Notes on openssl and keytool

Generate an plain pem file including the private and public key
openssl genrsa -out rsa-2048bit-key-pair.pem 2048

Generate an jks file including the private, public key and selfsigned certificate
keytool -genkey -keyalg RSA –keysize 2048 -alias rsa-2048 -keystore keystore.jks

Generate an encrypted pem file with passphrase from scratch - It's equivalent to create the "root key"
openssl genrsa -aes128 -passout pass:myP4ss -out rsa-2048bit-key-pair-encrypted.pem 2048

Generate an encrypted pem file with passphrase from plain pem file
openssl rsa -in rsa-2048bit-key-pair.pem -aes128 -passout pass:myP4ss -out rsa-2048bit-key-pair-encrypted.pem

Remove the passphrase and the encryption:
openssl rsa -in rsa-2048bit-key-pair-encrypted.pem -out rsa-2048bit-key-pair-nonencrypted.pem

Extract the public key:
openssl rsa -in rsa-2048bit-key-pair.pem -pubout -out rsa-2048bit-public-key.pem

what's inside the public key file
openssl rsa -noout -text -inform PEM -in rsa-2048bit-public-key.pem -pubin

what's inside the private key file
openssl rsa -noout -text -in rsa-2048bit-key-pair.pem

Creating an empty keystore jks
keytool -genkey -keyalg RSA –keysize 2048 -alias alias-example -keystore keystore.jks
keytool -delete -alias alias-example -keystore keystore.jks

Creating an empty keystore jceks
keytool -genseckey -keyalg AES -keysize 256 -alias alias-example -storetype jceks -keystore keystore.jck
keytool -delete -alias alias-example -storetype jceks -keystore keystore.jck

Convert pem file into DER format
openssl pkcs8 -topk8 -nocrypt -in rsa-2048bit-key-pair.pem -inform PEM -out rsa-2048bit-key-pair.der -outform DER

Generate a Self-Signed Certificate from an Existing Private Key
openssl req -key rsa-2048bit-key-pair.pem -new -x509 -days 365 -out self-signed-certificate.crt

Generate the CSR
openssl req -new -sha256 -key rsa-2048bit-key-pair.pem -out certificate-signing-request.csr

Generate the PKCS 12 file using your private key and CA self signed certificate of it
openssl pkcs12 -export -in self-signed-certificate.crt -inkey rsa-2048bit-key-pair.pem -certfile self-signed-certificate.crt -out rsa-2048bit-key-pair.p12

Import pkcs12 into JKS
keytool -importkeystore -srckeystore rsa-2048bit-key-pair.p12 -srcstoretype pkcs12 -srcalias 1 -destalias rsa-2048 -destkeypass k3y -destkeystore keystore.jks -deststoretype JKS

List Keys in JKS
keytool -list -v -keystore keystore.jks

Rename Alias
keytool -changealias -alias domain -destalias newdomain -keystore keystore.jks

List pkcs12
keytool -v -list -storetype pkcs12 -keystore rsa-2048bit-key-pair.p12

List jceks
keytool -v -list -storetype jceks -keystore keystore.jck

Export public key from keystore to pem
keytool -exportcert -rfc -alias rsa-2048 -keystore keystore.jks -file rsa-2048-crt.pem
openssl x509 -in rsa-2048-crt.pem -pubkey -noout > rsa-2048-public-key.pem

Symmetric encription with AES 256
openssl enc -aes-256-cbc -k secret -P -md sha256

Generation of key, iv for symmetric encription with AES 128
openssl enc -aes-256-cbc -k secret -P -md sha1
Advertisements

Direct access on docker windows

Create an direct access in windows like this:
Destiny: C:\Windows\System32\cmd.exe /k “D:\mplescano\programs\DockerToolbox\mplescano.cmd”
Home:D:\mplescano\programs\DockerToolbox

The content of mplescano.cmd is:
´´set proxy=http://pxsis.sunat.peru:8080
set HTTP_PROXY=%proxy%
set HTTPS_PROXY=%proxy%
set PATH=%PATH%;D:\mplescano\programs\DockerToolbox
docker-machine.exe start mplescano
for /f %%j in (‘docker-machine.exe ip mplescano’) do set DOCKER_HOST=%%j
SET NO_PROXY=%DOCKER_HOST%,192.168.32.1,localhost
@FOR /f “tokens=*” %%i IN (‘docker-machine.exe env mplescano’) DO @%%i
“C:\Program Files (x86)\Git\bin\bash.exe” –login -i

´´

 

Spring AOP Transacional

  
    <!-- Para que funcione @annotation se tuvo que agregar una nueva version de aspectj 1.7.2 en el lib del ws-ear y sobrecargar el paquete en el weblogic-application.xml -->    
<!-- Para que funcione @annotation se tuvo que agregar una nueva version de aspectj 1.7.2 en el lib del ws-ear y sobrecargar el paquete en el weblogic-application.xml -->    
<!-- Se comentó tx:annotation-driven en favor de pointcut para tener un mayor control sobre que paquetes debe usar el maestros.transactionManager y         no colisionar con otros transactionManager --> 
<!-- <aop:config>
 <aop:pointcut id="maestro.transactional" expression="execution(* pe.gob.sunat.iqbf2.registro.maestros.service.impl.*.*(..)) &amp;&amp; @annotation(org.springframework.transaction.annotation.Transactional)"/> 
<aop:advisor pointcut-ref="maestro.transactional" advice-ref="maestro.txadvice"/> 
</aop:config>
 <bean name="maestro.txadvice" class="org.springframework.transaction.interceptor.TransactionInterceptor"> 
<property name="transactionManagerBeanName" value="transactionManager" /> 
<property name="transactionAttributeSource">
        <bean class="org.springframework.transaction.annotation.AnnotationTransactionAttributeSource"/>
        </property> </bean> -->
 <!-- ======================== -->
        <!-- Crea un transaction manager JTA de id transactionManager -->
    <!-- Esto para asegurar que la transaccion sea independiente del datasource, y la transaccion sea multi-datasource -->
    <!-- Los datasources tienen que ser obtenidos desde jndi -->
    <!-- <tx:jta-transaction-manager/> -->

@see http://forum.spring.io/forum/spring-projects/data/112418-custom-transactionannotationparser-without-aspectj

´
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"/>

<bean name="org.springframework.transaction.annotation.AnnotationTransactionAttributeSource#0"
class="org.springframework.transaction.annotation.AnnotationTransactionAttributeSource">
<constructor-arg index="0">
<bean class="com.example.MyTransactionAnnotationParser" />
</constructor-arg>
</bean> <bean name="org.springframework.transaction.interceptor.TransactionInterceptor#0"
class="org.springframework.transaction.interceptor.TransactionInterceptor">
<property name="transactionManagerBeanName" value="transactionManager" />
<property name="transactionAttributeSource" ref="org.springframework.transaction.annotation.AnnotationTransactionAttributeSource#0" />
</bean>

<bean id="org.springframework.transaction.config.internalTransactionAdvisor"
class="org.springframework.transaction.interceptor.BeanFactoryTransactionAttributeSourceAdvisor">
<property name="transactionAttributeSource" ref="org.springframework.transaction.annotation.AnnotationTransactionAttributeSource#0" />
<property name="adviceBeanName" value="org.springframework.transaction.interceptor.TransactionInterceptor#0"/>
</bean> ´

Apache James 3.0-RC1 Intallation and Configuration in Jdk 1.6

Download from
http://www.apache.org/dist/james/server/james-server-app-3.0.0-RC1-app.zip

Unzip to /oracle/james-server-app-3.0.0-RC1/

Then, you have to copy and rename configurations files from the template files in the conf/ folder
cp indexer-template.xml indexer.xml
cp quota-template.xml quota.xml
cp events-template.xml events.xml
cp managesieveserver-template.xml managesieveserver.xml

Look into the configuration of this repo. it could help:
https://github.com/apache/james-project/tree/master/dockerfiles/run/spring/destination/conf

Misc:
* This command can help you to find details of an compiled class
javap -verbose -classpath /oracle/james-server-app-3.0.0-RC1/lib/joda-time-2.9.4.jar org.joda.time.base.BaseDateTime

  • This command can help you to find a class file in a folder of jar files:
    grep BaseDateTime.class ../lib/.jar (only works in dir containing jar files)
    find ../lib/ -type f -name ‘
    .jar’ -print0 | xargs -0 -I ‘{}’ sh -c ‘jar tf {} | grep Hello.class && echo {}’

  • This command can help you to find the the xml file that contains that word.
    grep -R –include=”.xml” “admin” /oracle/james-server-app-3.0.0-RC1
    or this grep -r -R –include=”
    .xml” -F “8280” /opt/wso2/ei

You have to eliminate the package joda-time in the jar elasticsearch-2.2.1.jar inside the conf folder. Because is compiled in java 7 version.

You have to eliminate the jar files lucene-analyzers-common-5.4.1.jar and lucene-backward-codecs-5.4.1.jar from the conf folder.

You have to execute the james server like this:
sudo /oracle/james-server-app-3.0.0-RC1/bin/james start

You can follow the status of the james server:
sudo /oracle/james-server-app-3.0.0-RC1/bin/james status

You can see the log file of the james server:
cat /oracle/james-server-app-3.0.0-RC1/log/james-server.log

You can add domain like this:
sudo /oracle/james-server-app-3.0.0-RC1/bin/james-cli.sh -h localhost adddomain mydomain.com

See more information in https://james.apache.org/server/3/install.html

Notes on Ransomware WannaCry

#see
http://unaaldia.hispasec.com/2017/05/un-ransomware-ataca-multiples-companias.html
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
- Block the ports 137/UDP y 138/UDP 139/TCP y 445/TCP.

#Catalog of patches
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012215

#How to disable the smbv1
http://kb.bodhost.com/steps-to-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-servers/
Disables the SMBv1 on the SMB client by running the below commands:
sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled

Enables the SMBv1 on the SMB client by running the below commands:
sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi
sc.exe config mrxsmb10 start= auto