Recently I making some enhancements with set of REST api services. To verify that my changes worked as expected I used the tool Advanced REST client Chrome extension to make calls against the end points. The tool is not only useful for making calls against REST endpoint but can be use to place any type of HTTP request where you need to set the headers or other aspects of an HTTP request. A nice complement to the Chrome Developer Tools. However I encountered and issue while attempting the connect to the service running on my local machine. Specifically the issue had to do with the fact that The X.509 certificate I was using was invalid. This came as no surprise to me as I created the certificate just to test the ssl connection with little care for if it was valid or not. Although Chrome allow you to make an exception in such cases where it encounters an invalid certificate there appears to be no way to get around the issue in the Advanced REST client. To be able to use the client meant that I would have to create a self signed certificate and use it to sign a certificate that will be stored in a java keystore used by tomcat. What follows is the steps I took to do just that.
Step 1: First using openssl create the server private key that will be used to sign the service
openssl genrsa -aes128 -out server.key 2048
Step 2: create the server csr (Certificate Signing Request)
openssl req -new -key server.key -out server.csr
Step 3: Remove the passphrasse from the key (Optional)
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
Step 4: Generate the self signed certificate
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Step 5: Create a keypair for ‘tomcat’
keytool -genkey -alias tomcat -keyalg RSA -keystore keystore.jks
Step 6: Generate a CSR (Certificate Signing Request) for tomcat
keytool -keystore keystore.jks -alias tomcat -certreq -file tomcat.csr
Step 7: Create unique serial number
echo 02 > serial.txt
Step 8: Sign the tomcat CSR
openssl x509 -CA server.crt -CAkey server.key -CAserial serial.txt -req -in tomcat.csr -out tomcat.cer -days 365
Step 9: Import the server CA certificate into the keystore
keytool -import -alias serverCA -file server.crt -keystore keystore.jks
Step 10: Add the tomcat certificate to the keystore
keytool -import -alias tomcat -file tomcat.cer -keystore keystore.jks
For more information on creating a Java Keytool Self Signed Certificate, see the following links:
Are vegetables growing in the Sahara?
Keeping track information used to build a package deployed in a production environment can very useful when trying to identify unwanted issues that may occur in that environment. Recently I was working on a java project managed using a git repository and built using gradle and wanted to have commit information, build time, etc. along side the package.
gradle init --type java-library
git init .
echo ".gradle" > .gitignore
git add .
git commit -m "Inital commit"
After doing a bit of digging around on the web I was able to find a the gradle-git plugin I then used to help me to retrieve the information I wanted from the git repo. To configure the plugin in my gradle build file I added the following changes.
apply plugin: ‘org.ajoberstar.grgit’
description = “sample project”
version = “1.0”
def repo = Grgit.open(‘.’)
“Implementation-Vendor” :”My Organization”,
“Implementation-Timestamp”: new Date().format(“yyyy-MM-dd’T’HH:mm:ssZ”),
“Git-Branch”: repo.branch.getCurrent().getName() ], common”)
Once all the changes were applied to the build.gradle file I ran the following command to build the project.
To verify that the all information was added to the manifest file after it was built I then executed the following command.
Specification-Title: sample project
Implementation-Vendor: Some Organization
Check to sample project on github.
I have a Tomcat webapp that I work with that does not like having 8080 and 8443 in the url. To get around this I’ve always setup an apache with mod_jk to proxy request. However I found this very cumbersome and need a simpler way to setup the project running on tomcat without having to setup apache as well. To get around this problem I found a set of Iptables rules that redirected the port 80 to 8080 and port 443 to 8443.
sudo iptables -t nat -i eth0 -D PREROUTING -j REDIRECT -p tcp --destination-port 443 --to-ports 8443
sudo iptables -t nat -A OUTPUT -o lo -p tcp --dport 80 -j REDIRECT --to-port 8080
sudo iptables -A FORWARD -p tcp --destination-port 80 -j ACCEPT
sudo iptables -t nat -A OUTPUT -o lo -p tcp --dport 443 -j REDIRECT --to-port 8443
I stumbled upon this amazing video by Scott Manly that shows the Asteroid Discovery from 1980 – 2012. What’s really amazing to me is that in spite of all the rocks floating around in space we spared from the brunt of a major impact. The question is “for how long?” Hope you enjoy the video below.
I thought I’d share my experience with importing the a tab delimited file into an sqlite db as documentation on how to do so is not that easy to find on the web.
In my example I will be importing the US Census ZIP Code Tabulation Area file for 2010. Once you’ve downloaded the file unzip then create the sqlite db and then you’re ready to perform data import. The code block below contains the series of commands which I perform.
cat Gaz_zcta_national.txt | tail -n +2 > Gaz_zcta_national.csv
CREATE TABLE IF NOT EXISTS zcta(geoid text primary key, population integer, housingunitcnt integer, land_area_metric real, water_area_metric real, land_area_eng real, water_area_eng real, lat real, lng real);
.import Gaz_zcta_national.txt zcta
select * from zcta;