Thursday, August 04, 2016

How to Generate an SHA-2 (SHA-256) Self-Signed Certificate in Java

I was working on a couple of SSL based issues when I made a couple of observations. The default self-signed key generation in Java does not meet today's requirements for web development.

SHA-1 based certificates (default) are no longer going to be accepted by the majority of browsers. Microsoft has set a deadline of February 2014, Mozilla,  and Chrome on 1 January 2017.

Additionally, a key size of less than 2048 is considered insecure as well, so we need to make sure the key size is at least 2048.

So how do you generate a SHA-2 (SHA-256) certificate in Java? Here is an example below.
keytool -genkey -alias example -keyalg RSA -sigalg SHA256withRSA -keysize 2048 -validity 3650 -keystore keystore.jks
In this example we create a certificate with validity of 10 years. The -sigalg SHA256withRSA is used to set it to SHA-256.

Tuesday, June 28, 2016

Abuse Report Format (ARF) Message Generator

 I have been working on testing a feedback loop, and wanted a simple mechanism to do the testing.

I was surprised that I couldn't find any framework when I was searching to do it. As any good developer, I decided to write my own way of testing it.

The Abuse Report Format (ARF) Message Generator takes a raw email, and sends it back to the server that sent it as an abuse feedback report.

The code requires JavaMail API and Sun DSN API.

The project includes a custom mailcap file to handle the new ARF report format.

The code is located on Github including the sample usage here: arf-message-generator

Friday, June 24, 2016

Log4j2 java.util.logging (JUL) Adapter Example


I was looking for an example of how to implement the java.util.logging (JUL) adapter in a project. This would almost seem to be a no brainer of an idea with lots of examples of how to do it. Alas, I didn't find much of anything. So I thought I would share some wisdom of how to implement the JUL Adapter.


You need to tell the application to use the JUL adapter. There are two easy ways to accomplish this.
  1. The easiest is to pass a VM option to the application: -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager
  2. Alternatively, you can use a static initializer in your class. This is important because the value needs to be set before the logger is called.

The code for the project can be found on GitHub here: log4j2-jul-example


Thursday, May 19, 2016

How do I enable rndc on Mac OS X El Capitan (10.11.5)

So I was trying to figure out how to enable rndc on El Capitan so I could dump the DNS cache to check name resolution. I could run the command from the command line, but alas it would indicate that it was not listening on port 953. I tried the alternate port 54, but again to no avail. As it turns out, I needed to modify the named.conf file controls section to get it to work. The named.conf file is located at /Library/Server/named/named.conf. You will need to modify it as the super user using sudo.

Note: I have the Apple Server Application installed

sudo nano /Library/Server/named/named.conf

The existing file should have a controls section that looks similar to the one below.

controls {
        inet ::1 port 54 allow {
        } keys {

I added the following inet allow {localhost;};. So now the configuration looks like:

controls {
        inet allow {localhost;};
        inet ::1 port 54 allow {
        } keys {

You will need to restart named service using the following commands.

sudo launchctl stop org.isc.named
sudo launchctl start org.isc.named

You should be able to use rndc. To check, you can issue the following command:

sudo rndc status

version: 9.9.7-P3 
CPUs found: 8
worker threads: 8
UDP listeners per interface: 4
number of zones: 100
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running

Thursday, March 24, 2016

JSF 2.2 Tip of the Day: Using Hibernate Validators with JSF


Hibernate validators offer a plethora of validators to make your development work much easier. Some of the common ones that are used are @NotNull, @NotBlank, and @NotEmpty. To take advantage of these validators, and avoid some misconceptions, a little information needs to be provided.


Everyone likes this particular annotation, and it can be a real life saver. However something that often catches developers using it on JSF is that JSF treats empty form fields as empty strings. This is not the same as null. So if you want JSF to capture these values and treat them as null values, you need to tell JSF to do so. This is accomplished by adding the following context parameter to the web.xml file.
Once this is added to the context, all blanks will be treated as null values. Be mindful of any side effects created from this change.


This validator causes a lot of confusion. The value can not be null, but can be any character including whitespace, e.g. You can enter a space, and it will accept it.


This is the most useful annotation from my standpoint. This makes sure that the input is not null, and is not an empty string like white spaces. This is really what I think most developers are really after anyway. They want to make sure that users fill in form fields.


The code for this project can be found on Github, and includes some additional bonus code such as using locales, and custom messages. The code can be found here: jsf-hibernate-validator.

Tuesday, March 22, 2016

JSF 2.2 Tip of the Day: Using ValueExpressions and VariableMapper to set EL using a PhaseListener

The title seems like a mouthful, and it is. I had some code which I used to demonstrate how to set EL values using a PhaseListener. I was going to delete the code when I decided that it was the second time someone in a short span of time asked me the same question, and I should post how to do it.

The use of a PhaseListener to set EL values seems to the casual observer like Voodoo magic. You will see the EL expressions on the page, and they magically seem to populate. In some ways it is like a classical interceptor which can make your code really seem magical, and lead to confusion. This approach though has its place, and if used correctly can solve a lot of issues. One example is determining if a <ui:include src="XXX" rendered="#{EL_VARIABLE_HERE}" /> should render.

It can also be used to set the src value on the fly. An always popular question on how to resolve.

The project can be found on GitHub here: jsf-ve-phaselistener

So the output looks like a nice set of name value pairs using the Greek alphabet as variable names.

Sunday, March 20, 2016

Google Guava IP and Hostname Validation

I was trying to come up with a way to validate hostnames and IP addresses. I didn't want to spend time trying to do it myself. I figured that this should be a common situation, and likely someone had already written a tool to do just such a thing. I was right. Google Guava has a couple of interesting classes that do exactly what I was looking for.

For folks who may not be familiar with Guava, it is a framework of really helpful utilities that can be used for a variety of situations. Most folks who use Guava in my experience use the collections classes. However, there is a boon for anyone who digs a little deeper.

We will use two specific classes from the Guava framework to do our validations. The first is InternetDomainName which is used to validate the domain name. The other is InetAddresses to check our IP address for validity.

There are some caveats to the InternetDomainName class which are explained here: InternetDomainNameExplained.

In the code below, we see that it is very easy to use and it works very well.

Popular Posts