Wings of Hermes – Berin's Infosec Blog

Infosec the world and everything

Browsing Posts in Programming

Parts of the Windows Crypto API are quite well documented (particularly the original CAPI stuff).  Other parts….. I’ve been trying to get PKCS8 files working between OpenSSL and Windows.  The Import/Export on Windows is so badly documented I eventually resorted to ASN.1 decodes and header file trawls to find what I needed. Anyway – if […]

I seem to always add little posts about trivial things that messed me up. Android studio 1.0.2 – couldn’t work out how to access the libs dir to add a jar file from another project I have. So simply copy it by hand into the libs directory (under app – same level as src). Then […]

Just ran into a great error on upgrading to Glassfish 4.  Couple of references to it from Google but no solution. Glassfish log: [2013-12-22T07:02:51.014+1100] [glassfish 4.0] [SEVERE] [] [javax.enterprise.system.core] [tid: _ThreadID=36 _ThreadName=admin-listener(4)] [timeMillis: 1387656171014] [levelValue: 1000] [[   Exception while loading the app : CDI deployment failure:WELD-001301 Annotation @org.glassfish.api.admin.RestEndpoints(value=[@org.glassfish.api.admin.RestEndpoint(description=disable-secure-admin, path=disable-secure-admin, opType=POST, params=[], useForAuthorization=false, configBean=interface com.sun.enterprise.config.serverbeans.Domain)]) […]

I’ve been messing around with the Windows LSA and implementing my own authentication package. It’s all part of an authentication server I’m building.  The *NIX component (a PAM module) was pulled together in an afternoon. Windows is a slightly different story….. As always, MSDN has great documentation on the APIs, but there is not a lot […]

I just upgraded from Glassfish 3.1 to 3.1.1 and all logging for my app below INFO (i.e. FINE/FINER/FINEST) stopped working.  Turns out there is a bug that normally expresses itself by stopping logging working altogether.  I think another symptom is glassfish starts to ignore logging if the level for the particular logger is set to […]

Well – JAAS and GlassFish. I naively assumed this would be easy to get to work. It’s not. I started out by building a login module that extended AppservPasswordLoginModule and plugging it directly into login.conf. I then created a Realm that used it and continued on my merry way. The moment I tried to extend […]

Patrick Hogan has done a great project on GitHub – IOS Certificate Key and Trust Sample Project – that pulls together all the concepts for RSA key importing/exporting and handling. It’s used some of the code from my import and export posts + code from a few other places together with his own work. Great […]

So following from my post on exporting a public key from an iPhone into java, here is some sample code for going the other way. It follows the same logic as exporting the key but in reverse. (It starts with decoding the Base64 piece as the app I am working on always passes data in […]

I seem to be struggling with lots of things lately that should be easy, but I just can’t find an easy way to do them. My latest struggle has been using NSURLConnection to connect to an SSL site that is secured using my root certificate. There is no easy reference anywhere for how to do […]

Strange. com.sun.org.apache.xml.internal.security.utils.Base64 is a part of the base Java 1.6 runtime (it’s found in rt.jar). But Netbeans throws errors on it unless you include the METRO 2.0 jar file as a library to compile against (you don’t need to package it). Or at least that’s the case on Windows. On OS X it just works. What […]