This is new domain for me so not entirely sure how to interpret the available information.
Research yields the following relevant posts:
Version 1.50 + WebStart: signature not verified
java SSL and cert keystore
However, still not sure if this is noise or if I am lacking configuration in my JVM or JDK environment.
Do I conclude that these files are valid and safe to use?
What do I need to do to eliminate the warning messages?
My question is how do I interpret the following messages that are generated by this command:
jarsigner -verify -verbose -certs bcmail-jdk15on-157.jar
Generates the following output:
s 11224 Thu May 11 17:31:18 EDT 2017 META-INF/MANIFEST.MF
X.509, CN=Legion of the Bouncy Castle Inc., OU=Java Software Code Signing, O=Sun Microsystems Inc
[certificate is valid from 3/10/17 8:15 PM to 4/25/20 3:00 AM]
X.509, CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Sun Microsystems Inc, L=Palo Alto, ST=CA, C=US
[certificate is valid from 4/25/01 3:00 AM to 4/25/20 3:00 AM]
[CertPath not validated: Path does not chain with any of the trust anchors]
[entry was signed on 5/11/17 3:31 AM]
X.509, CN=Legion of the Bouncy Castle Inc., OU=Java Software Code Signing, O=Oracle Corporation
[certificate is valid from 3/10/17 8:07 PM to 3/10/22 8:07 PM]
X.509, CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation
[certificate is valid from 7/6/16 7:48 PM to 12/30/30 7:00 PM]
[CertPath not validated: Path does not chain with any of the trust anchors]
8546 Thu May 11 17:31:20 EDT 2017 META-INF/BC1024KE.SF
2221 Thu May 11 17:31:20 EDT 2017 META-INF/BC1024KE.DSA
8546 Thu May 11 17:31:18 EDT 2017 META-INF/BC2048KE.SF
6365 Thu May 11 17:31:18 EDT 2017 META-INF/BC2048KE.DSA
0 Thu May 11 17:30:54 EDT 2017 org/
0 Thu May 11 17:30:54 EDT 2017 org/bouncycastle/
0 Thu May 11 17:30:54 EDT 2017 org/bouncycastle/mail/
0 Thu May 11 17:30:54 EDT 2017 org/bouncycastle/mail/smime/
0 Thu May 11 17:30:54 EDT 2017 org/bouncycastle/mail/smime/examples/
0 Thu May 11 17:30:54 EDT 2017 org/bouncycastle/mail/smime/handlers/
0 Thu May 11 17:30:54 EDT 2017 org/bouncycastle/mail/smime/util/
0 Thu May 11 17:30:54 EDT 2017 org/bouncycastle/mail/smime/validator/
sm 715 Thu May 11 17:27:56 EDT 2017 org/bouncycastle/mail/smime/CMSProcessableBodyPart.class
X.509, CN=Legion of the Bouncy Castle Inc., OU=Java Software Code Signing, O=Sun Microsystems Inc
[certificate is valid from 3/10/17 8:15 PM to 4/25/20 3:00 AM]
X.509, CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Sun Microsystems Inc, L=Palo Alto, ST=CA, C=US
[certificate is valid from 4/25/01 3:00 AM to 4/25/20 3:00 AM]
[CertPath not validated: Path does not chain with any of the trust anchors]
[entry was signed on 5/11/17 3:31 AM]
X.509, CN=Legion of the Bouncy Castle Inc., OU=Java Software Code Signing, O=Oracle Corporation
[certificate is valid from 3/10/17 8:07 PM to 3/10/22 8:07 PM]
X.509, CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation
[certificate is valid from 7/6/16 7:48 PM to 12/30/30 7:00 PM]
[CertPath not validated: Path does not chain with any of the trust anchors]
.
.
.
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar verified.
Warning:
This jar contains entries whose certificate chain is not validated.
This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2020-04-25) or after any future revocation date.
BouncyCastle signs the JAR only with their special code signing certificate for security providers. This is necessary in order to use the JAR as security provider in Java. BouncyCastle doesn't sign the JAR for using e.g. in applets or WebStart. If you need to use it e.g. in applets or WebStart, you need to sign the JAR additionally with your public certificate.
Related
I was trying to connect to a .ovpn file using OpenVPN but when I try to connect it with this command:
sudo openvpn --config downloaded-client-config.ovpn
It failed with the following output:
Wed Jun 17 23:53:03 2020 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 9 2019
Wed Jun 17 23:53:03 2020 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Wed Jun 17 23:53:03 2020 Cipher algorithm 'AES-256-GCM' not found (OpenSSL)
Wed Jun 17 23:53:03 2020 Exiting due to fatal error
My OpenSSL version: OpenSSL 1.1.0h 27 Mar 2018
OpenVPN version: OpenVPN 2.3.10
Ubuntu Version: 16.04
Also, I ran this command as well to see the list of ciphers I have:
openvpn --show-ciphers
and AES-256-GCM was not present in that in that list.
How can I add it manually if it's possible?
PS: I am kind of a layman with respect to OpenVPN
This is an issue with the OpenVPN version. The AES-256-GCM cipher was added in version 2.4.
You can follow these steps to install OpenVPN 2.4 on Ubuntu 16.04 at which point the cipher should properly work. The suggestion in the comments to upgrade your OS entirely would also work, but is certainly not necessary!
I had a similar issue trying to connect a 2.3.2 client to a 2.4.4 server. I referred to this cipher negotiation reference and updated both server and client config to use cipher AES-256-CBC
When the 2.4 server is set to AES-256-CBC, the clients (also set to AES-256-CBC) negotiate the following ciphers:
2.5 - AES-256-GCM
2.4 - AES-256-GCM
2.3 - AES-256-CBC
2.2 - AES-256-CBC
I'm trying to use the gluon iOS-simulator on my Mac (Catalina 10.15.4), using the maven-client-plugin, but I can't get past the man client:compile stage. When I run that, I get the following error in the log file:
[Wed May 06 10:47:01 EDT 2020][INFO] ==================== COMPILE TASK ====================
[Wed May 06 10:47:01 EDT 2020][FINE] PB Command for check version: /Users/bobyetman/graalvm-svm-darwin-20.1.0-ea+26/bin/java -version
[Wed May 06 10:47:01 EDT 2020][FINE] Start process check version...
[Wed May 06 10:47:02 EDT 2020][FINE] [SUB] openjdk version "11.0.5" 2019-10-15
[Wed May 06 10:47:02 EDT 2020][FINE] [SUB] OpenJDK Runtime Environment (build 11.0.5+10-jvmci-19.3-b05-LTS)
[Wed May 06 10:47:02 EDT 2020][FINE] [SUB] OpenJDK 64-Bit Server VM GraalVM 20.1.0-dev (build 11.0.5+10-jvmci-19.3-b05-LTS, mixed mode, sharing)
[Wed May 06 10:47:02 EDT 2020][FINE] Result for check version: 0
[Wed May 06 10:47:02 EDT 2020][INFO] We will now compile your code for x86_64-apple-ios. This may take some time.
[Wed May 06 10:47:02 EDT 2020][FINE] Processing JavaStatic dependencies at /Users/bobyetman/.gluon/substrate/javaStaticSdk/15-ea+2/ios-x86_64/labs-staticjdk/lib/static
[Wed May 06 10:47:02 EDT 2020][FINE] Processing JavaFXStatic dependencies at /Users/bobyetman/.gluon/substrate/javafxStaticSdk/15-ea+gvm16/ios-x86_64/sdk/lib
[Wed May 06 10:47:02 EDT 2020][INFO] Downloading Java Static Libs...
[Wed May 06 10:47:02 EDT 2020][FINE] Processing zip file: url = https://download2.gluonhq.com/substrate/staticjdk/labs-staticjdk-ios-x86_64-gvm-15-ea+2.zip, zip = /Users/bobyetman/.gluon/substrate/labs-staticjdk-ios-x86_64-gvm-15-ea+2.zip, subDir = javaStaticSdk, levels = [15-ea+2, ios-x86_64], md5 = javaStaticSdk-ios-x86_64.md5
[Wed May 06 10:47:02 EDT 2020][SEVERE] Downloading failed: https://download2.gluonhq.com/substrate/staticjdk/labs-staticjdk-ios-x86_64-gvm-15-ea+2.zip
the pom is fairly plain:
<plugin>
<groupId>com.gluonhq</groupId>
<artifactId>client-maven-plugin</artifactId>
<version>0.1.21</version>
<configuration>
<target>ios-sim</target>
<mainClass>com.boby.ClosedKnightFX</mainClass>
<graalvmHome>/Users/bobyetman/graalvm-svm-darwin-20.1.0-ea+26</graalvmHome>
</configuration>
I've cut and pasted the URL to the zip file into my browser, and it says 'file not found'. If I take out the target, and I can run the app on my Mac, it builds, links, and runs.
Suggestions?
On Unix systems, is there a way to fake the perceived date and time of a child process?
I.e., imagine:
$ date
Fri Jun 28 10:50:35 CEST 2019
$ with_date 10/05/2019 date
Fri May 10 10:50:36 CEST 2019
How to implement the with_date command?
The typical use case would be the testing of date/time-related software, simulating various conditions.
There is the library libfaketime. It uses a library preload mechanism to intercept system calls of the to-be-run programs. A use-case (from the manual) is:
user#host> date
Tue Nov 23 12:01:05 CEST 2016
user#host> LD_PRELOAD=/usr/local/lib/libfaketime.so.1 FAKETIME="-15d" date
Mon Nov 8 12:01:12 CEST 2016
user#host> LD_PRELOAD=/usr/local/lib/libfaketime.so.1 FAKETIME="-15d"
FAKETIME_DONT_FAKE_MONOTONIC=1
java -version
java version "1.8.0_111"
Java(TM) SE Runtime Environment (build 1.8.0_111-b14) Java HotSpot(TM)
64-Bit Server VM (build 25.111-b14, mixed mode)
I am new to atmosphere. So far I have managed to add atmosphere to my existing Tomcat 8 + Spring + Struts2 web application. I used the current version (atmosphere-runtime 2.4.24, atmosphere-spring 2.4.20 and atmosphere.js 2.3.5).
For some sort of simple status page I have already managed to get the SSE transport to work. Using Google Chrome or Mozilla Firefox this works really excellent. I love it!
After having implemeted this I wanted to check the fallback for the browsers uncapable of SSE (Internet Explorer and Edge). In the client logs I can see that atmosphere corretly detects absence of the SSE feature and uses the fallback:
Server Side Events(SSE) is not supported, using request.fallbackTransport (long-polling)
atmosphere.js (3272,21)
Thu May 24 2018 08:54:28 GMT+0200 (Mitteleuropäische Sommerzeit) Atmosphere: ajaxRequest.onreadystatechange, new state: 2
atmosphere.js (3272,21)
Thu May 24 2018 08:54:28 GMT+0200 (Mitteleuropäische Sommerzeit) Atmosphere: ajaxRequest.onreadystatechange, new state: 3
atmosphere.js (3272,21)
Thu May 24 2018 08:54:28 GMT+0200 (Mitteleuropäische Sommerzeit) Atmosphere: ajaxRequest.onreadystatechange, new state: 4
atmosphere.js (3272,21)
Thu May 24 2018 08:54:29 GMT+0200 (Mitteleuropäische Sommerzeit) Atmosphere: ajaxRequest.onreadystatechange, new state: 2
atmosphere.js (3272,21)
Thu May 24 2018 08:54:29 GMT+0200 (Mitteleuropäische Sommerzeit) Atmosphere: Firing onOpen
atmosphere.js (3272,21)
Atmosphere connected using long-polling
utils.js (879,3)
Thu May 24 2018 08:54:29 GMT+0200 (Mitteleuropäische Sommerzeit) Atmosphere: Firing onOpen
atmosphere.js (3272,21)
Thu May 24 2018 08:54:29 GMT+0200 (Mitteleuropäische Sommerzeit) Atmosphere: ajaxRequest.onreadystatechange, new state: 3
atmosphere.js (3272,21)
But even though I can debug the server-side and see the message being written to the AtmosphereResource no data reaches the client.
This is how I initialize the atmosphere connection on client-side:
request = {
url: '<s:url value="/public/sse/ci" />',
contentType: "application/json",
method: 'POST',
logLevel: 'debug',
transport: 'sse',
reconnectInterval: 5000,
fallbackTransport: 'long-polling'
};
Can anyone give me a hint for the right direction?
Kind regards,
Sebastian
Okay.
Finally I got it working. Like in this stackoverflow question I had added the TrackMessageSizeInterceptor in my server configuration but not in the client configuration.
Maybe someone else comes here to read the answer.
Hubot works when I have an adapter, but when I try to do local development using Shell none of the scripts or packages are loaded.
This works:
root#dev:~/hubot# bin/hubot forever start -w --watchDirectory ${PWD} --watchIgnore ${PWD}/*.log --pidfile ${PWD}/hubot.pid -l ${PWD}/hubot.log -a -c coffee node_modules/.bin/hubot --adapter slack
Strangely, when I try to do local development and testing with:
root#dev:~/hubot# bin/hubot
[Thu Apr 07 2016 00:33:10 GMT+0000 (UTC)] INFO hubot-redis-brain: Using default redis on localhost:6379
eve>
eve> help
usage:
history
exit, \q - close shell and exit
help, \? - print this usage
clear, \c - clear the terminal screen
None of my scripts or modules are showing when I type help in shell. But when I do this in slack, I see all the available scripts and modules:
eve <user> doesn't have <role> role - Removes a role from a user
eve <user> has <role> role - Assigns a role to a user
eve adapter - Reply with the adapter
eve delete reminder <action> - Delete reminder matching <action> (exact match required)
eve deploy <gitsha> to production - Runs Jenkins Phase 1 deployment.
eve echo <text> - Reply back with <text>
eve flip production pools - Flips the yin and yang production pools
eve help - Displays all of the help commands that Hubot knows about.
eve help <query> - Displays all help commands that match <query>.
eve list jobs - List current cron jobs
eve new job "<crontab format>" <message> - Schedule a cron job to say something
eve new job <crontab format> "<message>" - Ditto
eve new job <crontab format> say <message> - Ditto
eve ping - Reply with pong
** Update 1: I turned on debug level logging, and I can see the scripts are being parsed, but the scripts aren't available to me when executing their commands :(**
[Thu Apr 07 2016 00:46:44 GMT+0000 (UTC)] DEBUG Loading adapter shell
eve> [Thu Apr 07 2016 00:46:44 GMT+0000 (UTC)] DEBUG Loading scripts
from /root/hubot/scripts [Thu Apr 07 2016 00:46:44 GMT+0000 (UTC)]
DEBUG Parsing help for /root/hubot/scripts/example.coffee [Thu Apr 07
2016 00:46:44 GMT+0000 (UTC)] DEBUG Parsing help for
/root/hubot/scripts/prod_deploy.coffee [Thu Apr 07 2016 00:46:44
GMT+0000 (UTC)] DEBUG Parsing help for
/root/hubot/scripts/remindme.coffee [Thu Apr 07 2016 00:46:44 GMT+0000
(UTC)] DEBUG Parsing help for /root/hubot/scripts/team_tools.coffee
[Thu Apr 07 2016 00:46:44 GMT+0000 (UTC)] DEBUG Parsing help for
/root/hubot/scripts/update.coffee [Thu Apr 07 2016 00:46:44 GMT+0000
(UTC)] DEBUG Loading scripts from /root/hubot/src/scripts [Thu Apr 07
2016 00:46:44 GMT+0000 (UTC)] DEBUG Loading hubot-scripts from
/root/hubot/node_modules/hubot-scripts/src/scripts [Thu Apr 07 2016
00:46:44 GMT+0000 (UTC)] DEBUG Loading external-scripts from npm
packages [Thu Apr 07 2016 00:46:45 GMT+0000 (UTC)] DEBUG Parsing help
for /root/hubot/node_modules/hubot-diagnostics/src/diagnostics.coffee
[Thu Apr 07 2016 00:46:45 GMT+0000 (UTC)] INFO hubot-redis-brain:
Using default redis on localhost:6379 [Thu Apr 07 2016 00:46:45
GMT+0000 (UTC)] DEBUG Parsing help for
/root/hubot/node_modules/hubot-redis-brain/src/redis-brain.coffee [Thu
Apr 07 2016 00:46:45 GMT+0000 (UTC)] DEBUG Parsing help for
/root/hubot/node_modules/hubot-auth/src/auth.coffee [Thu Apr 07 2016
00:46:45 GMT+0000 (UTC)] DEBUG Parsing help for
/root/hubot/node_modules/hubot-help/src/help.coffee [Thu Apr 07 2016
00:46:45 GMT+0000 (UTC)] DEBUG Parsing help for
/root/hubot/node_modules/hubot-cron/src/scripts/cron.coffee
Update 2: I realized part of my problem was that in the bin/hubot file explicitly has my bot name as eve, while I have been trying it with evedev, my development hubot name. However, I'm still wondering why the help command does not show all the available commands, but when I'm in Slack, it does.
As answer to your Update 2, you need to put the bot's name before you type help, like this:
myhubot> help
usage:
history
exit, \q - close shell and exit
help, \? - print this usage
clear, \c - clear the terminal screen
vs
myhubot> myhubot help
myhubot> Shell: myhubot adapter - Reply with the adapter
myhubot animate me <query> - The same thing as `image me`, except adds a few parameters to try to return an animated GIF instead.
myhubot echo <text> - Reply back with <text>
myhubot help - Displays all of the help commands that Hubot knows about.
myhubot help <query> - Displays all help commands that match <query>.
myhubot image me <query> - The Original. Queries Google Images for <query> and returns a random top result.
myhubot map me <query> - Returns a map view of the area returned by `query`.
myhubot mustache me <url|query> - Adds a mustache to the specified URL or query result.
myhubot ping - Reply with pong
myhubot pug bomb N - get N pugs
myhubot pug me - Receive a pug
myhubot the rules - Make sure hubot still knows the rules.
myhubot time - Reply with current time
myhubot translate me <phrase> - Searches for a translation for the <phrase> and then prints that bad boy out.
myhubot translate me from <source> into <target> <phrase> - Translates <phrase> from <source> into <target>. Both <source> and <target> are optional
ship it - Display a motivation squirrel
You can check your current robot name in bin/hubot
Looks like exec node_modules/.bin/hubot --name "botname" "$#"
With above setting the bot name will be botname