Search Results

Search found 1562 results on 63 pages for 'obtain'.

Page 14/63 | < Previous Page | 10 11 12 13 14 15 16 17 18 19 20 21  | Next Page >

  • JEP 124: Enhance the Certificate Revocation-Checking API

    - by smullan
    Revocation checking is the mechanism to determine the revocation status of a certificate. If it is revoked, it is considered invalid and should not be used. Currently as of JDK 7, the PKIX implementation of java.security.cert.CertPathValidator  includes a revocation checking implementation that supports both OCSP and CRLs, the two main methods of checking revocation. However, there are very few options that allow you to configure the behavior. You can always implement your own revocation checker, but that's a lot of work. JEP 124 (Enhance the Certificate Revocation-Checking API) is one of the 11 new security features in JDK 8. This feature enhances the java.security.cert API to support various revocation settings such as best-effort checking, end-entity certificate checking, and mechanism-specific options and parameters. Let's describe each of these in more detail and show some examples. The features are provided through a new class named PKIXRevocationChecker. A PKIXRevocationChecker instance is returned by a PKIX CertPathValidator as follows: CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); PKIXRevocationChecker prc = (PKIXRevocationChecker)cpv.getRevocationChecker(); You can now set various revocation options by calling different methods of the returned PKIXRevocationChecker object. For example, the best-effort option (called soft-fail) allows the revocation check to succeed if the status cannot be obtained due to a network connection failure or an overloaded server. It is enabled as follows: prc.setOptions(Enum.setOf(Option.SOFT_FAIL)); When the SOFT_FAIL option is specified, you can still obtain any exceptions that may have been thrown due to network issues. This can be useful if you want to log this information or treat it as a warning. You can obtain these exceptions by calling the getSoftFailExceptions method: List<CertPathValidatorException> exceptions = prc.getSoftFailExceptions(); Another new option called ONLY_END_ENTITY allows you to only check the revocation status of the end-entity certificate. This can improve performance, but you should be careful using this option, as the revocation status of CA certificates will not be checked. To set more than one option, simply specify them together, for example: prc.setOptions(Enum.setOf(Option.SOFT_FAIL, Option.ONLY_END_ENTITY)); By default, PKIXRevocationChecker will try to check the revocation status of a certificate using OCSP first, and then CRLs as a fallback. However, you can switch the order using the PREFER_CRLS option, or disable the fallback altogether using the NO_FALLBACK option. For example, here is how you would only use CRLs to check the revocation status: prc.setOptions(Enum.setOf(Option.PREFER_CRLS, Option.NO_FALLBACK)); There are also a number of other useful methods which allow you to specify various options such as the OCSP responder URI, the trusted OCSP responder certificate, and OCSP request extensions. However, one of the most useful features is the ability to specify a cached OCSP response with the setOCSPResponse method. This can be quite useful if the OCSPResponse has already been obtained, for example in a protocol that uses OCSP stapling. After you have set all of your preferred options, you must add the PKIXRevocationChecker to your PKIXParameters object as one of your custom CertPathCheckers before you validate the certificate chain, as follows: PKIXParameters params = new PKIXParameters(keystore); params.addCertPathChecker(prc); CertPathValidatorResult result = cpv.validate(path, params); Early access binaries of JDK 8 can be downloaded from http://jdk8.java.net/download.html

    Read the article

  • How to use Parcel in Android?

    - by Mike
    I'm trying to use Parcel to write and then read back a Parcelable. For some reason, when I read the object back from the file, it's coming back as null. public void testFoo() { final Foo orig = new Foo("blah blah"); // Wrote orig to a parcel and then byte array final Parcel p1 = Parcel.obtain(); p1.writeValue(orig); final byte[] bytes = p1.marshall(); // Check to make sure that the byte array seems to contain a Parcelable assertEquals(4, bytes[0]); // Parcel.VAL_PARCELABLE // Unmarshall a Foo from that byte array final Parcel p2 = Parcel.obtain(); p2.unmarshall(bytes, 0, bytes.length); final Foo result = (Foo) p2.readValue(Foo.class.getClassLoader()); assertNotNull(result); // FAIL assertEquals( orig.str, result.str ); } protected static class Foo implements Parcelable { protected static final Parcelable.Creator<Foo> CREATOR = new Parcelable.Creator<Foo>() { public Foo createFromParcel(Parcel source) { final Foo f = new Foo(); f.str = (String) source.readValue(Foo.class.getClassLoader()); return f; } public Foo[] newArray(int size) { throw new UnsupportedOperationException(); } }; public String str; public Foo() { } public Foo( String s ) { str = s; } public int describeContents() { return 0; } public void writeToParcel(Parcel dest, int ignored) { dest.writeValue(str); } } What am I missing? UPDATE: To simplify the test I've removed the reading and writing of files in my original example.

    Read the article

  • Really slow obtaining font metrics.

    - by Artur
    So the problem I have is that I start my application by displaying a simple menu. To size and align the text correctly I need to obtain font metrics and I cannot find a way to do it quickly. I tested my program and it looks like whatever method I use to obtain font metrics the first call takes over 500 milliseconds!? Because of it the time it takes to start-up my application is much longer than necessary. I don't know if it is platform specific or not, but just in case, I'm using Mac OS 10.6.2 on MacBook Pro (hardware isn't an issue here). If you know a way of obtaining font metrics quicker please help. I tried these 3 methods for obtaining the font metrics and the first call is always very slow, no matter which method I choose. import java.awt.Font; import java.awt.FontMetrics; import java.awt.Graphics; import java.awt.Graphics2D; import java.awt.font.FontRenderContext; import java.awt.font.LineMetrics; import javax.swing.JFrame; public class FontMetricsTest extends JFrame { public FontMetricsTest() { setVisible(true); setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE); } @Override public void paint(Graphics g) { Graphics2D g2 = (Graphics2D) g; Font font = new Font("Dialog", Font.BOLD, 10); long start = System.currentTimeMillis(); FontMetrics fontMetrics = g2.getFontMetrics(font); // LineMetrics fontMetrics1 = // font.getLineMetrics("X", new FontRenderContext(null, false, false)); // FontMetrics fontMetrics2 = g.getFontMetrics(); long end = System.currentTimeMillis(); System.out.println(end - start); g2.setFont(font); } public static void main(String[] args) { new FontMetricsTest(); } }

    Read the article

  • UIImageJPEGRepresentation - memory release issue

    - by FredM
    On a iPhone app, I need to send a jpg by mail with a maximum size of 300Ko (I don't no the maximum size mail.app can have, but it's another problem). To do that, I'm trying to decrease quality until obtain an image under 300Ko. In order to obtain the good value of the quality (compressionLevel) who give me a jpg under 300Ko, I have made the following loop. It's working, but each time time the loop is executed, the memory increase of the size of the original size of my jpg (700Ko) despite the "[tmpImage release];". float compressionLevel = 1.0f; int size = 300001; while (size 300000) { UIImage *tmpImage =[[UIImage alloc] initWithContentsOfFile:[self fullDocumentsPathForTheFile:@"countOpix_imageToAnalyse.jpg"]]; size = [UIImageJPEGRepresentation(tmpImage, compressionLevel) length]; [tmpImage release]; //In the following line, the 0.001f decrement is choose just in order test the increase of the memory //compressionLevel = compressionLevel - 0.001f; NSLog(@"Compression: %f",compressionLevel); } Any ideas about how can i get it off, or why it happens? thanks

    Read the article

  • Getting the CVE ID Property of an update from WSUS API via Powershell

    - by thebitsandthebytes
    I am writing a script in Powershell to get the update information from each computer and correlate the information with another System which identifies updates by CVE ID. I have discovered that there is a "CVEIDs" property for an update in WSUS, which is documented in MSDN, but I have no idea how to access the property. Retrieving the CVE ID from WSUS is the key to this script, so I am hoping someone out there can help! Here is the property that I am having difficulty accessing: IUpdate2::CveIDs Property - http://msdn.microsoft.com/en-us/library/aa386102(VS.85).aspx According to this, the IUnknown::QueryInterface method is needed to interface IUpdate2 -  "http://msdn.microsoft.com/en-us/library/ee917057(PROT.10).aspx" "An IUpdate instance can be retrieved by calling the IUpdateCollection::Item (opnum 8) (section 3.22.4.1) method.  The client can use the IUnknown::QueryInterface method to then obtain an IUpdate2, IUpdate3, IUpdate4, or IUpdate5 interface. Additionally, if the update is a driver, the client can use the IUnknown::QueryInterface method to obtain an IWindowsDriverUpdate, IWindowsDriverUpdate2, IWindowsDriverUpdate3, IWindowsDriverUpdate4, or IWindowsDriverUpdate5 interface. " Here is a skeleton of my code: [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration") | Out-Null  if (!$wsus)  {  Returns an object that implements IUpdateServer  $wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer($server, $false, $port)  }  $computerScope = New-Object Microsoft.UpdateServices.Administration.ComputerTargetScope  $updateScope = New-Object Microsoft.UpdateServices.Administration.UpdateScope  $updateScope.UpdateSources = [Microsoft.UpdateServices.Administration.UpdateSources]::MicrosoftUpdate  $wsusMachines = $wsus.GetComputerTargets($computerScope)  foreach machine in QSUS, write the full domain name $wsusMachines | ForEach-Object {  Write-host $.FullDomainName  $updates = $.GetUpdateInstallationInfoPerUpdate($updateScope)  foreach update for each machine, write the update title, installation state and securitybulletin $updates | ForEach-Object {  $update = $wsus.GetUpdate($.UpdateId) # Returns an object that implements Microsoft.UpdateServices.Administration.IUpdate $updateTitle = $update.Title | Write-Host $updateInstallationState = $.UpdateInstallationState | Write-Host $updateSecurityBulletin = $update.SecurityBulletins | Write-Host  $updateCveIds = $update.CveIDs # ERROR: Property 'CveIDs' belongs to IUpdate2, not IUpdate  }  }

    Read the article

  • Custom model validation of dependent properties using Data Annotations

    - by Darin Dimitrov
    Since now I've used the excellent FluentValidation library to validate my model classes. In web applications I use it in conjunction with the jquery.validate plugin to perform client side validation as well. One drawback is that much of the validation logic is repeated on the client side and is no longer centralized at a single place. For this reason I'm looking for an alternative. There are many examples out there showing the usage of data annotations to perform model validation. It looks very promising. One thing I couldn't find out is how to validate a property that depends on another property value. Let's take for example the following model: public class Event { [Required] public DateTime? StartDate { get; set; } [Required] public DateTime? EndDate { get; set; } } I would like to ensure that EndDate is greater than StartDate. I could write a custom validation attribute extending ValidationAttribute in order to perform custom validation logic. Unfortunately I couldn't find a way to obtain the model instance: public class CustomValidationAttribute : ValidationAttribute { public override bool IsValid(object value) { // value represents the property value on which this attribute is applied // but how to obtain the object instance to which this property belongs? return true; } } I found that the CustomValidationAttribute seems to do the job because it has this ValidationContext property that contains the object instance being validated. Unfortunately this attribute has been added only in .NET 4.0. So my question is: can I achieve the same functionality in .NET 3.5 SP1? UPDATE: It seems that FluentValidation already supports clientside validation and metadata in ASP.NET MVC 2. Still it would be good to know though if data annotations could be used to validate dependent properties.

    Read the article

  • How to prepopulate an Outlook MailItem and avoiding a com Exception from the object model guard

    - by torrente
    Hi, I work for a company that develops a CRM tool and offers integration with MS Office(2003 & 2007) from windows XP to 7. (I'm working using Win7) My task is to call an Outlook instance (using C#) from this CRM tool when the user wants to send an email and prepopulate with data of the CRM tool (email, recipient, etc..) All of this already works just fine. The problem I'm having is that Outlook's "object model guard" is throwing com Exception (Operation aborted (Exception from HRESULT: 0x80004004 (E_ABORT))) the moment I try to read a protected value from the mailItem (such as mail.bodyHTML). Example Snippet: using MSOutlook = Microsoft.Office.Interop.Outlook; //untrusted Instance _outlook = new MSOutlook.Application(); MSOutlook.MailItem mail = (MSOutlook.MailItem)_outlook.CreateItem(MSOutlook.OlItemType.olMailItem); //this where the Exception occurs string outlookStdHTMLBody = mail.HTMLBody; I've done quite a bit of reading and know that my Outlook Instance (derived by using new Application) is considered untrusted and therefore the "omg" kicks in. I do have a workaround for development: I'm running VS2010 as Administrator and if I run Outlook as Administrator as well - all is good. I suppose this is due to them having the same integrity levels(high) and the UAC(?) is not complaining. But that just ain't the way to go for deployment. Now the question is: Is there a way to obtain a trusted instance of Outlook so that I can avoid this exception? I've already read that when developing an Office Add-In using VSTO one can obtain a trusted Instance from the OnComplete event and/or using "ThisAddin" But I "merely" want to start an outlook instance and preopulate it, and do not want to develop an Add-In since this is not the requirement. And to make it clear - I have no problem with pop ups informing the user that outlook is being accessed - I just want to get rid of the exception! So how can I get around this problem using code? Any help is highly appreciated! Thomas

    Read the article

  • Android: Crashed when single contact is clicked

    - by Sean Tan
    My application is always crashed at this moment, guru here please help me to solved. Thanks.The situation now is as mentioned in title above. Hereby is my AndroidManifest.xml <?xml version="1.0" encoding="utf-8"?> <!-- Copyright (C) 2009 The Android Open Source Project Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --> <manifest xmlns:android="http://schemas.android.com/apk/res/android" package="com.example.android.contactmanager" android:versionCode="1" android:versionName="1.0"> <uses-sdk android:minSdkVersion="10" /> <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/> <uses-permission android:name="android.permission.MANAGE_ACCOUNTS"/> <uses-permission android:name="android.permission.WRITE_OWNER_DATA"/> <uses-permission android:name="android.permission.CAMERA"/> <uses-permission android:name="android.permission.CALL_PHONE"/> <uses-permission android:name="android.permission.GET_ACCOUNTS" /> <uses-permission android:name="android.permission.READ_CONTACTS" /> <uses-permission android:name="android.permission.WRITE_CONTACTS" /> <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"/> <uses-permission android:name="android.permission.INTERNET"/> <uses-permission android:name="android.permission.CAMERA"/> <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION"/> <uses-permission android:name="android.permission.GET_ACCOUNTS"/> <application android:label="@string/app_name" android:icon="@drawable/icon" android:allowBackup="true"> <!-- --><activity android:name=".ContactManager" android:label="@string/app_name"> <intent-filter> <action android:name="android.intent.action.MAIN" /> <category android:name="android.intent.category.LAUNCHER" /> </intent-filter> </activity> <activity android:name="ContactAdder" android:label="@string/addContactTitle"> </activity> <activity android:name=".SingleListContact" android:label="Contact Person Details"> </activity> </application> </manifest> The SingleListContact.java package com.example.android.contactmanager; import android.app.Activity; import android.content.Intent; import android.os.Bundle; import android.widget.TextView; public class SingleListContact extends Activity{ @Override public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); this.setContentView(R.layout.single_list_contact_view); TextView txtContact = (TextView) findViewById(R.id.contactList); Intent i = getIntent(); // getting attached intent data String contact = i.getStringExtra("contact"); // displaying selected product name txtContact.setText(contact); } } My ContactManager.java as below /* * Copyright (C) 2009 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package com.example.android.contactmanager; import android.app.Activity; import android.content.Intent; import android.database.Cursor; import android.net.Uri; import android.os.Bundle; import android.provider.ContactsContract; import android.util.Log; import android.view.View; import android.widget.AdapterView; import android.widget.AdapterView.OnItemClickListener; import android.widget.Button; import android.widget.CheckBox; import android.widget.CompoundButton; import android.widget.CompoundButton.OnCheckedChangeListener; import android.widget.ListView; import android.widget.SimpleCursorAdapter; import android.widget.TextView; public final class ContactManager extends Activity implements OnItemClickListener { public static final String TAG = "ContactManager"; private Button mAddAccountButton; private ListView mContactList; private boolean mShowInvisible; //public BooleanObservable ShowInvisible = new BooleanObservable(false); private CheckBox mShowInvisibleControl; /** * Called when the activity is first created. Responsible for initializing the UI. */ @Override public void onCreate(Bundle savedInstanceState) { Log.v(TAG, "Activity State: onCreate()"); super.onCreate(savedInstanceState); setContentView(R.layout.contact_manager); // Obtain handles to UI objects mAddAccountButton = (Button) findViewById(R.id.addContactButton); mContactList = (ListView) findViewById(R.id.contactList); mShowInvisibleControl = (CheckBox) findViewById(R.id.showInvisible); // Initialise class properties mShowInvisible = false; mShowInvisibleControl.setChecked(mShowInvisible); // Register handler for UI elements mAddAccountButton.setOnClickListener(new View.OnClickListener() { public void onClick(View v) { Log.d(TAG, "mAddAccountButton clicked"); launchContactAdder(); } }); mShowInvisibleControl.setOnCheckedChangeListener(new OnCheckedChangeListener() { public void onCheckedChanged(CompoundButton buttonView, boolean isChecked) { Log.d(TAG, "mShowInvisibleControl changed: " + isChecked); mShowInvisible = isChecked; populateContactList(); } }); mContactList = (ListView) findViewById(R.id.contactList); mContactList.setOnItemClickListener(this); // Populate the contact list populateContactList(); } /** * Populate the contact list based on account currently selected in the account spinner. */ private void populateContactList() { // Build adapter with contact entries Cursor cursor = getContacts(); String[] fields = new String[] { ContactsContract.Data.DISPLAY_NAME }; SimpleCursorAdapter adapter = new SimpleCursorAdapter(this, R.layout.contact_entry, cursor, fields, new int[] {R.id.contactEntryText}); mContactList.setAdapter(adapter); } /** * Obtains the contact list for the currently selected account. * * @return A cursor for for accessing the contact list. */ private Cursor getContacts() { // Run query Uri uri = ContactsContract.Contacts.CONTENT_URI; String[] projection = new String[] { ContactsContract.Contacts._ID, ContactsContract.Contacts.DISPLAY_NAME }; String selection = ContactsContract.Contacts.IN_VISIBLE_GROUP + " = '" + (mShowInvisible ? "0" : "1") + "'"; //String selection = ContactsContract.Contacts.IN_VISIBLE_GROUP + " = '" + (mShowInvisible.get() ? "0" : "1") + "'"; String[] selectionArgs = null; String sortOrder = ContactsContract.Contacts.DISPLAY_NAME + " COLLATE LOCALIZED ASC"; return this.managedQuery(uri, projection, selection, selectionArgs, sortOrder); } /** * Launches the ContactAdder activity to add a new contact to the selected account. */ protected void launchContactAdder() { Intent i = new Intent(this, ContactAdder.class); startActivity(i); } public void onItemClick(AdapterView<?> l, View v, int position, long id) { Log.i("TAG", "You clicked item " + id + " at position " + position); // Here you start the intent to show the contact details // selected item TextView tv=(TextView)v.findViewById(R.id.contactList); String allcontactlist = tv.getText().toString(); // Launching new Activity on selecting single List Item Intent i = new Intent(getApplicationContext(), SingleListContact.class); // sending data to new activity i.putExtra("Contact Person", allcontactlist); startActivity(i); } } contact_entry.xml <?xml version="1.0" encoding="utf-8"?> <!-- Copyright (C) 2009 The Android Open Source Project Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --> <LinearLayout xmlns:android="http://schemas.android.com/apk/res/android" android:layout_width="fill_parent" android:layout_height="fill_parent" android:orientation="vertical"> <ListView android:layout_width="wrap_content" android:id="@+id/contactList" android:layout_height="0dp" android:padding="10dp" android:textSize="200sp" android:layout_weight="10"/> <CheckBox android:layout_width="wrap_content" android:layout_height="wrap_content" android:id="@+id/showInvisible" android:text="@string/showInvisible"/> <Button android:layout_width="fill_parent" android:layout_height="wrap_content" android:id="@+id/addContactButton" android:text="@string/addContactButtonLabel"/> </LinearLayout> Logcat result: 12-05 05:00:31.289: E/AndroidRuntime(642): FATAL EXCEPTION: main 12-05 05:00:31.289: E/AndroidRuntime(642): java.lang.NullPointerException 12-05 05:00:31.289: E/AndroidRuntime(642): at com.example.android.contactmanager.ContactManager.onItemClick(ContactManager.java:148) 12-05 05:00:31.289: E/AndroidRuntime(642): at android.widget.AdapterView.performItemClick(AdapterView.java:284) 12-05 05:00:31.289: E/AndroidRuntime(642): at android.widget.ListView.performItemClick(ListView.java:3513) 12-05 05:00:31.289: E/AndroidRuntime(642): at android.widget.AbsListView$PerformClick.run(AbsListView.java:1812) 12-05 05:00:31.289: E/AndroidRuntime(642): at android.os.Handler.handleCallback(Handler.java:587) 12-05 05:00:31.289: E/AndroidRuntime(642): at android.os.Handler.dispatchMessage(Handler.java:92) 12-05 05:00:31.289: E/AndroidRuntime(642): at android.os.Looper.loop(Looper.java:123) 12-05 05:00:31.289: E/AndroidRuntime(642): at android.app.ActivityThread.main(ActivityThread.java:3683) 12-05 05:00:31.289: E/AndroidRuntime(642): at java.lang.reflect.Method.invokeNative(Native Method) 12-05 05:00:31.289: E/AndroidRuntime(642): at java.lang.reflect.Method.invoke(Method.java:507) 12-05 05:00:31.289: E/AndroidRuntime(642): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:839) 12-05 05:00:31.289: E/AndroidRuntime(642): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:597) 12-05 05:00:31.289: E/AndroidRuntime(642): at dalvik.system.NativeStart.main(Native Method)

    Read the article

  • How can I get the Hibernate Configuration object from Spring?

    - by Wayne Russell
    Hi, I am trying to obtain Spring-defined Hibernate Configuration and SessionFactory objects in my non-Spring code. The following is the definition in my applicationContext.xml file: Code: <bean id="sessionFactory" class="org.springframework.orm.hibernate3.LocalSessionFactoryBean"> <property name="hibernateProperties"> <props> <prop key="hibernate.dialect">org.hibernate.dialect.MySQLDialect</prop> <prop key="hibernate.show_sql">true</prop> <prop key="hibernate.hbm2ddl.auto">update</prop> <prop key="hibernate.cglib.use_reflection_optimizer">true</prop> <prop key="hibernate.cache.provider_class">org.hibernate.cache.HashtableCacheProvider</prop> </props> </property> <property name="dataSource"> <ref bean="dataSource"/> </property> </bean> If I now call getBean("sessionFactory"), I am returned a $Proxy0 object which appears to be a proxy for the Hibernate SessionFactory object. But that isn't what I want - I need the LocalSessionFactoryBean itself because I need access to the Configuration as well as the SessionFactory. The reason I need the Configuration object is that our framework is able to use Hibernate's dynamic model to automatically insert mappings at runtime; this requires that we change the Configuration and rebuild the SessionFactory. Really, all we're trying to do is obtain the Hibernate config that already exists in Spring so that those of our customers that already have that information in Spring don't need to duplicate it into a hibernate.cfg.xml file in order to use our Hibernate features.

    Read the article

  • Reflection: cast an object to subclass without use instaceof

    - by Fabrizio
    I have this simple interface/class: public abstract class Message { } public class Message1 extends Message{ } public class Message2 extends Message{ } And an utility class: public class Utility { public void handler(Message m){ System.out.println("Interface: Message"); } public void handler(Message1 m){ System.out.println("Class: Message1"); } public void handler(Message2 m){ System.out.println("Class: Message2"); } } Now, the main class: public static void main(String[] args) { Utility p=new Utility(); Message1 m1=new Message1(); p.handler(m1); Message m=(Message) m1; p.handler(m); } The output is Class: Message1 Interface: Message I would that p.handler(m) call the method p.handler(m:Message1) I don't want use the "manual" command instanceof because I have many cases: if(m instance of Message1) p.handler((Message1)m) else if (m instanceof Message2) p.handler((Message2)m) ... If I call m.getClass() I obtain "mypackage.Message1", so the subclass and not the superclass. I try with this code (use reflection): p.handler(m.getClass().cast(m)); But the output is Interface: Message So, this is my problem. I would do a runtime cast of superclass object to subclassobject without use the "code command" istanceof. I would a right command like this: p.handler((m.getclass)m); How can I obtain it? It's possible? Thank in advance. Fabrizio

    Read the article

  • DatagGridViewColumn.DataPropertyName to an array element?

    - by unknown
    Hi there, I'm using a DataGridView binding its datasource to a List, and specifying the properties for each column. An example would be: DataGridViewTextBoxColumn colConcept = new DataGridViewTextBoxColumn(); DataGridViewCell cell4 = new DataGridViewTextBoxCell(); colConcept.CellTemplate = cell4; colConcept.Name = "concept"; colConcept.HeaderText = "Concept"; colConcept.DataPropertyName = "Concept"; colConcept.Width = 200; this.dataGridViewBills.Columns.Add(colConcept); {... assign other colums...} And finally this.dataGridViewBills.DataSource=billslist; //billslist is List<Bill> Obviously Class Bill has a Property called Concept, as well as one Property for each column. Well, now my problem, is that Bill should have and Array/List/whateverdynamicsizecontainer of strings called Years. Let's assume that every Bill will have the same Years.Count, but this only known at runtime.Thus, I can't specify properties like Bill.FirstYear to obtain Bill.Years[0], Bill.SecondYear to obtain Bills.Years[1]... etc... and bind it to each column. The idea, is that now I want to have a grid with dynamic number of colums (known at runtime), and each column filled with a string from the Bill.Years List. I can make a loop to add columns to the grid at runtime depending of Bill.Years.Count, but is possible to bind them to each of the strings that the Bill.Years List contains??? I'm not sure if I'm clear enough. The result ideally would be something like this, for 2 bills on the list, and 3 years for each bill: --------------------------------------GRID HEADER------------------------------- NAME CONCEPT YEAR1 YEAR2 YEAR3 --------------------------------------GRID VALUES------------------------------- Bill1 Bill1.Concept Bill1.Years[0] Bill1.Years[1] Bill1.Years[2] Bill2 Bill2.Concept Bill2.Years[0] Bill2.Years[1] Bill2.Years[2] I can always forget the datasource, and write each cell manually, as the MSFlexGrid used to like, but if possible, I would like to use the binding capabilities of the DataGridView. Any ideas? Thanks a lot.

    Read the article

  • Ajax -- re-load div on success.

    - by RPM
    I am trying to accomplish a "re-load." More specifically, I need to be able to refresh a portion of my page as a result of another successful ajax call. Moreover, I load my portion of the page via ajax which obtains it's content from an ajax post. The result is my content being displayed inside my portion precisely. I need this portion of the page refreshed after a successful ajax post. Here is some of the code: /* Ajax-- this part is loaded automatically, and I need it reloaded upon success of another ajax post. This data comes from the outcome of my other ajax function. */ $('#newCo').load('click', function() { $.ajax({ url: 'index.php?dkd432k=uBus/310/Indeed', dataType: 'json', success: function(json) { if (json['newCompare']) { $('#newCo .newResults').html(json['newCompare']); } } }); }); The next portion of code is responsible for posting the data of which I obtain in this above ajax function. function ZgHiapud (ofWhich) { $.ajax({ url: 'index.php?dkd432k=uBus/310/update', type: 'post', data: 'product_id=' + product_id, dataType: 'json', success: function(json) { $('.success, .warning, .attention, .information').remove(); if (json['success']) { $('.attention').fadeIn('slow'); $('#compare_total').html(json['total']); $('html, body').animate({ scrollTop: 0 }, 'slow'); } } }); } In the end, I need to obtain the data that I send to the server immediately upon success of the second ajax call. This data that is sent via the second ajax call needs to fire the first ajax call upon success.

    Read the article

  • wordpress categories and their subcategories

    - by Ayrton
    Hi I'm looking to obtain all the (parent) categories with their children accordingly (assuming you don't have grandchildren) and make the following structure <div class="box"> <h3><a href="#">Parent Category I</a></h3> <ul> <li><a href="#">sub cat 1</a></li> <li><a href="#">sub cat 2</a></li> <li><a href="#">sub cat 3</a></li> </ul> </div> <div class="box"> <h3><a href="#">Parent Category II</a></h3> <ul> <li><a href="#">sub cat 1</a></li> <li><a href="#">sub cat 2<</a></li> <li><a href="#">sub cat 3</a></li> </ul> </div> I figured it's something like (don't mind the syntax) however I don't know how to obtain those (parent)categories and their children: $parents = ... ; foreach($parents as $parent){ <div> <h3>$parent</h3> $children = ...; <ul> foreach ($children as $child){ <li>$child</li> } </ul> </div> }

    Read the article

  • Automated Oracle Schema Migration Tool

    - by Dave Jarvis
    What are some tools (commercial or OSS) that provide a GUI-based mechanism for creating schema upgrade scripts? To be clear, here are the tool responsibilities: Obtain connection to recent schema version (called "source"). Obtain connection to previous schema version (called "target"). Compare all schema objects between source and target. Create a script to make the target schema equivalent to the source schema ("upgrade script"). Create a rollback script to revert the source schema, used if the upgrade script fails (at any point). Create individual files for schema objects. The software must: Use ALTER TABLE instead of DROP and CREATE for renamed columns. Work with Oracle 10g or greater. Create scripts that can be batch executed (via command-line). Trivial installation process. (Bonus) Create scripts that can be executed with SQL*Plus. Here are some examples (from StackOverflow, ServerFault, and Google searches): Change Manager Oracle SQL Developer Software that does not meet the criteria, or cannot be evaluated, includes: TOAD PL/SQL Developer - Invalid SQL*Plus statements. Does not produce ALTER statements. SQL Fairy - No installer. Complex installation process. Poorly documented. DBDiff - Crippled data set evaluation, poor customer support. OrbitDB - Crippled data set evaluation. SchemaCrawler - No easily identifiable download version for Oracle databases. SQL Compare - SQL Server, not Oracle. LiquiBase - Requires changing the development process. No installer. Manually edit config files. Does not recognize its own baseUrl parameter. The only acceptable crippling of the evaluation version is by time. Crippling by restricting the number of tables and views hides possible bugs that are only visible in the software during the attempt to migrate hundreds of tables and views.

    Read the article

  • Linking to an item in another node (XSLT)

    - by Andrew Parisi
    I have an XML document with companies listed in it. I want to create a link with XSLT that contains the <link> child of the next node. Sorry if this is confusing..here is some sample XML of what i'm trying to obtain: <portfolio> <company> <name>Dano Industries</name> <link>dano.xml</link> </company> <company> <name>Mike and Co.</name> <link>mike.xml</link> </company> <company> <name>Steve Inc.</name> <link>steve.xml</link> </company> </portfolio> I want two links, "BACK" and "NEXT". While currently on mike.xml, I want BACK to link to "dano.xml" and NEXT linked to "steve.xml"...etc..and have it dynamically change when on a different page based on the nodes around it. I want to do this because I may add and change the list as I go along, so I don't want to have to manually re-link everything. How can I obtain this? Sorry I am new to XSLT, so please explain with solution if possible! Thanks in advance!

    Read the article

  • sharing message object between web applications

    - by jezhilvalan
    I need to share java mail message objects between two web applications(A and B). WebApplication A obtains the message and write it to the outputStream for(int i=0;i<messagesArr.length;i++){ uid = pop3FolderObj.getUID(messagesArr[i]); //storing messages with uid names inorder to maintain uniqueness File f = new File("F:/PersistedMessagesFolder" + uid); FileOutputStream fos = new FileOutputStream(f); messagesArr[i].writeTo(fos); fos.flush(); fos.close(); } Is FileOutputStream the best output stream for persisting message objects? Is it possible to use ObjectOutputStream for message object persistence? WebApplication B reads the message object via InputStream FileInputStream fis = new FileInputStream("F:/MessagesPersistedFolder"+uid); MimeMessage mm = new MimeMessage(sessionObj,fis); What if the mail message object which is already written via WebApplication A is not a MimeMessage? How can I read non-mime messages using input stream? MimeMessage constructor mandates sessionObj as the first parameter? How can I obtain this sessionObj in WebApplicationB? Do I have to again establish store connection with the same emailid,emailpassword,popserver and port(already used in WebApplication A) with the email server inorder to obtain this session object? Even if obtained, will this session object remains the same as that of the session object which is priorly obtained in WebApplicationA? Since I am using uids to name Message objects (inorder to maintain uniqueness of file names) how can I share these uids between WebApplication A and WebApplication B? WebApplication B needs the uid inorder to access the specific file which is present in "F:/MessagesPersistedFolder" Please help me in resolving the aforeseen issues.

    Read the article

  • Custom model validation of dependent properties using Data Annotations

    - by Darin Dimitrov
    Since now I've used the excellent FluentValidation library to validate my model classes. In web applications I use it in conjunction with the jquery.validate plugin to perform client side validation as well. One drawback is that much of the validation logic is repeated on the client side and is no longer centralized at a single place. For this reason I'm looking for an alternative. There are many examples out there showing the usage of data annotations to perform model validation. It looks very promising. One thing I couldn't find out is how to validate a property that depends on another property value. Let's take for example the following model: public class Event { [Required] public DateTime? StartDate { get; set; } [Required] public DateTime? EndDate { get; set; } } I would like to ensure that EndDate is greater than StartDate. I could write a custom validation attribute extending ValidationAttribute in order to perform custom validation logic. Unfortunately I couldn't find a way to obtain the model instance: public class CustomValidationAttribute : ValidationAttribute { public override bool IsValid(object value) { // value represents the property value on which this attribute is applied // but how to obtain the object instance to which this property belongs? return true; } } I found that the CustomValidationAttribute seems to do the job because it has this ValidationContext property that contains the object instance being validated. Unfortunately this attribute has been added only in .NET 4.0. So my question is: can I achieve the same functionality in .NET 3.5 SP1? UPDATE: It seems that FluentValidation already supports clientside validation and metadata in ASP.NET MVC 2. Still it would be good to know though if data annotations could be used to validate dependent properties.

    Read the article

  • Google Maps in Drupal: reference to gmap object from JavaScript

    - by user280817
    Is there a way to obtain JavaScript references to the Google maps that are embedded into Drupal pages by the GMap module? I want to be able to manipulate the maps in these pages. I want to pan and zoom them. But I cannot find a reference to an embedded map object. I've dissected the relevant JavaScript objects Drupal.gmap and Drupal.settings.gmap with no success--unless I've overlooked something. The Drupal GMap module doesn't seem to explicitly provide references (within its API) to the GMap objects that it embeds into pages. It just generates themed text which is interpolated into the page. The technique of passing the HTML ID of the map container to either the GMap2 object constructor or the similar Drupal.gmap.getMap() function in order to obtain a map reference doesn't appear to work: Both simply return an instance to a new map, one having the same dimensions and basic characteristics of the original map, but apparently sans all of its overlays (which could contain markers). And I have to call setCenter() on it before I can use it, which initializes the structure, so I know it has no overlays.

    Read the article

  • Obtaining FontMetrics before getting a Graphics instance

    - by Tom Castle
    Typically, I'd obtain a graphics instance something like this: BufferedImage img = new BufferedImage(width, height, BufferedImage.TYPE_INT_ARGB); Graphics2D g = img.createGraphics(); However, in the current project I'm working on, the width and height variables above are dependent upon the size of a number of text fragments that will later be drawn onto the graphics instance. But, to obtain the dimensions of the font being used I would usually use the FontMetrics that I get from the graphics object. FontMetrics metrics = g.getFontMetrics(); So, I have a nasty little dependency cycle. I cannot create the graphics object until I know the size of the text, and I cannot know the size of the text until I have a graphics object. One solution is just to create another BufferedImage/Graphics pair first in order to get the FontMetrics instance I need, but this seems unnecessary. So, is there a nicer way? Or is it the case that the width, height etc. properties for a Font are somehow dependent upon what (graphics, component...) the text is to be drawn on?

    Read the article

  • How to marshal an object and its content (also objects)

    - by Waldo Spek
    I have a question for which I suspect the answer is a bit complex. At this moment I am programming a DLL (class library) in C#. This DLL uses a 3rd party library and therefore deals with 3rd party objects of which I do not have the source code. Now I am planning to create another DLL, which is going to be used in a later stadium in my application. This second DLL should use the 3rd party objects (with corresponding object states) created by the first DLL. Luckily the 3rd party objects extend the MarshalByRefObject class. I can marshal the objects using System.Runtime.Remoting.Marshal(...). I then serialize the objects using a BinaryFormatter and store the objects as a byte[] array. All goes well. I can deserialize and unmarshal in a the opposite way and end up with my original 3rd party objects...so it appears... Nevertheless, when calling methods on my 3rd party deserialized objects I get object internal exceptions. Normally these methods return other 3rd party objects, but (obviously - I guess) now these objects are missing because they weren't serialized. Now my global question: how would I go about marshalling/serializing all the objects which my 3rd party objects reference...and cascade down the "reference tree" to obtain a full and complete serialized object? Right now my guess is to preprocess: obtain all the objects and build my own custom object and serialize it. But I'm hoping there is some other way...

    Read the article

  • How to rename many files url escaped (%XX) to human readable form

    - by F. Hauri
    I have downloaded a lot of files in one directory, but many of them are stored with URL escaped filename, containing sign percents folowed by two hexadecimal chars, like: ls -ltr $HOME/Downloads/ -rw-r--r-- 2 user user 13171425 24 nov 10:07 Swisscom%20Mobile%20Unlimited%20Kurzanleitung-%282011-05-12%29.pdf -rw-r--r-- 2 user user 1525794 24 nov 10:08 31010ENY-HUAWEI%20E173u-1%20HSPA%20USB%20Stick%20Quick%20Start-%28V100R001_01%2CEnglish%2CIndia-Reliance%2CC%2Ccolor%29.pdf ... All theses names match the following form whith exactly 3 parts: Name of the object -( Revision, and/or Date, useless ... ). Extension In same command, I would like to obtain unde My goal is to having one command to rename all this files to obtain: -rw-r--r-- 2 user user 13171425 24 nov 10:07 Swisscom_Mobile_Unlimited_Kurzanleitung.pdf -rw-r--r-- 2 user user 1525794 24 nov 10:08 31010ENY-HUAWEI_E173u-1_HSPA_USB_Stick_Quick_Start.pdf I've successfully do the job in full bash with: urlunescape() { local srce="$1" done=false part1 newname ext while ! $done ;do part1="${srce%%%*}" newname="$part1\\x${srce:${#part1}+1:2}${srce:${#part1}+3}" [ "$part1" == "$srce" ] && done=true || srce="$newname" done newname="$(echo -e $srce)" ext=${newname##*.} newname="${newname%-(*}" echo ${newname// /_}.$ext } for file in *;do mv -i "$file" "$(urlunescape "$file")" done ls -ltr -rw-r--r-- 2 user user 13171425 24 nov 10:07 Swisscom_Mobile_Unlimited_Kurzanleitung.pdf -rw-r--r-- 2 user user 1525794 24 nov 10:08 31010ENY-HUAWEI_E173u-1_HSPA_USB_Stick_Quick_Start.pdf or using sed, tr, bash ... and sed: for file in *;do echo -e $( echo $file | sed 's/%\(..\)/\\x\1/g' ) | sed 's/-(.*\.\([^\.]*\)$/.\1/' | tr \ \\n _\\0 | xargs -0 mv -i "$file" done ls -ltr -rw-r--r-- 2 user user 13171425 24 nov 10:07 Swisscom_Mobile_Unlimited_Kurzanleitung.pdf -rw-r--r-- 2 user user 1525794 24 nov 10:08 31010ENY-HUAWEI_E173u-1_HSPA_USB_Stick_Quick_Start.pdf But, I'm sure, there must exist simplier and/or shorter way to do this.

    Read the article

  • Are there any changes in the licensing of Visual Studio 2013 Express editions?

    - by Ramón García-Pérez
    As was going through reading the license.htm file provided as part of the VS2013_RTM_WebExp_ENU.iso offline installation media for the Visual Studio 2013 Express for Web, section 6 reads as follows: 6. PACKAGE MANAGER AND THIRD PARTY SOFTWARE INSTALLATION FEATURES. The software includes the following features (each a “Feature”), each of which enables you to obtain software applications or packages through the Internet from other sources: Extension Manager, New Project Dialog, Web Platform Installer, and Microsoft NuGet-Based Package Manager. Those software applications and packages are offered and distributed in some cases by third parties and in some cases by Microsoft, but each such application or package is under its own license terms. Microsoft is not developing, distributing or licensing any of the third-party applications or packages to you, but instead, as a convenience, enables you to use the Features to access or obtain those applications or packages directly from the third-party application or package providers. By using the Features, you acknowledge and agree that: you are obtaining the applications or packages from such third parties and under separate license terms applicable to each application or package (including, with respect to the package-manager Features, any terms applicable to software dependencies that may be included in the package); MICROSOFT MAKES NO REPRESENTATIONS, WARRANTIES OR GUARANTEES AS TO THE FEED OR GALLERY URL, ANY FEEDS OR GALLERIES FROM SUCH URL, THE INFORMATION CONTAINED THEREIN, OR ANY SOFTWARE APPLICATIONS OR PACKAGES REFERENCED IN OR ACCESSED BY YOU THROUGH SUCH FEEDS OR GALLERIES. MICROSOFT GRANTS YOU NO LICENSE RIGHTS FOR THIRD-PARTY SOFTWARE APPLICATIONS OR PACKAGES THAT ARE OBTAINED USING THE FEATURES. Are there any changes in the licensing of Visual Studio 2013 Express editions? If so, does this means that Visual Studio extensions installation in Express Editions is now allowed? PS: Previous versions of the Express editions did not allow the installation of extensions as per "EULA/TOS" discussed here: Limitations of Visual Studio 2012 Express Desktop

    Read the article

  • Dynamic Select boxes page load

    - by Chris
    Hello, I have a dynamic chained select box that I am attempting to show the value of on a page load. In my chained select box, it will default to the first option within the select box on page load, could anyone provide assitance? I stumbled upon this thread, but I can't seem to translate what they are doing with that answer to my language of CF. Dynamic chained drop downs on page refresh Here is the JS script I am using. function dynamicSelect(id1, id2) { // Feature test to see if there is enough W3C DOM support if (document.getElementById && document.getElementsByTagName) { // Obtain references to both select boxes var sel1 = document.getElementById(id1); var sel2 = document.getElementById(id2); // Clone the dynamic select box var clone = sel2.cloneNode(true); // Obtain references to all cloned options var clonedOptions = clone.getElementsByTagName("option"); // Onload init: call a generic function to display the related options in the dynamic select box refreshDynamicSelectOptions(sel1, sel2, clonedOptions); // Onchange of the main select box: call a generic function to display the related options in the dynamic select box sel1.onchange = function() { refreshDynamicSelectOptions(sel1, sel2, clonedOptions); } } } function refreshDynamicSelectOptions(sel1, sel2, clonedOptions) { // Delete all options of the dynamic select box while (sel2.options.length) { sel2.remove(0); } // Create regular expression objects for "select" and the value of the selected option of the main select box as class names var pattern1 = /( |^)(select)( |$)/; var pattern2 = new RegExp("( |^)(" + sel1.options[sel1.selectedIndex].value + ")( |$)"); // Iterate through all cloned options for (var i = 0; i < clonedOptions.length; i++) { // If the classname of a cloned option either equals "select" or equals the value of the selected option of the main select box if (clonedOptions[i].className.match(pattern1) || clonedOptions[i].className.match(pattern2)) { // Clone the option from the hidden option pool and append it to the dynamic select box sel2.appendChild(clonedOptions[i].cloneNode(true)); } } } Thanks so much for any assistance

    Read the article

  • How to reduce a data frame keeping the order for other columns

    - by betabandido
    I am trying to reduce a data frame using the max function on a given column. I would like to preserve other columns but keeping the values from the same rows where each maximum value was selected. An example will make this explanation easier. Let us assume we have the following data frame: dframe <- data.frame(list(BENCH=sort(rep(letters[1:4], 4)), CFG=rep(1:4, 4), VALUE=runif(4 * 4) )) This gives me: BENCH CFG VALUE 1 a 1 0.98828096 2 a 2 0.19630597 3 a 3 0.83539540 4 a 4 0.90988296 5 b 1 0.01191147 6 b 2 0.35164194 7 b 3 0.55094787 8 b 4 0.20744004 9 c 1 0.49864470 10 c 2 0.77845408 11 c 3 0.25278871 12 c 4 0.23440847 13 d 1 0.29795494 14 d 2 0.91766057 15 d 3 0.68044728 16 d 4 0.18448748 Now, I want to reduce the data in order to select the maximum VALUE for each different BENCH: aggregate(VALUE ~ BENCH, dframe, FUN=max) This gives me the expected result: BENCH VALUE 1 a 0.9882810 2 b 0.5509479 3 c 0.7784541 4 d 0.9176606 Next, I tried to preserve other columns: aggregate(cbind(VALUE, CFG) ~ BENCH, dframe, FUN=max) This reduction returns: BENCH VALUE CFG 1 a 0.9882810 4 2 b 0.5509479 4 3 c 0.7784541 4 4 d 0.9176606 4 Both VALUE and CFG are reduced using max function. But this is not what I want. For instance, in this example I would like to obtain: BENCH VALUE CFG 1 a 0.9882810 1 2 b 0.5509479 3 3 c 0.7784541 2 4 d 0.9176606 2 where CFG is not reduced, but it just keeps the value associated to the maximum VALUE for each different BENCH. How could I change my reduction in order to obtain the last result shown?

    Read the article

  • Elfsign Object Signing on Solaris

    - by danx
    Elfsign Object Signing on Solaris Don't let this happen to you—use elfsign! Solaris elfsign(1) is a command that signs and verifies ELF format executables. That includes not just executable programs (such as ls or cp), but other ELF format files including libraries (such as libnvpair.so) and kernel modules (such as autofs). Elfsign has been available since Solaris 10 and ELF format files distributed with Solaris, since Solaris 10, are signed by either Sun Microsystems or its successor, Oracle Corporation. When an ELF file is signed, elfsign adds a new section the ELF file, .SUNW_signature, that contains a RSA public key signature and other information about the signer. That is, the algorithm used, algorithm OID, signer CN/OU, and time stamp. The signature section can later be verified by elfsign or other software by matching the signature in the file agains the ELF file contents (excluding the signature). ELF executable files may also be signed by a 3rd-party or by the customer. This is useful for verifying the origin and authenticity of executable files installed on a system. The 3rd-party or customer public key certificate should be installed in /etc/certs/ to allow verification by elfsign. For currently-released versions of Solaris, only cryptographic framework plugin libraries are verified by Solaris. However, all ELF files may be verified by the elfsign command at any time. Elfsign Algorithms Elfsign signatures are created by taking a digest of the ELF section contents, then signing the digest with RSA. To verify, one takes a digest of ELF file and compares with the expected digest that's computed from the signature and RSA public key. Originally elfsign took a MD5 digest of a SHA-1 digest of the ELF file sections, then signed the resulting digest with RSA. In Solaris 11.1 then Solaris 11.1 SRU 7 (5/2013), the elfsign crypto algorithms available have been expanded to keep up with evolving cryptography. The following table shows the available elfsign algorithms: Elfsign Algorithm Solaris Release Comments elfsign sign -F rsa_md5_sha1   S10, S11.0, S11.1 Default for S10. Not recommended* elfsign sign -F rsa_sha1 S11.1 Default for S11.1. Not recommended elfsign sign -F rsa_sha256 S11.1 patch SRU7+   Recommended ___ *Most or all CAs do not accept MD5 CSRs and do not issue MD5 certs due to MD5 hash collision problems. RSA Key Length. I recommend using RSA-2048 key length with elfsign is RSA-2048 as the best balance between a long expected "life time", interoperability, and performance. RSA-2048 keys have an expected lifetime through 2030 (and probably beyond). For details, see Recommendation for Key Management: Part 1: General, NIST Publication SP 800-57 part 1 (rev. 3, 7/2012, PDF), tables 2 and 4 (pp. 64, 67). Step 1: create or obtain a key and cert The first step in using elfsign is to obtain a key and cert from a public Certificate Authority (CA), or create your own self-signed key and cert. I'll briefly explain both methods. Obtaining a Certificate from a CA To obtain a cert from a CA, such as Verisign, Thawte, or Go Daddy (to name a few random examples), you create a private key and a Certificate Signing Request (CSR) file and send it to the CA, following the instructions of the CA on their website. They send back a signed public key certificate. The public key cert, along with the private key you created is used by elfsign to sign an ELF file. The public key cert is distributed with the software and is used by elfsign to verify elfsign signatures in ELF files. You need to request a RSA "Class 3 public key certificate", which is used for servers and software signing. Elfsign uses RSA and we recommend RSA-2048 keys. The private key and CSR can be generated with openssl(1) or pktool(1) on Solaris. Here's a simple example that uses pktool to generate a private RSA_2048 key and a CSR for sending to a CA: $ pktool gencsr keystore=file format=pem outcsr=MYCSR.p10 \ subject="CN=canineswworks.com,OU=Canine SW object signing" \ outkey=MYPRIVATEKEY.key $ openssl rsa -noout -text -in MYPRIVATEKEY.key Private-Key: (2048 bit) modulus: 00:d2:ef:42:f2:0b:8c:96:9f:45:32:fc:fe:54:94: . . . [omitted for brevity] . . . c9:c7 publicExponent: 65537 (0x10001) privateExponent: 26:14:fc:49:26:bc:a3:14:ee:31:5e:6b:ac:69:83: . . . [omitted for brevity] . . . 81 prime1: 00:f6:b7:52:73:bc:26:57:26:c8:11:eb:6c:dc:cb: . . . [omitted for brevity] . . . bc:91:d0:40:d6:9d:ac:b5:69 prime2: 00:da:df:3f:56:b2:18:46:e1:89:5b:6c:f1:1a:41: . . . [omitted for brevity] . . . f3:b7:48:de:c3:d9:ce:af:af exponent1: 00:b9:a2:00:11:02:ed:9a:3f:9c:e4:16:ce:c7:67: . . . [omitted for brevity] . . . 55:50:25:70:d3:ca:b9:ab:99 exponent2: 00:c8:fc:f5:57:11:98:85:8e:9a:ea:1f:f2:8f:df: . . . [omitted for brevity] . . . 23:57:0e:4d:b2:a0:12:d2:f5 coefficient: 2f:60:21:cd:dc:52:76:67:1a:d8:75:3e:7f:b0:64: . . . [omitted for brevity] . . . 06:94:56:d8:9d:5c:8e:9b $ openssl req -noout -text -in MYCSR.p10 Certificate Request: Data: Version: 2 (0x2) Subject: OU=Canine SW object signing, CN=canineswworks.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:d2:ef:42:f2:0b:8c:96:9f:45:32:fc:fe:54:94: . . . [omitted for brevity] . . . c9:c7 Exponent: 65537 (0x10001) Attributes: Signature Algorithm: sha1WithRSAEncryption b3:e8:30:5b:88:37:68:1c:26:6b:45:af:5e:de:ea:60:87:ea: . . . [omitted for brevity] . . . 06:f9:ed:b4 Secure storage of RSA private key. The private key needs to be protected if the key signing is used for production (as opposed to just testing). That is, protect the key to protect against unauthorized signatures by others. One method is to use a PIN-protected PKCS#11 keystore. The private key you generate should be stored in a secure manner, such as in a PKCS#11 keystore using pktool(1). Otherwise others can sign your signature. Other secure key storage mechanisms include a SCA-6000 crypto card, a USB thumb drive stored in a locked area, a dedicated server with restricted access, Oracle Key Manager (OKM), or some combination of these. I also recommend secure backup of the private key. Here's an example of generating a private key protected in the PKCS#11 keystore, and a CSR. $ pktool setpin # use if PIN not set yet Enter token passphrase: changeme Create new passphrase: Re-enter new passphrase: Passphrase changed. $ pktool gencsr keystore=pkcs11 label=MYPRIVATEKEY \ format=pem outcsr=MYCSR.p10 \ subject="CN=canineswworks.com,OU=Canine SW object signing" $ pktool list keystore=pkcs11 Enter PIN for Sun Software PKCS#11 softtoken: Found 1 asymmetric public keys. Key #1 - RSA public key: MYPRIVATEKEY Here's another example that uses openssl instead of pktool to generate a private key and CSR: $ openssl genrsa -out cert.key 2048 $ openssl req -new -key cert.key -out MYCSR.p10 Self-Signed Cert You can use openssl or pktool to create a private key and a self-signed public key certificate. A self-signed cert is useful for development, testing, and internal use. The private key created should be stored in a secure manner, as mentioned above. The following example creates a private key, MYSELFSIGNED.key, and a public key cert, MYSELFSIGNED.pem, using pktool and displays the contents with the openssl command. $ pktool gencert keystore=file format=pem serial=0xD06F00D lifetime=20-year \ keytype=rsa hash=sha256 outcert=MYSELFSIGNED.pem outkey=MYSELFSIGNED.key \ subject="O=Canine Software Works, OU=Self-signed CA, CN=canineswworks.com" $ pktool list keystore=file objtype=cert infile=MYSELFSIGNED.pem Found 1 certificates. 1. (X.509 certificate) Filename: MYSELFSIGNED.pem ID: c8:24:59:08:2b:ae:6e:5c:bc:26:bd:ef:0a:9c:54:de:dd:0f:60:46 Subject: O=Canine Software Works, OU=Self-signed CA, CN=canineswworks.com Issuer: O=Canine Software Works, OU=Self-signed CA, CN=canineswworks.com Not Before: Oct 17 23:18:00 2013 GMT Not After: Oct 12 23:18:00 2033 GMT Serial: 0xD06F00D0 Signature Algorithm: sha256WithRSAEncryption $ openssl x509 -noout -text -in MYSELFSIGNED.pem Certificate: Data: Version: 3 (0x2) Serial Number: 3496935632 (0xd06f00d0) Signature Algorithm: sha256WithRSAEncryption Issuer: O=Canine Software Works, OU=Self-signed CA, CN=canineswworks.com Validity Not Before: Oct 17 23:18:00 2013 GMT Not After : Oct 12 23:18:00 2033 GMT Subject: O=Canine Software Works, OU=Self-signed CA, CN=canineswworks.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:bb:e8:11:21:d9:4b:88:53:8b:6c:5a:7a:38:8b: . . . [omitted for brevity] . . . bf:77 Exponent: 65537 (0x10001) Signature Algorithm: sha256WithRSAEncryption 9e:39:fe:c8:44:5c:87:2c:8f:f4:24:f6:0c:9a:2f:64:84:d1: . . . [omitted for brevity] . . . 5f:78:8e:e8 $ openssl rsa -noout -text -in MYSELFSIGNED.key Private-Key: (2048 bit) modulus: 00:bb:e8:11:21:d9:4b:88:53:8b:6c:5a:7a:38:8b: . . . [omitted for brevity] . . . bf:77 publicExponent: 65537 (0x10001) privateExponent: 0a:06:0f:23:e7:1b:88:62:2c:85:d3:2d:c1:e6:6e: . . . [omitted for brevity] . . . 9c:e1:e0:0a:52:77:29:4a:75:aa:02:d8:af:53:24: c1 prime1: 00:ea:12:02:bb:5a:0f:5a:d8:a9:95:b2:ba:30:15: . . . [omitted for brevity] . . . 5b:ca:9c:7c:19:48:77:1e:5d prime2: 00:cd:82:da:84:71:1d:18:52:cb:c6:4d:74:14:be: . . . [omitted for brevity] . . . 5f:db:d5:5e:47:89:a7:ef:e3 exponent1: 32:37:62:f6:a6:bf:9c:91:d6:f0:12:c3:f7:04:e9: . . . [omitted for brevity] . . . 97:3e:33:31:89:66:64:d1 exponent2: 00:88:a2:e8:90:47:f8:75:34:8f:41:50:3b:ce:93: . . . [omitted for brevity] . . . ff:74:d4:be:f3:47:45:bd:cb coefficient: 4d:7c:09:4c:34:73:c4:26:f0:58:f5:e1:45:3c:af: . . . [omitted for brevity] . . . af:01:5f:af:ad:6a:09:bf Step 2: Sign the ELF File object By now you should have your private key, and obtained, by hook or crook, a cert (either from a CA or use one you created (a self-signed cert). The next step is to sign one or more objects with your private key and cert. Here's a simple example that creates an object file, signs, verifies, and lists the contents of the ELF signature. $ echo '#include <stdio.h>\nint main(){printf("Hello\\n");}'>hello.c $ make hello cc -o hello hello.c $ elfsign verify -v -c MYSELFSIGNED.pem -e hello elfsign: no signature found in hello. $ elfsign sign -F rsa_sha256 -v -k MYSELFSIGNED.key -c MYSELFSIGNED.pem -e hello elfsign: hello signed successfully. format: rsa_sha256. signer: O=Canine Software Works, OU=Self-signed CA, CN=canineswworks.com. signed on: October 17, 2013 04:22:49 PM PDT. $ elfsign list -f format -e hello rsa_sha256 $ elfsign list -f signer -e hello O=Canine Software Works, OU=Self-signed CA, CN=canineswworks.com $ elfsign list -f time -e hello October 17, 2013 04:22:49 PM PDT $ elfsign verify -v -c MYSELFSIGNED.key -e hello elfsign: verification of hello failed. format: rsa_sha256. signer: O=Canine Software Works, OU=Self-signed CA, CN=canineswworks.com. signed on: October 17, 2013 04:22:49 PM PDT. Signing using the pkcs11 keystore To sign the ELF file using a private key in the secure pkcs11 keystore, replace "-K MYSELFSIGNED.key" in the "elfsign sign" command line with "-T MYPRIVATEKEY", where MYPRIVATKEY is the pkcs11 token label. Step 3: Install the cert and test on another system Just signing the object isn't enough. You need to copy or install the cert and the signed ELF file(s) on another system to test that the signature is OK. Your public key cert should be installed in /etc/certs. Use elfsign verify to verify the signature. Elfsign verify checks each cert in /etc/certs until it finds one that matches the elfsign signature in the file. If one isn't found, the verification fails. Here's an example: $ su Password: # rm /etc/certs/MYSELFSIGNED.key # cp MYSELFSIGNED.pem /etc/certs # exit $ elfsign verify -v hello elfsign: verification of hello passed. format: rsa_sha256. signer: O=Canine Software Works, OU=Self-signed CA, CN=canineswworks.com. signed on: October 17, 2013 04:24:20 PM PDT. After testing, package your cert along with your ELF object to allow elfsign verification after your cert and object are installed or copied. Under the Hood: elfsign verification Here's the steps taken to verify a ELF file signed with elfsign. The steps to sign the file are similar except the private key exponent is used instead of the public key exponent and the .SUNW_signature section is written to the ELF file instead of being read from the file. Generate a digest (SHA-256) of the ELF file sections. This digest uses all ELF sections loaded in memory, but excludes the ELF header, the .SUNW_signature section, and the symbol table Extract the RSA signature (RSA-2048) from the .SUNW_signature section Extract the RSA public key modulus and public key exponent (65537) from the public key cert Calculate the expected digest as follows:     signaturepublicKeyExponent % publicKeyModulus Strip the PKCS#1 padding (most significant bytes) from the above. The padding is 0x00, 0x01, 0xff, 0xff, . . ., 0xff, 0x00. If the actual digest == expected digest, the ELF file is verified (OK). Further Information elfsign(1), pktool(1), and openssl(1) man pages. "Signed Solaris 10 Binaries?" blog by Darren Moffat (2005) shows how to use elfsign. "Simple CLI based CA on Solaris" blog by Darren Moffat (2008) shows how to set up a simple CA for use with self-signed certificates. "How to Create a Certificate by Using the pktool gencert Command" System Administration Guide: Security Services (available at docs.oracle.com)

    Read the article

< Previous Page | 10 11 12 13 14 15 16 17 18 19 20 21  | Next Page >