I just finished fighting several hours of trying to figure out why I could not access the cacerts in lib/security.

The documentation was clear, but my results kept failing. To view the current certificate authorities in a Java keystore you are supposed to be able to do:

keytool -list -v -keystore $JDK_HOME/jre/library/cacerts

However, I kept on being ask for a password and “changeit” was not being accepted as documented by Sun and other sources.

Even after doing “which keytool” a few times, I still did not notice that I was not running Sun’s key tool program because I was seeing a symbolic link in /usr/bin. Finally, I noticed the symbolic link from /usr/bin/keytools was to /etc/alternatives/keytool!

Once I figured that I was running the wrong version, I did an

ls -ld /etc/alternatives grep java

and removed all of the Java files plus keytool and rmiregistry.

I then removed the corresponding symbolic links in /usr/bin. Everything now works because I removed the false Java files from the earlier directories in my path.

I could have avoided the problem if I had just put the Java bin files first. In any case, I have chosen to leave them at the end of my path. I put the Java setup code for my CentOS system in /etc/profile.d/java.sh so that everyone would get the standard Java setup.

[root@anthos ~]# cat /etc/profile.d/java.sh PATH=$PATH:/usr/local/jdk/latest/jre/bin:/usr/local/jdk/latest/bin:/usr/local/netbeans/latest/bin export PATH export JDK_HOME=/usr/local/jdk/latest export JAVA_HOME=/usr/local/jdk/latest export CLASSPATH=$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/rt.jar

It is just amazing how much time you can waste on such stupid things! (originally posted 1/29/2009)

As part of my exploration into JAVA, I have had to learn how JAVA uses certificates. I wrote a script to help me create a signed, trusted certificate for a client program.

The keys generated are not secure:

1. We generated the keypass and storepass in public at the command line.
2. The same keys were used for keypass and storepass for both certificate authority and the trusted certificate.
3. The Certificate Authoritie’s key should be protected.

#!/bin/bash # # $1 self-signed – certificate # $2 password # $3 dn (e.g. cn=localhost) # # # Create a self-signed certificate authority and issue a trusted # certificate for a client # if (( $# != 3 )) ; then echo “*********** Wrong Number of Arguments ********” echo usage $0 “[certname]” “[passwd]” “\”[distinct name]\”" echo echo “$0 creates a self-signed, trusted certificate in” echo “$1.keystore the trusted, self-signed certificate” echo “$1_ca.keystore holds the private key” echo echo ” $2 is used for both key and store passwords” echo echo ” should be enclosed in quotes(\”) and” echo ” should follow usual practices. E.G. \”cn=localhost\”" exit 1 fi

# remove old certificate fles rm -rf ${1}_ca.keystore ${1}_ca.cert ${1}.keystore

####################### CERTIFICATE AUTH $1_ca.keystore # generate self-sign certificate

keytool -noprompt -alias ${1}_ca \ -genkey -validity 3650 \ -keyalg RSA -keysize 1024 \ -storepass $2 -keypass $2 \ -dname “$3″ \ -keystore ${1}_ca.keystore

#################### List CA Keystore $1_ca.keystore # get basic certificate information echo “***** CERTIFICATE AUTHORITY LIST ***************” keytool -list -v -storepass $2 -noprompt -keystore ${1}_ca.keystore

################### Client Keystore $1.keystore # Create a client keystore that trusts our certificate $1.keystore # # export so that we can later import it as trusted $1_ca.cert keytool -noprompt -export -rfc -alias ${1}_ca \ -storepass $2 -keypass $2 \ -keystore ${1}_ca.keystore \ -file ${1}_ca.cert

# create trusted certificate for use by a client program in $1 store keytool -import -noprompt -alias ${1}_ca \ -trustcacerts -file ${1}_ca.cert \ -keystore ${1}.keystore \ -keypass $2 -storepass $2

####################### List Client Keystore $1.keystore # get basic certificate information echo “************* TRUSTED CERTIFICATE **********” keytool -list -v -storepass $2 -noprompt -keystore ${1}.keystore echo “Passwords were provided as command arguments and may have been” echo “viewed by others.”

Here are some books that may be useful for you in developing a secure computing environment.

(originally posted 4/17/09)

I had built a rather complex, multi-layered design in Photoshop. I wanted to pull each layer out and save it as a separate image. The result was the following script (JavaScriptExtended) run on Vista with CS4:

// With the layer selected on Photoshop, run the script to extract the layer
// and all of the descendant layers into separate png files.  All ArtLayers
// in the tree to be extracted should initially be invisible.  Other layers
// not inthe tree may be on or off depending on if you want them to be added
// with the layers to be extracted.
//

// The destination directory is determined by the user:
var destinationFolder = Folder.selectDialog("Select folder for layer files");

// keep track of the number of pictures created to report to the console
var count = 0;

// Recursively, go down the layers starting at the activeLayer.
// Store the layers at the location (destinationFolder) selected by the
// user and append the LayerSet names and the final layer to create a
// jpeg file.
//    e.g.   if /user/someuser/pictures/ is the destination directory,
//           and we have animals stored hierarchically, we might end up
//           with:
//           /user/someuser/pictures/animals_mamamals_canine.png
//
saveLayerRecurse(app.activeDocument.activeLayer,
                        destinationFolder.fullName +'/');

// use JavaScript Console to inform user of the number of files created
$.writeln('number of files created: ' + count);

// end of script

// support routines
function saveLayerRecurse(layer, pathName)
{
     if ( ! (layer instanceof LayerSet))
     {
       layer.visible = true;
       pngFile = new File( pathName+layer.name+".png");
       pngSaveOptions = new PNGSaveOptions();
       pngSaveOptions.interlaced=false;
       app.activeDocument.saveAs(pngFile, pngSaveOptions,
            true,Extension.LOWERCASE);
       pngFile.close();
       pngFile = null;
       pngSaveOptions = null;

       count++;
       if (count % 20 == 0)
       {   // might run out of file handles if garbage is not
           // collected
           $.gc();
        }
        layer.visible = false;
        return;
    }

    pathName = pathName + layer.name + '_';

    var layers = layer.layers;
    for (var i = 0; i < layers.length; ++
    {
        saveLayerRecurse(layers[i],pathName);
    }
}

I hope this helps someone.

(originally posted 12/13/2009)

I spend lots of time on the web.  However, I frequently make mistakes.  Here is a collection of my mistakes and successes.  I am going to try to copy material which had been stored on Blogger here.  We will see how that goes.  So, if you had been using my Blogger blog, you should look here now.