Web service SSL fight

Web services can designed in secure way. There is an option to connect via encrypted connection and even provide authorization. Trouble starts when there is something wrong with your certificate. Especially before being production ready nobody cares them to be verifiable. I had install it on MS Windows. That's why snippets sometimes use Linux, sometimes Windows syntax.

First strike: Self-signed certificate

When certificate if self signed it definetely not reliable. Bu it is very common in testing code. I had to get it somehow to make it trusted.

openssl s_client -connect 172.16.3.1:8243 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/certname.cert

Certificate must be added to keystore:

C:\jdk1.7.0\bin>keytool -import -trustcacerts -keystore cccc -storepass secretpassword -noprompt -file c:\tmp\certificate.certCertificate was added to keystore

To inform the java to set certificates during runtime:

System.setProperty("javax.net.ssl.trustStore","C:\\jdk1.7.0\\bin\\cccc"); System.setProperty("javax.net.ssl.trustStorePassword", "secretpassword");

Second strike: Missing class?

Really I don't understand this error but I had to deal with this. Somebody found out that this class can be implemented with little help of  jsslUtuils which is fortunately LGPL.

PKIXSSLContextFactory sslContextFactory = new PKIXSSLContextFactory();
sslContextFactory.setTrustManagerWrapper(new X509TrustManagerWrapper() {
@Override
public X509TrustManager wrapTrustManager(final X509TrustManager origManager) {
return new X509TrustManager() {
@Override
public X509Certificate[] getAcceptedIssuers() {
return origManager.getAcceptedIssuers();
}
@Override
public void checkServerTrusted(X509Certificate[] chain,
String authType)
throws CertificateException {
try {
origManager.checkServerTrusted(chain, authType);
} catch (CertificateExpiredException e) {
// TODO log or do something else to rethrow
// the exception if chain[0] isn't the certificate
// for which you want to make this special case.
}
}
@Override
public void checkClientTrusted(X509Certificate[] chain,
String authType)
throws CertificateException {
origManager.checkClientTrusted(chain, authType);
}
};
}
});
SSLContext sslContext = sslContextFactory.buildSSLContext();
SSLContext.setDefault(sslContext);

Final encounter: Wrong address

We need to disable another check to make it happen:

TLSClientParameters tlsParams = new TLSClientParameters();
tlsParams.setDisableCNCheck(true);
Client client2 = ClientProxy.getClient(service);
HTTPConduit http = (HTTPConduit) client2.getConduit();
http.setTlsClientParameters(tlsParams); 

Yeah! We finally can consume the service.

Epilogue

If service serve unexpected elements You can disable validation:

Services sh= new Services(new URL("http://172.16.5.3:8080/axis2/services/Services?wsdl"));
ServicesPortType port = sh.getServicesHttpSoap11Endpoint();java.util.Map<String, Object> requestContext =                   ((javax.xml.ws.BindingProvider)
port).getRequestContext();
requestContext.put("set-jaxb-validation-event-handler",  "false");

End of transmission

Temporay Solution for WiFi problems with Realtek Card under Ubuntu

From time to time my network manager goes wild and is not able to connect to any WiFi network  I don't have to tell anyone how annoying is that when happens in the middle of work. Solution is so simple that I don't know why I didn't try it out earlier:

# lspci|grep RTL
07:00.0 Network controller: Realtek Semiconductor Co., Ltd. RTL8191SEvA Wireless LAN Controller (rev 10)
# rmmod rtlwifi
ERROR: Module rtlwifi is in use by rtl8192se
# rmmod rtl8192se
# rmmod rtlwifi
# modprobe rtlwifi
# modprobe rtl8192se

Simple reloading module makes wireless works normal again

KISS in scope of Web Services

see KISS principle  first

Mentally I'm Perl programmer. I write mainly C++ and Java but language I've grown up with left imprint on my personality. Also I participated in many R&D projects that also affected my attitude to many things. IT project like that lack of  definite requirements and first weeks of development is like walking in mountains through fog. Always it starts similar, manager chooses plenty of modern insanely general technologies because he is afraid that limitations of specialized technology or framework will make his project delayed or fail

Of course anyone can tell that if I'have been fluent with this tech I would have had less problems with technologies but when doing research project programmer has to be real commando that changes scopes of work from hardware level to high abstraction data services without months of learning and often must manage alone because rest of his team is doing something different

SOAP WSDL

When I write really SOAP WSDL I mean schema that really uses this standard. So few Ports with some operations that contain complex data types as arguments. This was real hell. SOAP is too standardized and strict. Code didn't want to generate without any sensible error, but finally I realized that problem was underscore in argument's name. SOAP coding is so complicated that I'm not able to manually create request or analyze response

Now when I need to do web service I prefer string arguments and JSON in it. In first look neglecting power of SOAP sounds terrible but in real world you never know what actually you will serve in the end. Data model changes even though  it looked perfectly fit at start.

Third party service

Many research projects are making incompatible systems cooperating. They were made with many "awesome" technologies and now need to set up thousand of options to operate. We can't do anything with that but I alway ask for additional time for unexpected while planning

Magic wizards

This things make us really lazy. Programmers are lazy by their nature but it also has traps in it. IDE web service helping may be not perfect. WAR generated in eclipse will not guarantee working deployment even though you can compile it. Sometimes I've screwed deployment clean tomcat working dir and everything works fine after next upload.  I wasn't able to reach service because I didn't remember which url in WSDL is service name.

Conclusion

The conclusion is. Keep your project technologically simple as possible and not more. And don't afraid to use something not fully supporting any possible needs just because unexpected may come.

X11Vnc on debian at boot time

 It wasn't very easy to setup vnc on Debian because X authing has changed a little during last times.  Fortunately i found magic guess option. The simplest way to achieve this at boot time is to add folowing lines to rc.local (or any relevant startup script). I hope this will help any straing Linux users. By default there is no passwd because computer is inside secured VPN but in the internet you will find how to easily tunnel it through ssh. This made my work a lot easier

There is no problem to start a server within a tomcat

When reading Web Service Tutorial it is explained  more or less like this:

You may think that every WAR you have deployed runs in separate sandboxed environment but it is not. Everything stays within one runtime and webservices do not need to die soon after being called. The only important thing is to not bloc tomcat shutdown by making out thread daemon thread which will not prevent jvm stop:


This sample of code allows to stars thread doing nothing, and kill all of them with just one call.

Is dynamic cast expensive?

I hear very often that I should not use dynamic_cast, because it is very expensive in processor time. In many commercial projects it is not possible to live without casting objects. Many object has two or more faces. One general interFace and specific one. There are two main solutions of this: adding enum Field with type or dynamic_cast. Few times I had to take some objects from collection with enum type information with special collect(EnumType type) method. So I was obliged static_cast objects to type I've requested. It is really boring because makes me to cast every time I use this method so I benchmarked it and compared with templated dynamic_cast.


As you can see there is no difference.

How to use Microsoft Office

As Programmer I forgot how to use Office Products. Anything longer than a page I create in LaTeX and simple documents with Google Docs. Making complex document in Word can be really exciting.

Changing orientation of single page
I am not sure wheter this is really possible, I thought that option this section will be ok, but it didn't work. Anyway I got similar effect by changing margins (yes page orientation options are also there) and changing from portrait to landscape and from landscape to portrait. After first operation current and all folowing pages change layout to landscape, second operation will change all following pages back to portrait.

If you copy caption of figure. Office will never update numbers even if document is reloaded. I was not able to select single caption and find update option but seletring all (CTRL+A) works perfectly.

Diagram scaling does not work too well. Most objects will scale but not caption texts inside objects it is better to create image in external program.