Courses/CS 491ab/Winter 2008/Raza Abbas
From CSWiki
Name: Raza Abbas (User:Rabbas)
Email: s.raza.a@gmail.com
Project Interest: Database + Creative Web-based programming
Contents |
[edit] Week 1 - January 4, 2008
Attended the first week of classes. Created the wiki page for CS491a course. Also requested CSNS account to be created as I enrolled on January 4th itself. In class, gave a brief description to class of my project interest.
[edit] Week 2 - January 11, 2008
Not-related to course: Got a new heatsink+fan for my computer's processor as it was damaged. *Update* Is now Operational (Wednesday)
Related to course:
Working on JSSE (Java Secure Socket Extension). I have a clear idea of how to install it. Right now wondering about how to acquire some sort of server access, have requested for CS3 server access if possible. Another scenario would be to have server setup on my desktop.
Installation instruction quoted from O'Reilly website:
1. Download JSSE by going to Java(JSSE) and following the links at the bottom of the page. I suggest downloading both the software and documentation. Since JSSE is subject to export controls, you'll have to agree to these controls if you download JSSE from the U.S. or Canada.
2. After downloading JSSE, you should have a file named jsse-1_0_2-do.zip. Unzip this file to produce a folder named jsse1.0.2.
3. Within the jsse1.0.2 folder you'll find a lib directory and within the lib directory, you'll find the files jsse.jar, jcert.jar, and jnet.jar. Copy these files to the lib/ext subdirectory of your Java home directory. Use the program shown in Listing 1 to find your Java home directory. (It may not be where you think it is.) You should also copy these JAR files to the jre/lib/ext directory off of where the Java 2 SDK is installed.
4. Test your JSSE installation by running the JSSETest program shown:
import java.security.*;
public class JSSETest {
public static void main(String[] args) {
try {
Class.forName("com.sun.net.ssl.internal.ssl.Provider");
}catch(Exception e) {
System.out.println("JSSE is NOT installed correctly!");
System.exit(1);
}
System.out.println("JSSE is installed correctly!");
}
}
[edit] Week 3 - January 18, 2008
I presume that we do not access to the CS3 server (maintained by Prof. Sun), hence I used up this week to setup remote connection to Apache Tomcat installed on my computer. I managed to portforward port 80, so any of my later work can accessed online.
Right now working on SSH Client connection to my computer, so i can work on JSP/servlet applications remotely.
[Link], This is a link to my apache tomcat page, just a test page to test if a remote machine can access an html file on my computer
Unfortunately, I will not make it to class this week, but promising a presentation next week plus my server would be up an running.
[edit] Week 4 - January 25, 2008
Managed to access my server remotely.
Framework research on JUnit, the latest version is 4.4. The main homepage is found here [Junit.org].
The following link [Getting started] is most important, as it showcases the installation and introductory information of this framework.
"JUnit is a unit testing framework for the Java programming language. Created by Kent Beck and Erich Gamma" (JUnit Wikipedia Link).
By Unit Testing meaning, In computer programming, unit testing is a procedure used to validate that individual units of source code are working properly. A unit is the smallest testable part of an application, while in object-oriented programming, the smallest unit is a method; which may belong to a base/super class, abstract class or derived/child class. (Unit Test)
The following is Helloworld example:
public class HelloWorld extends TestCase
{
public void testMultiplication()
{
// Testing if 3*2=6:
assertEquals ("Multiplication", 6, 3*2);
}
}
This program can be executed by using the following command : java org.junit.runner.JUnitCore HelloWorld
[edit] Week 5 - February 1, 2008
(Another Link for Instructions)
HTTPS is the protocol for accessing a secure Web server where authentication and encrypted communication is possible. Using HTTPS in the URL instead of HTTP directs the message to a secure port number rather than the default Web port number of 80. The default TCP/IP port of HTTPS is 443. The session is then managed by a security protocol. HTTPS encrypts the session data using the SSL (Secure Socket Layer) protocol ensuring reasonable protection from eavesdroppers and man-in-the-middle attacks.
Instructions:
1) SSL Tomcat Connector: In server.xml file located in the "conf" folder inside tomcat folder, add the following code:
<Connector className="org.apache.coyote.tomcat5.CoyoteConnector" acceptCount="10" bufferSize="2048" clientAuth="false"
compression="off" connectionLinger="-1" connectionTimeout="60000" connectionUploadTimeout="300000" debug="0"
disableUploadTimeout="false" enableLookups="true" keepAlive="true"
keystoreFile="your_path_to/server.jks" keystorePass="your_keystore_password" maxKeepAliveRequests="100"
maxProcessors="20" minProcessors="5" port="8443" protocol="HTTP/1.1"
protocolHandlerClassName="org.apache.coyote.http11.Http11Protocol" proxyPort="0" redirectPort="-1"
scheme="https" secure="true" serverSocketTimeout="0" sslProtocol="TLS" tcpNoDelay="true"
tomcatAuthentication="true" xpoweredBy="false">
<Factory className="org.apache.coyote.tomcat5.CoyoteServerSocketFactory" clientAuth="false"
keystoreFile="your_path_to/server.jks" keystorePass="your_password" keystoreType="JKS"
protocol="TLS" randomFile="/root/random.pem" rootFile="/root/root.pem"/>
</Connector>
2) Create Certificate: Using the following command
keytool -genkey -keystore certs -keyalg rsa -alias jamie -storepass serverkspw -keypass serverpw
The keytool then prompted me for information to put into the certificate.
What is your first and last name? What is the name of your organizational unit? What is the name of your organization? What is the name of your City or Locality? What is the name of your State or Province? What is the two-letter country code for this unit? Is <CN=enpower, OU=Software Development, O=Toolery.com, L=Chula Vista, ST=CA, C=US> correct?
[edit] Week 6 - February 8, 2008
Continued "HTTPS connection":
3) Testing SSL Connection: Type in e.g:
https://localhost:8443
Your browser should ask you if you want to trust the certificate. You can install the certificate, but you should use the opportunity to install the CA certificate in the certificate authorities list of your browser. From your browser open the file ca.crt and install it. Restart your browser and try again your https url. Now that you have configured the browser to trust your CA, and because the server certificate is signed by your CA the browser shouldn't ask you to trust the certificate. And that's it, starting now all the data exchanged between your server and the browser are encrypted, congratulations.
4) Client certificate creation:
We can create our client private key and our CSR (Certificate Signing Request) in one command with openssl:
[your_prompt]$ openssl req -new -newkey rsa:1024 -nodes -out client/client.req -keyout client/client.key
Then sign the csr with your own CA (you will have to specify the pass-phrase of the CA):
[your_prompt]$ openssl x509 -CA public/ca.crt -CAkey private/ca.key -CAserial public/ca.srl -req -in client/client.req -out client/client.pem -days 100
5) Trust-store:
We need to create a trust-store for Tomcat. This trust-store will hold the public key of our own CA. We will have to generate a keystore containing a dummy keychain, delete it, to have a clean and empty JKS Java keystore. Do the following:
[your_prompt]$ keytool -genkey -alias dummy -keyalg RSA -keystore truststore.jks
Now delete the alias dummy, to have an empty trust-store:
[your_prompt]$ keytool -delete -alias dummy -keystore truststore.jks
That's it, we are ready to import our CA public key, do the import:
[your_prompt]$ keytool -import -v -trustcacerts -alias my_ca -file public/ca.crt -keystore truststore.jks
Check your fresh trust-store:
[your_prompt] keytool -v -list -keystore truststore.jks
CATALINA_OPTS="-Djavax.net.ssl.trustStore=your_path_to/truststore.jks -Djavax.net.ssl.trustStorePassword=your_password"
To force your server to request from the client a certificate for authentication, you need to change the value of the attribute "clientAuth" to True in your Tomcat server.xml Connector and Factory.
Once this is done, do not forget to restart your server. Ok, Tomcat is ready to authenticate client-certificate. It is time to import the pkcs12 client certificate in a browser.
