Monday, July 23, 2018

java-8-streams-map-examples

package com.mkyong.java8;

 import java.math.BigDecimal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.stream.Collectors;

 public class TestJava8 {

     public static void main(String[] args) {

         List<Staff> staff = Arrays.asList(
                new Staff("mkyong", 30, new BigDecimal(10000)),
                new Staff("jack", 27, new BigDecimal(20000)),
                new Staff("lawrence", 33, new BigDecimal(30000))
        );

         //Before Java 8
        List<String> result = new ArrayList<>();
        for (Staff x : staff) {
            result.add(x.getName());
        }
        System.out.println(result); //[mkyong, jack, lawrence]

         //Java 8
        List<String> collect = staff.stream().map(x -> x.getName()).collect(Collectors.toList());
        System.out.println(collect); //[mkyong, jack, lawrence]

     }

 }

-------------------------------------------------------------------------------------------------------------------
 package com.mkyong.java8;

 import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.stream.Collectors;

 public class TestJava8 {

     public static void main(String[] args) {

         List<String> alpha = Arrays.asList("a", "b", "c", "d");

         //Before Java8
        List<String> alphaUpper = new ArrayList<>();
        for (String s : alpha) {
            alphaUpper.add(s.toUpperCase());
        }

         System.out.println(alpha); //[a, b, c, d]
        System.out.println(alphaUpper); //[A, B, C, D]

         // Java 8
        List<String> collect = alpha.stream().map(String::toUpperCase).collect(Collectors.toList());
        System.out.println(collect); //[A, B, C, D]

         // Extra, streams apply to any data type.
        List<Integer> num = Arrays.asList(1,2,3,4,5);
        List<Integer> collect1 = num.stream().map(n -> n * 2).collect(Collectors.toList());
        System.out.println(collect1); //[2, 4, 6, 8, 10]

     }

 }
-------------------------------------------------------------------------------------------------------------------
import java.util.Arrays;
import java.util.List;

public class NowJava8 {

    public static void main(String[] args) {

        List<Person> persons = Arrays.asList(
                new Person("mkyong", 30),
                new Person("jack", 20),
                new Person("lawrence", 40)
        );

        Person result1 = persons.stream()                        // Convert to steam
                .filter(x -> "jack".equals(x.getName()))        // we want "jack" only
                .findAny()                                      // If 'findAny' then return found
                .orElse(null);                                  // If not found, return null

        System.out.println(result1);
       
        Person result2 = persons.stream()
                .filter(x -> "ahmook".equals(x.getName()))
                .findAny()
                .orElse(null);

        System.out.println(result2);

    }



 
Person{name='jack', age=20}
null
at No comments:

Wednesday, July 4, 2018

Default HostnameVerifier

Even if the SSLContext can verify that a certificate is signed by a trusted Certificate Authority, there is still room for problems. What happens if the connection hostname doesn’t match the certificate hostname? Java provides the HostnameVerifier interface to give client code the option of providing a policy for handling this situations. AsyncHttpClient adopts this interface for this purpose as well. However, unlike the JDK, the default policy provided by AsyncHttpClient is to allow all connections regardless of hostname.
Unlike SSLContext, using the Java default (HttpsURLConnection.getDefaultHostnameVerifier) is not a viable option because the default HostnameVerifier expects to only be called in the case that there is a mismatch (and therefore always returns false) while some of the AsyncHttpClient providers (e.g. Netty, the default) call it on all connections. To make matters worse, the check is not trivial (consider SAN and wildcard matching) and is implemented insun.security.util.HostnameChecker (a Sun internal proprietary API). This leaves the developer in the position of either depending on an internal API or finding/copying/creating another implementation of this functionality. For the examples in this article, I have opted for the first option.
Unfortunately, as with SSLContext, there does not appear to be a way to set the default HostnameVerifier used by AsyncHttpClient. Instead, applications must set their preferred HostnameVerifier for each connection.

/* An example program using AsyncHttpClient with SSL certificate verification
 *
 * To the extent possible under law, Kevin Locke has waived all copyright and
 * related or neighboring rights to this work.
 * A legal description of this waiver is available in LICENSE.txt.
 */
import com.ning.http.client.AsyncHttpClient;
import com.ning.http.client.AsyncHttpClientConfig;
import com.ning.http.client.Response;

import java.io.IOException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.concurrent.ExecutionException;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.security.auth.kerberos.KerberosPrincipal;
import sun.security.util.HostnameChecker;

/** Implements the "MyDownloader" application */
public class MyDownloader {

    /** HostnameVerifier implementation which implements the same policy as the
     * Java built-in pre-HostnameVerifier policy.
     */
    private static class MyHostnameVerifier implements HostnameVerifier {
        /** Checks if a given hostname matches the certificate or principal of
         * a given session.
         */
        private boolean hostnameMatches(String hostname, SSLSession session) {
            HostnameChecker checker =
                HostnameChecker.getInstance(HostnameChecker.TYPE_TLS);

            boolean validCertificate = false, validPrincipal = false;
            try {
                Certificate[] peerCertificates = session.getPeerCertificates();

                if (peerCertificates.length > 0 &&
                        peerCertificates[0] instanceof X509Certificate) {
                    X509Certificate peerCertificate =
                            (X509Certificate)peerCertificates[0];

                    try {
                        checker.match(hostname, peerCertificate);
                        // Certificate matches hostname
                        validCertificate = true;
                    } catch (CertificateException ex) {
                        // Certificate does not match hostname
                    }
                } else {
                    // Peer does not have any certificates or they aren't X.509
                }
            } catch (SSLPeerUnverifiedException ex) {
                // Not using certificates for peers, try verifying the principal
                try {
                    Principal peerPrincipal = session.getPeerPrincipal();
                    if (peerPrincipal instanceof KerberosPrincipal) {
                        validPrincipal = HostnameChecker.match(hostname,
                                (KerberosPrincipal)peerPrincipal);
                    } else {
                        // Can't verify principal, not Kerberos
                    }
                } catch (SSLPeerUnverifiedException ex2) {
                    // Can't verify principal, no principal
                }
            }

            return validCertificate || validPrincipal;
        }

        public boolean verify(String hostname, SSLSession session) {
            if (hostnameMatches(hostname, session)) {
                return true;
            } else {
                // TODO: Add application-specific checks for
                // hostname/certificate match
                return false;
            }
        }
    }

    public static void main(String[] args) {
        if (args.length != 1) {
            System.err.println("Usage: myhttp <URL>");
        } else {
            String url = args[0];

            SSLContext context = null;
            try {
                context = SSLContext.getInstance("TLS");
            } catch (NoSuchAlgorithmException e) {
                e.printStackTrace();
                return;
            }

            try {
                context.init(null, null, null);
            } catch (KeyManagementException e) {
                e.printStackTrace();
                return;
            }

            AsyncHttpClient client = new AsyncHttpClient(
                    new AsyncHttpClientConfig.Builder()
                        .setSSLContext(context)
                        .setHostnameVerifier(new MyHostnameVerifier())
                        .build()
                );

            Response response = null;
            try {
                response = client.prepareGet(url).execute().get();
            } catch (InterruptedException e) {
                e.printStackTrace();
                return;
            } catch (ExecutionException e) {
                e.printStackTrace();
                return;
            } catch (IOException e) {
                e.printStackTrace();
                return;
            }

            if (response.getStatusCode() / 100 == 2) {
                try {
                    String responseBody = response.getResponseBody();
                    System.err.println("Successfully downloaded " + url);
                    System.out.println(responseBody);
                } catch (IOException e) {
                    e.printStackTrace();
                    return;
                }
            } else {
                System.err.println("Failure downloading " + url +
                        ": HTTP Status " + response.getStatusCode());
            }
        }
    }
}


Ref https://kevinlocke.name/bits/2012/10/03/ssl-certificate-verification-in-dispatch-and-asynchttpclient/
at No comments:

2 Way mutual ssl authentication

For anyone looking to implement 2 way mutual auth, following code worked perfectly for me.
keystoreInputStream = null;
    FileInputStream truststoreInputStream = null;
    try {

        KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
        keystoreInputStream = new FileInputStream("C:\\Users\\Aman\\STSProj\\AppSecurity\\clientkeystore.p12");
        keystore.load(keystoreInputStream, "client".toCharArray());

        keystoreInputStream.close();

        KeyStore trustore = KeyStore.getInstance(KeyStore.getDefaultType());
        truststoreInputStream = new FileInputStream("C:\\Users\\Aman\\STSProj\\AppSecurity\\clienttruststore.p12");
        trustore.load(truststoreInputStream, "client".toCharArray());

        SSLContext sslcontext = SSLContexts.custom().useProtocol("TLS")
                .loadKeyMaterial(keystore, "client".toCharArray())
                .loadTrustMaterial(trustore, null).build();

        HostnameVerifier hostnameverifier = null;

        SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslcontext,
                null, null, hostnameverifier);

        CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslSocketFactory).build();

        HttpsURLConnection.setDefaultSSLSocketFactory(sslcontext.getSocketFactory());
        HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();

        requestFactory.setHttpClient(httpClient);

        RestTemplate restTemp = new RestTemplate(requestFactory);

        String greetings = restTemp
                .getForObject("https://localhost:8443/SecureAppServer/test/security/hello/aman123", String.class);

        System.out.println("Received greetings from secured server ---> " + greetings);

    } catch (Exception e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }

    finally {
        if (keystoreInputStream != null) {
            try {
                keystoreInputStream.close();
            } catch (IOException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }
        }
        if (truststoreInputStream != null) {
            try {
                truststoreInputStream.close();
            } catch (IOException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }
        }

    }
https://stackoverflow.com/questions/25226391/how-to-write-java-client-and-server-applications-that-uses-mutual-ssl-authentica
at 2 comments:
Subscribe to: Posts (Atom)

java-8-streams-map-examples

package com.mkyong.java8; import java.math.BigDecimal; import java.util.ArrayList; import java.util.Arrays; import java.util.List; im...

  • uploading image and displaying
    FileUploadAction.java package net.viralpatel.struts2; import java.io.File; import javax.servlet.http.HttpServletRequest; import org.a...
  • Default HostnameVerifier
    E ven if the   SSLContext   can verify that a certificate is signed by a trusted Certificate Authority, there is still room for problems. ...
  • Beyond Compare Script from command line
    You can call Beyond Compare 3 in scripting mode with a /silent flag to have it run automatically and generate a report without showing a wi...