Ad

Wednesday, July 30, 2014

Setup basic PKI

Here are a few simple steps to setup a basic PKI; this will involve creating a root CA and then signing some certificates with the root CA:

Update your ssl configuration as per this link:
https://jamielinux.com/articles/2013/08/act-as-your-own-certificate-authority/

Create the Root CA

Create a root CA private key:

openssl genrsa -aes256 -out ca.key.pem 4096

Enter the pass phrase to protect the file.

Create the root CA certificate:

openssl req -new -x509 -days 365 -key ca.key.pem -out ca.cert.pem

Enter the pass phrase you entered when creating the root private key.
Enter the values for prompted questions for the certificate.

Create a server certificate

Generate a server private key:

openssl genrsa -aes256 -out my.test.cert.com.key.pem 4096

Enter the pass phrase to protect the file.

Now we can create a certificate signing request (CSR) to allow us to sign the server certificate with the root CA (you can also do this with an intermediate CA)

openssl req -new -key my.test.cert.com.key.pem -out sign-request.csr

Enter the pass phrase you entered when creating the root private key.
Enter the values for prompted questions for the certificate.

Now you can sign a new client certificate (using sha1 message digest) for your server with the CSR:

openssl ca -keyfile ca.key.pem -cert ca.cert.pem -in sign-request.csr -out my.test.cert.com.pem -md sha1

Enter the pass phrase you entered when creating the root private key.

Create a client certificate

Generate a client private key:

openssl genrsa -aes256 -out client.key.pem 4096

Enter the pass phrase to protect the file.

Now we can create a certificate signing request (CSR) to allow us to sign the client certificate with the root CA (you can also do this with an intermediate CA)

openssl req -new -key client.key.pem -out client-sign-request.csr

Enter the pass phrase you entered when creating the root private key.
Enter the values for prompted questions for the certificate.

Now you can sign a new client certificate (using sha1 message digest) for your server with the CSR:

openssl ca -keyfile ca.key.pem -cert ca.cert.pem -in client-sign-request.csr -out client.cert.pem -md sha1

Enter the pass phrase you entered when creating the root private key.

References:

https://jamielinux.com/articles/2013/08/act-as-your-own-certificate-authority/
https://jamielinux.com/articles/2013/08/create-and-sign-ssl-certificates-certificate-authority/


Wednesday, July 9, 2014

SED unix utility explained

SED is a great unix utility that enables you to manipulate the contents of a file with simple regular expressions. Say for instance if you wanted to remove the first line in a file:

sed -i '1d' /filepath/hello.txt

The above command specified to insert the text into the file i.e. modify the file specified after the command.
The '1d' tells sed to delete the first line from the file.

You can also replace text in files e.g:

sed -i 's/text your looking for/text you want to replace it with/' /filepath/hello.txt

The above statement will find the text: "text your looking for" and replace it with "text you want to replace it with" the 's' in the beginning stands for pattern space. The syntax explained:

s/regex/replacement/

Have fun with it!

Wednesday, January 8, 2014

Java bitwise operations and bit masks



I recently needed to refresh my understanding of simple bitwise operations.

Here is a good article i used to understand it: http://rodrigosasaki.com/2013/06/06/bit-shift-and-bitwise-operators/

This article explains how to represent various options in a bit mask: http://www.vipan.com/htdocs/bitwisehelp.html

Sunday, June 30, 2013

Login via ssh without providing a password

Here are the easy steps to add you public ssh keys onto a remote host so you dont have to continue entering your password when connecting via ssh:

I am running osx so I had to install ssh-copy-id (tool that allows you to copy the public ssh key to remote host) from a port to OSX from:

curl https://raw.github.com/beautifulcode/ssh-copy-id-for-OSX/master/ssh-copy-id.sh -o /usr/local/bin/ssh-copy-id
chmod +x /usr/local/bin/ssh-copy-id


Then generate your public key and send to the remote host:

Step 1: Create public and private keys using ssh-key-gen on local-host

jsmith@local-host$ [Note: You are on local-host here]

jsmith@local-host$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/jsmith/.ssh/id_rsa):[Enter key]
Enter passphrase (empty for no passphrase): [Press enter key]
Enter same passphrase again: [Pess enter key]
Your identification has been saved in /home/jsmith/.ssh/id_rsa.
Your public key has been saved in /home/jsmith/.ssh/id_rsa.pub.
The key fingerprint is:
33:b3:fe:af:95:95:18:11:31:d5:de:96:2f:f2:35:f9 jsmith@local-host

Step 2: Copy the public key to remote-host using ssh-copy-id

jsmith@local-host$ ssh-copy-id -i ~/.ssh/id_rsa.pub remote-host
jsmith@remote-host's password:
Now try logging into the machine, with "ssh 'remote-host'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.
Note: ssh-copy-id appends the keys to the remote-host’s .ssh/authorized_key.

Step 3: Login to remote-host without entering the password

jsmith@local-host$ ssh remote-host
Last login: Sun Nov 16 17:22:33 2008 from 192.168.1.2
[Note: SSH did not ask for password.]

jsmith@remote-host$ [Note: You are on remote-host here]

Thursday, May 23, 2013

ThreadLocal in thread pools

ThreadLocals not happy in Thread Pools


I recently ran into a problem where i was trying to propogate a value over using a ThreadLocal.
The problem was i was doing it in a scenario where the threads being executed where in a thread pool which cause problems where ThreadLocal values where being shared between different threads.

A better approach is to have a static map which allows you to use the current thread (Thread.currentThread()) to map to your value. Just remember to clear the entry from the map when your done using it so the thread can die.

http://blog.maxant.co.uk/pebble/2008/09/23/1222200780000.html

Tuesday, July 24, 2012

Testing your javascript with BDD

It seems like nowadays people that write javascript just hack the heck out the code and produce reams of code without testing it properly. I went about to try and correct my evil past ways and try and drive out my code with some behavior driven design. I used the Jasmine framework to write my tests which provides a nice GUI to see your tests running. This is what Jasmine framework is describes as:
Jasmine is a behavior-driven development framework for testing JavaScript code. It does not depend on any other JavaScript frameworks. It does not require a DOM. And it has a clean, obvious syntax so that you can easily write tests.
All you need to do it download the standalone version and cull out the existing files in 'src' and 'specs' directories (they are just examples), implement your test spec and add the source files to the SpecRunner.html and vwala you have a nice little JS test suite. Jasmine Documentation Reference Example Tutorial