by jNayden | Apr 11, 2019 | Aggregated, javaee, spring
As a follow up of the http://gochev.blogspot.com/2019/04/convert-pfx-certificate-to-jks-p12-crt.html we now have a keystore and a truststore (if anyone needs) and we will use this keystore to send client side authentication using Spring’s RestTemplate .First copy your keystore.jks and truststore.jks in your classpath, no one wants absolute paths right ?:)The magic happens in the creation of SSLContext. Keep in mind the Spring Boot have a nice RestTemplateBuilder but I will not gonna use it, because someone of you might have an older version or like me, might just use a plain old amazing Spring.If you just want to use the keystore:final String allPassword = “123456”;SSLContext sslContext = SSLContextBuilder .create() .loadKeyMaterial(ResourceUtils.getFile(“classpath:keystore.jks”), allPassword.toCharArray(), allPassword.toCharArray()) .build(); if you just want to use the truststore final String allPassword = “123456”;SSLContext sslContext = SSLContextBuilder .create() .loadTrustMaterial(ResourceUtils.getFile(“classpath:truststore.jks”), allPassword.toCharArray()) .build(); I guess you know how to use both ;), if you want to IGNORE the truststore certificate checking and trust ALL certificates (might be handy for testing purposes and localhost) final String allPassword = “123456”;TrustStrategy acceptingTrustStrategy = (X509Certificate[] chain, String authType) -> true;SSLContext sslContext = SSLContextBuilder .create() .loadTrustMaterial(ResourceUtils.getFile(“classpath:truststore.jks”), allPassword.toCharArray()) .loadTrustMaterial(null, acceptingTrustStrategy) //accept all .build();...
by jNayden | Apr 11, 2019 | Aggregated
I recently had to use a PFX certificate for client authentication (maybe another post will be coming) and for that reason I had to convert it to a Java keystore (JKS). We will create BOTH a truststore and a keystore, because based on your needs you might need one or the other. The difference between truststore and keystore if you are not aware is(quote from the JSSE ref guide: TrustManager: Determines whether the remote authentication credentials (and thus the connection) should be trusted. KeyManager: Determines which authentication credentials to send to the remote host. Ok that’s enough what you will need is openssl and Java 7+ 😉 ! First let’s generate a key from the pfx file, this key is later used for p12 keystore. openssl pkcs12 -in example.pfx -nocerts -out example.key Enter Import Password: MAC verified OK Enter PEM pass phrase: Verifying – Enter PEM pass phrase: As shown here you will be asked for the password of the pfx file, later you will be asked to enter a PEM passphase lets for example use 123456 for everything here. The second commands is almost the same but it is about nokey and a crt this time openssl pkcs12 -in example.pfx -clcerts -nokeys -out example.crt Enter Import Password: MAC verified OK Now we have a key and and a crt file Next step is to create a truststore. keytool -import -file example.crt -alias exampleCA -keystore truststore.jks Enter keystore password: Re-enter new password: Owner: CN=….. ……. Trust this certificate? [no]: yes Certificate was added to keystore As you can see here you just import this crt file into a jks truststore and set some password. For the question...
by jNayden | Feb 26, 2019 | Aggregated
Bad news everyone,as you already have noticed I do not have time to write blogs 🙁 However I would recommend you to check and keep an eye on the youtube channel of the Bulgarian Java User Group (http://jug.bg) which is https://www.youtube.com/user/BulgarianJUG/ You can enjoy all the jprime conference video recordings at https://www.youtube.com/user/BulgarianJUG/playlists but also checkout the videos tab since we have a lot of non jprime videos uploaded as well and maybe at some point you can even see me...
by Bozho | Oct 21, 2017 | Aggregated, Developer tips, security, user authentication, web applications
It’s almost always a good idea to support two-factor authentication (2FA), especially for back-office systems. 2FA comes in many different forms, some of which include SMS, TOTP, or even hardware tokens. Enabling them requires a similar flow: The user goes to their profile page (skip this if you want to force 2fa upon registration) Clicks “Enable two-factor authentication” Enters some data to enable the particular 2FA method (phone number, TOTP verification code, etc.) Next time they login, in addition to the username and password, the login form requests the 2nd factor (verification code) and sends that along with the credentials I will focus on Google Authenticator, which uses a TOTP (Time-based one-time password) for generating a sequence of verification codes. The ideas is that the server and the client application share a secret key. Based on that key and on the current time, both come up with the same code. Of course, clocks are not perfectly synced, so there’s a window of a few codes that the server accepts as valid. Note that if you don’t trust Google’s app, you can implement your own client app using the same library below (though you can see the source code to make sure no shenanigans happen). How to implement that with Java (on the server)? Using the GoogleAuth library. The flow is as follows: The user goes to their profile page Clicks “Enable two-factor authentication” The server generates a secret key, stores it as part of the user profile and returns a URL to a QR code The user scans the QR code with their Google Authenticator app thus creating a...
by Mitia Alexandrov | Oct 16, 2016 | bg-jug, Blog, jpro, Uncategorized
The latest edition of jProfessionals has happen to be a very special event for BGJUG. Unlike the previous two editions current event was fully dedicated to one special guest – Dr. Venkat Subramaniam! Venkat is an award-winning author, founder of Agile Developer, Inc., creator of agilelearner.com, and an instructional professor at the University of Houston. He has trained and mentored thousands of software developers in the US, Canada, Europe, and Asia, and is a regularly-invited speaker at several international conferences and a committee member of the JavaOne conference. Venkat helps his clients effectively apply and succeed with sustainable agile practices on their software projects. Venkat is a (co)author of multiple technical books, including the 2007 Jolt Productivity award winning book Practices of an Agile Developer. During the first part of the day Dr. Venkat Subramaniam gave two talks: Let’s Get Lazy: The Real Power of Streams Twelve Ways to Make Code Suck Less More than 150 developers came from Sofia and other cities. Even our friends from Macedonian JUG came from Skopje! Then we had a small break. The second part of the day was dedicated to a 3 hours workshop about Functional programming with java. The first two who successfully finished the labs have received special awards from our partner JetBrains – 1-year free license for any of their great products. The winners got their prizes: The event was great! Many useful lessons learned! The community was very excited for this java day! And spacial thanks to Dr. Venkat Subramaniam for making it happen! At the end we had our traditional afterparty! Special thanks to Paysafe for providing the most modern...
Recent Comments