Extract the Certs (All of Them)

Quick way to extract the main cert, and the intermediate CA and ROOT ca from a host.

echo "" | openssl s_client -showcerts -prexit -connect HOSTNAME:443 2> /dev/null | sed -n -e '/BEGIN CERTIFICATE/,/END CERTIFICATE/ p'

One sees a PEM as output (just capture into a file one can use)

Changing a Keystore and Key’s Password

The following set of commands walks through HOW to execute a change to a keystore passwords and key.

Create a list of keystores

cat << EOF > keystore-list.txt
testTruststore.jks
testKeystore.jks
EOF
Iterate over the list to check status and process 
for KEYSTORE in `cat keystore-list.txt`
do 
echo $KEYSTORE
[ ! -f $KEYSTORE ] && echo NOT 


VAL="`cat $KEYSTORE | wc -l`"
[ ${VAL} -eq "1" ] && echo NOT_RIGHT

# show the private key / trust key 
keytool -keystore $KEYSTORE -list -storepass ACTUAL_PASS 2>&1 | grep -v Warn | grep -v PKCS12 | grep -i PrivateKey
keytool -keystore $KEYSTORE -list -storepass ACTUAL_PASS 2>&1 | grep -v Warn | grep -v PKCS12 | grep -i Trust

done

Change the Passwords for the Key

keytool -keypasswd -alias default -keypass OLDKEYPASS -new NEWpassword -keystore testKeystore.jks -storepass OLDPassword
keytool -storepasswd -keystore ./fhir-server-test/src/test/resources/fhirClientKeystore.jks -new change-password -storepass password

Reference

MacOSX: Fast Navigation in a Terminal

After writing a long command, navigate back to a point using the mouse and option key. OPTION + MOUSE-CLICK on the location point to edit.

Formatting JSON with VIM

I am working on an analytics project where we generate very complicated medical analysis and put it in a hierarchical data model.

{ "test" : { "test1" : "val1" } }

Open the JSON in vim and use python -m json.tool

:%!python -m json.tool

Results

{
    "test": {
        "test1": "val1"
    }
}

Note: jq (jq is another option, but… not always available on every system, python tends to work everywhere).

References

Using jjs to confirm issue with DatatypeConverter in WebSphere Liberty

I kept running into a funky ‘java.lang.NullPointerException’ with the WebSphere Liberty included DataValidator. To debug the issue, I used the jjs – nashorn engine

If you need, to figure out where the class is located

try {
Class c = Class.forName("javax.xml.bind.DatatypeConverter");
System.out.println("Location " + c.getProtectionDomain().getCodeSource().getLocation());
} catch (ClassNotFoundException e1) {
TODO Auto-generated catch block
e1.printStackTrace();
}

You’ll get output like this:

Location /opt/ibm/wlp/dev/api/spec/com.ibm.ws.javaee.jaxb.2.2_1.0.12.jar

Then you can look at the default JDK – Java SDK – 1.8

jjs> javax.xml.bind.DatatypeConverter.printHexBinary("get".getBytes())
676574
jjs>

Then you can look at the specific jar with jdk Java SDK – 1.8 + Liberty Jaxb

/opt/ibm/ibm-java-sdk-8.0-4.5/jre/bin/jjs --dump-on-error -classpath "/opt/ibm/wlp/dev/api/spec/com.ibm.ws.javaee.jaxb.2.2_1.0.12.jar:." 
jjs> javax.xml.bind.DatatypeConverter.printHexBinary("get".getBytes())
java.lang.NullPointerException
jjs>

From this, I determined that I needed to update in com.ibm.websphere.javaee.jaxb.2.2_1.0.20.jar

Solution: Github Actions: Skipping a Build in a CI

I needed to skip a build on demand.

if: "!contains(github.event.head_commit.message, 'ci skip')"
jobs:
e2e-persistence:
runs-on: ubuntu-latest
if: "!contains(github.event.pull_request.labels.*.name, 'ci-skip')"
strategy:
matrix:
java: [ 'openjdk11' ]
persistence: [ 'postgres' ]
fail-fast: false
steps: