199 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
Infoware’s Ulf Stider is speaking at the Social Connections conference in Chicago
Tue, May 23rd 2017 6
Learn how to optimize the value of your IBM licenses by attending our seminar on May 4, 2017 in Stockholm
Tue, Apr 11th 2017 5
Summer is coming, but relax, Infoware can take care of your IBM platform while you are away
Fri, Mar 31st 2017 10
Dictionaries in IBM Notes. Changing and Signing with JDK 1.8, no questions asked
Fri, Mar 10th 2017 13
DomainPatrol Social arrives at IBM Connect 2017
Fri, Feb 17th 2017 11
SugarCRM IBM Notes plug-in, no questions asked
Tue, Feb 14th 2017 10
DomainPatrol Social 11 introducing user roles and IBM Connections 5.5 CR2
Mon, Dec 5th 2016 8
Top 10
Error when installing IBM Connections 5.5 with CCM!
Mon, Jan 25th 2016 13
Infoware is heading of to IBM Connect
Thu, Jan 28th 2016 13
Dictionaries in IBM Notes. Changing and Signing with JDK 1.8, no questions asked
Fri, Mar 10th 2017 13
Merry Christmas & Happy New Year from Infoware
Fri, Dec 18th 2015 12
DomainPatrol Social 10 – beyond Merge Communities
Mon, Oct 3rd 2016 12
DomainPatrol Social and Social Connections
Wed, May 18th 2016 11
Is your IBM Connections environment in great shape?
Wed, Aug 17th 2016 11
DomainPatrol Social arrives at IBM Connect 2017
Fri, Feb 17th 2017 11
We’re adding Quota Management for Files to DomainPatrol Social
Tue, Aug 25th 2015 10
Fantastic Social Connections 10 in Toronto
Fri, Jun 17th 2016 10


Dictionaries in IBM Notes. Changing and Signing with JDK 1.8, no questions asked
Twitter Google+ Facebook LinkedIn Addthis Email Gmail Flipboard Reddit Tumblr WhatsApp StumbleUpon Yammer Evernote Delicious
Mats    

Case:
Dictionaries where missing from client installation on Windows machines.
Client is multi user and users are not allowed to write in Program Directories (non admin on their PCs).
Client is IBM Notes 9.0.1FP6, because this is the one rolled out to end users.
This means that nothing can be installed via Widgets in frameworkrpc or frameworkshared because both are under Program Directory.
Objective is to provide all of the dictionaries to the end users to choose from from the Widgets catalog. Installation should progress without any questions asked.

Description:
I downloaded the Dictionaries provided by IBM (Notes_XTAF_Dictionaries_V9.0_Win_ML.zip).
For a full description of this package, please read Tomas Hampels blog at
(https://blog.thomashampel.com/blog/tomcat2000.nsf/dx/deploying-xtaf-dictionaries-as-widgets.htm

The problem I got was that the Feature jar files configured to install in frameworkrpc which is fine if you include them during installation of the original package running with administrative rights on the computer.

Only way in my scenario was to make sure that the installation was made in a user context meaning Dataworkspaceapplications

Solution:
Change configuration of the Feature jar to make sure that the installation is done in a user context.

Unpacking the jar file in the features directory of any given dictionary reveals that the feature.xml file contains <feature colocation-affinity="com.ibm.rcp.platform.feature"
this needs to be changed to this <feature colocation-affinity="com.ibm.rcp.site.anchor.user.feature" to make sure that installation will go to Dataworkspaceapplications where the end user is allowed to write.

To unpack and repack i use PeaZip (http://www.peazip.org/peazip-64bit.html and as an Editor I use Notepad++ (https://notepad-plus-plus.org/download/v7.3.3.html

Explanation of the different options could be found here:
https://www.ibm.com/support/knowledgecenter/en//SSVHEW_6.2.0/com.ibm.rcp.tools.doc.admin/controllingfeatureinstallocation.html
http://www-01.ibm.com/support/docview.wss?uid=swg21497657
http://www-01.ibm.com/support/docview.wss?uid=swg21440976

Also when doing this it will break the signatures and this means that a resigning (after repackage) is necessary for security reasons (you should not allow anything that you have not trusted)
If you want to include your own signed jars files during installation of the client, this can be done following this instruction (http://www-01.ibm.com/support/docview.wss?uid=swg21305165)
You could also use iKeyman to do this if You prefer.

If you look at Tomas Hampels blog above You will find that there are a lot of files that needs to be changed and signed before importing to an update site.

Changing:
In every features directory in every updateSite_xx directory the file feature.xml needs to be changed according to the above solution.
IMPORTANT!!!
Also, preparing for signing, 3 files need to be deleted from a subdirectory called META-INF also in the features catalog:
IBM_WPLC.RSA
IBM_WPLC.SF
MANIFEST.MF
IMPORTANT!!!

Preparing:
Repack all files in each Directory e.g. com.ibm.langware.v5.dic.af_ZA.feature_7.2.0.201111100545 to com.ibm.langware.v5.dic.af_ZA.feature_7.2.0.201111100545.zip
Move (cut) the zip file to where the original jar file is located rename the original jar file with an extension .org instead of .jar end the rename the newly moved .zip file to .jar
A features catalog could then look like this:
Capture

Signing:
To sign I downloaded JDK 1.8 from
(http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html Windows x64 because I am using W10 64-bit.

IMPORTANT!!!
Only sing jar files that you have made changes to. The others are already signed with valid signatures.
Only sign 1 time with 1 signature for each jar file. Signing a second time could cause unexpected results.
IMPORTANT!!!

First I examined the file that was signed by IBM, this is now <filename>.org if the instructions where followed.
C:Program FilesJavajdk1.8.0_121bin>
jarsigner -verify -verbose "C:updateSite_affeaturescom.ibm.langware.v5.dic.af_ZA.feature_7.2.0.201111100545.org"

I got:
– Signed by "CN=International Business Machines Corporation, OU=Lotus Software Group, OU=Digital ID Class 3 – Java Object Signing, O=International Business Machines Corporation, L=Littleton, ST=Massachusetts, C=US"
    Digest algorithm: SHA1
    Signature algorithm: MD5withRSA, 2048-bit key
  Timestamped by "CN=GeoTrust Timestamping Signer 1, O=GeoTrust Inc, C=US" on lö feb 02 04:31:44 UTC 2013
    Timestamp digest algorithm: SHA-1
    Timestamp signature algorithm: SHA1withRSA, 1024-bit key

jar verified.

This meant that I need to sign with MD5withRSA and also SHA-1 where needed.
I tried all of the possible combinations of signing and digest and did the provisioning to the IBM Notes Client for all the different cases (puh this was hard and took a lot of time!) just to make sure.
I found only 1 configuration that worked all of the times.

IMPORTANT!!!
To sign You must first create a signer and also You need to import the certificate of the signer and crosscertify it with Your Notescertificate and push that crosscertificate to the client thru your security policy.
This done is done in Your Domino Directory of the server.
Signing the jar file with this signature is the trusted to be installed on the client.
IMPORTANT!!!

Inspired by Tomas Hampel (again) and the blog entry (https://blog.thomashampel.com/blog/tomcat2000.nsf/dx/untitled.htm?opendocument&comments). I decided to make my own script to help me out with this task.

Script Solution:
I decided to make 2 types of script, 1 for creating the necessary JKS file used for signing and 1 for the actual signing.
Both solutions consists of a command file an a property file containing values needed for the execution.

Code and samples will be provided here for download.Cool_Signing

Keytool:
Signing_mykeytool.cmd Cool_Signer.keytool
in the sample provided and this will create a JKS file and a CER file in the C:temp directory.

To customize for your own needs you can creating you own .keytool file using Cool_Signer.keytool as a template. Read the included Readme.txt file for explanation.

IMPORTANT!!!
You must change/customize this if You want to use this in your own environment, because sample provided here is not intended for other purposes than demonstrating the code.
IMPORTANT!!!

Jarsigner:
Signing_myjarsigner.cmd Cool_Signing_with_XTAF_MD5.jarsigner
in the sample provided will sign all jar files that ends with *.feature_7.2.0.201111100545.jar from the catalog C:Notes_XTAF_Dictionaries_V9.0_Win_ML and down.
It also contains the parameters that where tested to work with these features. I will recommend You to use these for the Dictionaries provided by IBM.

To customize for your own needs you can creating you own .jarsigner file using Cool_Signing_with_XTAF_MD5.jarsigner as a template. Read the included Readme.txt file for explanation.

Conclusion:
Changing and Signing is hard work but script at least provides you with organising your stuff and easy the burden of signing.

 



---------------------
http://www.infoware.eu/dictionaries-in-ibm-notes-changing-and-signing-with-jdk-1-8-no-questions-asked
Mar 10, 2017
14 hits



Recent Blog Posts
6
Infoware’s Ulf Stider is speaking at the Social Connections conference in Chicago
Tue, May 23rd 2017 3:48p   Maria Enderstam
We are happy to announce we are going to Chicago and conference Social Connections. The conference which is all about IBM Connections and collaboration solutions. The event include separate tracks with keynote sessions, case studies, administration, future of work, development, and includes speakers from IBM, business partners and customers. To top it off a Gala night with extra specials. Register here and take part in a 2 day conference networking with others in the same field "Full throt
5
Learn how to optimize the value of your IBM licenses by attending our seminar on May 4, 2017 in Stockholm
Tue, Apr 11th 2017 10:59a   Maria Enderstam
Does your company own IBM licenses? Are you certain that your company is proberly licensed? Do you as many others feel that IBM licensing can be a difficult and complex to learn? Do you want to lower your costs for IBM licenses? We invite you to attend our seminar with breakfast on May 4th 2017 at the Infoware office in Stockholm, where we will talk about everything there is to know about the various license forms IBM has to offer. Infoware has over 20 years of experience when it comes to IBM
10
Summer is coming, but relax, Infoware can take care of your IBM platform while you are away
Fri, Mar 31st 2017 11:18a   Maria Enderstam
Are you scratching your head thinking of who will take care of your IBM platform during the summer vacation period? Planning for the summer can be stressful, especially as you want to give your staff the vacation they need but also maintain a high quality in service acound your IBM platform. Be calm! Infoware offers you rescue and control. All summer long! Infoware's team of experienced IBM experts is your service every day. Many organizatiosn have troubles on how to solve their sta
14
Dictionaries in IBM Notes. Changing and Signing with JDK 1.8, no questions asked
Fri, Mar 10th 2017 4:10p   Mats
Case: Dictionaries where missing from client installation on Windows machines. Client is multi user and users are not allowed to write in Program Directories (non admin on their PCs). Client is IBM Notes 9.0.1FP6, because this is the one rolled out to end users. This means that nothing can be installed via Widgets in frameworkrpc or frameworkshared because both are under Program Directory. Objective is to provide all of the dictionaries to the end users to choose from from the Widgets
11
DomainPatrol Social arrives at IBM Connect 2017
Fri, Feb 17th 2017 9:33p   Maria Enderstam
Almost 2 months of 2017 has already zoomed by, time just seems to fly! Right now we are busy with last minute preparations before IBM Connect in San Francisco next week! We are bringing a great new release of DomainPatrol Social to IBM Connect! As you know, DomainPatrol Social is the best tool for administering IBM Connections, for moving and merging almost all content and managing users. In our new release we are introducing Reports. You can now get detailed statistics abou
10
SugarCRM IBM Notes plug-in, no questions asked
Tue, Feb 14th 2017 1:43p   Mats
I was involved in a SugarCRM project and one of the requirements was to rollout a widget to IBM Notes sidebar provided by Sugar. Problem was that the instructions from Sugar included an option for the user to bail out of the installation, because of the signatures where not trusted. also the user needs to cross certify with his own Notes id. (http://support.sugarcrm.com/Documentation/Plug-ins/Lotus_Notes_Plug-in/Notes_Plugin_Installation_Guide_2/index.html) From the project perspektive
8
DomainPatrol Social 11 introducing user roles and IBM Connections 5.5 CR2
Mon, Dec 5th 2016 12:24p   Maria Enderstam
User Roles IBM Connections 5.5 CR2 We are almost at the end of 2016 and we look back on a very positive year here at Infoware. 4 releases of DomainPatrol Social so far and we are not done yet. More to come before 2016 is over. Let us present DomainPatrol Social 11 with support for IBM Connections 5.5 CR2 were we also introduce user roles! We have added 10 configurable user roles, making it possible to give limited access to DomainPatrol Social (with a configurable subset of
12
DomainPatrol Social 10 – beyond Merge Communities
Mon, Oct 3rd 2016 9:39a   Maria Enderstam
DomainPatrol Social for IBM Connections is all about content and people. An application packed with intelligent functions shaping IBM Connections to maximum performance. We help our customers every day with communities that needs merging, files that needs moving, profiles that needs merging and not to forget our rising star Manage Access Control where you can copy one user's access rights to another one. The newly released DomainPatrol Social 9 with Community Templates received great prai
6
Official announcement from IBM – Extending support for Notes/Domino 9.0.1 to 2021
Tue, Sep 13th 2016 10:39a   christer eklundh
IBM announcent today that they will extend their support for IBM Notes/Domino 9.0.1 to September 2021. There has been some discussion in the community about Notes/Domino and IBMs future plan for the platform. What we know for a fact now is that Notes/Domino will be around to at least 2021. We also know that the IBM Domino Server is a core part of IBM Verse (and Verse on-prem is soon to be released) and that IBM is adding new functionality to the platform, like the possibility to use MS Outlook a
11
Is your IBM Connections environment in great shape?
Wed, Aug 17th 2016 11:56a   Maria Enderstam
Are you like us back to work after a long, sunny and warm summer? If so, we hope you are good and feel energised for the autumn to come! We know, that to be able to keep that good feeling, it's important to have less things to worry about. For example to reduce the amount of issues surrounding your IBM Connections environment. Since IBM Connections is such a powerful collaboration platform, it's not uncommon for users to create content every single day. Our tool DomainPatrol Social




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition