Epiphanic Networks' Wikka : JPoSLookups

Home :: Categories :: PageIndex :: RecentChanges :: RecentlyCommented :: Login/Register
Most recent edit on 2006-08-29 01:44:40 by KogAdmin [journaling]

Additions:

Journaling

It appears that OFBiz has transaction logs that I may be able to tap into, depending on how I do order transactions. But, because transactions are very heavy for serialization of large objects the question is then what do we store on the server and what do we store on the client. If you can guarantee high performance networks you might choose all on the server, but since I have no guarantee of the network segment I'm running on, I chose to log only what naturally belongs there - orders, daily stats (although this may actually just go on the registers), and to store the rest clientside.
The client will have a richer log, including actions not relevent to the business process, and will be aggregate such that you can write "reports" against it. I plan on embedding a database and writing flatfiles because I don't particularly care about state. This is raw data, and I want raw data processing power. I'm currently investigating HSQL as I know it's fast and supposed to be easy to integrate. SQLite is another contender. DB4O, Derby or JavaDB may also be considered, should they be required.
Right now preliminary investigation has yielded a performance report (PDF) by PolePosition, demonstrating the fact that HSQL is indeed fast from Java, especially if you don't care about rich object hierarchies. I'm not sure about ACID or about standard RDBMS features, but I really shouldn't need much - aggregation fuctions such as SUM() and COUNT(), SELECT (project) support should do me fine.
All reports will be run against local copy, unless I figure out some reason not to.


Edited on 2006-08-15 02:35:51 by KogAdmin [bump]

Additions:
TODO: clean and reconcile me when done drafting
 

TODO: fix netbeans class issue (it's apparently ignoring my env setting for libs, lovely).
I ended up opening up the userLogin service, and I'm going to need to go and export a bunch of other services (like prodFindProduct or whatever calls it). Thankfully they have a master reference, which I might add is a lovely creation.

Deletions:
NOTE: this is all draft quality, stream of consciousness spat out at ~0338 on a Friday morning...
 

Now on to testing out services and integrating the ref client into the Netbeans version.


Edited on 2006-08-15 01:08:15 by KogAdmin

Additions:
PS - there's also http://ofbizwiki.go-integral.com/Wiki.jsp?page=UsingNonSSLRMI which tells you how to set it up NOT to use SSL, but that isn't what I was after


Edited on 2006-08-14 19:33:38 by KogAdmin [note - Ed]

Additions:
Edit
Reflecting upon the above - if it was just a question of using the wrong algorithm, it would have worked when I used the ofbizssl.jks keystore key. Although, if both client and server needed, for some odd reason, to encrypt things, then it would need both to be RSA. I just don't know enough, and my packet sniffing just didn't find enough useful material, other than I guess the client does lists the object, the server lists the stub, then the server starts throwing certs at it and the client sees if it's good. I also have the sneaking suspicion that I was breaking in multiple places (server cert, something about the client (which shouldn't need more than the pubkey of the server with standard SSL), validation, I got bad cert a few times) and was getting really odd errors.
Interesting to note: my certs also seem to have only been generated for a month, so we'll see where this takes me.
End Edit


Edited on 2006-08-14 19:17:26 by KogAdmin [update]

Additions:
So after struggling with both Google's broken Base program, and this, and several other problems for a while I finally got the ref implementation working. It actually ended up being really counter-intuitive. I used keytool to generate new certificates with RSA, and just threw the exported .cer into the keytrust for both client and server. Which is odd, because I tried that, but apparently I was also cross-importing .cer files. I also tried doing a self-CA using openssl, which also should have worked. I kept getting no trusted certificate found
So apparently you don't need to use a CA, you don't need to cross-include (which is odd because they've got a default chain-of-trust of 1, which you'd think if you import it -trusted, or tell it to trust it should trust. But no. Apparently importing the CA's cert didn't help, but should have). I'm wondering if somehow I forgot to include RSA and it was using DSA. I sincerely hope that's what's going on, because I don't see how the hell all this trouble arose. Although, in all fairness I did spend most of my time trying to get Google to work... yay for juggling job responsibilities.
Now on to testing out services and integrating the ref client into the Netbeans version.

Deletions:
That being said, sorry for disturbing and otherwise annoying.
Solved the dependencies, had an issue with Netbeans libs. Although, now I end up getting
java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is:
        javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
        at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:274)
        at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:171)
        at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:101)
        at org.ofbiz.service.rmi.RemoteDispatcherImpl_Stub.runSync(Unknown Source)
        at com.vitaminlife.pointofsale.RegisterAgent.openRegister(RegisterAgent.java:129)
        at com.vitaminlife.pointofsale.RegisterAgent.openRegister(RegisterAgent.java:147)
        at com.vitaminlife.pointofsale.PosMain.RegisterOpenButtonActionPerformed(PosMain.java:441)
        at com.vitaminlife.pointofsale.PosMain.access$500(PosMain.java:48)
        at com.vitaminlife.pointofsale.PosMain$8.actionPerformed(PosMain.java:213)
        at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1786)
        at javax.swing.AbstractButton$ForwardActionEvents.actionPerformed(AbstractButton.java:1839)
        at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:420)
        at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:258)
        at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:245)
        at java.awt.AWTEventMulticaster.mouseReleased(AWTEventMulticaster.java:231)
        at java.awt.AWTEventMulticaster.mouseReleased(AWTEventMulticaster.java:231)
        at java.awt.Component.processMouseEvent(Component.java:5100)
        at java.awt.Component.processEvent(Component.java:4897)
        at java.awt.Container.processEvent(Container.java:1569)
        at java.awt.Component.dispatchEventImpl(Component.java:3615)
        at java.awt.Container.dispatchEventImpl(Container.java:1627)
        at java.awt.Component.dispatchEvent(Component.java:3477)
        at javax.swing.plaf.basic.BasicInternalFrameUI$GlassPaneDispatcher.retargetMouseEvent(BasicInternalFrameUI.java:1420)
        at javax.swing.plaf.basic.BasicInternalFrameUI$GlassPaneDispatcher.forwardMouseEvent(BasicInternalFrameUI.java:1356)
        at javax.swing.plaf.basic.BasicInternalFrameUI$GlassPaneDispatcher.mouseReleased(BasicInternalFrameUI.java:1286)
        at java.awt.Component.processMouseEvent(Component.java:5100)
        at java.awt.Component.processEvent(Component.java:4897)
        at java.awt.Container.processEvent(Container.java:1569)
        at java.awt.Component.dispatchEventImpl(Component.java:3615)
        at java.awt.Container.dispatchEventImpl(Container.java:1627)
        at java.awt.Component.dispatchEvent(Component.java:3477)
        at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:3483)
        at java.awt.LightweightDispatcher.processMouseEvent(Container.java:3198)
        at java.awt.LightweightDispatcher.dispatchEvent(Container.java:3128)
        at java.awt.Container.dispatchEventImpl(Container.java:1613)
        at java.awt.Window.dispatchEventImpl(Window.java:1606)
        at java.awt.Component.dispatchEvent(Component.java:3477)
        at java.awt.EventQueue.dispatchEvent(EventQueue.java:480)
        at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchThread.java:201)
        at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:151)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:145)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:137)
        at java.awt.EventDispatchThread.run(EventDispatchThread.java:100)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
        at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA12275)
        at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
        at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
        at java.io.DataOutputStream.flush(DataOutputStream.java:101)
        at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:198)
        ... 42 more
Caused by: sun.security.validator.ValidatorException: No trusted certificate found
        at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304)
        at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107)
        at sun.security.validator.Validator.validate(Validator.java:202)
        at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA12275)
        at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA12275)
        ... 53 more

looking at the keys with keytool I've noticed:
==================================
	                  Ofbizrmi.jks
==================================
Ofbiz CA
----------------
Owner: EMAILADDRESS=ca@ofbiz.org, CN=OFBiz Signing Authority, OU=http://www.ofbiz.org, O=OFBiz CA, C=US
Issuer: EMAILADDRESS=ca@ofbiz.org, CN=OFBiz Signing Authority, OU=http://www.ofbiz.org, O=OFBiz CA, C=US
Serial number: 0
Valid from: Wed Oct 27 12:48:36 PDT 2004 until: Fri Oct 20 12:48:36 PDT 2034
Certificate fingerprints:
	     MD5:  D6:3D:03:DE:75:53:44:30:BF:DE:30:B4:9E:47:DD:8F
	     SHA1: 6B:4B:AF:86:C8:6B:79:12:C8:94:85:7C:88:BC:8D:7B:CC:51:B0:CC
	     
client1:
------------------
Owner: CN=RMI Client, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
Issuer: EMAILADDRESS=ca@ofbiz.org, CN=OFBiz Signing Authority, OU=http://www.ofbiz.org, O=OFBiz CA, C=US
Serial number: 2
Valid from: Wed Oct 27 14:18:58 PDT 2004 until: Thu Oct 27 14:18:58 PDT 2005
Certificate fingerprints:
	     MD5:  F3:CC:71:5C:A9:C8:EA:CC:AF:C6:24:F4:BA:FC:8E:10
	     SHA1: DE:DA:65:EA:18:7F:57:CB:03:E1:A9:85:FA:2D:80:CB:84:3C:28:DD
rmissl:
------------------
Owner: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
Issuer: EMAILADDRESS=ca@ofbiz.org, CN=OFBiz Signing Authority, OU=http://www.ofbiz.org, O=OFBiz CA, C=US
Serial number: 1
Valid from: Wed Oct 27 13:03:44 PDT 2004 until: Thu Oct 27 13:03:44 PDT 2005
Certificate fingerprints:
	     MD5:  A4:ED:25:BA:10:19:DE:4C:7C:76:38:4B:2C:6E:E4:F6
	     SHA1: 3E:E1:AB:60:A0:C5:81:D7:4F:2E:CB:7A:CE:7D:72:24:B4:CC:B6:BF
keytool -list on ofbizrmi.jks shows:
----------------------------------
ofbizca, Oct 27, 2004, trustedCertEntry,
Certificate fingerprint (MD5): D6:3D:03:DE:75:53:44:30:BF:DE:30:B4:9E:47:DD:8F
client1, Oct 28, 2004, trustedCertEntry,
Certificate fingerprint (MD5): F3:CC:71:5C:A9:C8:EA:CC:AF:C6:24:F4:BA:FC:8E:10
rmissl, Oct 27, 2004, keyEntry,
Certificate fingerprint (MD5): A4:ED:25:BA:10:19:DE:4C:7C:76:38:4B:2C:6E:E4:F6
===============================
	               ofbizcerts.jks
===============================
ofbizca is the same.
rmiclient:
-----------------------------------
Owner: CN=RMI Client, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
Issuer: EMAILADDRESS=ca@ofbiz.org, CN=OFBiz Signing Authority, OU=http://www.ofbiz.org, O=OFBiz CA, C=US
Serial number: 2
Valid from: Wed Oct 27 14:18:58 PDT 2004 until: Thu Oct 27 14:18:58 PDT 2005
Certificate fingerprints:
	     MD5:  F3:CC:71:5C:A9:C8:EA:CC:AF:C6:24:F4:BA:FC:8E:10
	     SHA1: DE:DA:65:EA:18:7F:57:CB:03:E1:A9:85:FA:2D:80:CB:84:3C:28:DD
rmiserver:
-----------------------------------
Owner: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
Issuer: EMAILADDRESS=ca@ofbiz.org, CN=OFBiz Signing Authority, OU=http://www.ofbiz.org, O=OFBiz CA, C=US
Serial number: 1
Valid from: Wed Oct 27 13:03:44 PDT 2004 until: Thu Oct 27 13:03:44 PDT 2005
Certificate fingerprints:
	     MD5:  A4:ED:25:BA:10:19:DE:4C:7C:76:38:4B:2C:6E:E4:F6
	     SHA1: 3E:E1:AB:60:A0:C5:81:D7:4F:2E:CB:7A:CE:7D:72:24:B4:CC:B6:BF
keytool -list on ofbizcerts.jks shows:
------------------------------------
ofbizca, Oct 27, 2004, trustedCertEntry,
Certificate fingerprint (MD5): D6:3D:03:DE:75:53:44:30:BF:DE:30:B4:9E:47:DD:8F
rmiclient, Oct 27, 2004, keyEntry,
Certificate fingerprint (MD5): F3:CC:71:5C:A9:C8:EA:CC:AF:C6:24:F4:BA:FC:8E:10
rmiserver, Oct 27, 2004, trustedCertEntry,
Certificate fingerprint (MD5): A4:ED:25:BA:10:19:DE:4C:7C:76:38:4B:2C:6E:E4:F6

It seems to me that I'll need to do some hackery for client1/rmissl. I'm assuming that I don't trust myself, but perhaps a selfsign will work. Here's to the attempt...
Update again:
well this is curious, on the same machine as the server it gives me an expiration error (which makes sense), but on the client I get trusted cert not found. I tried to build Jones' ref implementation, and I get the same issue: no trusted cert found. You'd think that I would get a consistent error.
Also, it seems keytool blows. So... I'm going to start using OpenSSL to do the x.509 stuff, and generate a master self-sign cert that both JKS files can use. It's taken me a while to get consistent errors even on ref copies, which makes me wonder about my build/run process.
AAAAAAAH I hate JSSE. The following process also fails:
openssl genrsa -out ca.key 1024
openssl req -new -x509 -key ca.key -out demoCA/cacert.pem
keytool -genkey -alias rmiclient -keystore ofbizcerts.jks
keytool -genkey -alias rmissl -keystore ofbizrmi.jks
keytool -keystore ofbizcerts.jks -certreq -alias rmiclient -file client.crs
keytool -keystore ofbizrmi.jks -certreq -alias rmissl -file server.crs
openssl ca -in client.crs -out client.pem -keyfile ca.key
openssl ca -in server.crs -out server.pem -keyfile ca.key
openssl x509 -in client.pem -out client.der -outform DER
openssl x509 -in server.pem -out server.der -outform DER
keytool -keystore ofbizrmi.jks -alias vlifeca -import -file demoCA/cacert.pem
keytool -keystore ofbizcerts.jks -alias vlifeca -import -file demoCA/cacert.pem
keytool -keystore ofbiztrust.jks -alias vlifeca -import -file demoCA/cacert.pem
keytool -keystore ofbizrmi.jks -alias client1 -import -file client.der
keytool -keystore ofbizcerts.jks -alias rmiserver -import -file server.der

I've even put my cacert.pem in my cacerts file in lib/security for my JRE. I've taken the ofbizssl, which still has a valid key, and gone from there. It gets to the runSync call and yields
Exception in thread "main" java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is:
	    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
	    at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:274)
	    at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:171)
	    at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:101)
	    at org.ofbiz.service.rmi.RemoteDispatcherImpl_Stub.runSync(Unknown Source)
	    at ExampleRemoteClient.runTestService(ExampleRemoteClient.java:79)
	    at ExampleRemoteClient.main(ExampleRemoteClient.java:88)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
	    at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
	    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
	    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
	    at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
	    at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
	    at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
	    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
	    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
	    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
	    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA12275)
	    at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
	    at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
	    at java.io.DataOutputStream.flush(DataOutputStream.java:101)
	    at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:198)
	    ... 5 more
Caused by: sun.security.validator.ValidatorException: No trusted certificate found
	    at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304)
	    at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107)
	    at sun.security.validator.Validator.validate(Validator.java:202)
	    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA12275)
	    at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA12275)
	    ... 16 more

Which makes me guess that it's the server rejecting the client for some reason. I wish I knew what the hell was going on.
I know it's reading the files because on a fresh checkout I end up with a cert not valid re: expiration. I remove the ofbizca entry and then I get no trusted cert. I write over one of the JKS with plain text, I get an invalid format exception. So, I know it's reading the files, I've renamed the aliases the same thing. So what the hell is going on?


Edited on 2006-08-13 15:36:38 by KogAdmin [aaarrrggh]

Additions:
AAAAAAAH I hate JSSE. The following process also fails:
openssl genrsa -out ca.key 1024
openssl req -new -x509 -key ca.key -out demoCA/cacert.pem
keytool -genkey -alias rmiclient -keystore ofbizcerts.jks
keytool -genkey -alias rmissl -keystore ofbizrmi.jks
keytool -keystore ofbizcerts.jks -certreq -alias rmiclient -file client.crs
keytool -keystore ofbizrmi.jks -certreq -alias rmissl -file server.crs
openssl ca -in client.crs -out client.pem -keyfile ca.key
openssl ca -in server.crs -out server.pem -keyfile ca.key
openssl x509 -in client.pem -out client.der -outform DER
openssl x509 -in server.pem -out server.der -outform DER
keytool -keystore ofbizrmi.jks -alias vlifeca -import -file demoCA/cacert.pem
keytool -keystore ofbizcerts.jks -alias vlifeca -import -file demoCA/cacert.pem
keytool -keystore ofbiztrust.jks -alias vlifeca -import -file demoCA/cacert.pem
keytool -keystore ofbizrmi.jks -alias client1 -import -file client.der
keytool -keystore ofbizcerts.jks -alias rmiserver -import -file server.der
I've even put my cacert.pem in my cacerts file in lib/security for my JRE. I've taken the ofbizssl, which still has a valid key, and gone from there. It gets to the runSync call and yields
Exception in thread "main" java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is:
at ExampleRemoteClient.runTestService(ExampleRemoteClient.java:79)
at ExampleRemoteClient.main(ExampleRemoteClient.java:88)
... 5 more
... 16 more
Which makes me guess that it's the server rejecting the client for some reason. I wish I knew what the hell was going on.
I know it's reading the files because on a fresh checkout I end up with a cert not valid re: expiration. I remove the ofbizca entry and then I get no trusted cert. I write over one of the JKS with plain text, I get an invalid format exception. So, I know it's reading the files, I've renamed the aliases the same thing. So what the hell is going on?


Edited on 2006-08-11 17:13:36 by KogAdmin

Additions:
Update again:
well this is curious, on the same machine as the server it gives me an expiration error (which makes sense), but on the client I get trusted cert not found. I tried to build Jones' ref implementation, and I get the same issue: no trusted cert found. You'd think that I would get a consistent error.
Also, it seems keytool blows. So... I'm going to start using OpenSSL to do the x.509 stuff, and generate a master self-sign cert that both JKS files can use. It's taken me a while to get consistent errors even on ref copies, which makes me wonder about my build/run process.


Edited on 2006-08-07 15:59:45 by KogAdmin [more debug]

Additions:

Ofbizrmi.jks

keytool -list on ofbizrmi.jks shows:

=
ofbizcerts.jks

= ofbizca is the same.
rmiclient:
rmiserver:
keytool -list on ofbizcerts.jks shows:
rmiclient, Oct 27, 2004, keyEntry,
rmiserver, Oct 27, 2004, trustedCertEntry,

Deletions:
keytool -list shows:



Edited on 2006-08-07 15:48:44 by KogAdmin [keytool -list]

Additions:
keytool -list shows:
ofbizca, Oct 27, 2004, trustedCertEntry,
Certificate fingerprint (MD5): D6:3D:03:DE:75:53:44:30:BF:DE:30:B4:9E:47:DD:8F
client1, Oct 28, 2004, trustedCertEntry,
Certificate fingerprint (MD5): F3:CC:71:5C:A9:C8:EA:CC:AF:C6:24:F4:BA:FC:8E:10
rmissl, Oct 27, 2004, keyEntry,
Certificate fingerprint (MD5): A4:ED:25:BA:10:19:DE:4C:7C:76:38:4B:2C:6E:E4:F6


Edited on 2006-08-07 15:47:20 by KogAdmin [SSL issues]

Additions:
Solved the dependencies, had an issue with Netbeans libs. Although, now I end up getting
java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is:
        javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
        at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:274)
        at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:171)
        at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:101)
        at org.ofbiz.service.rmi.RemoteDispatcherImpl_Stub.runSync(Unknown Source)
        at com.vitaminlife.pointofsale.RegisterAgent.openRegister(RegisterAgent.java:129)
        at com.vitaminlife.pointofsale.RegisterAgent.openRegister(RegisterAgent.java:147)
        at com.vitaminlife.pointofsale.PosMain.RegisterOpenButtonActionPerformed(PosMain.java:441)
        at com.vitaminlife.pointofsale.PosMain.access$500(PosMain.java:48)
        at com.vitaminlife.pointofsale.PosMain$8.actionPerformed(PosMain.java:213)
        at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1786)
        at javax.swing.AbstractButton$ForwardActionEvents.actionPerformed(AbstractButton.java:1839)
        at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:420)
        at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:258)
        at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:245)
        at java.awt.AWTEventMulticaster.mouseReleased(AWTEventMulticaster.java:231)
        at java.awt.AWTEventMulticaster.mouseReleased(AWTEventMulticaster.java:231)
        at java.awt.Component.processMouseEvent(Component.java:5100)
        at java.awt.Component.processEvent(Component.java:4897)
        at java.awt.Container.processEvent(Container.java:1569)
        at java.awt.Component.dispatchEventImpl(Component.java:3615)
        at java.awt.Container.dispatchEventImpl(Container.java:1627)
        at java.awt.Component.dispatchEvent(Component.java:3477)
        at javax.swing.plaf.basic.BasicInternalFrameUI$GlassPaneDispatcher.retargetMouseEvent(BasicInternalFrameUI.java:1420)
        at javax.swing.plaf.basic.BasicInternalFrameUI$GlassPaneDispatcher.forwardMouseEvent(BasicInternalFrameUI.java:1356)
        at javax.swing.plaf.basic.BasicInternalFrameUI$GlassPaneDispatcher.mouseReleased(BasicInternalFrameUI.java:1286)
        at java.awt.Component.processMouseEvent(Component.java:5100)
        at java.awt.Component.processEvent(Component.java:4897)
        at java.awt.Container.processEvent(Container.java:1569)
        at java.awt.Component.dispatchEventImpl(Component.java:3615)
        at java.awt.Container.dispatchEventImpl(Container.java:1627)
        at java.awt.Component.dispatchEvent(Component.java:3477)
        at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:3483)
        at java.awt.LightweightDispatcher.processMouseEvent(Container.java:3198)
        at java.awt.LightweightDispatcher.dispatchEvent(Container.java:3128)
        at java.awt.Container.dispatchEventImpl(Container.java:1613)
        at java.awt.Window.dispatchEventImpl(Window.java:1606)
        at java.awt.Component.dispatchEvent(Component.java:3477)
        at java.awt.EventQueue.dispatchEvent(EventQueue.java:480)
        at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchThread.java:201)
        at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:151)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:145)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:137)
        at java.awt.EventDispatchThread.run(EventDispatchThread.java:100)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
        at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA12275)
        at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
        at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
        at java.io.DataOutputStream.flush(DataOutputStream.java:101)
        at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:198)
        ... 42 more
Caused by: sun.security.validator.ValidatorException: No trusted certificate found
        at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304)
        at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107)
        at sun.security.validator.Validator.validate(Validator.java:202)
        at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA12275)
        at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA12275)
        ... 53 more

looking at the keys with keytool I've noticed:
Ofbiz CA
----------------
Owner: EMAILADDRESS=ca@ofbiz.org, CN=OFBiz Signing Authority, OU=http://www.ofbiz.org, O=OFBiz CA, C=US
Issuer: EMAILADDRESS=ca@ofbiz.org, CN=OFBiz Signing Authority, OU=http://www.ofbiz.org, O=OFBiz CA, C=US
Serial number: 0
Valid from: Wed Oct 27 12:48:36 PDT 2004 until: Fri Oct 20 12:48:36 PDT 2034
Certificate fingerprints:
	     MD5:  D6:3D:03:DE:75:53:44:30:BF:DE:30:B4:9E:47:DD:8F
	     SHA1: 6B:4B:AF:86:C8:6B:79:12:C8:94:85:7C:88:BC:8D:7B:CC:51:B0:CC
	     
client1:
------------------
Owner: CN=RMI Client, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
Issuer: EMAILADDRESS=ca@ofbiz.org, CN=OFBiz Signing Authority, OU=http://www.ofbiz.org, O=OFBiz CA, C=US
Serial number: 2
Valid from: Wed Oct 27 14:18:58 PDT 2004 until: Thu Oct 27 14:18:58 PDT 2005
Certificate fingerprints:
	     MD5:  F3:CC:71:5C:A9:C8:EA:CC:AF:C6:24:F4:BA:FC:8E:10
	     SHA1: DE:DA:65:EA:18:7F:57:CB:03:E1:A9:85:FA:2D:80:CB:84:3C:28:DD
rmissl:
------------------
Owner: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
Issuer: EMAILADDRESS=ca@ofbiz.org, CN=OFBiz Signing Authority, OU=http://www.ofbiz.org, O=OFBiz CA, C=US
Serial number: 1
Valid from: Wed Oct 27 13:03:44 PDT 2004 until: Thu Oct 27 13:03:44 PDT 2005
Certificate fingerprints:
	     MD5:  A4:ED:25:BA:10:19:DE:4C:7C:76:38:4B:2C:6E:E4:F6
	     SHA1: 3E:E1:AB:60:A0:C5:81:D7:4F:2E:CB:7A:CE:7D:72:24:B4:CC:B6:BF

It seems to me that I'll need to do some hackery for client1/rmissl. I'm assuming that I don't trust myself, but perhaps a selfsign will work. Here's to the attempt...

Deletions:
Wow, these dependencies are annoying if you're using Netbeans... I'll post something soon as I get it working


Edited on 2006-07-31 16:42:07 by KogAdmin [update]

Additions:
Wow, these dependencies are annoying if you're using Netbeans... I'll post something soon as I get it working


Edited on 2006-07-28 02:31:23 by KogAdmin [update]

Additions:
UPDATE
It appears that the Authentication can be done by passing in a map of IN values, so that shouldn't be too bad. It also looks like I can leverage the existing system, and possibly create new roles that only exist for the PoS. David E. Jones pointed me to ExampleRemoteClient.java in framework\service\src\org\ofbiz\service\rmi which has some examples, as well as JARs and property files (not really sure why... must be something at runtime. I'll have to check later). Thankfully I'm using Ant for builds, so throwing in new libs shouldn't be too difficult - although my dist will be enormous in comparison to what it was (~496K if I remember correctly - writing this from memory at 0228 so I don't forget).
There are also examples in the handbook I picked up, so hopefully I can make a forray into the RMI soon.
PS - I think that I probably annoyed the hell out of David at the convention, he sure seemed agitated. My apologies, but in my defense the system really isn't that simple for someone going from 0-60 in a whole new arena of technologies. It becomes easy after the several years of experience one from the project possesses... I'd also say that picking up a lot in a few days is a definately admirable and defensible position...
That being said, sorry for disturbing and otherwise annoying.


Edited on 2006-07-27 02:29:24 by KogAdmin [RMI]

Additions:
UPDATE: RMI goodness from OSCon 2006
 

RMI

It seems that after talking to folks at the BOF (David E Jones) last night, all I need to do to get my RMI on is the following:
1 - Create service definitions. I'll start with the already created one to check a price, and try that one
2 - Grab the RMI libs from the distro and compile against it
3 - call the method remotely and execute the service giving it call(method, valuemap) and get back a valuemap.
Authentication will still probably be a problem, we'll see. I'd love to see documentation of this somewhere - David said it exists somewhere, and sometime when it's not 0229 and I don't have to be up in a few hours, I'll indeed go and look... I promise


Edited on 2006-06-18 17:13:14 by KogAdmin [new cache factory, ideas]

Additions:
I'm not sure how the update queue(s) will work right now because I haven't begun researching how to build the servlet, and then the RMI on top of that. I'm hoping to just spin off a thread in the PoS Agent and have it ask the server every x minutes for taints. All caches will have standard methods: cache, destroy item, item tainted, lookup. It's also conceivable that you want to spin off a thread that does cache reclaiming every x seconds, or even use priority queues and lifetimes for individual datum (see below).
Update
I've implemented the caches as a factory pattern (WikiPedia entry on pattern), so you grab a cache factory and ask it for a cache of users, products or orders. Right now it's implemented as a singleton, but part of the beauty of a factory is such that it's easily modifiable - it's conceivable that you might need multiple cache stores, partitioning for different reasons. It's also nice to be able to tweak the cache such that it can always lookup, that it can use a pqueue instead of a hashtable or any number of mutations.
Currently the RegisterAgent class contains caches and lookups are made against the agent itself. You could consider the register agent as the state of the register itself (see my comments on semi-autonomous negotiations and curvy clients). All caches will be purged upon shutdown (register close, app close) - there should be no writes to the backing store.

Deletions:
I'm not sure how the update queue(s) will work right now because I haven't begun researching how to build the servlet, and then the RMI on top of that. I'm hoping to just spin off a thread in the PoS Agent and have it ask the server every x minutes for taints. All caches will have standard methods: cache, destroy item, item tainted, lookup.


Edited on 2006-06-16 03:39:07 by KogAdmin [minor edit: formatting]

No differences.

Oldest known version of this page was edited on 2006-06-16 03:38:55 by KogAdmin [draft]
Page view:

Querying the back end



NOTE: this is all draft quality, stream of consciousness spat out at ~0338 on a Friday morning...
 


Lookups


Right now products and users are being looked up locally. I'll build a fake RMI module, and then later hook into the actual products DB.

Products can only be constructed with Product.lookupProduct, which takes a String of a UPC. Products generally contain a price, UPC and description but will eventually contain stats like how many are in stock (which will mean more frequent cache misses and more lookups).

Users are pretty static - they'll rarely be deleted, and lookups should be infrequent. Users currently have a UID, password (managers) and a managerial status flag.

Orders - you can lookup old orders (eventually), which are basically orders flagged complete. These can be cached too, but will most likely be infrequently looked up, and are quite volitile. Further, the status flag will eventually be upgraded to include other information.

Caching


The cache model will be rather simple: every once in a while the PoS Agent will check the update queues on the server for updates indicating that any of the three caches are tainted. You'll get a specific reference and sync the cache. Lookups will work as in a Von Neumann system - it'll search the cache space first, and hopefully hit. If it faults a lookup will be called via RMI. These shouldn't be too heavy, but it's a good idea to try and cache as much as possible.

Users are highly static, products are mostly static (until you get into volitile information, such as stock levels... you might want to use stock level grouping instead, more below) and orders may, or may not be static.

I'm not sure how the update queue(s) will work right now because I haven't begun researching how to build the servlet, and then the RMI on top of that. I'm hoping to just spin off a thread in the PoS Agent and have it ask the server every x minutes for taints. All caches will have standard methods: cache, destroy item, item tainted, lookup.

Stock levels and caching: you probably won't need stock level information unless you're doing a lookup - so generally stock information need not be cached. However, for a quick turnover store you might wish to know this, and it might be wise to create groupings of stock to minimize taints to the cache (otherwise you'll end up doing a lookup almost every query). You'd end up with something like: plenty in stock, mid stock level, getting low, reorder, out of stock. This way when it crosses a threshold the update queue will trigger and tell the PoS terminal that a new threshold has been reached.

This page is CategoryJPoS
Page History :: 2006-08-29 01:44:40 XML :: Owner: KogAdmin :: Search:
Valid XHTML 1.0 Transitional :: Valid CSS :: Powered by Wikka Wakka Wiki 1.1.6.3
Page was generated in 0.4489 seconds