Saturday, August 27, 2016

Keystore and Public Key Generation for Spring OAuth2 JWT


If you are going to implement Gateway Pattern (involving an Auth Server, UI Server and Resource Server) using Spring Boot OAuth2, you may want to look on to the sample at Github. The sample clearly illustrates how to implement the pattern. But, if you want to create your own Keystore and Public Key, the following instruction will be useful.

The instructions are taken from http://www.baeldung.com/spring-security-oauth-jwt. First, execute the following command:

keytool -genkeypair -alias myalias -keyalg RSA -keystore mykeystore.jks 

Enter keystore password:  
Re-enter new password: 
What is your first and last name?
  [Unknown]:  Juan Dela Cruz
What is the name of your organizational unit?
  [Unknown]:  My Company
What is the name of your organization?
  [Unknown]:  My Organization
What is the name of your City or Locality?
  [Unknown]:  Antipolo
What is the name of your State or Province?
  [Unknown]:  Rizal
What is the two-letter country code for this unit?
  [Unknown]:  PH
Is CN=Juan Dela Cruz, OU=My Company, O=My Organization, L=Antipolo, ST=Rizal, C=PH correct?
  [no]:  yes

Enter key password for <myalias>
(RETURN if same as keystore password):

The command will produce mykeystore.jks file. Then, we export the public key through Java:

    public static void main(String[] args) {
        KeyPair keyPair = new KeyStoreKeyFactory(new ClassPathResource("keystore.jks"), "10qpalzm".toCharArray())
                .getKeyPair("safesatcentral", "10qpalzm".toCharArray());
        System.out.println(new String(Base64.encode(keyPair.getPublic().getEncoded())));
    }

After all of these, you may now apply your custom Keystore and Public Key to your Spring OAuth2 project using JWT.


Friday, July 22, 2016

Creating CSR with modern cryptography

I had a post regarding SSL installation at http://jettyapplicationserver.blogspot.com/2015/04/applying-ssl-certificate-to-nginx.html but the procedure on CSR generation is outdated. If you want to protect your website with modern cryptography, you may find this post useful.

By the way, in Chrome you may click the pad lock icon at the address bar to know about a website's SSL connection details.


In this example we will generate a private key named sudo2016.key and CSR file named sudo2016.csr. For your purpose, rename the file names with the names you desire.


Generate an RSA Key

openssl genrsa -out sudo2016.key 4096


Generate CSR

openssl req -out sudo2016.csr -key sudo2016.key -new -sha256


Pre-SSL Certificate Generation

The contents of the CSR will be supplied to the SSL provider. The SSL Provider will generate a number of certificates for you. 

In Name.com, they provide three certificates: Server Certificate, CA Certificate and the Root Certificate.

Different Web Servers have different ways of installing SSL certificates. Usually, the SSL Providers give instruction for every Web Servers.





Sunday, June 26, 2016

Creating Start-up Script in Ubuntu

I installed Redmine in an Ubuntu Server at Windows Azure and was successful in doing so. However, Azure did some maintenance in my server and has to restart it. So, when I accessed Redmine again, Nginx redirected me to its Error 502 page. Upon checking, I realized that  there was really a restart that happened and I thought I have to create a start-up script to avoid this since it was not only me who is using the Redmine which I installed but also my clients' testers and BA's.

Here's how my script look like.

#!/bin/sh

REDMINE_START=/home/tsiminiya/redmine-3.3.0/run.sh
REDMINE_STOP=/home/tsiminiya/redmine-3.3.0/stop.sh
REDMINE_USER=tsiminiya
REDMINE_COMMAND=

executeCommand() {
    start-stop-daemon -S -u $REDMINE_USER -c $REDMINE_USER -o -x $REDMINE_COMMAND
}

case $1 in
    start)
        REDMINE_COMMAND=$REDMINE_START
        executeCommand
        ;;
    stop)
        REDMINE_COMMAND=$REDMINE_STOP
        executeCommand
        ;;
    *)
        echo "Usage: $(basename $0) (start | stop)"
        ;;
esac


You may modify the variables above to point to your start and stop scripts. I didn't put here the contents of my run.sh and stop.sh. What is important here is the start-stop-daemon line. And, also after constructing your start-up script:

1. Save the file at /etc/init.d/<filename-of-your-choice>.
2. sudo chmod +x /etc/init.d/<filename-of-your-choice>
3. sudo update-rc.d <filename-of-your-choice> defaults

Note: at #3, we don't specify the full path but just the script name.

Restart the server after Step 3 to test whether your start-up script is working.