Creating a self signed cert for development

Recently I making some enhancements with set of REST api services. To verify that my changes worked as expected I used the tool Advanced REST client Chrome extension to make calls against the end points. The tool is not only useful for making calls against REST endpoint but can be use to place any type of HTTP request where you need to set the headers or other aspects of an HTTP request. A nice complement to the Chrome Developer Tools. However I encountered and issue while attempting the connect to the service running on my local machine. Specifically the issue had to do with the fact that The X.509 certificate I was using was invalid. This came as no surprise to me as I created the certificate just to test the ssl connection with little care for if it was valid or not. Although Chrome allow you to make an exception in such cases where it encounters an invalid certificate there appears to be no way to get around the issue in the Advanced REST client. To be able to use the client meant that I would have to create a self signed certificate and use it to sign a certificate that will be stored in a java keystore used by tomcat. What follows is the steps I took to do just that.

Step 1: First using openssl create the server private key that will be used to sign the service

openssl genrsa -aes128 -out server.key 2048

Step 2: create the server csr (Certificate Signing Request)

openssl req -new -key server.key -out server.csr

Step 3: Remove the passphrasse from the key (Optional)

cp server.key server.key.org
openssl rsa -in server.key.org -out server.key

Step 4: Generate the self signed certificate

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Step 5: Create a keypair for ‘tomcat’

keytool -genkey -alias tomcat -keyalg RSA -keystore keystore.jks

Step 6: Generate a CSR (Certificate Signing Request) for tomcat

keytool -keystore keystore.jks -alias tomcat -certreq -file tomcat.csr

Step 7: Create unique serial number

echo 02 > serial.txt

Step 8: Sign the tomcat CSR

openssl x509 -CA server.crt -CAkey server.key -CAserial serial.txt -req -in tomcat.csr -out tomcat.cer -days 365

Step 9: Import the server CA certificate into the keystore

keytool -import -alias serverCA -file server.crt -keystore keystore.jks

Step 10: Add the tomcat certificate to the keystore

keytool -import -alias tomcat -file tomcat.cer -keystore keystore.jks

 

For more information on creating a Java Keytool Self Signed Certificate, see the following links:

Adding Git commit information to java jar manifest using Gradle

Keeping track information used to build a package deployed in a production environment can very useful when trying to identify unwanted issues that may occur in that environment. Recently I was working on a java project managed using a git repository and built using gradle and wanted to have commit information, build time, etc. along side the package.


mkdir myproject
cd myproject
gradle init --type java-library
git init .
echo ".gradle" > .gitignore
git add .
git commit -m "Inital commit"

After doing a bit of digging around on the web I was able to find a the gradle-git plugin I then used to help me to retrieve the information I wanted from the git repo. To configure the plugin in my gradle build file I added the following changes.


buildscript {
repositories {
mavenCentral()
}
dependencies {
classpath 'org.ajoberstar:gradle-git:1.4.2'
}
}

apply plugin: ‘org.ajoberstar.grgit’

description = “sample project”
version = “1.0”

import org.ajoberstar.grgit.*
def repo = Grgit.open(‘.’)
jar {
manifest {
attributes(“Built-By”: System.getProperty(“user.name”))
attributes([“Specification-Title”: project.description,
“Specification-Version”: version,
“Implementation-Title”: project.name,
“Implementation-Version”: 1,
“Implementation-Vendor” :”My Organization”,
“Implementation-Timestamp”: new Date().format(“yyyy-MM-dd’T’HH:mm:ssZ”),
“Git-Commit”: repo.head().getAbbreviatedId(8),
“Git-Branch”: repo.branch.getCurrent().getName() ], common”)
}
from sourceSets.main.output
}

 

Once all the changes were applied to the build.gradle file I ran the following command to build the project.


./gradlew build

To verify that the all information was added to the manifest file after it was built I then executed the following command.


cat build/tmp/jar/MANIFEST.MF

Output:

Manifest-Version: 1.0
Built-By: amir

Name: common
Specification-Title: sample project
Specification-Version: 1.0
Implementation-Title: sample-gradle-git
Implementation-Version: 1
Implementation-Vendor: Some Organization
Implementation-Timestamp: 2016-03-10T18:30:19-0500
Git-Commit: e5957e11
Git-Branch: master

Check to sample project on github.

Redirect port 80 and 8443 to 443 to 8443 using iptables

I have a Tomcat webapp that I work with that does not like having 8080 and 8443 in the url. To get around this I’ve always setup an apache with mod_jk to proxy request. However I found this very cumbersome and need a simpler way to setup the project running on tomcat without having to setup apache as well. To get around this problem I found a set of Iptables rules that redirected the port 80 to 8080 and port 443 to 8443.


sudo iptables -t nat -i eth0 -D PREROUTING -j REDIRECT -p tcp --destination-port 443 --to-ports 8443
sudo iptables -t nat -A OUTPUT -o lo -p tcp --dport 80 -j REDIRECT --to-port 8080
sudo iptables -A FORWARD -p tcp --destination-port 80 -j ACCEPT
sudo iptables -t nat -A OUTPUT -o lo -p tcp --dport 443 -j REDIRECT --to-port 8443

What lurks in the heavens above

I stumbled upon this amazing video by Scott Manly that shows the Asteroid Discovery from 1980 – 2012. What’s really amazing to me is that in spite of all the rocks floating around in space we spared from the brunt of a major impact. The question is “for how long?” Hope you enjoy the video below.

Importing a tab delimited file with sqlite

I thought I’d share my experience with importing the a tab delimited file into an sqlite db as documentation on how to do so is not that easy to find on the web.

In my example I will be importing the US Census ZIP Code Tabulation Area file for 2010. Once you’ve downloaded the file unzip then create the sqlite db and then you’re ready to perform data import. The code block below contains the series of commands which I perform.


unzip Gaz_zcta_national.zip
cat Gaz_zcta_national.txt | tail -n +2 > Gaz_zcta_national.csv
sqlite3 zcta.db
CREATE TABLE IF NOT EXISTS zcta(geoid text primary key, population integer, housingunitcnt integer, land_area_metric real, water_area_metric real, land_area_eng real, water_area_eng real, lat real, lng real);
.mode csv
.separator "t"
.import Gaz_zcta_national.txt zcta
select * from zcta;
.quit

That modern “green thing”

Got the following in a forwarded email. Usually don’t share but I found this one very interesting. Enjoy…

Worth a few moments of reading…

That modern “green thing”

A somewhat “older” woman was at a checkout stand in a supermarket The helpful, young cashier suggested that the older woman should bring her own grocery bags, because plastic bags weren’t good for the environment.

The older woman apologized and explained, “We didn’t have this “green thing” back in my earlier days.”

The clerk responded, “That’s our problem today. Your generation did not care enough to save our environment for future generations.”
She was right — our generation didn’t have the green thing in its day.

Back then, we returned milk bottles, soda bottles and beer bottles to the store. The store sent them back to the plant to be washed and sterilized and refilled, so the same bottles could be used hundreds of times. So they really were recycled. But we didn’t have the green thing back in our day.

Stores bagged our groceries in brown paper bags, which we reused for numerous things. Most memorable besides household garbage bags, was the use of brown paper bags as covers for our school books. This was to ensure that public property, (the books provided for our use by the school) was not defaced by our graffiti. Then we were able to personalize our books without vandalizing them. Too bad we didn’t do the green thing back then.

We walked up stairs, because we didn’t have an escalator in every store and office building. We walked to the grocery store and didn’t climb into a 300-horsepower machine every time we had to go two blocks. But she was right. We didn’t have the green thing in our day.

Back then, we washed the baby’s diapers because we didn’t have the throw-away kind. We dried clothes on a line, not in an energy-gobbling 240-volt machine. Wind and solar power really did dry our clothes back in our early days. Kids got hand-me-down clothes from their brothers or sisters, not always brand-new clothing. But that young lady is right; we didn’t have the green thing back in our day.

Back then, we had one TV, or radio, in the house — not a TV in every room. And the TV had a small screen the size of a handkerchief (remember them?), not a screen the size of the state of Montana. In the kitchen, we blended and stirred by hand because we didn’t have electric machines to do everything for us.

When we packaged a fragile item to send in the mail, we used wadded up old newspapers to cushion it, not Styrofoam or plastic bubble wrap. Back then, we didn’t fire up an engine and burn gasoline just to cut the lawn. We used a push mower that ran on human power. We exercised by working, so we didn’t need to go to a health club to run on treadmills that operate on electricity. But she’s right – we didn’t have the green thing back then.

We drank from a fountain when we were thirsty instead of using a cup or a plastic bottle every time we had a drink of water. We refilled writing pens with ink instead of buying a new pen, and we replaced the razor blades in a razor instead of throwing away the whole razor just because the blade got dull. But we didn’t have the green thing back then.

Back then, people took the streetcar or a bus, and kids rode their bikes to school or walked, instead of turning their moms into a 24-hour taxi service. We had one electrical outlet in each room, not an entire bank of sockets to power a dozen appliances. And we didn’t need a computerized gadget to receive a signal beamed from satellites in outer space, in order to find the nearest burger joint.

But isn’t it sad that the current generation laments how wasteful we old folks were, just because we didn’t have the green thing back then?

Please forward this on to another selfish old person who needs a lesson in conservation from smartass young people.

We don’t like being old in the first place, so it doesn’t take much to piss us off.