as if it were on my local machine even though it really isn't.

Here is a solution that I can do without requiring any special service running on the remote server or additional configuration. I just need to include my ssh key in the remotes authorized_keys file and install a couple things on my local development machine -- OXSFuse (formerly known as MacFuse) and then SSHFS.

Voila! Now I'm in business. I start my VPN client, I've included my ssh public key in the remote's authorized_keys (chmod 600) and I have also mounted the directory of the remote project and it's business as usual, editing files on the server as if I were editing them locally.

mkdir ~/Documents/remote-project
cd ~/Documents
sshfs remote-username@remote.server.org:remote-project remote-project

Ok. And to unmount the remote directory:

cd ~/Documents
umount -f remote-project

# for some, this works too
#fusermount -u remote-project

Ok. Now, assuming I currently have the remote directory mounted, I want to find some files and open them in MacVim. I warn you now, this can be painfully slow.

cd ~/Documents/remote-project
find . -name "pom.xml" | xargs mvim -p

Yes, too slow for my taste. What can I do? Part of that answer lies with one of the earlier suggestions -- tunneling our request via ssh.

cd ~/Documents/remote-project
ssh remote-username@remote.server.org find remote-project -name "pom.xml"

Since my project uses Maven, this lists the pom.xml files in the Maven project. And the performance of this call is snappy! Now I want to pipe the resulting files into my MacVim editor.

cd ~/Documents/remote-project
ssh remote-username@remote.server.org find remote-project -name "pom.xml" | xargs mvim -p

Huh. Happy moment over. All I got was a bunch of newly created files. The left of the pipe is run on the remote. The right of the pipe is run locally. Since I don't have files at the reported location, I'm getting exactly what I asked for instead of what I was intending. If we set up the path to the directory used for the remote mount to mirror the path from the user account home, we should be able to achieve the desired result.

In the case of this example, instead of changing directories to *inside* the mounted directory, we go up one directory so that we mirror the path to the directory on the remote server from the user's home directory.

local:
~/Documents/remote-project

remote:
          ~/remote-project

On my local machine, if I am in the ~/Documents directory, I am in the same position relative to being in the user's home directory on the remote.

cd ~/Documents
ssh remote-username@remote.server.org find remote-project -name "pom.xml" | xargs mvim -p

In the find results are file references that include the path relative to the user's home directory. If this matches up with the path relative to our current local directory, then the desired files in the mounted remote directory are opened. Happy moment restored.

I'm not sure how much of a performance benefit it offers, but I found an additional tool that might improve performance when opening multiple remote ssh connections.

Performance enhancements with OpenSSH 4.0 and higher

ControlMaster
ControlPath
ControlPersist

Saturday, November 9, 2013

some points on message-level encryption

SSL and Certificates

The Most Common OpenSSL Commands

http://www.sslshopper.com/article-most-common-openssl-commands.html

Continues to be a great resources for keytool. Another similar resource exists for OpenSSL.

Southern Illinois University - File Encryption Guidelines and Procedures

http://pki.siu.edu/encrypting_files.html

Web Help Desk Documentation Library | Installation | Importing an SSL Certificate

http://docs.webhelpdesk.com/m/5197/l/54068-importing-an-ssl-certificate

A CA Reply is the signed certificate, the result of a CA signing a certificate request (CSR).

Certificate chains may be of any length. The highest certificate in the chain, the root certificate, should be a self-signed certificate, signed by the trusted CA. Each certificate in the chain must imported into the keystore so that the complete chain can be sent to the browser. If the CA Reply does not include the chain certificates, they must be added to the keystore manually before the CA reply. The certificates must be imported in order of dependency—i.e., the root certificate must be added first, then the next chained certificate that was signed by the root certificate, and so on, down to the CA reply.

Michael Vorburger's Old Blog: Setting up two-way (mutual) SSL with Tomcat on Java5 is easy!

http://blog1.vorburger.ch/2006/08/setting-up-two-way-mutual-ssl-with.html

A pretty comprehensive tutorial on setting up 2-way SSL with Tomcat, including how to set up the keystores using keytool.

Bash

Bash Regular Expressions | Linux Journal

http://www.linuxjournal.com/content/bash-regular-expressions

Using regular expressions in bash and how to extract the match data values.

#!/bin.bash

if [[ $# -lt 2 ]]; then
    echo "Usage: $0 PATTERN STRINGS..."
    exit 1
fi
regex=$1
shift
echo "regex: $regex"
echo

while [[ $1 ]]
do
    if [[ $1 =~ $regex ]]; then
        echo "$1 matches"
        i=1
        n=${#BASH_REMATCH[*]}
        while [[ $i -lt $n ]]
        do
            echo "  capture[$i]: ${BASH_REMATCH[$i]}"
            let i++
        done
    else
        echo "$1 does not match"
    fi
    shift
done

Advanced Bash-Scripting Guide: Chapter 8.

http://tldp.org/HOWTO/Bash-Prog-Intro-HOWTO-8.html

Bash functions don't explicitly declare their variables. You just access $1, $2, $3, ... to access a function's parameters.

  #!/bin/bash 
  function quit {
     exit
  }  
  function e {
      echo $1 
  }  
  e Hello
  e World
  quit
  echo foo

linux - Extract File Basename Without Path and Extension in Bash - Stack Overflow

http://stackoverflow.com/questions/2664740/extract-file-basename-without-path-and-extension-in-bash

Bash string manipulations can make easy work of parsing file names. Pretty cool!

  $ s=/the/path/foo.txt
  $ echo ${s##*/}
  foo.txt
  $ s=${s##*/}
  $ echo ${s%.txt}
  foo
  $ echo ${s%.*}
  foo

bash String Manipulations Issue 18

http://linuxgazette.net/18/bash.html

More information on bash string manipulations.

  Given:
      foo=/tmp/my.dir/filename.tar.gz 

  We can use these expressions:

  path = ${foo%/*}
      To get: /tmp/my.dir (like dirname)
  file = ${foo##*/}
      To get: filename.tar.gz (like basename)
  base = ${file%%.*}
      To get: filename 
  ext = ${file#*.}
      To get: tar.gz

Advanced Bash-Scripting Guide: Chapter 7. Tests

http://tldp.org/LDP/abs/html/nestedifthen.html

Nested if/then condition tests.

  a=3

  if [ "$a" -gt 0 ]
  then
    if [ "$a" -lt 5 ]
    then
      echo "The value of \"a\" lies somewhere between 0 and 5."
    fi
  fi

  # Same result as:

  if [ "$a" -gt 0 ] && [ "$a" -lt 5 ]
  then
    echo "The value of \"a\" lies somewhere between 0 and 5."
  fi

Advanced Bash-Scripting Guide: Chapter 6. Tests

http://tldp.org/HOWTO/Bash-Prog-Intro-HOWTO-6.html

Conditionals with variables.

  #!/bin/bash
  T1="foo"
  T2="bar"
  if [ "$T1" = "$T2" ]; then
      echo expression evaluated as true
  else
      echo expression evaluated as false
  fi

Advanced Bash-Scripting Guide: Chapter 7. Other Comparison Operators

http://www.tldp.org/LDP/abs/html/comparison-ops.html

Integer comparisons is a little different from string comparison.

-eq

    is equal to
    if [ "$a" -eq "$b" ]

-ne

    is not equal to
    if [ "$a" -ne "$b" ]

-gt

    is greater than
    if [ "$a" -gt "$b" ]

-ge

    is greater than or equal to
    if [ "$a" -ge "$b" ]

Why can't a trusted public key with certificate chain be imported into my truststore and still retain it's chain?

open https://www.java.net//node/674524 https://www.java.net//node/674524

Apparently, in order to create a public key with a certificate chain that is recognized in one's truststore, they must be associated with a private key. Since any given keystore should only have one private key, and since it is not good form to carry around someone else's private key, it seems logical that the trusted certificate entries in one's truststore (or the trusted cert entries in one's keystore) not contain trusted cert entries with full keychains.

Yeah, it is a bit unintuitive, but you cannot import certificate chains *unless* they are associated with a private key (as in the CA's reply to the CSR). Check the docs on how to import to an existing key entry (need to specify its alias).

Ivaylo

PS

There are two types of entries- key entries and trusted cert entries, and only the key entry can contain a "chain" of certificates, attached to it. The trusted cert entries are all single cert entries.

Import PKCS7 (Chained Certificate) using KeyTool command to JKS - Stack Overflow

http://stackoverflow.com/questions/15814569/import-pkcs7-chained-certificate-using-keytool-command-to-jks

keytool import or importcert can take a text file with PEM blocks or a PKCS7 file as an input file.

openssl pkcs7 -in initial_file.p7b -inform DER -print_certs -outform PEM -out certs_chain.pem

Security

More great information on message-level encryption. While the whole document is relevant only to the Web Services Stack product, there are some useful points that we can pull from the beginning of the document.

Message-level security is applied between the web service client and the web service itself in both directions.
Message-level security secures the message content itself, but it does not secure the communication channel. This is in contrast to transport-level security, where the communication channel is secured.
"useReqSigCert" is a special fictional encryption user that is recognized by the security module. In this case, your certificate (that is used to verify your signature) is used for the encryption of the response. Thus, it is possible to have only one configured encryption user for all clients that access the service.
Message-level security allows you to digitally sign or encrypt documents exchanged between systems or business partners. It improves communication-level security by adding security features that are particularly important for inter-enterprise communication. Message-level security is recommended and sometimes a prerequisite for inter-enterprise communication.
A digital signature authenticates the business partner signing the message and ensures data integrity of the business document carried by a message.
Signatures are used in two scenarios:
Non-repudiation of origin
The sender signs a message so that the receiver can prove that the sender actually sent the message.
Non-repudiation of receipt
The receiver signs a receipt message back to the sender so that the original sender can prove that the receiver actually received the original message.
Message-level encryption is required if message content needs to be confidential not only on the communication lines but also in intermediate message stores.

Message-level security relies on public and private x.509 certificates maintained in the J2EE keystore, where each certificate is identified by its alias name and the keystore view where it is stored. Certificates are used in the following situations:

When signing a message, the sender signs it with its private key and attaches its certificate containing the public key to the message.
The receiver then verifies the digital signature of the message with the sender’s certificate attached to the message. There are two alternative trust models to verify the authenticity of the sender’s public certificate:
In the direct trust model, the signer’s public key certificate is compared with the locally maintained, expected public key certificate of the partner. Therefore, the direct trust model requires offline exchange of public key certificates, which can be self-signed or issued by a CA..
In the hierarchical trust model, the signer’s public key certificate is validated by a locally maintained public certificate of the CA that issued the signer’s public certificate. In addition, the subject name and the issuer of the signer’s certificate is compared with the expected partner’s identity configured in a receiver agreement on the receiver side.
Generally, the hierarchical trust model enables chains of certificates attached to the message. The certificate used for signing has to be signed by a root CA.
In the hierarchical trust model, the sender and the receiver only need to agree upon the CA and the subject name that the sender has used in its certificate.
When encrypting a message, the sender encrypts with the public key of the receiver (also verifying the correctness of the receiver’s certificate by using the public key of the certificate’s root CA).
The receiver decrypts with its private key certificate.

A practical description of essential PKI concepts is provided in " What is PKI?" by Entrust. Here is a summary of some concepts:

Public & Private Keys – Public and private keys are complementary: public keys are used for encryption, and private keys are used for message decryption. The public key goes through a provisioning process and is provided to the "public" as an X.509 certificate. An X.509 certificate carries with it detailed information about the certificate owner (for example, name and e-mail address) and additional information about the certificate authority (CA) used to vouch for the validity and integrity of the public key contained in the X.509 certificate. The private key never leaves the enterprise and is the "crown jewel" of the security infrastructure.
Trusting an X.509 certificate – Whenever an X.509 certificate is presented, the receiver has to establish that the X.509 is trusted. This trust is established by certificate chain traversal, a mechanism where the X.509 receiver verifies that the issuing authority (certificate authority) indeed issued the X.509 certificate presented. An additional check required by the receiver is to check whether the X.509 certificate has been revoked. This check is accomplished by looking up the X.509's serial number in a list of revoked certificates stored in a Certificate Revocation List (CRL). You may chose not to use an issuing certificate authority (CA) and use self-signed certificates. Such certificates have to be registered with the receiver as trusted certificates that do not require certificate chain validation.
JKS – Java Key Store is a portable repository of X.509 certificates and private keys; it is used by Java-based applications for cryptographic operations.

Message-level security is the cornerstone of enterprise-class SOA. Using SOAP encryption and SOAP signatures, confidentiality and integrity remain "always on" by being independent of transport protocols. With security now living within the SOAP messages, it does not matter if the transport pipe – HTTP, FTP, JMS – between Web service consumers, producers, or intermediaries is SSL enabled.

Message-level security provisions have the following additional advantages when compared with transport-level security alone:

Granular Security – message-level encryption on any selected part of the SOAP message.
Always on Security – SSL security features last as long as the SSL session is established. With message-level security, SOAP messages at rest can be encrypted even after the SSL connections are terminated. Security now lives within the message and is independent of the transport.

Vim

reformat in vim for a nice column layout - Stack Overflow

http://stackoverflow.com/questions/1229900/reformat-in-vim-for-a-nice-column-layout

The 'column' command is actually a Bash command that we are pulling into the current document in our vim session.

:%!column -t -s ','

Ruby

Ruby Java Bridge

Apparently provides an API for Ruby to execute java code.

Wednesday, November 6, 2013

fun with bash scripts

escaping - Command to escape a string in bash - Stack Overflow

http://stackoverflow.com/questions/2854655/command-to-escape-a-string-in-bash

Especially when printing or creating strings using user arguments to a bash script, special characters or even spaces may be introduced. We don't want a string argument to be split up into several arguments, so those values need to be escaped.

$ printf "%q" "hello\world"
hello\\world

linux - eval command in Bash and its typical uses - Stack Overflow

http://stackoverflow.com/questions/11065077/eval-command-in-bash-and-its-typical-uses

There is a way of saying 'the value of the variable whose name is in this variable'

echo ${!n}
one

Always put double quotes around variable and command substitutions, unless you know you need to leave them off. - Gilles
http://stackoverflow.com/questions/11065077/eval-command-in-bash-and-its-typical-uses

newline - Echo new line in bash prints literal \n - Stack Overflow

http://stackoverflow.com/questions/8467424/echo-new-line-in-bash-prints-literal-n

When desiring to display the name of the script file being run, even when the extra '.' is included out front...

$ ./s
$0 is: ./s
$BASH_SOURCE is: ./s
$ . ./s
$0 is: bash
$BASH_SOURCE is: ./s

Why should eval be avoided in bash, and what should I use instead? - Stack Overflow

http://stackoverflow.com/questions/17529220/why-should-eval-be-avoided-in-bash-and-what-should-i-use-instead

Using eval does smell dangerous. This might be a good read.

2.4 How to Add Files to Existing Archives

http://www.apl.jhu.edu/Misc/Unix-info/tar/tar_28.html

Came across the need to add a file to a tar archive. Doesn't seem to be in the quick help; perhaps the man pages do.

tar --append --file=afiles.tar arbalest

linux - Any way to exit bash script, but not quitting the terminal - Stack Overflow

http://stackoverflow.com/questions/9640660/any-way-to-exit-bash-script-but-not-quitting-the-terminal

I was using exit to stop all processing and not continue. It worked alright, but it would always kill my terminal session.

Instead of using exit, you will want to use return.
Dominik Honnef, http://stackoverflow.com/questions/9640660/any-way-to-exit-bash-script-but-not-quitting-the-terminal

more on certificate administration

bash - how to represent multiple conditions in shell script? - Stack Overflow

http://stackoverflow.com/questions/3826425/how-to-represent-multiple-conditions-in-shell-script

Bash script conditional statements.

if [ $g -eq 1 -a "$c" = "123" ] || [ $g -eq 2 -a "$c" = "456" ]
then echo abc
else echo efg
fi

AND

if [ $g -eq 1 ] && [ "$c" = "123" ]
then echo abc
elif [ $g -eq 2 ] && [ "$c" = "456" ]
then echo abc
else echo efg
fi

Bash Beginner Check Exit Status - Stack Overflow

http://stackoverflow.com/questions/5195607/bash-beginner-check-exit-status

Test in a bash script to see if the last operation had an error. This checks the status code of the last operation.

function test {
    "$@"
    status=$?
    if [ $status -ne 0 ]; then
        echo "error with $1"
    fi
    return $status
}

test command1
test command2

bash script 'for each command line argument'

http://www.linuxquestions.org/questions/linux-newbie-8/bash-script-%27for-each-command-line-argument%27-429058/

Looping over arguments in a bash script call.

    for ARG in "$@"
    do
        echo $ARG
    done

How to slice an array in bash - Stack Overflow

http://stackoverflow.com/questions/1335815/how-to-slice-an-array-in-bash

Slicing an array (like the array of command line arguments) in a bash script.

A=( foo bar "a  b c" 42 )
B=("${A[@]:1:2}")
echo "${B[@]}"    # bar a  b c
echo "${B[1]}"    # a  b c

Creating Your Own SSL Certificate Authority (and Dumping Self Signed Certs) | The Data Center Overlords

http://datacenteroverlords.com/2012/03/01/creating-your-own-ssl-certificate-authority/

Signing a csr using a root authority. For testing purposes, this is an easy way to sign a certificate from the comfort of your own workstation.

openssl x509 -req -in device.csr -CA root.pem -CAkey root.key -CAcreateserial -out device.crt -days 500

The Most Common Java Keytool Keystore Commands

http://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html

This is a great resource for many common keytool commands. In particular, I was trying to remember how to delete a key from a keystore.

keytool -delete -alias mydomain -keystore keystore.jks

Cunning: Importing private keys into a Java keystore using keytool

http://cunning.sharp.fm/2008/06/importing_private_keys_into_a.html

Entry description

keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore my-keystore.jks -srckeystore cert-and-key.p12 -srcstoretype PKCS12 -srcstorepass cert-and-key-password -alias 1

The alias of 1 is required to choose the certificate in the source PKCS12 file, keytool isn't clever enough to figure out which certificate you want in a store containing one certificate. - Graham Leggett
http://cunning.sharp.fm/2008/06/importing_private_keys_into_a.html

CTX106630 - How to Use OpenSSL to Create PKCS#12 Certificate Files - Citrix Knowledge Center

http://support.citrix.com/article/CTX106630

Export a PKCS12 keystore from a java keystore. PKCS12 are nice for bundling a certificate chain with your private key and then importing back into your java keystore.

openssl pkcs12 -export -in input.crt -inkey input.key -out bundle.p12

openssl - How can I create a Certificate Service Request (CSR) from and existing public key of a key pair (assume the private key is in a safe spot elsewhere)? - Stack Overflow

http://stackoverflow.com/questions/14617306/how-can-i-create-a-certificate-service-request-csr-from-and-existing-public-ke

Creating a CSR from an existing private key.

openssl req -key my.key -out my.csr

You don't create it ever from a public key. Better yet, if you have a java keystore file that the private key came from, just export a public key from the java keystore instead. It might save a little grief.

keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks

maven 2 - Can I change the alias of my key? - Stack Overflow

http://stackoverflow.com/questions/3483121/can-i-change-the-alias-of-my-key

Change the alias for an existing entry. There is also code to clone a key, but I didn't need it at the time.

keytool -changealias -alias "your-very-very-long-alias" -destalias "new-alias" -keypass keypass -keystore /path/to/keystore -storepass storepass

Saturday, November 2, 2013

getting comfortable with prawn

deployment - Capistrano for Java? - Stack Overflow

http://stackoverflow.com/questions/183091/capistrano-for-java

Deployment strategy for Java web services?

Other options include

ControlTier
Fabric (Python)
Func

At my work we use Capistrano exclusively to deploy all of our Java applications. It is definitely possible.
Bob Smith, http://stackoverflow.com/questions/183091/capistrano-for-java

java - Debugging in Maven? - Stack Overflow

http://stackoverflow.com/questions/2935375/debugging-in-maven

It sure would be nice to not have a dependency on Eclipse. Having access to a command-line debugger would help in that area.

mvn exec:exec -Dexec.executable="java" -Dexec.args="-classpath %classpath -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=1044 com.mycompany.app.App"

ruby - Rails/Prawn: how do I use rails helpers inside a Prawn class? - Stack Overflow

http://stackoverflow.com/questions/9708884/rails-prawn-how-do-i-use-rails-helpers-inside-a-prawn-class

Extending Prawn helpers was as easy as creating an initializer and putting something like this in.

# $RAILS_ROOT/config/initializers/prawnto.rb
 
 module MyFancyModule

    def party!
      text "It's a big party!"
    end

  end

  Prawn::Document.extensions << MyFancyModule

It's also possible to mix in some of your own Rails helpers or anything really. I'm not sure if this is anything other than a more formal way of introducing a monkey patch, though.

# $RAILS_ROOT/config/initializers/prawnto.rb

Prawn::Document.extensions << ReportPdf
Prawn::Document.extensions << EntriesHelper

prawnto_2 does not accept a way to use a different class for the instance. You have to inject your modifications into Prawn::Document when Rails first comes up (e.g., an initializer).

# prawnto_2-0.2.5/lib/prawnto/template_handlers/renderer.rb

      def initialize(view_context, calling_object = nil)
        @view_context = view_context
        @calling_object = calling_object
        set_instance_variables
        @pdf = Prawn::Document.new(@prawnto_options[:prawn]);
      end

Current Cursor Position when Using the Prawn Ruby Library - Stack Overflow

http://stackoverflow.com/questions/183039/current-cursor-position-when-using-the-prawn-ruby-library

#move_cursor_to is probably a better way to accomplish moving the cursor to a particular 'y' position.

move_cursor_to(200)

ruby on rails - prawnto displaying tables that don't break when new page - Stack Overflow

http://stackoverflow.com/questions/2081635/prawnto-displaying-tables-that-dont-break-when-new-page

When paginating a PDF file using Prawn, there is no other way to determine the ultimate height of a stretchy box than to render it and access the @height attribute to get its value.

It appears that programatically determining where to introduce a page break might be challenging, especially when using prawnto_2. It might just mean that it will be necessary to not use the gem that helps integrate Prawn with Rails and use more explicit notation in the controller actions.

# controller action

  respond_to do |format|
    format.html
    format.pdf do
      pdf = Prawn::Document.new
      pdf.text "This is an audit."
      # Use whatever prawn methods you need on the pdf object to generate the PDF file right here.

      send_data pdf.render, type: "application/pdf", disposition: "inline"
      # send_data renders the pdf on the client side rather than saving it on the server filesystem.
      # Inline disposition renders it in the browser rather than making it a file download.
    end
  end

There is an interesting solution for pagination that involves using transaction/rollback, but apparently it is a little buggy.

@current_page = pdf.page_count

@roll = pdf.transaction do 
  pdf.move_down 20

  pdf.table @data,
    :font_size  => 12, 
    :border_style => :grid,
    :horizontal_padding => 10,
    :vertical_padding   => 3,
    :border_width       => 2,
    :position           => :left,
    :row_colors => ["FFFFFF","DDDDDD"]

  pdf.rollback if pdf.page_count > @current_page

end 

if @roll == false

  pdf.start_new_page

  pdf.table @data,
    :font_size  => 12, 
    :border_style => :grid,
    :horizontal_padding => 10,
    :vertical_padding   => 3,
    :border_width       => 2,
    :position           => :left,
    :row_colors => ["FFFFFF","DDDDDD"]
end

#153 PDFs with Prawn (revised) - RailsCasts

http://railscasts.com/episodes/153-pdfs-with-prawn-revised?view=comments

Several comments hint at some of the cool things that can be done. A more comprehensive list of examples can be found in Prawn's self-generated help document.

ruby on rails - Using lists in prawn - Stack Overflow

http://stackoverflow.com/questions/10513581/using-lists-in-prawn

Creating a bulleted list in Prawn. It's suggested that WickedPDF offers a better PDF generating solution.

table([ ["•", "First Element"],
        ["•", "Second Element"],
        ["•", "Third Element"] ])

Referring to selected text in a zen coding operation

http://code.google.com/p/zen-coding/wiki/ZenHTMLSelectorsEn

Yes! This is a great way to take a list of urls and format them in an unordered list.

ul>li*>a[href='$#']{$#}

Thursday, October 31, 2013

Oracle WebLogic services and non-WebLogic clients

Currently trying to configure WebLogic web service to connect with non-WebLogic client for message-level encryption. It was suggested the following resources might hold the key. So far, my problem doesn't seem to involve any of these, rather a problem with certificates that have been set up properly with certificate chaining.

Oracle Fusion Middleware Documentation: Attaching Policies - 12c (12.1.2)

http://docs.oracle.com/middleware/1212/owsm/OWSMS/attach-owsm-policy.htm#OWSMS5613

http://docs.oracle.com/middleware/1212/owsm/OWSMS/attach-owsm-policy.htm#OWSMS5613
http://docs.oracle.com/middleware/1212/wls/WSSOV/owsm-security.htm#CHDBAHBI

It appears there are some proprietary resources that may be used to set up webservices using WebLogic. There are both Java code solutions as well as Java annotations to save the time of writing straight Java code.

weblogic.wsee.jws.jaxws.owsm.SecurityPolicyFeature class (single policy)
weblogic.wsee.jws.jaxws.owsm.SecurityPoliciesFeature class (multiple policies)

Java / Oracle SOA blog: Calling an OWSM protected service with Axis 1.4 and WSS4J

http://biemond.blogspot.com.au/2011/09/calling-owsm-protected-service-with.html

http://biemond.blogspot.com.au/2011/09/calling-owsm-protected-service-with.html
http://docs.oracle.com/cd/E21764_01/web.1111/e16098/interop_axis.htm#CHDCICGG

We're using Apache CXF. If you are using Fusion Middleware, there are some limitations to what Axis and WSS4J standards are supported.

...you can't use every OWSM policy with Axis. Oracle made an interoperability documentation page what is possible with Axis 1.4 and OWSM 11g, please check this first.
http://biemond.blogspot.com.au/2011/09/calling-owsm-protected-service-with.html

Oracle documentation provides some help on how you would create your webservices under various scenarios including SAML authentication/authorization and username token. Again, not useful in our case.

understanding certificate chaining

Help - WebSphere MQ

http://publib.boulder.ibm.com/infocenter/wmqv6/v6r0/index.jsp?topic=%2Fcom.ibm.mq.csqzas.doc%2Fsy10600_.htm

Illustrates a certification path from the certificate owner to the root CA, where the chain of trust begins

Intel(R) AMT SDK Implementation and Reference Guide

http://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/default.htm?turl=WordDocuments%2Fcertificatechainsforhostbasedconfiguration.htm

Certificate chains may be included with a public key by simply including the rfc blocks in pem format. Their inclusion order is important, though. Consider using cat so that no extra whitespace gets introduced.

OpenSSL - User - check certificate chain in a pem file

http://openssl.6102.n7.nabble.com/check-certificate-chain-in-a-pem-file-td43871.html

It is highly recommended that you convert to and from .pfx files on your own machine using OpenSSL so you can keep the private key there. Use the following OpenSSL commands to convert SSL certificate to different formats on your own machine:

#Convert PEM to P7B
openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CACert.cer

#see html reference for more

check certificate chain in a pem file

https://www.sslshopper.com/ssl-converter.html

Concatenate all the previous certificates and the root certificate to one temporary file (This example is for when you are checking the third certifate from the bottom, having already checked cert1.pem and cert2.pem

Thus for the first round through the commands would be

   Unix:     cat root.pem > root-chain.pem
   Windows:  copy /A root.pem root-chain.pem
   Both:     openssl verify -CAfile root-chain.pem cert1.pem

And the second round would be

   Unix:     cat cert1.pem root.pem > cert1-chain.pem
   Windows:  copy /A cert1.pem+root.pem cert1-chain.pem
   Both:     openssl verify -CAfile cert1-chain.pem cert2.pem

Etc.

"keytool -export/import" - Exporting and Importing Certificates

http://www.herongyang.com/JDK/keytool-export-import-Certificates.html

The "-export" command option exports the self-signed certificate of my public key into a file, my_home.crt.
The "-printcert" command option prints out summary information of a certificate stored in a file in X.509 format. As you can see from the print out, I am the issuer and the owner of this certificate.
The "-import" command option imports the certificate from the certificate file back into the keystore under different alias, my_home_crt.

TechStump.com: How to Rearrange a Certificate Chain using OpenSSL

http://www.techstump.com/2012/10/how-to-rearrange-certificate-chain.html

..you do need to know the correct certificate order. The first two are easy, the key should be first and the Server Certificate should be second. Generally the third certificate will be an intermediate and the last will be a root. If you look at each section, you’ll see a -------Begin Certificate------ and -------End Certificate------ section preceded by a header. In the header you’ll see what certificate is what.

keytool-Key and Certificate Management Tool

http://docs.oracle.com/javase/7/docs/technotes/tools/windows/keytool.html

-importcert {-alias alias} {-file cert_file} [-keypass keypass] {-noprompt} {-trustcacerts} {-storetype storetype} {-keystore keystore} [-storepass storepass] {-providerName provider_name} {-providerClass provider_class_name {-providerArg provider_arg</pre>
 {-v} {-protected} {-Jjavaoption}

Reads the certificate or certificate chain (where the latter is supplied in a PKCS#7 formatted reply or a sequence of X.509 certificates) from the file cert_file, and stores it in the keystore entry identified by alias. If no file is given, the certificate or certificate chain is read from stdin.

.. keytool can import X.509 v1, v2, and v3 certificates, and PKCS#7 formatted certificate chains consisting of certificates of that type. The data to be imported must be provided either in binary encoding format, or in printable encoding format (also known as Base64 encoding) as defined by the Internet RFC 1421 standard. In the latter case, the encoding must be bounded at the beginning by a string that starts with "-----BEGIN", and bounded at the end by a string that starts with "-----END".

Option defaults for keytool

-storetype the value of the "keystore.type" property in the security properties file,
           which is returned by the static getDefaultType method in
           java.security.KeyStore

Help - IBM SDK and Runtime Environment Java Technology Edition Version 6

http://publib.boulder.ibm.com/infocenter/javasdk/v6r0/index.jsp?topic=%2Fcom.ibm.java.security.component.doc%2Fsecurity-component%2FkeytoolDocs%2Fsupportedkeystoretypes.html

Supported Key Store Types

JKS
JCEKS . This keystore implementation employs a much stronger protection of private keys (using password-based encryption with Triple DES) than JKS. You can upgrade your keystore of type "JKS" to type "JCEKS" by changing the password of a private-key entry in your keystore.
PKCS12. There is a difference between PKCS12 type keystore created on the keytool provided in the IBM JVM and the keytool provided in an Oracle JVM. The keytool in an IBM JVM uses a PKCS12 keystore to store both key entries and certificate entries.The keytool in an Oracle JVM uses a PKCS12 keystore to store key entries. The keytool program in IBM's JVM can read the keystore created by the keytool program provided by an Oracle JVM, but not the other way around.
PKCS12S2. This is a second version of PKCS12 type keystore. It can be read by the keytool program in an Oracle JVM.
JCERACFKS. This is a RACF® keyring keystore. This type is available only on z/OS® systems with RACF installed.

OpenSSL: Documents, pkcs7(1)

http://www.openssl.org/docs/apps/pkcs7.html

A different way to package a keystore. Like JKS, only different format.

Creating a PKCS7 (P7B) Using OpenSSL

https://langui.sh/2009/03/20/creating-a-pkcs7-p7b-using-openssl/

This example assumes that you have 2 different certificate files, each in PEM (Base64) format. You can add as many -certfile elements as you want to package in the file. Additionally, concatenated certificate chains are supported.

openssl crl2pkcs7 -nocrl -certfile cert1.cer -certfile cert2.cer -out outfile.p7b

OpenSSL: Documents, verify(1)

http://www.openssl.org/docs/apps/verify.html

The verify command verifies certificate chains.

Monday, October 14, 2013

jQuery timepicker

Subversion (source control)

Subversion Tutorial: 10 Most Used SVN Commands with Examples

Needed to know how to retrieve information in svn. It's been a long time. Git is so much better.

svn checkout/co URL PATH

jQuery Timepicker

Was looking for a viable time picker for tracker.

JQuery

.addClass() | jQuery API Documentation

http://api.jquery.com/addClass/

Adds the specified class(es) to each of the set of matched elements.

$( "p" ).addClass( "myClass yourClass" );

How can I make a redirect page in jQuery/JavaScript? - Stack Overflow

http://stackoverflow.com/questions/503093/how-can-i-make-a-redirect-page-in-jquery-javascript

Redirecting users after an AJAX call using JavaScript.

window.location.replace(...)

It is better than using window.location.href =, because replace() does not put the originating page in the session history, meaning the user won't get stuck in a never-ending back-button fiasco
Ryan McGeary, Feb 3 '09

Ruby/Rails

ruby - Radio buttons on Rails - Stack Overflow

http://stackoverflow.com/questions/623051/radio-buttons-on-rails

How to use Rails models in combination with radio buttons.

<div class="form_row">
    <label for="theme">Theme:</label>
    <% [ 'plain', 'desert', 'green', 'corporate', 'funky' ].each do |theme| %>
      <br><%= radio_button_tag 'theme', theme, @theme == theme %>
      <%= theme.humanize %>
    <% end %>
</div>

Run migrations from rails console - Stack Overflow

I love this! Use console to run migrations instead of waiting for the environment to load with each run.

# run migrations
ActiveRecord::Migrator.migrate "db/migrate"
ActiveRecord::Migrator.down "db/migrate", 20131011115823

# show the available migrations
puts ActiveRecord::Migrator.get_all_versions
puts ActiveRecord::Migrator.migrations_path

# show the available migrations; does not show whether those migrations have been applied or not 
puts (ActiveRecord::Migrator.migrations "db/migrate").map{|x| "#{x.version}: #{x.filename}"}

Thursday, October 3, 2013

Illegal key size and JCE

android - java.security.InvalidKeyException: Illegal key size - Stack Overflow

Java publishes the "JCE Unlimited Strength Jurisdiction Policy Files" separate from it's normal distribution so that laws around cryptography are not violated. In order to get past this error, you must update local_policy.jar and US_export_policy.jar as indicated in the installation instructions (which come packaged with the download). One place you can download these is from Oracle.

local_policy.jar
US_export_policy.jar

maven 2 - Can I change the alias of my key? - Stack Overflow

Want to change the alias for a trusted public key or private key entry? Easy, peasy.

keytool -changealias -alias "your-very-very-long-alias" -destalias "new-alias" -keypass keypass -keystore /path/to/keystore -storepass storepass

iOS 7 iMessages and Facetime won't activate! - MacRumors Forums

http://forums.macrumors.com/showthread.php?t=1594713

I was experiencing some problems on my iMac with getting iMessages to be active. I applied updates and restarted the computer and I was back in business.

Apparently other people have had problems, especially with iOS 7.

My Apple ID

https://iforgot.apple.com/password/verify/appleid?app_type=ext&app_id=1581

Hey; it's hard remembering all those passwords all the time, right?

Bash-Prog-Intro-HOWTO-8: Functions

http://tldp.org/HOWTO/Bash-Prog-Intro-HOWTO-8.html

Bash functions.

   #!/bin/bash 
   function quit {
       exit
   }
   function hello {
       echo Hello!
   }
   hello
   quit
   echo foo

Tuesday, October 1, 2013

weblog; missing CA Root

X.509 Certificates

The Most Common Java Keytool Keystore Commands

http://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html

Display the contents of a stand-alone certificate. Doesn't show as much details as the openssl command.

Keytool

keytool -printcert -v -file mydomain.crt

OpenSSL

openssl x509 -noout -text -in mydomain.crt

Download Primary PCA Root Certificates | Symantec

http://www.symantec.com/page.jsp?id=roots

Needed to complete CA Root chain for Oracle/PeopleSoft. This seems to do the trick.

wget http://www.verisign.com/repository/roots/root-certificates/PCA-3G3.pem

No trusted certificate found : when opeing a ssl connection from behind the proxy. (Open Source Projects forum at JavaRanch)

http://www.coderanch.com/t/62494/open-source/trusted-certificate-opeing-ssl-connection

http://www.coderanch.com/t/62494/open-source/trusted-certificate-opeing-ssl-connection
http://stackoverflow.com/questions/10749803/validatorexception-no-trusted-certificate-found-in-java

Two-way ssl handshake

handshake initiated by client; client sends it's identification
server receives, authenticates client and accepts
server sends it's identification
client receives, but fails to authenticate

In our case, it seems the problem is an incomplete CA Root chain.

Saturday, September 28, 2013

weblog; Apache CXF; getting message-level encryption to work

Bash

Bash Arrays | Linux Journal

http://www.linuxjournal.com/content/bash-arrays

Provide a list in open/close parentheses, unadorned.

array=(one two three four [5]=five)

echo "Array size: ${#array[*]}"

echo "Array items:"
for item in ${array[*]}
do
    printf "   %s\n" $item
done

Bash For Loop Examples

http://www.cyberciti.biz/faq/bash-for-loop/

The array here doesn't use parentheses.

for VARIABLE in 1 2 3 4 5 .. N
do
 command1
 command2
 commandN
done

bash - escaping newlines in sed replacement string - Stack Overflow

http://stackoverflow.com/questions/8991275/escaping-newlines-in-sed-replacement-string

Newlines will be recognized in the replace clause (the second half), but not in the match clause. Instead, you will need to use the N and D flags.

echo 'abc' | sed 's/b/\ 
> /'
a
c

Gather dependencies from pom files

http://www.grymoire.com/Unix/Sed.html#uh-51

Navigate to the root directory of Maven project with sub-modules, copy and paste the following code. The code depends on the correct order of a dependency declaration: groupId, articleId, version. Otherwise, all bets are off. This is intended to be quick and dirty; a SAX parser would be more robust.

The following temp files are used for each pom.xml in turn.

work.txt: contains ''
work2.txt: strips off '', leaving groupId:articleId:version

results.txt: The final file, providing a compilation of dependencies for all pom.xml files.

for file in $(find . -name "pom.xml")
do

cfile=$(printf '%q' $file)

sed '
# look for a <groupId>...</groupId>
/[^<]*<groupId>\([^<]*\)<\/groupId>.*$/ {
# Found one - now read in the next line
 N
# delete the <groupId>...</groupId> and replace with <maven-dependency>
 s/[^<]*<groupId>\([^<]*\)<\/groupId>[\n\r]*[^<]*/<maven-dependency>\1/
}

/<artifactId>\([^<]*\)<\/artifactId>.*$/ {
 N
 s/<artifactId>\([^<]*\)<\/artifactId>[\n\r]*[^<]*/:\1/
}

s/<version>\([^<]*\)<\/version>.*/:\1<\/maven-dependency>/

' $file > work.txt

echo -e "\n${cfile}\n===========================================" > work2.txt

cat work.txt | grep "<maven-dependency>[^<]*<\/maven-dependency>" | sed "s/<maven-dependency>\([^<]*\)<\/maven-dependency>/\1/" >> work2.txt; cat work2.txt

cat work2.txt >> results.txt

done

Along the same lines, there is also a little Ruby script for extracting out the articleId from the groupId:articleId:version:

#[Extract dependency name (Ruby)]

#E.g., 
dependencies = %w[
edu.ucmerced.ucpath.idm:ucm-ucpath-idm:0.0.2-SNAPSHOT
it.svario.xpathapi:xpathapi-jaxp:RELEASE
org.eclipse.m2e:lifecycle-mapping:1.0.0
org.apache.maven.plugins:maven-install-plugin:2.4
com.google.code.maven-replacer-plugin:replacer:1.5.2
org.codehaus.mojo:properties-maven-plugin:1.0-alpha-2
org.apache.maven.plugins:maven-install-plugin:2.4
com.google.code.maven-replacer-plugin:replacer:1.5.2
]

puts dependencies.map{|x| first = x.index(/:/); x.slice(first+1, x.index(/:/, first+1) - first-1)}

How to reference a variable within sed? - The UNIX and Linux Forums

http://www.unix.com/shell-programming-scripting/39175-how-reference-variable-within-sed.html

tmp="abcdefg"
sed "s/${tmp}/good"

Replace the single quotes with double quotes. Single quotes prevent variable expansion.
http://www.unix.com/shell-programming-scripting/39175-how-reference-variable-within-sed.html

escape string in bash script so it can be used in command line

http://www.linuxquestions.org/questions/linux-software-2/escape-string-in-bash-script-so-it-can-be-used-in-command-line-360664/

Use double quotes.

You don't need to escape a string if you quote it - say you want to pass all the arguments to ls, instead of

ls $*

write

ls "$*"

Java; web services

Web Service Definition Language (WSDL)

http://www.w3.org/TR/wsdl#_soap:address

What purpose does soap:address serve? It appears to be the actual endpoint.

<definitions .... >
    <port .... >
        <binding .... >
           <soap:address location="uri"/> 
        </binding>
    </port>
</definitions>

? Apache CXF -- WS-SecurityPolicy http://cxf.apache.org/docs/ws-securitypolicy.html

Configuration for message-level encryption can be easily accomplished. The following server and client configurations should be loaded either in the Server/Client Java class or in the pom.xml configuration

Java Class

  SpringBusFactory bf = new SpringBusFactory();
  URL busFile = new ClassPathResource("wssec-server.xml").getURL();
  Bus bus = bf.createBus(busFile.toString());
  BusFactory.setDefaultBus(bus);

pom.xml

<plugin>
    <groupId>org.codehaus.mojo</groupId>
    <artifactId>exec-maven-plugin</artifactId>
    <executions>
        <execution>
            <phase>test</phase>
            <goals>
                <goal>java</goal>
            </goals>
            <configuration>
                <mainClass>edu.ucmerced.ucpath.idm.Runner</mainClass>
                <arguments>
                    <argument>../ws-ora-idm-wsdl/src/main/resources/wsdl/IDMServices/IDMServices.wsdl</argument>
                </arguments>
                <systemProperties>
                  <systemProperty>
                    <key>cxf.config.file</key>
                    <value>cxf-client.xml</value>     
                  </systemProperty>
                </systemProperties>
            </configuration>
        </execution>
    </executions>
</plugin>

Server

    <jaxws:endpoint id="server"
      implementor="demo.wssec.server.GreeterImpl"
      endpointName="s:SoapPort"
      serviceName="s:SOAPService"
      address="http://localhost:9001/SoapContext/SoapPort"
      wsdlLocation="wsdl/hello_world.wsdl"
      xmlns:s="http://apache.org/hello_world_soap_http">
        
      <jaxws:properties>
         <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
         <entry key="ws-security.signature.username" value="myservicekey"/>

         <entry key="ws-security.callback-handler" 
                value="demo.wssec.server.ServerCallbackHandler"/>

         <entry key="ws-security.encryption.properties" value="serviceKeystore.properties"/>
         <entry key="ws-security.encryption.username" value="myclientkey"/>
      </jaxws:properties> 
    </jaxws:endpoint>

Client

    <jaxws:client name="{http://apache.org/hello_world_soap_http}SoapPort" createdFromAPI="true">
       <jaxws:properties>
           <entry key="ws-security.signature.properties" value="clientKeystore.properties"/>
           <entry key="ws-security.signature.username" value="myclientkey"/>
           <entry key="ws-security.callback-handler" 
                  value="demo.wssec.client.ClientCallbackHandler"/>
           <entry key="ws-security.encryption.properties" value="clientKeystore.properties"/> 
           <entry key="ws-security.encryption.username" value="myservicekey"/>
       </jaxws:properties>
   </jaxws:client>

Propery files should include location of certificates and keystore password. The private key password cannot be provided here, but should use the callback to provide the correct private key.

Properties

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=sspass
org.apache.ws.security.crypto.merlin.keystore.alias=myservicekey
org.apache.ws.security.crypto.merlin.keystore.file=keys/servicestore.jks

Java callback-handler

public void handle(Callback[] callbacks) throws IOException,
        UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof WSPasswordCallback) {
            WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
            if ("myservicekey".equals(pc.getIdentifier())) {
                pc.setPassword("skpass");
                break;
            }
        }
    }
}

See https://github.com/dcvezzani/mustached-batman for a complete example.

Maven Repository: org.apache.ws.security » wss4j

» 1.5.6 http://mvnrepository.com/artifact/org.apache.ws.security/wss4j/1.5.6

Pom.xml dependency entry.

<dependency>
 <groupId>org.apache.ws.security</groupId>
 <artifactId>wss4j</artifactId>
 <version>1.5.6</version>
</dependency>

WS-SecurityPolicy 1.2

http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.html

Documentation of the nodes in the WS-SecuirtyPolicy namespace.

XML Namespace Document for WS-Security-Policy 1.3

http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802

Documentation of the nodes in the WS-SecuirtyPolicy namespace.

Re: Eclipse, CXF and WS-SecurityPolicy

http://mail-archives.apache.org/mod_mbox/cxf-users/201307.mbox/%3CF172D30F-6747-44B2-A4CE-7EFBD7710DEA@indivica.com%3E

https://www.google.com/search?q=cxf+%22No+assertion+builder%22&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

An error like what follows indicates that possibly the wrong namespace is being specified or the namespace is missing altogether.

> Jul 27, 2013 12:41:56 AM org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl handleNoRegisteredBuilder
> WARNING: No assertion builder for type {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}RequiredParts registered.

Maven Repository: org.apache.cxf » cxf-rt-ws-security

» 2.4.1 http://mvnrepository.com/artifact/org.apache.cxf/cxf-rt-ws-security/2.4.1

Entry description

<dependency>
 <groupId>org.apache.cxf</groupId>
 <artifactId>cxf-rt-ws-security</artifactId>
 <version>2.4.1</version>
</dependency>

Java web services: WS-Security with CXF

http://www.ibm.com/developerworks/library/j-jws13/

Walk-through for creating a web service, using WS-Security with the Apache CXF web services stack

X.509 Certificates

X.509 - Wikipedia, the free encyclopedia

http://en.wikipedia.org/wiki/X.509

Was researching what exactly the significance is of signed certificates.

As far as I can tell, most of the time it's only purpose is to validate a trusted public key.

The Most Common Java Keytool Keystore Commands

http://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html

https://www.google.com/search?q=keytool+view+public+cert&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

A great resource common keytool commands.