Here is an excellent demonstration of Regular Expression usage in Javascript.
http://lawrence.ecorp.net/inet/samples/regexp-format.php
Thursday, July 29, 2010
Thursday, July 8, 2010
How to Create Client/Server Keystores using Java Keytool
Here I have described how to create client/server keystores which can be used to secure Axsi2 webservices and invoke Axis2 secured webservices. i.e. It can be easily used with any WSO2 Product to experience security scenarios.More detailed explanation on creating client/server keystores using openssl including Certificate Authority(CA) Requests, can be found at http://wso2.org/library/174.
Java keytool stores the keys and certificates in a keystore, protected by a keystore password. Further, it protects private key again with another password. A Java keystore contains private-public key pair and multiple trusted certificate entries. All entries in a keystore are referred by aliases. Both private key and self signed public key is referred by one alias while any other trusted certificates are referred by different individual aliases.
As the first step, let's create a keystore for server. In order to do it, execute following command in a terminal. "server" in the following command corresponds to the private key/self signed public key certificate alias in the keystore while "server.jks" is the name of the creating keystore file.
something like below for client.jks
You can also find a summary of Java keytool commands at http://ruchirawageesha.blogspot.com/2010/07/java-keytool-keystore-commands.html
Java keytool stores the keys and certificates in a keystore, protected by a keystore password. Further, it protects private key again with another password. A Java keystore contains private-public key pair and multiple trusted certificate entries. All entries in a keystore are referred by aliases. Both private key and self signed public key is referred by one alias while any other trusted certificates are referred by different individual aliases.
As the first step, let's create a keystore for server. In order to do it, execute following command in a terminal. "server" in the following command corresponds to the private key/self signed public key certificate alias in the keystore while "server.jks" is the name of the creating keystore file.
keytool -genkey -alias server -keyalg RSA -keystore server.jkswhen you execute the above command it will first prompt you to specify a password which is corresponded to the keystore password. Then it will prompt several questions. You can give answers that you wish. At the end it will ask for a password again, which will be used to secure the generated private key.
Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: Ruchira Wageesha What is the name of your organizational unit? [Unknown]: Mashup Server What is the name of your organization? [Unknown]: WSO2 What is the name of your City or Locality? [Unknown]: Ahangama What is the name of your State or Province? [Unknown]: Southern What is the two-letter country code for this unit? [Unknown]: LK Is CN=Ruchira Wageesha, OU=Mashup Server, O=WSO2, L=Ahangama, ST=Southern, C=LK correct? [no]: yes Enter key password forOnce you successfully completed this, java keytool will create a file named "server.jks". In the same way, you can create a client keystore named "client.jks" with the alias "client" using following command.(RETURN if same as keystore password):
keytool -genkey -alias client -keyalg RSA -keystore client.jksNow, you have two files named client.jks and server.jks. You can view the content of these keystore files using the following command. Replacess "ruchira" with the keystore password you entered while creating the keystore.
keytool -list -v -keystore server.jks -storepass ruchiraThis will list something like this.
Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry Alias name: server Creation date: Jul 8, 2010 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=Ruchira Wageesha, OU=Mashup Server, O=WSO2, L=Ahangama, ST=Southern, C=LK Issuer: CN=Ruchira Wageesha, OU=Mashup Server, O=WSO2, L=Ahangama, ST=Southern, C=LK Serial number: 4c356225 Valid from: Thu Jul 08 10:59:09 IST 2010 until: Wed Oct 06 10:59:09 IST 2010 Certificate fingerprints: MD5: 60:0B:48:0D:DB:56:8C:68:8C:2D:94:4A:D6:DA:04:B8 SHA1: A7:CE:57:10:70:87:C1:2C:C0:9D:1D:90:8C:BB:69:B6:66:26:97:13 Signature algorithm name: SHA1withRSA Version: 3 ******************************************* *******************************************The next step is, getting server's self signed public key certificate and storing it in client's keystore. And getting and storing client's self signed public key certificate in server's keystore. In order to do that, first we need to export both server and client public key certificates into files. Using the following command, you can export server's public key certificate into server.cert file and client's public key certificate into client.cert file.
keytool -export -file server.cert -keystore server.jks -storepass ruchira -alias server keytool -export -file client.cert -keystore client.jks -storepass ruchira -alias clientNow you have server.cert and client.cert. You can use following commands to view certificate contents.
keytool -printcert -v -file server.cert keytool -printcert -v -file client.certAs the last step, we need to import server.cert into client keystore and client.cert into server keystore. As I mentioned earlier, each entry of a Java Keystore is stored against an alias. So, we need to specify aliases here, which will be used to refer the certificates that we are going to store.
keytool -import -file client.cert -keystore server.jks -storepass ruchira -alias clientAbove command will store client's self signed public key certificate(client.cert) in server.jks against the alias "client". So, using "client" alias on server.jks, we can refer client's certificate anytime. Likewise, following command will store server.cert within client.jks against the alias "server".
keytool -import -file server.cert -keystore client.jks -storepass ruchira -alias serverAfter all, please view the content of both keystore again using following commands.
keytool -list -v -keystore server.jks -storepass ruchira keytool -list -v -keystore client.jks -storepass ruchiraIt will give you something like bellow for server.jks
Keystore type: JKS Keystore provider: SUN Your keystore contains 2 entries Alias name: server Creation date: Jul 8, 2010 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=Ruchira Wageesha, OU=Mashup Server, O=WSO2, L=Ahangama, ST=Southern, C=LK Issuer: CN=Ruchira Wageesha, OU=Mashup Server, O=WSO2, L=Ahangama, ST=Southern, C=LK Serial number: 4c3562a0 Valid from: Thu Jul 08 11:01:12 IST 2010 until: Wed Oct 06 11:01:12 IST 2010 Certificate fingerprints: MD5: AB:77:72:F1:0D:09:55:E3:B6:D3:DC:A6:4D:D4:39:36 SHA1: D7:C1:60:5C:7E:34:40:A9:0B:E4:2C:65:6C:E0:79:7C:EE:37:A7:19 Signature algorithm name: SHA1withRSA Version: 3 ******************************************* ******************************************* Alias name: client Creation date: Jul 8, 2010 Entry type: trustedCertEntry Owner: CN=Ruchira Wageesha, OU=Mashup Server, O=WSO2, L=Ahangama, ST=Southern, C=LK Issuer: CN=Ruchira Wageesha, OU=Mashup Server, O=WSO2, L=Ahangama, ST=Southern, C=LK Serial number: 4c356225 Valid from: Thu Jul 08 10:59:09 IST 2010 until: Wed Oct 06 10:59:09 IST 2010 Certificate fingerprints: MD5: 60:0B:48:0D:DB:56:8C:68:8C:2D:94:4A:D6:DA:04:B8 SHA1: A7:CE:57:10:70:87:C1:2C:C0:9D:1D:90:8C:BB:69:B6:66:26:97:13 Signature algorithm name: SHA1withRSA Version: 3 ******************************************* *******************************************
something like below for client.jks
Keystore type: JKS Keystore provider: SUN Your keystore contains 2 entries Alias name: server Creation date: Jul 8, 2010 Entry type: trustedCertEntry Owner: CN=Ruchira Wageesha, OU=Mashup Server, O=WSO2, L=Ahangama, ST=Southern, C=LK Issuer: CN=Ruchira Wageesha, OU=Mashup Server, O=WSO2, L=Ahangama, ST=Southern, C=LK Serial number: 4c3562a0 Valid from: Thu Jul 08 11:01:12 IST 2010 until: Wed Oct 06 11:01:12 IST 2010 Certificate fingerprints: MD5: AB:77:72:F1:0D:09:55:E3:B6:D3:DC:A6:4D:D4:39:36 SHA1: D7:C1:60:5C:7E:34:40:A9:0B:E4:2C:65:6C:E0:79:7C:EE:37:A7:19 Signature algorithm name: SHA1withRSA Version: 3 ******************************************* ******************************************* Alias name: client Creation date: Jul 8, 2010 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=Ruchira Wageesha, OU=Mashup Server, O=WSO2, L=Ahangama, ST=Southern, C=LK Issuer: CN=Ruchira Wageesha, OU=Mashup Server, O=WSO2, L=Ahangama, ST=Southern, C=LK Serial number: 4c356225 Valid from: Thu Jul 08 10:59:09 IST 2010 until: Wed Oct 06 10:59:09 IST 2010 Certificate fingerprints: MD5: 60:0B:48:0D:DB:56:8C:68:8C:2D:94:4A:D6:DA:04:B8 SHA1: A7:CE:57:10:70:87:C1:2C:C0:9D:1D:90:8C:BB:69:B6:66:26:97:13 Signature algorithm name: SHA1withRSA Version: 3 ******************************************* *******************************************If everything went well, you might have successfully created server.jks and client.jks which can be used to secure Axis2 Services and access those secured services.
You can also find a summary of Java keytool commands at http://ruchirawageesha.blogspot.com/2010/07/java-keytool-keystore-commands.html
Wednesday, July 7, 2010
Java Keytool Keystore Commands
Create Keystore, Keys and Certificate Requests
- Generate a Java keystore and key pair
keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -storepass password
- Generate a certificate signing request (CSR) for an existing Java keystore
keytool -certreq -alias mydomain -keystore keystore.jks -storepass password -file mydomain.csr
- Generate a keystore and self-signed certificate
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360
- Import a root or intermediate CA certificate to an existing Java keystore
keytool -import -trustcacerts -alias root -file Thawte.crt -keystore keystore.jks -storepass password
- Import a signed primary certificate to an existing Java keystore
keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore keystore.jks -storepass password
- Import New CA into Trusted Certs
keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts
- Export a certificate from a keystore
keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks -storepass password
- Check a stand-alone certificate
keytool -printcert -v -file mydomain.crt
- Check which certificates are in a Java keystore
keytool -list -v -keystore keystore.jks -storepass password
- Check a particular keystore entry using an alias
keytool -list -v -keystore keystore.jks -storepass password -alias mydomain
- List Trusted CA Certs
keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts
- Delete a certificate from a Java Keytool keystore
keytool -delete -alias mydomain -keystore keystore.jks -storepass password
- Change a Java keystore password
keytool -storepasswd -new new_storepass -keystore keystore.jks -storepass password
- Change a private key password
keytool -keypasswd -alias client -keypass old_password -new new_password -keystore client.jks -storepass password
Subscribe to:
Posts (Atom)