I am wanting to generate a new keypair for use with Ngit (Jgit).
How do I generate a new keypair through code?
JGit has JSch as dep, take a look at this example http://www.jcraft.com/jsch/examples/KeyGen.java.html
Related
I am using Apache VFS to upload a file to an SFTP server, if the file is newer than the file on the server or doesn't exist there yet. The server connection uses SSH Keys for Authentication.
I am using the following java code (plus error handling etc.) to connect to the server and check the file modification date-time:
DefaultFileSystemManager manager = new DefaultFileSystemManager();
manager.addProvider("sftp", new SftpFileProvider());
manager.init();
FileSystemOptions opts = createDefaultOptions();
BytesIdentityInfo identityInfo = new BytesIdentityInfo(server.sshKey.getBytes(), null);
SftpFileSystemConfigBuilder.getInstance().setIdentityProvider(opts, identityInfo);
remoteFileObject = manager.resolveFile(new URI("sftp",server.UserName,server.HostName,server.Port,remoteFilePath,null,null).toString(), createDefaultOptions(server.Key));
FileContent content = remoteFileObject.getContent();
return content.getLastModifiedTime();
The SSH key is in the format -----BEGIN RSA PRIVATE KEY----- etc.; as exported by puttyGen under Conversions -> Export OpenSSH Key (i.e. the old format of OpenSSH key, not the new one).
I have tested this code on Windows, with a locally hosted SFTP server (i.e. also on the same Windows machine), and it works successfully.
I am now wanting to use this in a Linux environment (RHEL), connecting to an AWS Transfer SFTP server, secured using SSH keys as described.
I can connect successfully using the SFTP command from the Linux OS shell:
sftp -oIdentityFile=/path/to/test.ppk USER#xxx.xxx.xxx.xxx
But, when I try to run the java code, the code hangs on the call to manager.resolveFile.
After half an hour (I think - this might not be related), I get the following in /var/log/messages:
systemd-logind[1297]: Session 115360 logged out. Waiting for processes to exit.
systemd[1]: session-115360.scope: Succeeded.
systemd-logind[1297]: Removed session 115360.
I don't have SELinux enabled, so I don't think that's interfering in any way.
Can anyone help suggest what might be causing this?
There were a couple of things, as it turns out:
Timeout
The timeout can be set when you configure the SftpFileSystemConfigBuilder, by using the .setSessionTimeout(FileSystemOptions, Duration) method call. This reduces the timeout which, if nothing else, makes the issue easier to debug.
The Session comments in the messages log were not related to the issue. Instead, the issue happened because the exec channel is disabled on the SFTP server, but VFS is trying to use it. At a simple level, this can be disabled using setDisableDetectExecChannel on the SftpFileSystemConfigBuilder object - but you should know the implications of this before doing so.
Have implemented some https support infrastructure. In one place need to Convert RSA to pem format. Here found the solution, that works fine on Windows, but as soon as run it in docker with linux, after the construction
var parameters = rsa.ExportParameters(true); have got next error
System.Security.Cryptography.CryptographicException Cannot open an invalid handle. Void CheckInvalidKey(Microsoft.Win32.SafeHandles.SafeRsaHandle)
Is there any alternative to export RSA in pem format ? If not is there any alternative way to get parameters from RSA ?
I am trying to load an x509 certificate from file in CF.NET. The certificate I am trying to load can be downloaded here (it's a GoDaddy root cert).
My code looks like this:
byte[] bytes = null;
using (var certFile = new FileStream("\\gdroot-g2.crt", FileMode.Open, FileAccess.Read))
using (var br = new BinaryReader(certFile))
{
bytes = new byte[(int)certFile.Length];
br.Read(bytes, 0, bytes.Length);
}
//This line throws the error.
var cert = new X509Certificate2(bytes);
When I try loading the cert, I get the following error:
Creating certificate object failed. The data passed in is either
incorrect or is not supported by .NET Compact Framework. .NET Compact
Framework does not support reading from pfx files.
I've verified that the .CRT file I am using is Base-64 encoded. Also - when I run this same code on the desktop (using a mobile simulator that we've built) it parses the cert successfully.
Am I missing something basic here?
I too had the same problem and I resolved it by following the below steps.
Convert the certificate file to DER encoded binary X.509 format and then use it in the compact framework.
Steps for conversion:
Open the .cer file in the computer
Go to "Details" tab and click "Copy to File..." button
Certificate Export Wizard appears in which click Next and choose "DER encoded binary X.509(.CER)"
Click Next and specify the desired location and file name and click Finish
This will generate a .cer file in the chosen location
Use the certificate file (generated by the above process) in the compact framework and access the information programmatically as follows.
Read the contents of certificate file using BinaryReader which results in byte[] value
X509Certificate2 cert = new X509Certificate2(byte value returned by the above step)
Get the issuer name or any details required through built-in methods like cert.GetIssuerName();
When I followed this procedure, I didn't get any exception and it worked fine.
You might find it easier to interact with the certificate via the X509Store class. You can either add the root certificate by hand or programmatically.
Once you've added your certificate to the store you can retrieve an enumeration of the X509Certificate2 from the store and use LINQ to filter down to the specific GoDaddy certificate.
The linked MSDN page has some sample code showing this in action. Hope this helps.
The X509 namespace in the CF is effectively useless. I'm not sure why they bothered including it at all. I ended up wrapping the certificate APIs manually and creating a separate set of X509 classes that provide the functionality the BCL should have provided. The code is too long for a post here on SO, but those methods are part of the SDF.
I am trying to make test cases for android native apps using robotium. But for certain apps I get an error "the signature does not match the target package".
Is there any possible way to know the signature to be used for the android native apps?
I suggest you to use this: http://www.troido.de/re-sign.jar (run it as root or administrator) to resign your app, signing it using your debug keystore.
In this document you'll find more informations about all the procedure!
Sorry for my english!
Not for native apps. This is one of the "problems" with Robotium, in that the signatures have to match. Robotium claims that they are able to do "black box" testing, but you have to have a matching signature, which isn't always available. One option is that you can try to remove the old signature, and create a new one using the debug signature.
Here is an excerpt from a Robotium document that might help:
Signature:
The signature will identify the author of the android application. Signature means it contains the information like first name and last name of the developer, Name of the organizational unit, organization, city, state, two-‐letter country code.
Standard tools like Keytool and Jarsigner are used to generate keys and sign applications. [For more help: http://developer.android.com/guide/publishing/app-‐signing.html ]
IMPORTANT STEPS:
* If you know the certificate signature then you need to use the same signature in your test project
* If you do not know the certificate signature then you need to delete the certificate signature and you should use the same android debug key signature in both the application and the test project
* If the application is unsigned then you need to sign the application apk with the android debug key
If the application is signed then you can use the following drag and drop java program to resign it:
http://www.troido.de/re-‐sign.jar
Or
-‐-‐ Un-‐zip the apk file
-‐-‐ Delete the META-‐INF folder
-‐-‐ Re-‐zip the apk file
-‐-‐ In Dos prompt /Command prompt
> jarsigner -keystore ~/.android/debug.keystore -storepass android -keypass android ApplicationToTest.apk androiddebugkey
> zipalign 4 ApplicationToTest.apk TempApplicationToTest.apk
Then rename TempApplicationToTest.apk to ApplicationToTest.apk
Best of luck!
Every time I ran an AIR application, even the simplest "Hello World" sample, with adl, it says:
Connection failure: Connection refused
I didn't try to establish a connection to any website or server. adl complains all the time and it's annoying. Any ideas? Thanks.
It might be trying to contact a remote time server. From this blog post:
By default, when an application is packaged, the ADT process attempts to contact a time server to generate a timestamp. If you use a proxy server to connect to the internet (see my previous rant post), you’ll get a ‘connection refused’ error. Yiou can get around this by adding ‘-tsa none’ before the file component of the command like so:
adt -package -storetype pkcs12 -keystore sampleCert.pfx -tsa none HelloWorld.air HelloWorld-app.xml HelloWorld.html AIRAliases.js