is my JAVA_HOME path incorrect? - path

This is a step in :
http://docs.ionic.io/services/auth/google-native.html
Im trying to generate an SH1 key with:
keytool -exportcert -list -v -alias androiddebugkey -keystore ~/.android/debug.keystore
I get the following error:
keytool error: java.lang.Exception: Keystore file does not exist: /Users/alex_fimm_dev/.android/debug.keystore
java.lang.Exception: Keystore file does not exist: /Users/alex_fimm_dev/.android/debug.keystore
at sun.security.tools.keytool.Main.doCommands(Main.java:745)
at sun.security.tools.keytool.Main.run(Main.java:343)
at sun.security.tools.keytool.Main.main(Main.java:336)
I suspect something is wrong with JAVA_HOME path?
here is my .bash_profile
export PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/opt/X11/bin:/Users/alex_fimm_dev/Desktop/Databases/Mongo/mongodb/bin:/Users/alex_fimm_dev/Desktop/Databases/Mongo/mongodb/bin
# Setting PATH for Python 3.5
# The orginal version is saved in .bash_profile.pysave
PATH="/Library/Frameworks/Python.framework/Versions/3.5/bin:${PATH}"
export PATH
# Homebrew
export PATH=/usr/local/bin:$PATH
export LC_ALL=en_US.UTF-8
export LANG=en_US.UTF-8
# android and java paths
export JAVA_HOME=/Library/Java/Home/
export ANDROID_HOME=/usr/local/Cellar/android-sdk/
export PATH=${PATH}:/usr/local/Cellar/android-sdk/24.4.1_1/platform-tools:/usr/local/Cellar/android-sdk/24.4.1_1/tools
And if I go to the location of the keystore file:
lm5-fim4-0G3QD:~ alex_fimm_dev$ cd ~/.android/
lm5-fim4-0G3QD:.android alex_fimm_dev$ keytool -exportcert -list -v -alias androiddebugkey -keystore ~/.android/debug.keystore
Unable to locate an executable at "/Library/Java/Home/bin/bin/keytool" (-1)
lm5-fim4-0G3QD:.android alex_fimm_dev$

Solution:
Update path in all my terminals like:
source ~/.bash_profile
generate .keystore which was missing in ~/.android like:
keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000

your java and android path is like this::
ANDROID_HOME=/home/user_name/Android/Sdk
JAVA_HOME=/usr/lib/jvm/java-8-oracle
If want it to make it permanent just add those lines in the ~/.bashrc file

Related

Configure LDAP global settings in jenkins

I've set up a Jenkins instance, and am trying to set up LDAP and getting this error
Unable to connect to ldaps://server.domain.com:636 :
javax.naming.CommunicationException: server.domain.com:636 [Root
exception is javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target]
The target server is using a self-signed certificate. Is there a way to disable certification checking? In another web server instance, we run it with
AUTH_LDAP_GLOBAL_OPTIONS = {
ldap.OPT_X_TLS_REQUIRE_CERT: False }
Could there be a similar option when using Jenkins?
You can override the Java default SSL factory like https://plugins.jenkins.io/skip-certificate-check
Or you can trust the cert by fetching the certificate public key and importing that into your ./jre/lib/security/cacert truststore.
export JAVA_HOME='/path/to/your/jre'
export LDAPHOST='LDAPHOST01.domain.ccTLD'
export LDAPSSLPORT='636'
export CERTFILENAME='/tmp/ldapcert.cer'
echo "" | openssl s_client -connect $LDAPHOST:$LDAPSSLPORT 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > $CERTFILENAME
keytool -import -trustcacerts -alias $LDAPHOST -file $CERTFILENAME -keystore $JAVA_HOME/lib/security/cacerts
When you import the certificate, you will be asked for the keystore password. The default is 'changeit' ... otherwise whatever you've changed it to. Details on the cert will be displayed, and you will be asked if you really want to trust the certificate.
[lisa#linux02 checkSSLCertExpiry]# keytool -import -trustcacerts -alias $LDAPHOST -file $CERTFILENAME -keystore $JAVA_HOME/lib/security/cacerts
Enter keystore password:
Owner: CN=LDAPHOST01
Issuer: CN=LDAPHOST01
Serial number: 3a2542463f2d59bb4018f9e9179dd6a8
Valid from: Mon Jun 02 16:55:08 EDT 2014 until: Sun Jun 02 16:55:08 EDT 2019
Certificate fingerprints:
MD5: C3:33:62:B4:A8:30:05:54:3A:F9:AE:99:66:35:EB:22
SHA1: FA:C2:7B:5D:BF:74:05:58:EF:37:F1:AD:8D:8B:DF:02:93:4C:D8:7E
SHA256: BE:D6:DF:A9:4F:82:6B:AF:2C:C7:45:9B:B7:A4:0A:B4:9A:81:DB:8E:49:A2:38:16:49:83:F7:4C:D5:EC:61:E0
Signature algorithm name: SHA1withRSA
Subject Public Key Algorithm: 2048-bit RSA key
...
#4: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: LDAPHOST01
DNSName: LDAPHOST01.domain.ccTLD
]
Trust this certificate? [no]: yes
Certificate was added to keystore
A keytool command to verify the certificate exists in the store:
[lisa#linux02 checkSSLCertExpiry]# keytool -list -keystore $JAVA_HOME/lib/security/cacerts -alias $LDAPHOST
Enter keystore password:
LDAPHOST01.domain.ccTLD, Sep 28, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): FA:C2:7B:5D:BF:74:05:58:EF:37:F1:AD:8D:8B:DF:02:93:4C:D8:7E
Overriding Java's default trust mechanisms is once-and-done, but obviously removes all of the security that goes with verifying a certificate. Trusting the LDAP server's cert means you'll need to know every time the cert is renewed, and you'll need to import the new certificate into your cacerts file.
To avoid having auth fail every year or two when the directory server cert expires, I set up a certificate authority (CA) with a fairly long (10 years or so) validity. You can do this with a dedicated PKI infrastructure or simply OpenSSL. By importing the CA's public key into cacerts, you trust any certificate issued against the CA. So if the directory certificate is renewed every year, you don't need to do anything. In a decade when the CA cert is replaced, you'll need to add the new CA cert to the store.

jmeter - Got 'Keystore was tampered with, or password was incorrect' error doing distributed tests

Searched all the questions related to recover keyerror, got no answer on my situation.
So, I just have several simple operations:
install jmeter 4.0 (on centos 7)
cd to the bin directory, run ./create-rmi-keystore.sh and pressed Enter in each steps(entered a password 123654 at final step), and finally it gives me
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore rmi_keystore.jks -destkeystore rmi_keystore.jks -deststoretype pkcs12".
Copy the generated rmi_keystore.jks to jmeter/bin folder or reference it in property 'server.rmi.ssl.keystore.file'
so I run keytool -importkeystore -srckeystore rmi_keystore.jks -destkeystore rmi_keystore.jks -deststoretype pkcs12 and give a password 123654
It gives me:
Enter source keystore password:
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect
Can anybody give a hand, Thanks advance:)
solved by this , to answer the question What is your first and last name?, you'll have to reply with rmi which must be a corresponding value with server.rmi.ssl.keystore.alias in jmeter.propertise.

Funny result with multiple backup tape

I'm testing for lto6 tar encrypted backup
I'm using one G only for the test
tar cMpf - --tape-length=1G --blocking-factor 4096 -X /etc/file.exclude /| openssl enc -e -aes256 -salt -pass file:unixpass -out /dev/st0
The first tape work fine
Ask me for second..I insert press return and...
display content of a file!
"<custom_item>type : SQL_POLICYdescription : "2.11 sqlnet.ora settings - 'Setting for the remote_os_authent parameter'""....
this for thousand of lines,like cat command
Using a file for testing it cat /opt/nessus...
opt/nessus/var/nessus/audits/audit_warehouse.audit01402604000014563
Solution found: must insert tape name,i though was automatic generated

How to debug a platform signed system app using Xamarin Android

I'm currently working on a project that must be a platform signed system app to be privileged to communicate on the I2C bus of a proprietary Android device.
The manifest contains android:sharedUserId="android.uid.system" and the resulting unsigned apk is signed, zipaligned and installed with this batch...
java -jar signapk.jar platform.x509.pem platform.pk8 unsigned.apk signed.apk
zipalign -f -v 4 signed.apk aligned.apk
adb install -rg aligned.apk
This works fine. However, I need to do extensive development running with this privilege requiring the debugger to be attached. I have tried using a custom Configuration that retains the debugger symbols while including the Mono runtime in the package only to find out that you cannot attach to an already running Android app from Xamarin.
Is there a way to create a keystore that is signed with the platform signature that I could put in ...\AppData\Local\Xamarin\Mono for Android\ to replace debug.keystore? The idea being that the debug build-deploy process would pick this up and I'd have the privileges I need AND have attachment to the debugger.
Any help much appreciated.
You can create a JKS keystore from a DER-encoded PKCS #8 private key and the corresponding PEM-encoded X.509 certificate as follows:
openssl pkcs8 -inform der -in platform.pk8 -nocrypt -out platform.key
openssl pkcs12 -export -in platform.x509.pem -inkey platform.key -out platform.p12
keytool -importkeystore \
-srckeystore platform.p12 -srcstoretype pkcs12 \
-destkeystore platform.keystore \
-deststorepass android -destkeypass android
shred -u platform.key platform.p12
For those following, after I performed the steps from Alex, I added this to the .csproj file to get Visual Studio to use it for this specific example.
<PropertyGroup Condition="'$(Configuration)' == 'Debug'">
<AndroidKeyStore>True</AndroidKeyStore>
<AndroidSigningKeyStore>(path)\platform.keystore</AndroidSigningKeyStore>
<AndroidSigningStorePass>android</AndroidSigningStorePass>
<AndroidSigningKeyAlias>1</AndroidSigningKeyAlias>
<AndroidSigningKeyPass>android</AndroidSigningKeyPass>
</PropertyGroup>

travis encrypt-file for maven deploy

On my computer:
travis login --org
Username: xxxxxx
Password: xxxxxx
Successfully logged in as xxxxxx!
travis encrypt-file codesigning.asc -r XXXXXX/XXXXXX
encrypting codesigning.asc for XXXXXX/XXXXXX
storing result as codesigning.asc.enc
storing secure env variables for decryption
Please add the following to your build script (before_install stage in your .travis.yml, for instance):
openssl aes-256-cbc -K $encrypted_abcd1234_key -iv $encrypted_abcd1234_iv -in codesigning.asc.enc -out codesigning.asc -d
Pro Tip: You can add it automatically by running with --add.
Make sure to add codesigning.asc.enc to the git repository.
Make sure not to add codesigning.asc to the git repository.
Commit all changes to your .travis.yml.
On my travis acount:
On my GitHub repository:
I paste the codesigning.asc.enc file in the test folder test/codesigning.asc.enc.
I add this shell script:
if [ "$TRAVIS_BRANCH" = 'master' ] && [ "$TRAVIS_PULL_REQUEST" == 'false' ]; then
echo "******** Starting gpg"
openssl aes-256-cbc -K "$encrypted_abcd1234_key" -iv "$encrypted_abcd1234_iv" -in test/codesigning.asc.enc -out test/codesigning.asc -d
gpg --fast-import test/codesigning.asc
fi
I have this error on my travis console:
bad decrypt
139864985556640:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:539:
gpg: invalid radix64 character FE skipped
gpg: invalid radix64 character C4 skipped
gpg: read_block: read error: invalid packet
gpg: import from `test/codesigning.asc' failed: invalid keyring
gpg: Total number processed: 0
OpenPGP (the cryptographic protocol implemented by gpg) and X.509 (the cryptographic protocol used by OpenSSL) are not compatible. You cannot import this key to GnuPG (you could to gpgsm which implements X.509, but this is not the normal gpg you want to use). You will have to stick with OpenSSL or GnuTLS to handle the key and encrypted messages for it.

Resources