reverse engineering java from java to UML

C:\public\essmodel
essmodel.sourceforge.net
http://forum.java.sun.com/thread.jspa?threadID=443226&messageID=2005619

wiki open source

http://www.onlamp.com/pub/a/onlamp/2004/11/04/which_wiki.html

WSDM

http://www.globusworld.org/2005Slides/Session%206b(1).pdf

inner class

http://www.javaworld.com/javaworld/javaqa/2001-08/01-qa-0817-static.html

this Q&A I'll cover two popular and related questions: "What is the difference between an inner member class and an inner static member class?" And: "Why would I choose one over the other?"

Superficially, static and nonstatic inner member classes differ in how you declare them. A static member class will have the static keyword in its definition, while a member class will not:



public class InnerClassSyntax {

// A static member class
public static class StaticMember {
// ... code
}

// A member class
public class Member {
// ... code
}
}


More importantly, the static keyword limits what instances of the static member classes can do to instances of the class within which they are defined. To wit, when you declare a member class as static, instances of that inner class will have access only to the static methods and static members of the enclosing instance.

In contrast, plain old member classes can access any method or member of the enclosing class since member classes have access to the enclosing instance's this. (A static member class is limited to accessing only static attributes because it lacks access to the enclosing instance's this.)

Let's expand the original example to see these limitations in action:



public class InnerClassSyntax {

private static int _aStaticInstanceVariable;
private int _anInstanceVariable;

public void anInstanceMethod() {
// ... do something
}

public static void aStaticMethod() {
// ... do something
}

// A static member class
public static class StaticMember {
public void aMethod() {
// Legal calls
int staticValue = InnerClassSyntax._aStaticInstanceVariable;
InnerClassSyntax.aStaticMethod();

// Illegal calls -- will not compile if uncommented
// int value = _anInstanceVariable;
// anInstanceMethod();
// InnerClassSyntax.anInstanceMethod();
}
}

// A member class
public class Member {
public void aMethod() {
// Legal calls
int staticValue = _aStaticInstanceVariable;
int value = _anInstanceVariable;
aStaticMethod();
anInstanceMethod();
}
}

}


You see that the static member class can access only those attributes declared as static. Static member classes do not have access to the this reference -- in this case InnerClassSyntax.this. However, Member instances do have access to InnerClassSyntax.this, so they can access everything in the enclosing InnerClassSyntax instance.

The following code selection rewrites the Member class so that it explicitly uses the InnerClassSyntax.this reference (which normally happens by default):



public class Member {
public void aMethod() {
staticValue = InnerClassSyntax._aStaticInstanceVariable;
value = InnerClassSyntax.this._anInstanceVariable;
InnerClassSyntax.aStaticMethod();
InnerClassSyntax.this.anInstanceMethod();
}


Now, with all the syntactical goodies aside, why would you choose a static member class over a plain-old member class? Well, when designing an inner class, you need to ask what do that inner class's instances need? Ask yourself whether the instances depend on instance-specific information? If yes, you need a member class.

However, nonstatic member classes must maintain a reference to the enclosing instance. Maintenance of this reference consumes both memory and CPU time. Therefore, if your member class does not depend upon the enclosing class's instance data, you can, and should, declare it static.

Let's look at a static member class example:



public final class Text {

// List of valid justification constants
public static final Justification LEFT =
new Justification( "Left" );

public static final Justification RIGHT =
new Justification( "Right" );

public static final Justification CENTER =
new Justification( "Center" );

// Holder for this instance's justification
private Justification _justification;

public void setJustification( Justification justification ) {
_justification = justification;
}

// Other Text code omitted
// . . .

public static class Justification {

private String _label;

public Justification( String label ) {
_label = label;
}

public String toString() {
return _label;
}

}

}


In the code above, instances of Text might represent selections of text inside an editor. The text can have a justification. I declared the Justification member class as static since the Justification instances do not rely on instance-level information in the enclosing Text class. Instead, instances of Justification act as constants that work with any instance of Text. That's why we can get away with declaring Justification static; it is independent of any specific Text instances.

Now, let's look at a member class example:



public final class Text {

private String _text;
private Search _search = new Search();

public boolean contains( String text ) {
return _search.contains( text );
}

private class Search {
public boolean contains( String text ) {
// Do something to Text._text;
// Hardcode return so that this class can compile
return false;
}
// ... other methods
}

// Original justification code removed for brevity

}


In this example, Text implements its searching code as a member class. (Such an approach nicely partitions the code, rather than embedding the search code within the Text class itself.) In order to search, the Search object needs access to Text.this._text, thus the Search must not be declared static.

idiom

http://www.wayabroad.com/pack/pack02/1846_1_1.html

certificate management

http://www.bo.infn.it/alice/introgrd/certmgr/certmgr.html
http://forum.java.sun.com/thread.jspa?forumID=2&messageID=449486&threadID=154587

How to export private key from keystore?
Author: zendragon Posts: 4 Registered: 12/5/97
Jul 31, 2001 7:24 AM


I have the same problem as following

Hi
Does anybody know, how to export a private key from a keystore in a PEM-Encoded format, i.e. that is what openSSL for Apache is looking for.

What I got until now from the Keystore (and that's very easy) is an instance of the Key-class of the Private Key. From that Key instance I can call the encoded()-method to get a PKCS8-encoded byte-array. Now, what I want to is a PEM-Encoded String.

Any help greatly apreciated!



Re: How to export private key from keystore?
Author: thaisontn Posts: 1 Registered: 8/27/99
Sep 13, 2002 6:24 PM (reply 1 of 16)


I have the exact same issue. I have a certificate for a site that is incorporated in a Java keystore because the webserver is in Java. Now I want to migrate the site to a new setup (Apache/Tomcat) so I want to export the private key so that Apache/OpenSSL can use it. I've tried privKey.getEncoded()(which I assume is equivalent to OpenSSL's DER format) as well as Base64.encode(privKey.getEncoded()) (which I assume is equivalent to OpenSSL's PEM format). Neither of these approaches work. Am I missing something or is there a bug in the PKCS8EncodedKeySpec code or the OpenSSL code ? If anyone has any thoughts on this, I'd like to hear about it. Thanx !


Re: How to export private key from keystore?
Author: jheiss Posts: 3 Registered: 12/18/97
Sep 30, 2002 9:37 AM (reply 2 of 16)


You're on the right track. After Base64.encode(privKey.getEncoded()) you need
to wrap the lines at 64 characters and add the header and footer lines (these are documented in OpenSSL's pkcs8 man page).

-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----



Re: How to export private key from keystore?
Author: emoy2000 Posts: 1 Registered: 6/8/01
Dec 30, 2002 11:25 PM (reply 3 of 16)


Hi, I have the same problem as what you mentioned here (which I don't know how to export private key from keystore), could you share your solution with me here?
Thanks a lot
Mana



Re: How to export private key from keystore?
Author: amorrow5 Posts: 320 Registered: 8/27/01
Jan 8, 2003 2:00 AM (reply 4 of 16)



Here is a full code example



// How to export the private key from keystore?
// Does keytool not have an option to do so?
// This example use the "testkeys" file that comes with JSSE 1.0.3

import sun.misc.BASE64Encoder;
import java.security.cert.Certificate;
import java.security.*;
import java.io.File;
import java.io.FileInputStream;

class ExportPriv {
public static void main(String args[]) throws Exception{
ExportPriv myep = new ExportPriv();
myep.doit();
}

public void doit() throws Exception{

KeyStore ks = KeyStore.getInstance("JKS");
String fileName = "testkeys";

char[] passPhrase = "passphrase".toCharArray();
BASE64Encoder myB64 = new BASE64Encoder();


File certificateFile = new File(fileName);
ks.load(new FileInputStream(certificateFile), passPhrase);

KeyPair kp = getPrivateKey(ks, "duke", passPhrase);

PrivateKey privKey = kp.getPrivate();


String b64 = myB64.encode(privKey.getEncoded());

System.out.println("-----BEGIN PRIVATE KEY-----");
System.out.println(b64);
System.out.println("-----END PRIVATE KEY-----");

}

// From http://javaalmanac.com/egs/java.security/GetKeyFromKs.html

public KeyPair getPrivateKey(KeyStore keystore, String alias, char[] password) {
try {
// Get private key
Key key = keystore.getKey(alias, password);
if (key instanceof PrivateKey) {
// Get certificate of public key
Certificate cert = keystore.getCertificate(alias);

// Get public key
PublicKey publicKey = cert.getPublicKey();

// Return a key pair
return new KeyPair(publicKey, (PrivateKey)key);
}
} catch (UnrecoverableKeyException e) {
} catch (NoSuchAlgorithmException e) {
} catch (KeyStoreException e) {
}
return null;
}

}







Re: How to export private key from keystore?
Author: pchinns Posts: 1 Registered: 10/8/00
Mar 11, 2003 11:34 AM (reply 5 of 16)


Hi,

I have a problem related to keystore and certificates. Can you please throw some light on this.

JSSE expects two keystores one for loading the private keys and the other for loading public keys.

I created a certificate request using java keytool and obtained a trial certificate from a trusted CA. I imported the CA's trial root and trial certificate into the keystore which was intially used to generate certificate request. I believe this can now be used as the keystore that contains the private key. Now how do i get the keystore which contains the public keys.

Any help in this regard will be appreaciated

Thanks,
pradeep




Re: How to export private key from keystore?
Author: lpz Posts: 2 Registered: 9/25/98
Mar 18, 2003 5:59 PM (reply 6 of 16)


I have the opposite problem. How do you read in an encrypted private key from a PEM file? I can read in the public key certificate and get the public key, like this:

FileInputStream is = new FileInputStream(file);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
java.security.cert.Certificate cert = cf.generateCertificate(is);

However, I cannot read in the private key and generate the private key:

FileInputStream in = new FileInputStream(file);
fileLength = (int) in.available();
byte[] base64Bytes = new byte[fileLength];
int inLength = in.read(base64Bytes, 0, fileLength);
String inputString = new String(base64Bytes);

// Here I tried all of the PEM file (including the ASCII armor) and just the base64 // characters. I get the same error either way
String keyString = new String(base64KeyBytes);
byte[]encryptedKeyBytes4 = Base64.decode(keyString);
EncryptedPrivateKeyInfo encryptedKeyInfo =
new EncryptedPrivateKeyInfo(encryptedKeyBytes);
// This always throws IOException

I have the same problem whether I use the java keystore or openssl to generate the key material.


Re: How to export private key from keystore?
Author: klmreddy Posts: 1 Registered: 11/21/02
Mar 22, 2003 6:25 AM (reply 7 of 16)


Hi ,

this code is working fine , but it is not maintaining 64 char for each line.
even if i made it 64 chars for line.this keyfile is not recognized by openssl.

the following converts pem cert to pkcs12 certificate ,we need to specify the private
key.

openssl pkcs12 -export -out file_name.p12 -inkey userkey.pem -in usercert.pem

I got the following error.

Error loading private key
15114:error:0D080071:asn1 encoding routines:d2i_ASN1_INTEGER:expecting an integer:a_int.c:204:
15114:error:0D09D082:asn1 encoding routines:d2i_RSAPrivateKey:parsing:d2i_r_pr.c:117:
15114:error:0D09B00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib:d2i_pr.c:89:
15114:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_lib.c:291:

this means private key is not in correct format.can somebody help me.

Thanks in advance,
klm.


Re: How to export private key from keystore?
Author: amorrow5 Posts: 320 Registered: 8/27/01
Jul 11, 2003 5:08 AM (reply 8 of 16)



It might be best to just try to dump out the the cert, rather than run your web server.

To review, on the cert (and public key):

keytool -export -rfc -keystore keyfile -alias duke > duke.cert.pem

openssl x509 -noout -text -in duke.cert.pem

but for the private key, you run the program and send the output to a file, say duke.key.pem and then you can:

openssl rsa -noout -text -in duke.key.pem


Note that the starting delimiter line is simply

"-----BEGIN PRIVATE KEY-----"

but if you have a password-protected (encrypted) private key, the line will be more like:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,4ECDE43CCBDA9934

I think Java, using JCE's DES, can decrypt such a file, but I have not tried to make an implementation of such.

In thinking about it, I can understand who keytool does not provide the functionality my program does: the unencrypted private key becomes less secure when it is no longer protected by the keystore password.








Re: How to export private key from keystore?
Author: alef-sun Posts: 1 Registered: 6/6/03
Oct 9, 2003 8:42 AM (reply 9 of 16)


Hi, I have used succesfully this code and the script:

import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.Key;

public class DumpPrivateKey {
static public void main(String[] args) {
try {
KeyStore ks = KeyStore.getInstance("jks");
ks.load(new FileInputStream("keystore"),
"password".toCharArray());
Key key = ks.getKey("youralias",
"password".toCharArray());
System.out.write(key.getEncoded());
} catch (Exception e) {
e.printStackTrace();
}
}
}



#!/bin/sh
ALIAS=youralias
PKEY_8=privatekey.pkcs8
PKEY_64=privatekey.b64
CERT_64=certificate.b64
CERT_12=certificate.p12
keytool -alias ${ALIAS} -export -rfc >${CERT_64}
java DumpPrivateKey >${PKEY_8}
(echo "-----BEGIN PRIVATE KEY-----" ;
openssl enc -in ${PKEY_8} -a;
echo "-----END PRIVATE KEY-----") >${PKEY_64}
openssl pkcs12 -inkey ${PKEY_64} -in ${CERT_64} -out ${CERT_12} -export
rm ${PKEY_8} ${PKEY_64} ${CERT_64}
echo ${CERT_12}



Hope could be useful. Regards.


Re: How to export private key from keystore?
Author: evilb69 Posts: 182 Registered: 4/8/03
Oct 13, 2003 1:26 AM (reply 10 of 16)


LPZ... in answer to reading IN a private key into the keystore, see my answer here:-

http://forum.java.sun.com/thread.jsp?forum=2&thread=161578&tstart=15&trange=15


Re: How to export private key from keystore?
Author: dwc_ Posts: 1 Registered: 2/27/04
Feb 27, 2004 10:52 AM (reply 11 of 16)


Thanks for the posts. They were just what I was looking for.


Re: How to export private key from keystore?
Author: svangasse Posts: 10 Registered: 3/21/03
May 27, 2004 2:03 PM (reply 12 of 16)


I'm very interested to see if anyone has managed to decrypt the (password protected) exported private key from a keystore.

I took amorrow5's advice and looked into using the JCE with DES but if, as I did, you created your key pair using keytool you won't know what parameters to use when initialising the Cipher object which is used to decrypt the private key.

I need the private key unencrypted to use with UW IMAP Mail Server.

If anyone has any pointers they would be very much appreciated.


Re: How to export private key from keystore?
Author: rdare Posts: 24 Registered: 9/2/99
Aug 10, 2004 1:56 PM (reply 13 of 16)



Using the cog-jglobus.jar and the BouncyCastle keyProvider classes,
one can load a password protected PrivateKey .pem file as such:

PrivateKey caPrivKey = null;
String fileName = null; // .pem file path
String caPassword = "some.password";
try {
// Now Generate the Cerificate
// OpenSSLKey key = new BouncyCastleOpenSSLKey(fileName);
OpenSSLKey key = new BouncyCastleOpenSSLKey(fileName);
// decrypt ca priv key
if (key.isEncrypted()) {
try {
if (caPassword == null) {
throw new GeneralSecurityException(
"A CA password is required");
}
key.decrypt(caPassword);
} catch (GeneralSecurityException e) {
System.out.println("Wrong CA password or other security error: "
+ e.getMessage());
e.printStackTrace();
}
}

caPrivKey = key.getPrivateKey();




Re: How to export private key from keystore?
Author: TJworld Posts: 1 Registered: 1/4/05
Jan 4, 2005 2:56 PM (reply 14 of 16)


Spurred on by the disparate articles and the code+script from alef-sun, I decided to put some tools together to make the job much easier, and to write a comprehensive illustrated guide to go with it, for Windows-based developers.

Here's how to get and use a FREE trusted Thawte digital certificate to sign your Java JAR and Microsoft CAB code archives, to create trusted applets for downloading over the Internet, and to convert the Java JKS key-store to Microsoft PFX Personal Information Exchange format to share the same certificate with Java JAR files and Microsoft CAB files.

Visit my guide "Trusted Code-Signing

heartbeat

http://www-128.ibm.com/developerworks/linux/library/l-halinux/?ca=drs-

ssh no password

http://www.emsei.psu.edu/ecf/alt/general/ssh.html

Example
Let's say you want to run a remote command on the machine "beta" from the machine "alpha" without supplying a password. Instead of authenticating using a password, you can use the command ssh-keygen to create a pair of public and private keys that can be used for authentication.



The first step is to create a set of public and private keys that uniquely identify your userid on "alpha". Log into alpha and run the command:
alpha% ssh-keygen -t rsa -N ''

(This command can take a long time to run on some machines). When it asks you what file you would like to save your key as, you can just press return, to accept the default location. This will create two files on alpha:

alpha% ls -l /home/woods/.ssh/id*
-rw------- 1 woods woods 530 Feb 8 18:13 /home/woods/.ssh/id_rsa
-rw-rw-r-- 1 woods woods 334 Feb 8 18:13 /home/woods/.ssh/id_rsa.pub
The id_rsa file contains the private key (note that it is not world or group readable) that represents your identity on that particular machine. The private key should never be transferred from the machine or have its modes changed. The id_rsa.pub file is the public key, which is world-readable. ssh and other programs can use this key to encrypt messages that only you can decrypt using the private key.
The -N '' argument to ssh-keygen specifies that there should be no password associated with these keys. Keys can have passwords just like accounts, but that would defeat the purpose here.


The next step is give alpha's public key to beta, and tell beta that alpha is authorized to run remote commands using RSA authentication.
You do this by copying the contents of alpha's id_rsa.pub (not id_rsa!) to a file called authorized_keys2 in your .ssh directory on beta:

beta% cd ~/.ssh
beta% ssh alpha 'cat .ssh/id_rsa.pub' >> authorized_keys2
alpha's public key is now in the authorized_keys2 file on beta, telling beta that alpha is authorized to use RSA authentication to log in.
By the way, it's fine to have more than one key in the authorized_keys2 file, in case you need more than one host to be able to do RSA authentication to beta.


The last step is to make sure the authorized_keys2 file on beta has modes 600. This ensures that no one else can view this file.
beta% chmod 600 authorized_keys2
beta% ls -l authorized_keys
-rw------- 1 woods woods 662 Feb 8 18:04 .ssh/authorized_keys2
The first command removes all of the bits for "group" and "world" permissions, making