Help to quick start NSS - java

I am starting into NSS and I managed to build it. The outcome was placed in a folder named dist and has several subfolders that contain several exe's dlls etc.
dist
/WINNT6.0_DBG.OBJ
/bin
/include
/lib
I am trying to try it but I am not sure what is the nssLibraryDirectory and nssSecmodDirectory .
For the nssLibraryDirectory should I copy everything in the dist in a single file and refer to it from nssLibraryDirectory? What about nssSecmodDirectory? I'm not sure how I am suppose to configure to start using sun's pkcs11.
For example this trivial:
String configName = "nss.cfg";
Provider p = new sun.security.pkcs11.SunPKCS11(configName );
Where nss.cfg is:
name = NSS
nssLibraryDirectory = E:\NSS\nss-3.12.4-with-nspr-4.8\mozilla\dist\WINNT6.0_DBG.OBJ\lib
nssDbMode = noDb
Gives exception
Caused by: java.io.IOException: The
specified module could not be found.
at
sun.security.pkcs11.Secmod.nssLoadLibrary(Native
Method)


nssLibraryDirectory should only contain the lib subdirectory.
Its also has to appear in PATH - either by modifying environment variable or specifying it in JVM parameters.


Some note from my hard trying.... I think it would help anyone who want to use NSS.
I tend to construct a String in Java code to know in which line the error occurs. I must say it's better because Eclipse can eliminate all String construction errors. Then you pay attention to values to fill in.
I use these code:
String config = "xxxxxxx" +
"xxxxxxx" +
"xxxxxxx" +
"\n";
provider = new SunPKCS11(new ByteArrayInputStream(config.getBytes()));
Security.insertProviderAt(provider, 1);
All flags for Provider config:
(from http://j7a.ru/_config_8java_source.html,
seems like openjdk 8 sun.security.pkcs11.Config.java.)
name=xxxxxx //some text, " must be escaped with \
library=/location/of/your/.so/or/.dll/file //not compatible with NSS mode, must be quoted if contains space, and if quoted, " must be escaped
description=
slot= //not compatible with NSS mode
slotListIndex= //not compatible with NSS mode
enableMechanisms=
disableMechanisms=
attributes=
handleStartupErrors=
insertionCheckInterval=
showInfo=true/false
keyStoreCompatibilityMode=
explicitCancel=
omitInitialize=
allowSingleThreadedModules=
functionList=
nssUseSecmod=true/false //not campatible with 'library'
nssLibraryDirectory= //not campatible with 'library'
nssSecmodDirectory= //not campatible with 'library'
nssModule=some text //not campatible with 'library'
nssDbMode=readWrite, readOnly, noDb //not campatible with 'library'
nssNetscapeDbWorkaround=true/false //not campatible with 'library'
nssArgs="name1='value1' name2='value2' name3='value3' ... " //not compatible with NSS mode
nssUseSecmodTrust=true/false
Examples of nssArgs=: (separated by space)
"nssArgs=\"configdir='" + NSS_JSS_Utils.getFireFoxProfilePath() + "' "
+ "certPrefix='' "
+ "keyPrefix='' "
+ "secmod='secmod.db' "
+ "flags='readOnly'\""
Some example of escaping in Java code:
String config = "name=\"NSS Module\"\n" +
"......" +
"\n";
If with space, must be quoted with " ". ' ' is not able to be used. Every " must be escaped with \.
Now, some real examples.
To use Firefox security modules via NSS:
String config = "name=\"NSS Module\"\n"
+ "attributes=compatibility\n"
+ "showInfo=true\n"
+ "allowSingleThreadedModules=true\n"
+ "nssLibraryDirectory=" + NSS_JSS_Utils.NSS_LIB_DIR + "\n"
+ "nssUseSecmod=true\n"
+ "nssSecmodDirectory=" + NSS_JSS_Utils.getFireFoxProfilePath();
To use libsoftokn3.so (I don't know what it's used for, but I see someone have used it like this with nssArgs):
String config = "library=" + NSS_JSS_Utils.NSS_LIB_DIR + "/libsoftokn3.so" + "\n"
+ "name=\"Soft Token\"\n";
+ "slot=2\n"
+ "attributes=compatibility\n"
+ "allowSingleThreadedModules=true\n"
+ "showInfo=true\n"
+ "nssArgs=\"configdir='" + NSS_JSS_Utils.getFireFoxProfilePath() + "' "
+ "certPrefix='' "
+ "keyPrefix='' "
+ "secmod='secmod.db' "
+ "flags='readOnly'\""
+ "\n";
NSS_JSS_Utils.NSS_LIB_DIR returns the directory where all the NSS library libs are. Sometimes they are installed by default(e.g., in my RedHat 7.2), but sometimes you must install them manually.
NSS_JSS_Utils.getFireFoxProfilePath() returns where your FireFox profile are located. If you use modutil shipped with NSS/NSPR, you can see your installed security modules are stored in the secmod.db in this folder. If you cannot find them, you may have taken the wrong file.
More info about how to fill these values:
NSS PKCS#11 Spec

Related

Use of OMI_IGNORE_NOTFOUND flag in OpenMetadata interface

In SAS Open Metadata reference (page 126), it says:
The UpdateMetadata method enables you to update the properties of existing metadata objects. It returns an error if the metadata object to be updated does not exist, unless the OMI_IGNORE_NOTFOUND (134217728) flag is set.
Here is my problem, if I specify the flag or I don't specify the flag, I still get the same error: ("SASLibrary : A5X8AHW1.B40000SQ cannot be found in the wlibrary container in the Foundation repository.")
Here is a snippet that reproduces the error:
import com.sas.meta.SASOMI.IOMI;
import com.sas.metadata.MetadataUtil;
import org.omg.CORBA.StringHolder;
IOMI iOMI = ... // an instance of IOMI connection
StringHolder outputMeta = new StringHolder();
String request = ""
+ "<UpdateMetadata>"
+ " <Metadata>"
+ " <SASLibrary Id=\"A5X8AHW1.B40000SQ\"/>"
+ " </Metadata>"
+ " <NS>SAS</NS>"
+ " <Flags>" + (MetadataUtil.OMI_IGNORE_NOTFOUND | MetadataUtil.OMI_TRUSTED_CLIENT | MetadataUtil.OMI_RETURN_LIST) + "</Flags>"
+ " <Options/>"
+ "</UpdateMetadata>"
;
iOMI.DoRequest(request, outputMeta);
Any ideas what is going wrong?

Contrary to what that document states, I have only seen OMI_IGNORE_NOTFOUND flag work with the DeleteMetadata method.
The javadoc also seems to support this by stating
OMI_IGNORE_NOTFOUND (134217728) This flag is for DeleteMetadata to tell it to ignore objects not found so that it will not return on error.
com.sas.metadata.remote.MdOMIUtil Interface Field Summery

Search for issues in current sprint in JIRA

I am trying to pull all issues (resolved or not) from the current sprint and display that information. I am using a JIRA REST Java client to achieve this. I am quite new to JIRA and the JRJC so would like all the help I can get really.
This is the code I have written so far:
SearchResult allIssuesInSprint = restClient.getSearchClient().searchJql("sprint = \"" + 29 + "\" order by rank").claim();
Iterable<Issue> allIssues = allIssuesInSprint.getIssues();
for (Issue issue : allIssues) {
System.out.println("Key: " + issue.getKey());
System.out.println("Type: " + issue.getIssueType());
System.out.println("Status: " + issue.getStatus());
System.out.println("Priority: " + issue.getPriority());
}
Again, I am new to JIRA's JAR files, so I'm not certain on how to use them. Any help would be appreciated.

P4 edit can cause whitespace without edit?

I have a tool what uses Perforce. When it merge a branch back to the parent, mark the project branch with checkout a text file, and submit it unchanged. This tool also use that text file, for read the actual build number. My problem is, a "/n" appeared in the text, and because it have to contain just numbers, it's a big problem.
Have anyone met this problem, or this can't caused by P4C?
Maybe important, I don't use P4JAVA here.
Please note that I'm debugging right now, and I'm not sure the problem is here, but at the moment this seems the most probable.
//<path> is a legit path, I just shortened the code here
commandSync = "p4 -d " + getPerforceRoot() + " sync " + selectedDataBean.getP4Path() + "<path>/BuildNum.txt";
CommandResultBean syncCommandResult = commandExecuter.runAndGetResults(commandSync);
//command executer that runs the command string in cmd
commandMark = "p4 -d " + getPerforceRoot() + " edit -c " + changelistNumber + " " + selectedDataBean.getP4Path() + "<path>/BuildNum.txt";
CommandResultBean markCommandResult = commandExecuter.runAndGetResults(commandMark);
commandSubmit = "p4 -d " + getPerforceRoot() + " submit -f submitunchanged -c " + changelistNumber;
CommandResultBean submitCommandResult = commandExecuter.runAndGetResults(commandSubmit);

String concatenation in java is not working on one system

I believe that most of you would be thinking that this is the same question you have heard multiple times (and answered ) about string concatenation in Java. But trust me, it is different. In fact, so different that I am even hesitant in posting it here. But anyways, here it is. I have some piece of code which goes like:
public void handleSuccess(String result)
{
result = result.trim();
MessageBox.alert("Information","Result after trimming: '" + result + "'");
result = result.substring(result.indexOf('\n') + 1);
MessageBox.alert("Information","Result after substring: '" + result + "'");
String returns = getReturns();
MessageBox.alert("Information","Returns: '" + returns + "'");
String action = getAction();
MessageBox.alert("Information","Action: '" + action + "'");
String finalResult = result + returns + action;
MessageBox.alert("Information","Final result: '" + finalResult + "'");
}
Now the situation here is that, all of these : getReturns(), result and getAction() return non blank values, and in fact the string finalResult contains the concatenated value after the last line is executed.
So, at Line 1, "result" contains "12/03/2013|04-AERTY|". The value of result remains same at end of line 1,2. getReturns() returns value 12.4724. So at end of line 3, finalResult contains "12/03/2013|04-AERTY|12.4724". getAction() returns "expt". So, at end of line 5, finalResult contains "12/03/2013|04-AERTY|12.4724|expt"
This is , when I debug or run the application in eclipse. As soon as build the same application on a UNIX system to generate a "war" file, and deploy the war on a tomcat server, the problem rears it's ugly head. When I run the application on the deployed war, the last line does not contain the concatenated value. So at the end of line 5, finalResult contains just "12/03/2013|04-AERTY|12.4724". I expected it to contain "12/03/2013|04-AERTY|12.4724|expt" as it does while running in eclipse.
I have tried stringbuffer, stringbuilder and the "+" operator as well, but nothing seems to work. I am not even getting an exception.
Can somebody help me in fixing this or at least enlightening me in what I might be doing wrong here?
Just to stress again, the code on eclipse(which is on a windows machine) and UNIX machine are exactly same. I have done a diff on them.
Here is what I get after putting the message-boxes:
Message-box 1: "Result after trimming: '12/03/2013|04-AERTY|'"
Message-box 2: "Result after substring: '12/03/2013|04-AERTY|'"
Message-box 3:"Returns: '12.4724'"
Message-box 4:"Action: '|expt'"
Message-box 5:"Final result: '12/03/2013|04-AERTY|12.4724|expt'"
Message-box 5 output is the one I receive when I execute code using eclipse
When running on deployed war, Message-box 1-4 have the same output as above, but Message-box 5 says: "Final result: '12/03/2013|04-AERTY|12.4724"

It's not clear where the extra "|" is meant to come from - if getAction() just returns expt, the result would be 12/03/2013|04-AERTY|12.4724|expt.
Anyway, I think it's safe to say that string concatenation will be working fine, and something else is wrong. You should add more diagnostics, logging everything:
public void handleSuccess(String result) {
result = result.trim();
log.info("Result after trimming: '" + result + "'");
result = result.substring(result.indexOf('\n') + 1);
log.info("Result after substring: '" + result + "'");
String returns = getReturns();
log.info("Returns: '" + returns + "'");
String action = getAction();
log.info("Action: '" + action + "'");
// It's not clear what this is meant to do. I suggest you remove it and
// use logging instead.
MessageBox.alert("Information", "The selected action is " + action, null);
String finalResult = result + returns + action;
log.info("Final result: '" + finalResult + "'");
I suspect you'll find that action is an empty string in the broken case.
Note that I've added quotes round each of the logged values, very deliberately. That means that if there's some unprintable character at the end of a string which causes problems, you should be able to detect that in the logging.
EDIT: As per the comment thread, when these were turned into message boxes (as it turns out this is running in GWT) it looks like there's something wrong with the early strings, as the closing ' isn't seen in diagnostics, in the broken case. The OP is going to investigate further.

What to use instead of sun.net.www.protocol.http.HttpURLConnection.userAgent?

I receive this warning
[javac] SSLTunnelSocketFactory.java:120: warning:
sun.net.www.protocol.http.HttpURLConnection is Sun proprietary API and
may be removed in a future release
[javac] + sun.net.www.protocol.http.HttpURLConnection.userAgent
for
if(NetworkUtils.isIPV6Compatible()&& NetworkUtils.isValidIPV6Address(host)){
msg = "CONNECT [" + host + "]:" + port + " HTTP/1.0\n"
+ "User-Agent: "
+ sun.net.www.protocol.http.HttpURLConnection.userAgent
+ "\r\n\r\n";
}
Do you have an idea what can I use instead (preferably not a an external jar but from the installed JVM)?

By default that variable is defined as follows:
String javaVersion = "Java/" + System.getProperty("java.version");
String userAgent = System.getProperty("http.agent") == null ? javaVersion : System.getProperty("http.agent") + " " + javaVersion;
So you can replace that variable with this one or with the name of your application or with any other string you like (since the resulting string is not the User-Agent of a common browser I assume that no JavaScript or any other code will check for it).

Categories