Cryptography
What is Cryptography?
Cryptography is the science of using mathematics to encrypt and decrypt data. Cryptography enables you to store sensitive information or transmit it across insecure networks (like the Internet) so that it cannot be read by anyone except the intended recipient.
Encryption and decryption
Data that can be read and understood without any special measures is called plaintext or cleartext. The method of disguising plaintext in such a way as to hide its substance is called encryption. Encrypting plaintext results in unreadable gibberish called ciphertext. You use encryption to ensure that information is hidden from anyone for whom it is not intended, even those who can see the encrypted data. The process of reverting ciphertext to its original plaintext is called decryption.
Plaintext -> encryption -> ciphertext -> decryption -> plaintext
Cryptanalysis is the science of analyzing and breaking secure communication.
How does cryptography work?
A cryptographic algorithm, or cipher, is a mathematical function used in the encryption and decryption process. A cryptographic algorithm works in combination with a key — a word, number, or phrase — to encrypt the plaintext. The same plaintext encrypts to different ciphertext with different keys. The security of encrypted data is entirely dependent on two things: the strength of the cryptographic algorithm and the secrecy of the key.
Cryptosystem: A cryptographic algorithm, plus all possible keys and all the protocols that make it work comprise a cryptosystem.
Conventional cryptography
Conventional cryptography uses one key for both encryption and decryption. This key is called the secret-key or symmetric-key. The Data Encryption Statndard (DES) is the example of a conventional cryptosystem.
The problem with conventional encryption is key distribution: how you will send the key to the recipient without someone intercepting it?
Public key cryptography
Public key cryptography solved the problem of key distribution.
Public key cryptography is an asymmetric scheme that uses a pair of keys for encryption: a public key, which encrypts data, and a corresponding private, or secret key for decryption. You publish your public key to the world while keeping your private key secret. Anyone with a copy of your public key can then encrypt information that only you can read.
It is computationally not possible to deduce the private key from the public key. Anyone who has a public key can encrypt information but cannot decrypt it. Only the person who has the corresponding private key can decrypt the information.
Keys
A Key is a value which is measured in bits and used by cryptographic algorithm to produce a specific ciphertext.
Larger keys will be cryptographically secure for a longer period of time.
References:
http://www.pgpi.org/doc/pgpintro
Java policytool – Policy File Creation and Management Tool
A policy file in Java is an ASCII text file and can be edited in a text editor or the graphical Policy Tool Utility polocytool. It can be started from the command prompt like:
C:\Documents and Settings\ranjan>policytool
Following is a very good tutorial on this tool:
Exception in thread “main” java.lang.NoClassDefFoundError
Suppose you are trying to run the simple Java class in the current directory where you have the .class file also. Suppose you have GetProps.class file in C:\Test directory and the command you run is the following:
C:\Test>java GetProps
and you are getting the following exception:
Exception in thread "main" java.lang.NoClassDefFoundError: GetProps
Caused by: java.lang.ClassNotFoundException: GetProps
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClassInternal(Unknown Source)
Could not find the main class: GetProps. Program will exit.
Then probably the reason is that the current directory in not in classpath environment variable. So add the current directory “.” in the classpath or you run the above command as the following:
C:\Test>java -classpath “.” GetProps
Javacc – Java Compiler Compiler
JavaCC (Java Compiler Compiler) is an open source parser generator for the Java programming language. JavaCC is similar to Yacc in that it generates a parser for a formal grammar provided in EBNF notation, except the output is Java source code.
References:
Javacc – @Wiki
Javacc – Project Home
Yacc – @Wiki
Java SE 6: Top 10 Features
A very good summary of top 10 features of Java SE 6 by Sang Shin – Sun Microsystems Inc. : Java SE 6: Top 10 Features
Secure Coding
I have found links of some good articles on “Secure Coding” which was the topic of my today’s lecture in FPGDST course of CDAC Mumbai & Banglore.
Here are some important links that I have found:
Guidelines for Secure Coding by Trupti Shiralkar and Brenda Grove, January 2009
(This is a very good article.)
Secure Coding Guidelines Version 2.0 for the Java Programming Language
Secure a Web application, Java-style
Use Java’s multiple-layer security implementation to protect your Web
By Michael Cymerman, JavaWorld.com, 04/28/00
Secure Coding: Principles & Practices (Book)
http://www.secureprogramming.com/
Recipes for Cryptography, Authentication, Networking, Input Validation and More
OOP in Java
Reusing Classes
The idea is to use the classes without soiling the existing code. There are two ways, you can do this:
- Compositions
- Inheritance
Composition: The new class is composed of objects of existing classes. You are simply reusing the functionality of the code, not its form.
Inheritance: It creates a new class as a type of an existing class. You literally take the form of the existing class and add code to it without modifying the existing class. Compiler does most of the work.
It is important to note that how cleanly the classes are separated. You don’t even need the source code for the methods in order to reuse the code. At most just import a package. (This is true for both inheritance and composition).
Delegation: Not directly supported in Java.
Composition vs. Inheritance
- Composition is generally used when you want the features of an existing class inside your new class, but not its interface. That is, you embed an object so that you can use it to implement features in your new class, but the user of your new class sees the interface you have defined for the new class rather than the interface from the embedded object. For this effect, you embed private objects of existing classes inside your new class.
- Composition is for has-a relationship whereas Inheritance is for is-a relationship.
- Ask whether you will ever need to upcast from your new class to the base class. If you must upcast, then inheritance is necessary, but if you don’t need to upcast then you should look closely at whether you need inheritance. “Do I need to upcast?” you will have a good tool for deciding between composition and inheritance.
Polymorphism deals with decoupling in terms of types. Inheritance allows the treatment of an object as its own type or its base type. This ability is critical because it allows many types (derived from the same base type) to be treated as if they were one type and a single piece of code to work on all those different types equally.
Polymorphism (also called dynamic binding or late binding or run-time binding).
Writing good XML Schema
I have found out some good articles to go through if you want to write a good XML Schema and follow best practices.
eForm Solutions in the Software Industry and Trends
I was searching for the currently existing eform (electronic form) solutions in the industry. I found the following major products with their companies.
- “Cardiff Liquid Office eForms” from Autonomy Cardiff.
- PureEdge eForms (now Lotus Forms) from IBM.
- Livecycle (eForm for the enterprise) from Adobe.
UUID – Universally Unique Identifier
The intent of UUIDs is to enable distributed systems to uniquely identify information without significant central coordination. Thus, anyone can create a UUID and use it to identify something with reasonable confidence that the identifier will never be unintentionally used by anyone for anything else. (Globally Unique Identifiers (GUIDs) are also related.)
The J2SE 5.0 release of Java provides a class that will produce 128-bit UUIDs, although it only implements version 3 and 4 generation methods, not the original method (due to lack of means to access MAC addresses using pure Java). The API documentation for the java.util.UUID class refers to ISO/IEC 11578:1996.
Open source implementations supporting MAC addresses on several common operating systems are UUID – generate UUIDs (or GUIDs) in Java , Java Uuid Generator (JUG) and ActiveScript.
We have used Java Uuid Generator (JuG) from Safehaus (http://jug.safehaus.org/) in NSDG/SSDG projects. It had the requirement of 2 IDs (CorrelationID and AuditID) to be unique across the gateway constellation. These 2 ids required to be 128 bits(32 hexadecimal bits).
Notes: JUG generates UUIDs according to the IETF UUID draft specification(and further clarified in UUID URN name space IETF draft ) – all 3 ‘official’ types defined by the draft – is fast, portable and Open Source(as well as Free Software ).
Reference:
http://jug.safehaus.org/
http://en.wikipedia.org/wiki/Uuid
Design Patterns
Christopher Alexander says, “Each pattern describes a problem which occurs over and over again in our environment, and then describes the core of the solution to that problem, in such a way that you can use this solution a million times over, without ever doing it the same way twice”.
Design patterns(Gang of Four) are grouped in the following categories:
- Creational patterns
- Structural patterns
- Behavioral patterns
Reference:
Book: Design Patterns, Elements of Reusable Object-Oriented Software by Erich Gamma, Richard Helm, Ralph Johnson, John Vlissides
Tricky Stuff in Java
| Important Points |
|---|
If there is a method call to methods with the same name and with (String[] args) and (String… args), the code won’t compile because it won’t know which method to call.
|
Remember that after threadName.start() is declared, the thread my not enter the running state until all the code after it has been executed.
|
The class has a lock, and each object has a lock, and notify() and notifyAll() only notify threads waiting for the same lock.
|
| When wait() and notify() methods are called from non-sychronized context, code will compile, but IllegalMonitorStateException will be thrown at runtime. |
| Static methods can’t override non-static methods and vice-versa – will not compile. |
If there is unreachable portion of code, it will not compile(java.lang.Unreachable). e.g. after throwing an exception.
|
new Boolean(“TRue”) results in true, new Boolean(“AnythingOtherThanCaseInsensitiveTrue”) is false, boolean x = true or false (boolean x=True or boolean x=TRUE will not compile).
|
in System.out.format/printf(“%b”, varX) will print true if varX has any value
|
HashMap and LinkedHashMap can have 1 null key and multiple null values, but TreeMap can’t have any null keys (can have null values), and Hashtable can’t have any null keys or values (will result in NullPointerException)
|
| Use of collectionType.toArray() and trying to use as array as specific types, without casting, when toArray() returns Objects. |
| Static member variables are automatically initialized, final member variables must initialized by the time the constructor finishes, and static final member variables must be assigned at time of declaration or in a static initialization block. Breaking these rules results in failed compilation. |
| Flow of execution: First the static variables are initialized –> then static block is executed –> then main method is called. |
Classes can have multiple static initialization blocks and instance initialization blocks. Remember these Rules:
Example:
class Init {
// constructors
Init(int x) {System.out.println(“1-arg const”);}
Init() {System.out.println(“no-arg const”);}
// Static Initialization block
static {System.out.println(“1st static init”);}
// Instance Initialization blocks
{System.out.println(“1st instance init”);}
{System.out.println(“2nd instance init”);}
public static void main(String [] args) {
new Init();
new Init(7);
}
}
Result of running this program: |
Overloading in Java
Constructor Overloading
We may have the requirement of creating objects in many ways. But constructor name is the same as the name of the class, so all the required constructor will have the same name as that of the class. This is called constructor overloading. And can be overloaded on argument types. (constructors have no return types)
Method Overloading
Similarly methods can be overloaded on argument types. Meaning by you can keep the name of methods same but make methods different by arguments. So how methods will be distinguished? Each method have unique list of arguments and will be decided which method will be called.
You can’t overload a method on return values in Java. But why?
To understand this lets consider the following:
void someMethod() {}
String someMethod(){return "something";}
So if I call someMethod() method in the following way:
someMethod();
How can Java determine which someMethod() should be called? So to avoid this confusion methods can not be overloaded on return type.
Cloud Computing
“The rise of the cloud is more than just another platform shift that gets geeks excited. It will undoubtedly transform the IT industry, but it will also profoundly change the way people work and companies operate.” —The Economist, “Let it Rise,” 10/23/08
“By 2011, early technology adopters will forgo capital expenditure and instead purchase 40% of their IT infrastructure as a service… ‘Cloud computing’ will take off, thus untying applications from specific infrastructure.” — Gartner Press Release, “Gartner Highlights Key Predictions for IT Organisations and Users in 2008 and Beyond,” 1/31/08
Cloud Computing Defined
“It’s one of the foundations of the next generation of computing… It’s a world where the network is the platform for all computing, where everything we think of as a computer today is just a device that connects to the big computer we’re building. Cloud computing is a great way to think about how we’ll deliver computing services in the future.” — Tim O’Reilly, CEO, O’Reilly Media
Read more…
Enterprise Integration Patterns
Some important points from the book “Enterprise Integration Pattern” – Gregor Hohpe, Bobby Woolf:
Basic Messaging Concepts
- Channels
- Messages
- Pipes and Filters
- Routing
- Transformation
- Endpoints
Message Channel
SCEA Java EE 5 (CX-310-052)
Just started to prepare for SCEA for Java EE 5 (CX-310-052).
Currently Reading:
Section 3: Integration and Messaging
- Explain possible approaches for communicating with an external system from a Java EE technology-based system given an outline description of those systems and outline the benefits and drawbacks of each approach.
- Explain typical uses of web services and XML over HTTP as mechanisms to integrate distinct software components.
- Explain how JCA and JMS are used to integrate distinct software components as part of an overall Java EE application.
Section 8: Security
- Explain the client-side security model for the Java SE environment, including the Web Start and applet deployment modes.
=> Security Features in Java SE
=> Applets
=> Java Web Start
=> Java™ Security Overview
=> Java™ SE Platform Security Architecture - Given an architectural system specification, select appropriate locations for implementation of specified security features, and select suitable technologies for implementation of those features.
=> Refer to the chapter 10 (Security), Pages (07-29) of the book SCEA J2EE Study Guide - Identify and classify potential threats to a system and describe how a given architecture will address the threats.
- Describe the commonly used declarative and programmatic methods used to secure applications built on the Java EE platform, for example use of deployment descriptors and JAAS.
Resources:
Full Syllabus
http://in.sun.com/training/certification/java/scea.xml
@ Java Ranch
http://saloon.javaranch.com/forums/forum-026.html
Blogs:
How to pass SCEA 5? (javaxcross)
Books and study Materials:
- The Java EE 5 Tutorial
- SCEA – J2EE Study Guide
- Java – SCEA – Practice Exam
- Learn all about the JEE 5 Sun Certified Architect Exam (SCEA) – Humphrey Sheil, CTO Comtec (Europe) Limited
- Java certification success, Part 4: SCEA – Sivasundaram Umapathy (authors@whizlabs.com)
- Tim_Ho_Notes
- Security – Notes – SCEA
- SCJEA Process for J2EE SIG (Presentation)
- Protocols – Notes – SCEA
- Most Important SCEA Exam Notes
- Messaging – Notes – SCEA
- Legacy Connectivity
- John – Wetherbie – Notes
- Heather – Mackenzie – Notes
- I18N notes
- Guide2SCEA-J2EE
- EJB Container Model
- Design Pattern
- EJB
- Applicability of J2EE
- Chris – Broecker – Notes
I was looking for the following book but after too much searching I found that it is still not available:
Exceptions/Errors while starting JBoss
Following are the exception I faced while staring jboss-5.0.0.GA in Fedora 6.
1) 14:43:53,046 ERROR [ServerInfo] Error looking up local address
java.net.UnknownHostException: localhost.localdomain: localhost.localdomain at java.net.InetAddress.getLocalHost(InetAddress.java:1353) at org.jboss.system.server.ServerInfo.getHostAddress(ServerInfo.java:338)
Reason Found:
it’s a wrong /etc/hosts configuration issue.
set your hosts file like this:
Read more…
jdbc Java Database Connectivity
There are 4 different types of JDBC drivers:
- JDBC-ODBC Bridge drivers (follows ODBC standards)
- Partly Java – Partly Native (this does not use any standards)
- Pure Java – Net Protocol Drivers
- Pure Java Drivers (also called Type4Drivers, most popular one)
Important Classes:
DriverManager
Driver
Connection
Statement
ResultSet
Read more…
NSDG: JBoss Case Study
This case study was presented by Mr. Zia Saquib, Executive Director, C-DAC Mumbai at one of the event of JBoss by Red Hat, Mumbai at Bandra Kurla Complex on 11th Dec 2008. The emphasis was to use Open Source Technologies in Mission Mode Projects.
Read more…
EJB3: Mapping Persistent Objects Example 5
Following are the example from the chapter “Mapping Persistent Objects” from the book “Enterprise JavaBeans 3.0″ by Bill Bruke & Richard Monson-Haefel. This example I have tried it out on JBoss AS 5.0.0.CR1. I have used Postgresql as the database. And I have used eclipse WTP as IDE.
Example 5: Embeddable Classes
This example shows the use of @javax.persistence.Embedded annotation to map a persistent property that is a nonentity class.
Read more…
Projects working on
|
|
Recent Comments