Notes on openssl and keytool

Generate an plain pem file including the private and public key
openssl genrsa -out rsa-2048bit-key-pair.pem 2048

Generate an jks file including the private, public key and selfsigned certificate
keytool -genkey -keyalg RSA –keysize 2048 -alias rsa-2048 -keystore keystore.jks

Generate an encrypted pem file with passphrase from scratch - It's equivalent to create the "root key"
openssl genrsa -aes128 -passout pass:myP4ss -out rsa-2048bit-key-pair-encrypted.pem 2048

Generate an encrypted pem file with passphrase from plain pem file
openssl rsa -in rsa-2048bit-key-pair.pem -aes128 -passout pass:myP4ss -out rsa-2048bit-key-pair-encrypted.pem

Remove the passphrase and the encryption:
openssl rsa -in rsa-2048bit-key-pair-encrypted.pem -out rsa-2048bit-key-pair-nonencrypted.pem

Extract the public key:
openssl rsa -in rsa-2048bit-key-pair.pem -pubout -out rsa-2048bit-public-key.pem

what's inside the public key file
openssl rsa -noout -text -inform PEM -in rsa-2048bit-public-key.pem -pubin

what's inside the private key file
openssl rsa -noout -text -in rsa-2048bit-key-pair.pem

Creating an empty keystore jks
keytool -genkey -keyalg RSA –keysize 2048 -alias alias-example -keystore keystore.jks
keytool -delete -alias alias-example -keystore keystore.jks

Creating an empty keystore jceks
keytool -genseckey -keyalg AES -keysize 256 -alias alias-example -storetype jceks -keystore keystore.jck
keytool -delete -alias alias-example -storetype jceks -keystore keystore.jck

Convert pem file into DER format
openssl pkcs8 -topk8 -nocrypt -in rsa-2048bit-key-pair.pem -inform PEM -out rsa-2048bit-key-pair.der -outform DER

Generate a Self-Signed Certificate from an Existing Private Key
openssl req -key rsa-2048bit-key-pair.pem -new -x509 -days 365 -out self-signed-certificate.crt

Generate the CSR
openssl req -new -sha256 -key rsa-2048bit-key-pair.pem -out certificate-signing-request.csr

Generate the PKCS 12 file using your private key and CA self signed certificate of it
openssl pkcs12 -export -in self-signed-certificate.crt -inkey rsa-2048bit-key-pair.pem -certfile self-signed-certificate.crt -out rsa-2048bit-key-pair.p12

Import pkcs12 into JKS
keytool -importkeystore -srckeystore rsa-2048bit-key-pair.p12 -srcstoretype pkcs12 -srcalias 1 -destalias rsa-2048 -destkeypass k3y -destkeystore keystore.jks -deststoretype JKS

List Keys in JKS
keytool -list -v -keystore keystore.jks

Rename Alias
keytool -changealias -alias domain -destalias newdomain -keystore keystore.jks

List pkcs12
keytool -v -list -storetype pkcs12 -keystore rsa-2048bit-key-pair.p12

List jceks
keytool -v -list -storetype jceks -keystore keystore.jck

Export public key from keystore to pem
keytool -exportcert -rfc -alias rsa-2048 -keystore keystore.jks -file rsa-2048-crt.pem
openssl x509 -in rsa-2048-crt.pem -pubkey -noout > rsa-2048-public-key.pem

Symmetric encription with AES 256
openssl enc -aes-256-cbc -k secret -P -md sha256

Generation of key, iv for symmetric encription with AES 128
openssl enc -aes-256-cbc -k secret -P -md sha1
Advertisements

Direct access on docker windows

Create an direct access in windows like this:
Destiny: C:\Windows\System32\cmd.exe /k “D:\mplescano\programs\DockerToolbox\mplescano.cmd”
Home:D:\mplescano\programs\DockerToolbox

The content of mplescano.cmd is:
´´set proxy=http://pxsis.sunat.peru:8080
set HTTP_PROXY=%proxy%
set HTTPS_PROXY=%proxy%
set PATH=%PATH%;D:\mplescano\programs\DockerToolbox
docker-machine.exe start mplescano
for /f %%j in (‘docker-machine.exe ip mplescano’) do set DOCKER_HOST=%%j
SET NO_PROXY=%DOCKER_HOST%,192.168.32.1,localhost
@FOR /f “tokens=*” %%i IN (‘docker-machine.exe env mplescano’) DO @%%i
“C:\Program Files (x86)\Git\bin\bash.exe” –login -i

´´

 

Spring AOP Transacional

  
    <!-- Para que funcione @annotation se tuvo que agregar una nueva version de aspectj 1.7.2 en el lib del ws-ear y sobrecargar el paquete en el weblogic-application.xml -->    
<!-- Para que funcione @annotation se tuvo que agregar una nueva version de aspectj 1.7.2 en el lib del ws-ear y sobrecargar el paquete en el weblogic-application.xml -->    
<!-- Se comentó tx:annotation-driven en favor de pointcut para tener un mayor control sobre que paquetes debe usar el maestros.transactionManager y         no colisionar con otros transactionManager --> 
<!-- <aop:config>
 <aop:pointcut id="maestro.transactional" expression="execution(* pe.gob.sunat.iqbf2.registro.maestros.service.impl.*.*(..)) &amp;&amp; @annotation(org.springframework.transaction.annotation.Transactional)"/> 
<aop:advisor pointcut-ref="maestro.transactional" advice-ref="maestro.txadvice"/> 
</aop:config>
 <bean name="maestro.txadvice" class="org.springframework.transaction.interceptor.TransactionInterceptor"> 
<property name="transactionManagerBeanName" value="transactionManager" /> 
<property name="transactionAttributeSource">
        <bean class="org.springframework.transaction.annotation.AnnotationTransactionAttributeSource"/>
        </property> </bean> -->
 <!-- ======================== -->
        <!-- Crea un transaction manager JTA de id transactionManager -->
    <!-- Esto para asegurar que la transaccion sea independiente del datasource, y la transaccion sea multi-datasource -->
    <!-- Los datasources tienen que ser obtenidos desde jndi -->
    <!-- <tx:jta-transaction-manager/> -->

@see http://forum.spring.io/forum/spring-projects/data/112418-custom-transactionannotationparser-without-aspectj

´
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"/>

<bean name="org.springframework.transaction.annotation.AnnotationTransactionAttributeSource#0"
class="org.springframework.transaction.annotation.AnnotationTransactionAttributeSource">
<constructor-arg index="0">
<bean class="com.example.MyTransactionAnnotationParser" />
</constructor-arg>
</bean> <bean name="org.springframework.transaction.interceptor.TransactionInterceptor#0"
class="org.springframework.transaction.interceptor.TransactionInterceptor">
<property name="transactionManagerBeanName" value="transactionManager" />
<property name="transactionAttributeSource" ref="org.springframework.transaction.annotation.AnnotationTransactionAttributeSource#0" />
</bean>

<bean id="org.springframework.transaction.config.internalTransactionAdvisor"
class="org.springframework.transaction.interceptor.BeanFactoryTransactionAttributeSourceAdvisor">
<property name="transactionAttributeSource" ref="org.springframework.transaction.annotation.AnnotationTransactionAttributeSource#0" />
<property name="adviceBeanName" value="org.springframework.transaction.interceptor.TransactionInterceptor#0"/>
</bean> ´

Apache James 3.0-RC1 Intallation and Configuration in Jdk 1.6

Download from
http://www.apache.org/dist/james/server/james-server-app-3.0.0-RC1-app.zip

Unzip to /oracle/james-server-app-3.0.0-RC1/

Then, you have to copy and rename configurations files from the template files in the conf/ folder
cp indexer-template.xml indexer.xml
cp quota-template.xml quota.xml
cp events-template.xml events.xml
cp managesieveserver-template.xml managesieveserver.xml

Look into the configuration of this repo. it could help:
https://github.com/apache/james-project/tree/master/dockerfiles/run/spring/destination/conf

Misc:
* This command can help you to find details of an compiled class
javap -verbose -classpath /oracle/james-server-app-3.0.0-RC1/lib/joda-time-2.9.4.jar org.joda.time.base.BaseDateTime

  • This command can help you to find a class file in a folder of jar files:
    grep BaseDateTime.class ../lib/.jar (only works in dir containing jar files)
    find ../lib/ -type f -name ‘
    .jar’ -print0 | xargs -0 -I ‘{}’ sh -c ‘jar tf {} | grep Hello.class && echo {}’

  • This command can help you to find the the xml file that contains that word.
    grep -R –include=”.xml” “admin” /oracle/james-server-app-3.0.0-RC1
    or this grep -r -R –include=”
    .xml” -F “8280” /opt/wso2/ei

You have to eliminate the package joda-time in the jar elasticsearch-2.2.1.jar inside the conf folder. Because is compiled in java 7 version.

You have to eliminate the jar files lucene-analyzers-common-5.4.1.jar and lucene-backward-codecs-5.4.1.jar from the conf folder.

You have to execute the james server like this:
sudo /oracle/james-server-app-3.0.0-RC1/bin/james start

You can follow the status of the james server:
sudo /oracle/james-server-app-3.0.0-RC1/bin/james status

You can see the log file of the james server:
cat /oracle/james-server-app-3.0.0-RC1/log/james-server.log

You can add domain like this:
sudo /oracle/james-server-app-3.0.0-RC1/bin/james-cli.sh -h localhost adddomain mydomain.com

See more information in https://james.apache.org/server/3/install.html

Notes on Ransomware WannaCry

#see
http://unaaldia.hispasec.com/2017/05/un-ransomware-ataca-multiples-companias.html
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
- Block the ports 137/UDP y 138/UDP 139/TCP y 445/TCP.

#Catalog of patches
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012215

#How to disable the smbv1
http://kb.bodhost.com/steps-to-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-servers/
Disables the SMBv1 on the SMB client by running the below commands:
sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled

Enables the SMBv1 on the SMB client by running the below commands:
sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi
sc.exe config mrxsmb10 start= auto



Notes in Informix

#in squirrel you can disable the colon character of parameters inline request by unloading the plugin sqlparam

#enter in interactive mode only commands
#ctrl+d for closing the program
dbaccess - -

#command to connect a DB inside to dbaccess - -:
database your_db;


#import only the schemas of the database
dbschema -t all -d sicobf3 -nw -q -ns dboutput3.txt

#schema data model of sysmaster
#see http://www.informix.com.ua/articles/sysmast/sysmast.htm

#list databases
select * from sysmaster:sysdatabases;


#create database in informix with support of autocommit in jdbc
#see https://bugs.eclipse.org/bugs/show_bug.cgi?id=218190
#see https://www.ibm.com/support/knowledgecenter/en/SSGU8G_12.1.0/com.ibm.sqls.doc/ids_sqs_0368.htm
#see https://www.ibm.com/support/knowledgecenter/en/SSGU8G_12.1.0/com.ibm.sqls.doc/ids_sqs_0369.htm
create database sicobf3 with log;


#see http://stackoverflow.com/questions/36165976/invalid-default-value-for-column-variable-ed-fec-sol
#Below are to know how was set the variables from your client, especially the date format
SELECT      envses_name, envses_value
FROM        sysmaster:sysenvses
WHERE       envses_name IN (
                            'DBDATE', 
                            'GL_DATE', 
                            'CLIENT_LOCALE'
                            )
            AND envses_sid = DBINFO('sessionid')
ORDER BY    DECODE(envses_name,
                'DBDATE',           0,
                'GL_DATE',          1,
                'CLIENT_LOCALE',    2
            );
            
SELECT * FROM        sysmaster:sysenvses WHERE   envses_sid = DBINFO('sessionid');
SELECT  env_name, env_value FROM    sysmaster:sysenv WHERE   env_name = 'DBDATE';
SELECT  CURRENT::DATE FROM    sysmaster:sysdual;
SELECT  TODAY FROM    sysmaster:sysdual;

#set properties in the jdbc driver of informix, in this case GL_DATE since DBDATE is deprecated
#see https://groups.google.com/forum/#!msg/comp.databases.informix/iHH3LGuiP1o/AA5czvKNYSAJ
#see https://www.ibm.com/support/knowledgecenter/SSGU8G_12.1.0/com.ibm.jdbc_pg.doc/ids_jdbc_263.htm
#see https://www.ibm.com/support/knowledgecenter/en/SSGU8G_12.1.0/com.ibm.jdbc_pg.doc/ids_jdbc_266.htm
jdbc:informix-sqli://192.168.32.128:9088/sicobf3:informixserver=ol_informix1210;GL_DATE=%m/%d/%Y
#or with DBDATE=MDY4

#to know the current database used
select * from sysmaster:syssqlcurses

#to know the version of the DB
SELECT  DBINFO('version','full') FROM    sysmaster:sysdual;

#To know the schema of a table in informix:
dbschema -d DB_sicobf3 -t Table_t5641rstockestab

Docker

#see http://stackoverflow.com/questions/19585028/i-lose-my-data-when-the-container-exits
#see https://coderwall.com/p/2es5jw/docker-cheat-sheet-with-examples
#When you use docker run to start a container, it actually creates a new container 
#based on the image you have specified.
#you can restart an existing container after it exited and your changes are still there.
docker start f357e2faab77 # restart it in the background
docker attach f357e2faab77 # reattach the terminal & stdin

#Preparing a private registry
#see https://docs.jelastic.com/docker-private-registry
#see http://stackoverflow.com/questions/33392972/how-can-i-update-docker-opts-in-docker-machine-permanently
#For windows docker 1.13
#initiate session
docker-machine ssh default
vi /var/lib/boot2docker/profile
#and put this params
EXTRA_ARGS='
--label provider=virtualbox
--insecure-registry=10.0.0.1:5000
'
#restart docker-machine restart default

#for dockerD in windows
#in windows dockerd resides inside the virtual machine, you have to enter in session. Version 1 of docker-toolbox.
#if you want to tweak some configuration, you have to create the file: 
sudo touch /etc/docker/daemon.json
#locate the pid of the dockerd daemon process
ps -uxa|grep dockerd
#kill by reloading its new config
kill -SIGHUP pidOfDockerd
#more options in
#see https://github.com/docker/docker/blob/master/docs/reference/commandline/dockerd.md

Notes on Oracle DB XE

SELECT username, privilege FROM USER_SYS_PRIVS;
SELECT GRANTEE, PRIVILEGE FROM DBA_SYS_PRIVS;
select user from dual;
select sys_context( 'userenv', 'current_schema' ) from dual; 
select * from all_users;

-- drop user
drop user soademo_01 cascade;

-- Create user in XE
create user soademo_01 identified by "soademo_01"
  DEFAULT TABLESPACE users
  TEMPORARY TABLESPACE temp
  QUOTA UNLIMITED ON users;
grant dba, resource, connect to soademo_01;
ALTER USER soademo_01 DEFAULT ROLE "CONNECT",
                                  DBA,
                                  "RESOURCE";
								  
connect soademo_01/soademo_01; -- doesnt work in sql gui jdbc


-- northwind in oracle
-- http://blog.i-m-code.com/2013/03/28/northwind-for-oracle/
-- https://gist.github.com/segilbert/5095533

-- access to HR sample schema in XE
ALTER USER HR ACCOUNT UNLOCK;
ALTER USER HR IDENTIFIED BY HR; -- to pass the expired account
CONNECT HR/HR -- doesnt work in sql gui jdbc

#http://www.oracle.com/technetwork/database/enterprise-edition/jdbc-faq-090281.html#05_05
#How do I connect as SYSDBA or SYSOPER?
#Properties props = new Properties(); props.put("user", "scott"); props.put("password", "tiger"); props.put("internal_logon", "sysoper");

#see http://www.oracle.com/technetwork/products/globalization/nls-lang-099431.html
#see all the variables related to language in oracle client jdbc
SELECT * FROM V$NLS_PARAMETERS
SELECT * FROM NLS_SESSION_PARAMETERS;
SELECT USERENV ('language') FROM DUAL;

#modify params of session because to_date('08-DEC-48','DD-MON-RR') was giving me errors
ALTER SESSION SET NLS_DATE_LANGUAGE = 'American' -- <- here without semicolon!

#sqldeveloper change idiom of the gui
#http://stackoverflow.com/questions/7768313/how-can-i-change-the-language-to-english-in-oracle-sql-developer
#http://stackoverflow.com/questions/2333994/how-to-avoid-variable-substitution-in-oracle-sql-developer-with-trinidad-toba

#Shows the current schema
select sys_context( 'userenv', 'current_schema' ) from dual; 

#List all the tables accessibles for the user.
SELECT * FROM dba_tables where table_name like '%CATALOGO%';

#List all the synonyms accessible for the user.
select * from all_synonyms where table_name like 'T%'