199 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
The best way to learn a platform is to use a platform
Fri, Aug 11th 2017 15
Flip Chrome flag to easily inspect TLS certificates (from Chrome 60)
Tue, Aug 8th 2017 6
Developing Salesforce Lightning Components that are visible at design time but not at runtime
Thu, Jun 29th 2017 3
Deploy your own Salesforce Workbench on Heroku at the click of a button
Thu, Jun 22nd 2017 9
Currency conversion in Apex
Tue, Jun 20th 2017 7
Simplifying usage of Salesforce Lightning Design System using NPM and Express
Wed, Jun 14th 2017 4
Salesforce week 25-27 and finishing this weekly thing...
Mon, May 22nd 2017 5
Top 10
Installing TDI v. 7.1 on Windows Server 2012
Wed, May 7th 2014 25
Lightning Components as Quick Actions in Salesforce1 and padding
Wed, Feb 8th 2017 15
The best way to learn a platform is to use a platform
Fri, Aug 11th 2017 15
IBM Connections application development state of the union - part 6
Wed, Sep 14th 2016 13
Salesforce username/password OAuth flow against a sandbox
Tue, Jan 31st 2017 12
Deploy your own Salesforce Workbench on Heroku at the click of a button
Thu, Jun 22nd 2017 9
Premaster RSA secret error with 4096-bit encryption in WAS ISC
Sun, Jun 15th 2014 8
Getting ready for iOS 9 and App Transport Security (ATS)
Tue, Sep 1st 2015 8
Configuring Eclipse Neon on Windows 10 64 bit for Notes plugin development
Thu, Jul 14th 2016 8
Actually making Eclipse work for plugin appdev on Windows 10 64 bit
Fri, Jul 15th 2016 8


Certificate bananza...
Twitter Google+ Facebook LinkedIn Addthis Email Gmail Flipboard Reddit Tumblr WhatsApp StumbleUpon Yammer Evernote Delicious
   

Helped a collegue yesterday for a few hours configuring his system with TLS certificates and showed code to enable authentication using client certificates. All easy enough if you know how... :) Start by creating keys and certificates for a server and a person and create a Domino KYR keystore using the kyrtool from IBM. The below commands were all executed on Linux.

# change dir
cd /local/notesdata/

# generate key and self-signed cert for server
openssl genrsa -out server.key 4096
cat server.key 
openssl req -new -sha256 -key server.key -out server.csr
openssl x509 -req -days 3650 -sha256 -in server.csr -signkey server.key -out server.pem

# use kyrtool to generate kyr-file for Domino (all calls to startup below is actually 
# /opt/ibm/domino/bin/tools/startup
startup /opt/ibm/domino/bin/kyrtool =/local/notesdata/notes.ini
startup /opt/ibm/domino/bin/kyrtool =/local/notesdata/notes.ini create 
          -k ./server.kyr -p password
cat server.key > server.txt
cat server.pem  >> server.txt 
cat server.txt 
startup /opt/ibm/domino/bin/kyrtool =/local/notesdata/notes.ini 
          verify ./server.txt 
startup /opt/ibm/domino/bin/kyrtool =/local/notesdata/notes.ini 
          import all -k ./server.kyr -i ./server.txt
startup /opt/ibm/domino/bin/kyrtool =/local/notesdata/notes.ini 
          show keys -k ./server.kyr 
startup /opt/ibm/domino/bin/kyrtool =/local/notesdata/notes.ini 
          show certs -k ./server.kyr 

# generate PKCS#12 for a user
openssl genrsa -out person.key 4096
openssl req -new -sha256 -key person.key -out person.csr
openssl x509 -req -days 3650 -sha256 -in person.csr -CA server.pem 
          -CAkey server.key -out person.pem -CAcreateserial
openssl x509 -in person.pem -text -noout
openssl pkcs12 -export -out person.p12 -inkey person.key -in person.pem -certfile server.pem
Import the the person.p12 file on a person document in Domino Directory. Now copy server.kyr and server.sth to the Domino data dirctory and create an Internet Sites document using the keystore. Also edit the Internet Site document to allow certificate based authentication. The code below uses the PKCS#12 file to do an authenticated request using certificates as authentication.
package demo.intravision.certauth;

import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;


public class Main {

   public static void main(String[] args) {
      try {
         new Main().run();
         
      } catch (Throwable t) {
         t.printStackTrace();
      }
   }
   
   public void run() throws Exception {
      // get url and open connection
      URL url = new URL("https://secure.krynn.local/testauth.nsf/username.json?open&login");
      HttpURLConnection con = (HttpURLConnection)url.openConnection();
      
      // apply SSL context (sets up the certificate to use for authentication etc)
      this.applySSLContext(con);
      
      // read from url
      BufferedReader reader = new BufferedReader(new InputStreamReader(con.getInputStream(), "UTF-8"));
      StringBuilder b = new StringBuilder();
      String line = null;
      while (null != (line = reader.readLine())) {
         b.append(line).append('n');
      }
      
      // show data
      System.out.println(b.toString());
      
      // disconnect
      con.disconnect();
   }

   private void applySSLContext(HttpURLConnection con) throws Exception {
      // password
      final char[] password = "password".toCharArray();
      
      // input stream to pkcs12 file
      InputStream certificateInputStream = new FileInputStream("/Users/lekkim/Downloads/aran.p12");
      
      // load key and key manager
      KeyStore ks = KeyStore.getInstance("PKCS12");
      ks.load(certificateInputStream, password);
      KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
      kmf.init(ks, password);
      
      // get trust manager
      X509TrustManager customTrustMgr = this.getTrustManager();
      
      // build ssl context
      SSLContext sc = SSLContext.getInstance("TLSv1.2");
      sc.init(kmf.getKeyManagers(), null == customTrustMgr ? null : new TrustManager[]{customTrustMgr}, null);
      
      // set socket facory if https
      if (con instanceof HttpsURLConnection) {
         HttpsURLConnection httpsCon = (HttpsURLConnection)con; 
         httpsCon.setSSLSocketFactory(sc.getSocketFactory());
      }
   }
   
   private X509TrustManager getTrustManager() throws Exception {
      // returning null uses the trust from the JVM cacerts keystore
      if ("1".equals("2")) return null;
      
      // define trust manager
      X509TrustManager customTrustMgr = new X509TrustManager() {
          @Override
          public X509Certificate[] getAcceptedIssuers() {
             return new X509Certificate[]{};
          }

          @Override
          public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
          }

          @Override
          public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
          }
      };
      return customTrustMgr;
   }
}



---------------------
http://lekkimworld.com/2016/02/17/certificate_bananza.html
Feb 17, 2016
4 hits



Recent Blog Posts
15
The best way to learn a platform is to use a platform
Fri, Aug 11th 2017 3:06p   Mikkel Heisterberg
Wow what a week it's been. First week back from vacation and I'm diving right into a sprint of stuff that needs to be delivered to the customer. My task for the week has been develop a connectivity layer between Salesforce and Dropbox using OAuth. This task has taken me on quite a learning journey. Now I'll call myself quite a seasoned programmer but ever since joining Salesforce 9 months ago I've had to relearn a lot of stuff. A new programming language in Apex, new framework technologies
6
Flip Chrome flag to easily inspect TLS certificates (from Chrome 60)
Tue, Aug 8th 2017 10:57a   Mikkel Heisterberg
As a developer - or a security conscious user - you may want to inspect TLS certificates from time to time. However inspecting them in Chrome is hard as access to the certificate hierarchy dialog has been tucked away in the Developer Tools. Happily Chrome 60 has added a flag to add an easy to reach option back to the TLS dropdown in Chrome. Please note that manually editing Chrome browser flags may mess up your browser - don't say I didn't warn you... In the below video I show you how...
3
Developing Salesforce Lightning Components that are visible at design time but not at runtime
Thu, Jun 29th 2017 7:48p   Mikkel Heisterberg
So this can clearly be labelled as a "Lightning Lesson from the Field". As you start to develop more complicated Salesforce Lightning applications - and why wouldn't you - you as I have done start seeing great power in hidden components. By hidden components I mean components that contribute code or does "something" but which does not have a UI. Thes are very easy to do but have a big drawback as they are also invisible at design time making them near impossible to find the Lightning AppBui
9
Deploy your own Salesforce Workbench on Heroku at the click of a button
Thu, Jun 22nd 2017 8:07a   Mikkel Heisterberg
The other day Salesforce Workbench was having issues. Generally it kept returning errors and SOQL queries took forever and timed out. Now Salesforce Workbech is a LAMP app that runs on Heroku and it turns out it is actually possible to deploy your own instance on Heroku using a simple Heroku Button. To do this simply follow the below steps (you need to have an account but if you don't simply sign up): Go to the project page at https://elements.heroku.com/buttons/jdrishe/salesforce-workbench Cl
7
Currency conversion in Apex
Tue, Jun 20th 2017 7:56p   Mikkel Heisterberg
While waiting for my flight in the lounge tonight I was playing around with currencies in Salesforce because - why not... Conversion between configured currencies are supported in SOQL and Salesforce but only between the configured corporate currency and the users personal currency. But what if you want to convert between an opportunity amount in one currency and into another currency using the configured conversion rates in Salesforce? Well there is no support for this. So as an Apex / SOQL sel
4
Simplifying usage of Salesforce Lightning Design System using NPM and Express
Wed, Jun 14th 2017 12:36p   Mikkel Heisterberg
Using Salesforce Lightning Design System (SLDS) is a great and easy way to add some super nice styling to your app. It comes with some nice defaults and a responsive grid system like other frameworks lige Bootstrap. Where SLDS really shines is of course if you are already using Salesforce (I assume you're already on Lightning right?!!?!?) or if you are going to. And again who isn't. Anyways... Using SLDS makes your apps really look like Salesforce which is nice for Salesforce Lightning Compone
5
Salesforce week 25-27 and finishing this weekly thing...
Mon, May 22nd 2017 6:38a   Mikkel Heisterberg
Wow!! A half year has gone by. Half a year... Where did the time go? Over the last weeks I've gradually noticed that my view on being with Salesforce has shifted from being "something new" to being "how things are". On feeling at home in the organisation and that I know my place. Does new things come up sure but it's feeling less and less like every day brings something new, a new badge or a new process. I've settled into the #Ohana. This is also why I've decided to stop writing these we
2
Salesforce Lightning Component API change
Wed, May 17th 2017 9:49a   Mikkel Heisterberg
As we get closer to Summer 17 we start using difference versions across production instances and sandboxes. This of course also leads to opportunities for differences in API's... I just found one such difference as I'd been developing some Lightning components on Summer 17 and got errors when trying to run them on Spring 17. In Summer 17 you can do the following in a client-side event handler to get the DOM element of the source component: ({ react: function(component, event, helper) { cons
8
component.find woes in Salesforce Lightning
Tue, May 2nd 2017 2:59p   Mikkel Heisterberg
When developing Salesforce Lightning Components you very often use the aura:id attribute on components to tag them and component.find to find them again. This works very well and is documented nicely in the documentation (Finding Components by ID). If however you tag a component using aura:id in an iterator you may not know how many resulting components will be on the page. The component.find method may return undefined (if no matching components), a component instance (if a single match was fou
1
! vs # in Salesforce Lightning Components
Mon, May 1st 2017 1:00p   Mikkel Heisterberg
Often when you read tutorials on developing Salesforce Lightning components they all contains expressions when passing data and variables into other components. Like say you have an attribute as an array and would like to iterate over the elements: {!item} Now this is a very simple example but it shows the point. This component shows a simple bullet list with items - when the array attribute ("arr") changes the list will recalculate and update. Often this is what you want but sometime




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition