Some time ago I was developing JavaScript functionality for Web application. But some strange behavior was detected when I was testing it. After debugging I have detected that my counter variable was changed in some very strange way.
Actually the problem was in counter variable declaration. Here is an example of problematic code:
for (i=0; i<n; i++) {
// invocation of some other functions
}
But the correct way to use FOR loop should be like in the following example:
for (var i=0; i<n; i++) {
// invocation of some other functions
}
In the first example of FOR loop we work with "i" variable of global scope. And that is the problem. Because inside the loop there can be some functions that also works with "i" variable of global scope. And in this case "i" variable will be changed in strange way.
In the second example you see the correct way of using of counter variable. In this case we work with local varible and it should be changed as we expect.
Sunday, October 26, 2008
Tuesday, October 14, 2008
How to secure email using S/MIME standard
S/MIME
S/MIME (Secure / Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of e-mail encapsulated in MIME.
Java Libraries
There are several Java libraries for S/MIME encryption: ISNetworks S/MIME (link did not work last time I was trying to locate it), CMS-S/MIME, JSMIME, JavaMail-Crypto etc. But JavaMail-Crypto library is the easiest in use with Java Mail. It uses Bouncy Castle libraries (the bcprov-jdk14-139.jar (BouncyCastle JCE provider) and the bcmail-jdk14-139.jar (BouncyCastle S/MIME implementation) files).
Code Examples for Encryption and Signing
How to encrypt email message using JavaMail-Crypto example:
public MimeMessage encrypt(Session session, MimeMessage mimeMessage) throws Exception {
// Getting of the S/MIME EncryptionUtilities.
EncryptionUtils encUtils = EncryptionManager.getEncryptionUtils(EncryptionManager.SMIME);
// Loading of the S/MIME keystore from the file (stored as resource).
char[] keystorePass = "keystore pass".toCharArray();
EncryptionKeyManager encKeyManager = encUtils.createKeyManager();
encKeyManager.loadPublicKeystore(
getClass().getResourceAsStream("/keystore.p12"),
keystorePass);
// Getting of the S/MIME public key for encryption.
Key publicKey = encKeyManager.getPublicKey("Key Alias");
// Encrypting the message.
return encUtils.encryptMessage(session, mimeMessage, publicKey);
}
How to sign email message using JavaMail-Crypto example:
public MimeMessage sign(Session session, MimeMessage mimeMessage) throws Exception {
// Getting of the S/MIME EncryptionUtilities.
EncryptionUtils encUtils = EncryptionManager.getEncryptionUtils(EncryptionManager.SMIME);
// Loading of the S/MIME keystore from the file (stored as resource).
char[] keystorePass = "keystore pass".toCharArray();
EncryptionKeyManager encKeyManager = encUtils.createKeyManager();
encKeyManager.loadPrivateKeystore(
getClass().getResourceAsStream("/keystore.p12"), keystorePass);
// Getting of the S/MIME private key for signing.
Key privateKey = encKeyManager.getPrivateKey("Key Alias", keystorePass);
// Signing the message.
return encUtils.signMessage(session, mimeMessage, privateKey);
}
Source Code
You can download source code from here.
Troubleshooting
To run this code you will need to install Unlimited Strength Jurisdiction Policy Files for your JDK: http://java.sun.com/j2se/1.4.2/download.html. If it is not installed you will have one of the following exceptions:
"java.lang.SecurityException: Unsupported keysize or algorithm parameters"
or
"java.security.InvalidKeyException: Illegal key size"
Email Client Setup
To read email messages encrypted with S/MIME encryption standard you will need to import your PKCS12 certificate into the email client you use. If you use Mozilla Thunderbird email client you should do following:
Tools -> Options -> Advanced -> Certificates -> View Certificates -> Your Certificates -> Import
and select your keystore.p12 PKCS12 certificate file. Use your keystore password to import PKCS12 certificate.
After performing this steps you will be able to read messages encrypted by your certificate.
Certificate Generation
PKCS12, Personal Information Exchange Syntax Standard, certificates can be used for things such as email signing and file signing. They are different from other certificates in that rather than being only the public or private certificate, they are a combination of both plus the root certificate. This means the person they are made for only has to worry with one file.
Certificate generation using OpenSSL
To generate PKCS12 certificate using OpenSSL follow the steps from the "Creating PKCS12 Certificates" article.
Certificate generation using Thawte
There is ability to generate certificate using Thawte service:
https://www.thawte.com/secure-email/personal-email-certificates/index.html?click=main-nav-products-email
S/MIME (Secure / Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of e-mail encapsulated in MIME.
Java Libraries
There are several Java libraries for S/MIME encryption: ISNetworks S/MIME (link did not work last time I was trying to locate it), CMS-S/MIME, JSMIME, JavaMail-Crypto etc. But JavaMail-Crypto library is the easiest in use with Java Mail. It uses Bouncy Castle libraries (the bcprov-jdk14-139.jar (BouncyCastle JCE provider) and the bcmail-jdk14-139.jar (BouncyCastle S/MIME implementation) files).
Code Examples for Encryption and Signing
How to encrypt email message using JavaMail-Crypto example:
public MimeMessage encrypt(Session session, MimeMessage mimeMessage) throws Exception {
// Getting of the S/MIME EncryptionUtilities.
EncryptionUtils encUtils = EncryptionManager.getEncryptionUtils(EncryptionManager.SMIME);
// Loading of the S/MIME keystore from the file (stored as resource).
char[] keystorePass = "keystore pass".toCharArray();
EncryptionKeyManager encKeyManager = encUtils.createKeyManager();
encKeyManager.loadPublicKeystore(
getClass().getResourceAsStream("/keystore.p12"),
keystorePass);
// Getting of the S/MIME public key for encryption.
Key publicKey = encKeyManager.getPublicKey("Key Alias");
// Encrypting the message.
return encUtils.encryptMessage(session, mimeMessage, publicKey);
}
How to sign email message using JavaMail-Crypto example:
public MimeMessage sign(Session session, MimeMessage mimeMessage) throws Exception {
// Getting of the S/MIME EncryptionUtilities.
EncryptionUtils encUtils = EncryptionManager.getEncryptionUtils(EncryptionManager.SMIME);
// Loading of the S/MIME keystore from the file (stored as resource).
char[] keystorePass = "keystore pass".toCharArray();
EncryptionKeyManager encKeyManager = encUtils.createKeyManager();
encKeyManager.loadPrivateKeystore(
getClass().getResourceAsStream("/keystore.p12"), keystorePass);
// Getting of the S/MIME private key for signing.
Key privateKey = encKeyManager.getPrivateKey("Key Alias", keystorePass);
// Signing the message.
return encUtils.signMessage(session, mimeMessage, privateKey);
}
Source Code
You can download source code from here.
Troubleshooting
To run this code you will need to install Unlimited Strength Jurisdiction Policy Files for your JDK: http://java.sun.com/j2se/1.4.2/download.html. If it is not installed you will have one of the following exceptions:
"java.lang.SecurityException: Unsupported keysize or algorithm parameters"
or
"java.security.InvalidKeyException: Illegal key size"
Email Client Setup
To read email messages encrypted with S/MIME encryption standard you will need to import your PKCS12 certificate into the email client you use. If you use Mozilla Thunderbird email client you should do following:
Tools -> Options -> Advanced -> Certificates -> View Certificates -> Your Certificates -> Import
and select your keystore.p12 PKCS12 certificate file. Use your keystore password to import PKCS12 certificate.
After performing this steps you will be able to read messages encrypted by your certificate.
Certificate Generation
PKCS12, Personal Information Exchange Syntax Standard, certificates can be used for things such as email signing and file signing. They are different from other certificates in that rather than being only the public or private certificate, they are a combination of both plus the root certificate. This means the person they are made for only has to worry with one file.
Certificate generation using OpenSSL
To generate PKCS12 certificate using OpenSSL follow the steps from the "Creating PKCS12 Certificates" article.
Certificate generation using Thawte
There is ability to generate certificate using Thawte service:
https://www.thawte.com/secure-email/personal-email-certificates/index.html?click=main-nav-products-email
Sunday, October 5, 2008
How to setup Apache Tomcat for remote debugging
If you want to debug your application deployed to Apache Tomcat you have to:
Your IDE can connect to Apache Tomcat remotely using JPDA. To enable it you have to set JPDA environment variable before starting of Apache Tomcat and then start it.
For Unix use following commands:
export JPDA_ADDRESS=5005
export JPDA_TRANSPORT=dt_socket
catalina.sh jpda start
For Windows use:
set JPDA_ADDRESS=5005
set JPDA_TRANSPORT=dt_socket
catalina.bat jpda start
If you need suspend execution immediately after startup you should set JPDA_SUSPEND=y option:
For Unix use following commands:
export JPDA_SUSPEND=y
For Windows use:
set JPDA_SUSPEND=y
In this case after startup JVM will wait while you will connect to it remotely through debugger.
Setting up IDE
Setting of IDE to debug your application deployed to Apache Tomcat dependents on the concrete IDE you use. But in all cases you have to set host (host of the computer where tomcat is started) and JPDA port (port number that was specified in JPDA_ADDRESS environment variable).
- setup Apache Tomcat
- setup your favorite java IDE (IntelliJ IDEA, Eclipse etc)
Your IDE can connect to Apache Tomcat remotely using JPDA. To enable it you have to set JPDA environment variable before starting of Apache Tomcat and then start it.
For Unix use following commands:
export JPDA_ADDRESS=5005
export JPDA_TRANSPORT=dt_socket
catalina.sh jpda start
For Windows use:
set JPDA_ADDRESS=5005
set JPDA_TRANSPORT=dt_socket
catalina.bat jpda start
If you need suspend execution immediately after startup you should set JPDA_SUSPEND=y option:
For Unix use following commands:
export JPDA_SUSPEND=y
For Windows use:
set JPDA_SUSPEND=y
In this case after startup JVM will wait while you will connect to it remotely through debugger.
Setting up IDE
Setting of IDE to debug your application deployed to Apache Tomcat dependents on the concrete IDE you use. But in all cases you have to set host (host of the computer where tomcat is started) and JPDA port (port number that was specified in JPDA_ADDRESS environment variable).
Subscribe to:
Posts (Atom)