Additions:
==== Journaling ====
It appears that OFBiz has transaction logs that I may be able to tap into, depending on how I do order transactions. But, because transactions are very heavy for serialization of large objects the question is then what do we store on the server and what do we store on the client. If you can guarantee high performance networks you might choose all on the server, but since I have no guarantee of the network segment I'm running on, I chose to log only what naturally belongs there - orders, daily stats (although this may actually just go on the registers), and to store the rest clientside.
The client will have a richer log, including actions not relevent to the business process, and will be aggregate such that you can write "reports" against it. I plan on embedding a database and writing flatfiles because I don't particularly care about state. This is raw data, and I want raw data processing power. I'm currently investigating HSQL as I know it's fast and supposed to be easy to integrate. SQLite is another contender. DB4O, Derby or JavaDB may also be considered, should they be required.
Right now preliminary investigation has yielded a [[http://polepos.sourceforge.net/results/PolePosition.pdf performance report (PDF)]] by [[http://polepos.sourceforge.net/ PolePosition]], demonstrating the fact that HSQL is indeed fast from Java, especially if you don't care about rich object hierarchies. I'm not sure about ACID or about standard RDBMS features, but I really shouldn't need much - aggregation fuctions such as SUM() and COUNT(), SELECT (project) support should do me fine.
All reports will be run against local copy, unless I figure out some reason not to.
It appears that OFBiz has transaction logs that I may be able to tap into, depending on how I do order transactions. But, because transactions are very heavy for serialization of large objects the question is then what do we store on the server and what do we store on the client. If you can guarantee high performance networks you might choose all on the server, but since I have no guarantee of the network segment I'm running on, I chose to log only what naturally belongs there - orders, daily stats (although this may actually just go on the registers), and to store the rest clientside.
The client will have a richer log, including actions not relevent to the business process, and will be aggregate such that you can write "reports" against it. I plan on embedding a database and writing flatfiles because I don't particularly care about state. This is raw data, and I want raw data processing power. I'm currently investigating HSQL as I know it's fast and supposed to be easy to integrate. SQLite is another contender. DB4O, Derby or JavaDB may also be considered, should they be required.
Right now preliminary investigation has yielded a [[http://polepos.sourceforge.net/results/PolePosition.pdf performance report (PDF)]] by [[http://polepos.sourceforge.net/ PolePosition]], demonstrating the fact that HSQL is indeed fast from Java, especially if you don't care about rich object hierarchies. I'm not sure about ACID or about standard RDBMS features, but I really shouldn't need much - aggregation fuctions such as SUM() and COUNT(), SELECT (project) support should do me fine.
All reports will be run against local copy, unless I figure out some reason not to.
Additions:
<< TODO: clean and reconcile me when done drafting << ::c::
TODO: fix netbeans class issue (it's apparently ignoring my env setting for libs, lovely).
I ended up opening up the userLogin service, and I'm going to need to go and export a bunch of other services (like prodFindProduct or whatever calls it). Thankfully they have a master reference, which I might add is a lovely creation.
TODO: fix netbeans class issue (it's apparently ignoring my env setting for libs, lovely).
I ended up opening up the userLogin service, and I'm going to need to go and export a bunch of other services (like prodFindProduct or whatever calls it). Thankfully they have a master reference, which I might add is a lovely creation.
Deletions:
Now on to testing out services and integrating the ref client into the Netbeans version.
Additions:
PS - there's also [[http://ofbizwiki.go-integral.com/Wiki.jsp?page=UsingNonSSLRMI]] which tells you how to set it up NOT to use SSL, but that isn't what I was after
Additions:
** Edit **
Reflecting upon the above - if it was just a question of using the wrong algorithm, it would have worked when I used the ofbizssl.jks keystore key. Although, if both client and server needed, for some odd reason, to encrypt things, then it would need both to be RSA. I just don't know enough, and my packet sniffing just didn't find enough useful material, other than I guess the client does lists the object, the server lists the stub, then the server starts throwing certs at it and the client sees if it's good. I also have the sneaking suspicion that I was breaking in multiple places (server cert, something about the client (which shouldn't need more than the pubkey of the server with standard SSL), validation, I got bad cert a few times) and was getting really odd errors.
Interesting to note: my certs also seem to have only been generated for a month, so we'll see where this takes me.
** End Edit **
Reflecting upon the above - if it was just a question of using the wrong algorithm, it would have worked when I used the ofbizssl.jks keystore key. Although, if both client and server needed, for some odd reason, to encrypt things, then it would need both to be RSA. I just don't know enough, and my packet sniffing just didn't find enough useful material, other than I guess the client does lists the object, the server lists the stub, then the server starts throwing certs at it and the client sees if it's good. I also have the sneaking suspicion that I was breaking in multiple places (server cert, something about the client (which shouldn't need more than the pubkey of the server with standard SSL), validation, I got bad cert a few times) and was getting really odd errors.
Interesting to note: my certs also seem to have only been generated for a month, so we'll see where this takes me.
** End Edit **
Additions:
So after struggling with both Google's broken Base program, and this, and several other problems for a while I finally got the ref implementation working. It actually ended up being really counter-intuitive. I used keytool to generate new certificates with RSA, and just threw the exported .cer into the keytrust for both client and server. Which is odd, because I tried that, but apparently I was also cross-importing .cer files. I also tried doing a self-CA using openssl, which also should have worked. I kept getting no trusted certificate found
So apparently you don't need to use a CA, you don't need to cross-include (which is odd because they've got a default chain-of-trust of 1, which you'd think if you import it -trusted, or tell it to trust it should trust. But no. Apparently importing the CA's cert didn't help, but should have). I'm wondering if somehow I forgot to include RSA and it was using DSA. I sincerely hope that's what's going on, because I don't see how the hell all this trouble arose. Although, in all fairness I did spend most of my time trying to get Google to work... yay for juggling job responsibilities.
Now on to testing out services and integrating the ref client into the Netbeans version.
So apparently you don't need to use a CA, you don't need to cross-include (which is odd because they've got a default chain-of-trust of 1, which you'd think if you import it -trusted, or tell it to trust it should trust. But no. Apparently importing the CA's cert didn't help, but should have). I'm wondering if somehow I forgot to include RSA and it was using DSA. I sincerely hope that's what's going on, because I don't see how the hell all this trouble arose. Although, in all fairness I did spend most of my time trying to get Google to work... yay for juggling job responsibilities.
Now on to testing out services and integrating the ref client into the Netbeans version.
Deletions:
Solved the dependencies, had an issue with Netbeans libs. Although, now I end up getting
%%(java)
java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:274)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:171)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:101)
at org.ofbiz.service.rmi.RemoteDispatcherImpl_Stub.runSync(Unknown Source)
at com.vitaminlife.pointofsale.RegisterAgent.openRegister(RegisterAgent.java:129)
at com.vitaminlife.pointofsale.RegisterAgent.openRegister(RegisterAgent.java:147)
at com.vitaminlife.pointofsale.PosMain.RegisterOpenButtonActionPerformed(PosMain.java:441)
at com.vitaminlife.pointofsale.PosMain.access$500(PosMain.java:48)
at com.vitaminlife.pointofsale.PosMain$8.actionPerformed(PosMain.java:213)
at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1786)
at javax.swing.AbstractButton$ForwardActionEvents.actionPerformed(AbstractButton.java:1839)
at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:420)
at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:258)
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:245)
at java.awt.AWTEventMulticaster.mouseReleased(AWTEventMulticaster.java:231)
at java.awt.AWTEventMulticaster.mouseReleased(AWTEventMulticaster.java:231)
at java.awt.Component.processMouseEvent(Component.java:5100)
at java.awt.Component.processEvent(Component.java:4897)
at java.awt.Container.processEvent(Container.java:1569)
at java.awt.Component.dispatchEventImpl(Component.java:3615)
at java.awt.Container.dispatchEventImpl(Container.java:1627)
at java.awt.Component.dispatchEvent(Component.java:3477)
at javax.swing.plaf.basic.BasicInternalFrameUI$GlassPaneDispatcher.retargetMouseEvent(BasicInternalFrameUI.java:1420)
at javax.swing.plaf.basic.BasicInternalFrameUI$GlassPaneDispatcher.forwardMouseEvent(BasicInternalFrameUI.java:1356)
at javax.swing.plaf.basic.BasicInternalFrameUI$GlassPaneDispatcher.mouseReleased(BasicInternalFrameUI.java:1286)
at java.awt.Component.processMouseEvent(Component.java:5100)
at java.awt.Component.processEvent(Component.java:4897)
at java.awt.Container.processEvent(Container.java:1569)
at java.awt.Component.dispatchEventImpl(Component.java:3615)
at java.awt.Container.dispatchEventImpl(Container.java:1627)
at java.awt.Component.dispatchEvent(Component.java:3477)
at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:3483)
at java.awt.LightweightDispatcher.processMouseEvent(Container.java:3198)
at java.awt.LightweightDispatcher.dispatchEvent(Container.java:3128)
at java.awt.Container.dispatchEventImpl(Container.java:1613)
at java.awt.Window.dispatchEventImpl(Window.java:1606)
at java.awt.Component.dispatchEvent(Component.java:3477)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:480)
at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchThread.java:201)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:151)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:145)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:137)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:100)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA12275)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
at java.io.DataOutputStream.flush(DataOutputStream.java:101)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:198)
... 42 more
Caused by: sun.security.validator.ValidatorException: No trusted certificate found
at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304)
at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107)
at sun.security.validator.Validator.validate(Validator.java:202)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA12275)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA12275)
... 53 more
%%
looking at the keys with keytool I've noticed:
%%
==================================
Ofbizrmi.jks
==================================
Ofbiz CA
----------------
Owner: EMAILADDRESS=ca@ofbiz.org, CN=OFBiz Signing Authority, OU=http://www.ofbiz.org, O=OFBiz CA, C=US
Issuer: EMAILADDRESS=ca@ofbiz.org, CN=OFBiz Signing Authority, OU=http://www.ofbiz.org, O=OFBiz CA, C=US
Serial number: 0
Valid from: Wed Oct 27 12:48:36 PDT 2004 until: Fri Oct 20 12:48:36 PDT 2034
Certificate fingerprints:
MD5: D6:3D:03:DE:75:53:44:30:BF:DE:30:B4:9E:47:DD:8F
SHA1: 6B:4B:AF:86:C8:6B:79:12:C8:94:85:7C:88:BC:8D:7B:CC:51:B0:CC
client1:
------------------
Owner: CN=RMI Client, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
Issuer: EMAILADDRESS=ca@ofbiz.org, CN=OFBiz Signing Authority, OU=http://www.ofbiz.org, O=OFBiz CA, C=US
Serial number: 2
Valid from: Wed Oct 27 14:18:58 PDT 2004 until: Thu Oct 27 14:18:58 PDT 2005
Certificate fingerprints:
MD5: F3:CC:71:5C:A9:C8:EA:CC:AF:C6:24:F4:BA:FC:8E:10
SHA1: DE:DA:65:EA:18:7F:57:CB:03:E1:A9:85:FA:2D:80:CB:84:3C:28:DD
rmissl:
------------------
Owner: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
Issuer: EMAILADDRESS=ca@ofbiz.org, CN=OFBiz Signing Authority, OU=http://www.ofbiz.org, O=OFBiz CA, C=US
Serial number: 1
Valid from: Wed Oct 27 13:03:44 PDT 2004 until: Thu Oct 27 13:03:44 PDT 2005
Certificate fingerprints:
MD5: A4:ED:25:BA:10:19:DE:4C:7C:76:38:4B:2C:6E:E4:F6
SHA1: 3E:E1:AB:60:A0:C5:81:D7:4F:2E:CB:7A:CE:7D:72:24:B4:CC:B6:BF
keytool -list on ofbizrmi.jks shows:
----------------------------------
ofbizca, Oct 27, 2004, trustedCertEntry,
Certificate fingerprint (MD5): D6:3D:03:DE:75:53:44:30:BF:DE:30:B4:9E:47:DD:8F
client1, Oct 28, 2004, trustedCertEntry,
Certificate fingerprint (MD5): F3:CC:71:5C:A9:C8:EA:CC:AF:C6:24:F4:BA:FC:8E:10
rmissl, Oct 27, 2004, keyEntry,
Certificate fingerprint (MD5): A4:ED:25:BA:10:19:DE:4C:7C:76:38:4B:2C:6E:E4:F6
===============================
ofbizcerts.jks
===============================
ofbizca is the same.
rmiclient:
-----------------------------------
Owner: CN=RMI Client, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
Issuer: EMAILADDRESS=ca@ofbiz.org, CN=OFBiz Signing Authority, OU=http://www.ofbiz.org, O=OFBiz CA, C=US
Serial number: 2
Valid from: Wed Oct 27 14:18:58 PDT 2004 until: Thu Oct 27 14:18:58 PDT 2005
Certificate fingerprints:
MD5: F3:CC:71:5C:A9:C8:EA:CC:AF:C6:24:F4:BA:FC:8E:10
SHA1: DE:DA:65:EA:18:7F:57:CB:03:E1:A9:85:FA:2D:80:CB:84:3C:28:DD
rmiserver:
-----------------------------------
Owner: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
Issuer: EMAILADDRESS=ca@ofbiz.org, CN=OFBiz Signing Authority, OU=http://www.ofbiz.org, O=OFBiz CA, C=US
Serial number: 1
Valid from: Wed Oct 27 13:03:44 PDT 2004 until: Thu Oct 27 13:03:44 PDT 2005
Certificate fingerprints:
MD5: A4:ED:25:BA:10:19:DE:4C:7C:76:38:4B:2C:6E:E4:F6
SHA1: 3E:E1:AB:60:A0:C5:81:D7:4F:2E:CB:7A:CE:7D:72:24:B4:CC:B6:BF
keytool -list on ofbizcerts.jks shows:
------------------------------------
ofbizca, Oct 27, 2004, trustedCertEntry,
Certificate fingerprint (MD5): D6:3D:03:DE:75:53:44:30:BF:DE:30:B4:9E:47:DD:8F
rmiclient, Oct 27, 2004, keyEntry,
Certificate fingerprint (MD5): F3:CC:71:5C:A9:C8:EA:CC:AF:C6:24:F4:BA:FC:8E:10
rmiserver, Oct 27, 2004, trustedCertEntry,
Certificate fingerprint (MD5): A4:ED:25:BA:10:19:DE:4C:7C:76:38:4B:2C:6E:E4:F6
%%
It seems to me that I'll need to do some hackery for client1/rmissl. I'm assuming that I don't trust myself, but perhaps a selfsign will work. Here's to the attempt...
__Update again:__
well this is curious, on the same machine as the server it gives me an expiration error (which makes sense), but on the client I get trusted cert not found. I tried to build Jones' ref implementation, and I get the same issue: no trusted cert found. You'd think that I would get a consistent error.
Also, it seems keytool blows. So... I'm going to start using OpenSSL to do the x.509 stuff, and generate a master self-sign cert that both JKS files can use. It's taken me a while to get consistent errors even on ref copies, which makes me wonder about my build/run process.
AAAAAAAH I hate JSSE. The following process also fails:
%%
openssl genrsa -out ca.key 1024
openssl req -new -x509 -key ca.key -out demoCA/cacert.pem
keytool -genkey -alias rmiclient -keystore ofbizcerts.jks
keytool -genkey -alias rmissl -keystore ofbizrmi.jks
keytool -keystore ofbizcerts.jks -certreq -alias rmiclient -file client.crs
keytool -keystore ofbizrmi.jks -certreq -alias rmissl -file server.crs
openssl ca -in client.crs -out client.pem -keyfile ca.key
openssl ca -in server.crs -out server.pem -keyfile ca.key
openssl x509 -in client.pem -out client.der -outform DER
openssl x509 -in server.pem -out server.der -outform DER
keytool -keystore ofbizrmi.jks -alias vlifeca -import -file demoCA/cacert.pem
keytool -keystore ofbizcerts.jks -alias vlifeca -import -file demoCA/cacert.pem
keytool -keystore ofbiztrust.jks -alias vlifeca -import -file demoCA/cacert.pem
keytool -keystore ofbizrmi.jks -alias client1 -import -file client.der
keytool -keystore ofbizcerts.jks -alias rmiserver -import -file server.der
%%
I've even put my cacert.pem in my cacerts file in lib/security for my JRE. I've taken the ofbizssl, which still has a valid key, and gone from there. It gets to the runSync call and yields
%%
Exception in thread "main" java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:274)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:171)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:101)
at org.ofbiz.service.rmi.RemoteDispatcherImpl_Stub.runSync(Unknown Source)
at ExampleRemoteClient.runTestService(ExampleRemoteClient.java:79)
at ExampleRemoteClient.main(ExampleRemoteClient.java:88)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA12275)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
at java.io.DataOutputStream.flush(DataOutputStream.java:101)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:198)
... 5 more
Caused by: sun.security.validator.ValidatorException: No trusted certificate found
at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304)
at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107)
at sun.security.validator.Validator.validate(Validator.java:202)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA12275)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA12275)
... 16 more
%%
Which makes me guess that it's the server rejecting the client for some reason. I wish I knew what the hell was going on.
I know it's reading the files because on a fresh checkout I end up with a cert not valid re: expiration. I remove the ofbizca entry and then I get no trusted cert. I write over one of the JKS with plain text, I get an invalid format exception. So, I know it's reading the files, I've renamed the aliases the same thing. So what the hell is going on?
Additions:
AAAAAAAH I hate JSSE. The following process also fails:
openssl genrsa -out ca.key 1024
openssl req -new -x509 -key ca.key -out demoCA/cacert.pem
keytool -genkey -alias rmiclient -keystore ofbizcerts.jks
keytool -genkey -alias rmissl -keystore ofbizrmi.jks
keytool -keystore ofbizcerts.jks -certreq -alias rmiclient -file client.crs
keytool -keystore ofbizrmi.jks -certreq -alias rmissl -file server.crs
openssl ca -in client.crs -out client.pem -keyfile ca.key
openssl ca -in server.crs -out server.pem -keyfile ca.key
openssl x509 -in client.pem -out client.der -outform DER
openssl x509 -in server.pem -out server.der -outform DER
keytool -keystore ofbizrmi.jks -alias vlifeca -import -file demoCA/cacert.pem
keytool -keystore ofbizcerts.jks -alias vlifeca -import -file demoCA/cacert.pem
keytool -keystore ofbiztrust.jks -alias vlifeca -import -file demoCA/cacert.pem
keytool -keystore ofbizrmi.jks -alias client1 -import -file client.der
keytool -keystore ofbizcerts.jks -alias rmiserver -import -file server.der
I've even put my cacert.pem in my cacerts file in lib/security for my JRE. I've taken the ofbizssl, which still has a valid key, and gone from there. It gets to the runSync call and yields
Exception in thread "main" java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is:
at ExampleRemoteClient.runTestService(ExampleRemoteClient.java:79)
at ExampleRemoteClient.main(ExampleRemoteClient.java:88)
... 5 more
... 16 more
Which makes me guess that it's the server rejecting the client for some reason. I wish I knew what the hell was going on.
I know it's reading the files because on a fresh checkout I end up with a cert not valid re: expiration. I remove the ofbizca entry and then I get no trusted cert. I write over one of the JKS with plain text, I get an invalid format exception. So, I know it's reading the files, I've renamed the aliases the same thing. So what the hell is going on?
openssl genrsa -out ca.key 1024
openssl req -new -x509 -key ca.key -out demoCA/cacert.pem
keytool -genkey -alias rmiclient -keystore ofbizcerts.jks
keytool -genkey -alias rmissl -keystore ofbizrmi.jks
keytool -keystore ofbizcerts.jks -certreq -alias rmiclient -file client.crs
keytool -keystore ofbizrmi.jks -certreq -alias rmissl -file server.crs
openssl ca -in client.crs -out client.pem -keyfile ca.key
openssl ca -in server.crs -out server.pem -keyfile ca.key
openssl x509 -in client.pem -out client.der -outform DER
openssl x509 -in server.pem -out server.der -outform DER
keytool -keystore ofbizrmi.jks -alias vlifeca -import -file demoCA/cacert.pem
keytool -keystore ofbizcerts.jks -alias vlifeca -import -file demoCA/cacert.pem
keytool -keystore ofbiztrust.jks -alias vlifeca -import -file demoCA/cacert.pem
keytool -keystore ofbizrmi.jks -alias client1 -import -file client.der
keytool -keystore ofbizcerts.jks -alias rmiserver -import -file server.der
I've even put my cacert.pem in my cacerts file in lib/security for my JRE. I've taken the ofbizssl, which still has a valid key, and gone from there. It gets to the runSync call and yields
Exception in thread "main" java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is:
at ExampleRemoteClient.runTestService(ExampleRemoteClient.java:79)
at ExampleRemoteClient.main(ExampleRemoteClient.java:88)
... 5 more
... 16 more
Which makes me guess that it's the server rejecting the client for some reason. I wish I knew what the hell was going on.
I know it's reading the files because on a fresh checkout I end up with a cert not valid re: expiration. I remove the ofbizca entry and then I get no trusted cert. I write over one of the JKS with plain text, I get an invalid format exception. So, I know it's reading the files, I've renamed the aliases the same thing. So what the hell is going on?
Additions:
__Update again:__
well this is curious, on the same machine as the server it gives me an expiration error (which makes sense), but on the client I get trusted cert not found. I tried to build Jones' ref implementation, and I get the same issue: no trusted cert found. You'd think that I would get a consistent error.
Also, it seems keytool blows. So... I'm going to start using OpenSSL to do the x.509 stuff, and generate a master self-sign cert that both JKS files can use. It's taken me a while to get consistent errors even on ref copies, which makes me wonder about my build/run process.
well this is curious, on the same machine as the server it gives me an expiration error (which makes sense), but on the client I get trusted cert not found. I tried to build Jones' ref implementation, and I get the same issue: no trusted cert found. You'd think that I would get a consistent error.
Also, it seems keytool blows. So... I'm going to start using OpenSSL to do the x.509 stuff, and generate a master self-sign cert that both JKS files can use. It's taken me a while to get consistent errors even on ref copies, which makes me wonder about my build/run process.
Additions:
==================================
Ofbizrmi.jks
==================================
keytool -list on ofbizrmi.jks shows:
----------------------------------
===============================
ofbizcerts.jks
===============================
ofbizca is the same.
rmiclient:
-----------------------------------
rmiserver:
-----------------------------------
keytool -list on ofbizcerts.jks shows:
------------------------------------
rmiclient, Oct 27, 2004, keyEntry,
rmiserver, Oct 27, 2004, trustedCertEntry,
Ofbizrmi.jks
==================================
keytool -list on ofbizrmi.jks shows:
----------------------------------
===============================
ofbizcerts.jks
===============================
ofbizca is the same.
rmiclient:
-----------------------------------
rmiserver:
-----------------------------------
keytool -list on ofbizcerts.jks shows:
------------------------------------
rmiclient, Oct 27, 2004, keyEntry,
rmiserver, Oct 27, 2004, trustedCertEntry,
Deletions:
-------------------
Additions:
keytool -list shows:
-------------------
ofbizca, Oct 27, 2004, trustedCertEntry,
Certificate fingerprint (MD5): D6:3D:03:DE:75:53:44:30:BF:DE:30:B4:9E:47:DD:8F
client1, Oct 28, 2004, trustedCertEntry,
Certificate fingerprint (MD5): F3:CC:71:5C:A9:C8:EA:CC:AF:C6:24:F4:BA:FC:8E:10
rmissl, Oct 27, 2004, keyEntry,
Certificate fingerprint (MD5): A4:ED:25:BA:10:19:DE:4C:7C:76:38:4B:2C:6E:E4:F6
-------------------
ofbizca, Oct 27, 2004, trustedCertEntry,
Certificate fingerprint (MD5): D6:3D:03:DE:75:53:44:30:BF:DE:30:B4:9E:47:DD:8F
client1, Oct 28, 2004, trustedCertEntry,
Certificate fingerprint (MD5): F3:CC:71:5C:A9:C8:EA:CC:AF:C6:24:F4:BA:FC:8E:10
rmissl, Oct 27, 2004, keyEntry,
Certificate fingerprint (MD5): A4:ED:25:BA:10:19:DE:4C:7C:76:38:4B:2C:6E:E4:F6
Additions:
Solved the dependencies, had an issue with Netbeans libs. Although, now I end up getting
%%(java)
java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:274)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:171)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:101)
at org.ofbiz.service.rmi.RemoteDispatcherImpl_Stub.runSync(Unknown Source)
at com.vitaminlife.pointofsale.RegisterAgent.openRegister(RegisterAgent.java:129)
at com.vitaminlife.pointofsale.RegisterAgent.openRegister(RegisterAgent.java:147)
at com.vitaminlife.pointofsale.PosMain.RegisterOpenButtonActionPerformed(PosMain.java:441)
at com.vitaminlife.pointofsale.PosMain.access$500(PosMain.java:48)
at com.vitaminlife.pointofsale.PosMain$8.actionPerformed(PosMain.java:213)
at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1786)
at javax.swing.AbstractButton$ForwardActionEvents.actionPerformed(AbstractButton.java:1839)
at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:420)
at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:258)
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:245)
at java.awt.AWTEventMulticaster.mouseReleased(AWTEventMulticaster.java:231)
at java.awt.AWTEventMulticaster.mouseReleased(AWTEventMulticaster.java:231)
at java.awt.Component.processMouseEvent(Component.java:5100)
at java.awt.Component.processEvent(Component.java:4897)
at java.awt.Container.processEvent(Container.java:1569)
at java.awt.Component.dispatchEventImpl(Component.java:3615)
at java.awt.Container.dispatchEventImpl(Container.java:1627)
at java.awt.Component.dispatchEvent(Component.java:3477)
at javax.swing.plaf.basic.BasicInternalFrameUI$GlassPaneDispatcher.retargetMouseEvent(BasicInternalFrameUI.java:1420)
at javax.swing.plaf.basic.BasicInternalFrameUI$GlassPaneDispatcher.forwardMouseEvent(BasicInternalFrameUI.java:1356)
at javax.swing.plaf.basic.BasicInternalFrameUI$GlassPaneDispatcher.mouseReleased(BasicInternalFrameUI.java:1286)
at java.awt.Component.processMouseEvent(Component.java:5100)
at java.awt.Component.processEvent(Component.java:4897)
at java.awt.Container.processEvent(Container.java:1569)
at java.awt.Component.dispatchEventImpl(Component.java:3615)
at java.awt.Container.dispatchEventImpl(Container.java:1627)
at java.awt.Component.dispatchEvent(Component.java:3477)
at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:3483)
at java.awt.LightweightDispatcher.processMouseEvent(Container.java:3198)
at java.awt.LightweightDispatcher.dispatchEvent(Container.java:3128)
at java.awt.Container.dispatchEventImpl(Container.java:1613)
at java.awt.Window.dispatchEventImpl(Window.java:1606)
at java.awt.Component.dispatchEvent(Component.java:3477)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:480)
at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchThread.java:201)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:151)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:145)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:137)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:100)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA12275)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
at java.io.DataOutputStream.flush(DataOutputStream.java:101)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:198)
... 42 more
Caused by: sun.security.validator.ValidatorException: No trusted certificate found
at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304)
at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107)
at sun.security.validator.Validator.validate(Validator.java:202)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA12275)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA12275)
... 53 more
%%
looking at the keys with keytool I've noticed:
%%
Ofbiz CA
----------------
Owner: EMAILADDRESS=ca@ofbiz.org, CN=OFBiz Signing Authority, OU=http://www.ofbiz.org, O=OFBiz CA, C=US
Issuer: EMAILADDRESS=ca@ofbiz.org, CN=OFBiz Signing Authority, OU=http://www.ofbiz.org, O=OFBiz CA, C=US
Serial number: 0
Valid from: Wed Oct 27 12:48:36 PDT 2004 until: Fri Oct 20 12:48:36 PDT 2034
Certificate fingerprints:
MD5: D6:3D:03:DE:75:53:44:30:BF:DE:30:B4:9E:47:DD:8F
SHA1: 6B:4B:AF:86:C8:6B:79:12:C8:94:85:7C:88:BC:8D:7B:CC:51:B0:CC
client1:
------------------
Owner: CN=RMI Client, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
Issuer: EMAILADDRESS=ca@ofbiz.org, CN=OFBiz Signing Authority, OU=http://www.ofbiz.org, O=OFBiz CA, C=US
Serial number: 2
Valid from: Wed Oct 27 14:18:58 PDT 2004 until: Thu Oct 27 14:18:58 PDT 2005
Certificate fingerprints:
MD5: F3:CC:71:5C:A9:C8:EA:CC:AF:C6:24:F4:BA:FC:8E:10
SHA1: DE:DA:65:EA:18:7F:57:CB:03:E1:A9:85:FA:2D:80:CB:84:3C:28:DD
rmissl:
------------------
Owner: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
Issuer: EMAILADDRESS=ca@ofbiz.org, CN=OFBiz Signing Authority, OU=http://www.ofbiz.org, O=OFBiz CA, C=US
Serial number: 1
Valid from: Wed Oct 27 13:03:44 PDT 2004 until: Thu Oct 27 13:03:44 PDT 2005
Certificate fingerprints:
MD5: A4:ED:25:BA:10:19:DE:4C:7C:76:38:4B:2C:6E:E4:F6
SHA1: 3E:E1:AB:60:A0:C5:81:D7:4F:2E:CB:7A:CE:7D:72:24:B4:CC:B6:BF
%%
It seems to me that I'll need to do some hackery for client1/rmissl. I'm assuming that I don't trust myself, but perhaps a selfsign will work. Here's to the attempt...
%%(java)
java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:274)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:171)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:101)
at org.ofbiz.service.rmi.RemoteDispatcherImpl_Stub.runSync(Unknown Source)
at com.vitaminlife.pointofsale.RegisterAgent.openRegister(RegisterAgent.java:129)
at com.vitaminlife.pointofsale.RegisterAgent.openRegister(RegisterAgent.java:147)
at com.vitaminlife.pointofsale.PosMain.RegisterOpenButtonActionPerformed(PosMain.java:441)
at com.vitaminlife.pointofsale.PosMain.access$500(PosMain.java:48)
at com.vitaminlife.pointofsale.PosMain$8.actionPerformed(PosMain.java:213)
at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1786)
at javax.swing.AbstractButton$ForwardActionEvents.actionPerformed(AbstractButton.java:1839)
at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:420)
at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:258)
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:245)
at java.awt.AWTEventMulticaster.mouseReleased(AWTEventMulticaster.java:231)
at java.awt.AWTEventMulticaster.mouseReleased(AWTEventMulticaster.java:231)
at java.awt.Component.processMouseEvent(Component.java:5100)
at java.awt.Component.processEvent(Component.java:4897)
at java.awt.Container.processEvent(Container.java:1569)
at java.awt.Component.dispatchEventImpl(Component.java:3615)
at java.awt.Container.dispatchEventImpl(Container.java:1627)
at java.awt.Component.dispatchEvent(Component.java:3477)
at javax.swing.plaf.basic.BasicInternalFrameUI$GlassPaneDispatcher.retargetMouseEvent(BasicInternalFrameUI.java:1420)
at javax.swing.plaf.basic.BasicInternalFrameUI$GlassPaneDispatcher.forwardMouseEvent(BasicInternalFrameUI.java:1356)
at javax.swing.plaf.basic.BasicInternalFrameUI$GlassPaneDispatcher.mouseReleased(BasicInternalFrameUI.java:1286)
at java.awt.Component.processMouseEvent(Component.java:5100)
at java.awt.Component.processEvent(Component.java:4897)
at java.awt.Container.processEvent(Container.java:1569)
at java.awt.Component.dispatchEventImpl(Component.java:3615)
at java.awt.Container.dispatchEventImpl(Container.java:1627)
at java.awt.Component.dispatchEvent(Component.java:3477)
at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:3483)
at java.awt.LightweightDispatcher.processMouseEvent(Container.java:3198)
at java.awt.LightweightDispatcher.dispatchEvent(Container.java:3128)
at java.awt.Container.dispatchEventImpl(Container.java:1613)
at java.awt.Window.dispatchEventImpl(Window.java:1606)
at java.awt.Component.dispatchEvent(Component.java:3477)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:480)
at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchThread.java:201)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:151)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:145)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:137)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:100)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA12275)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
at java.io.DataOutputStream.flush(DataOutputStream.java:101)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:198)
... 42 more
Caused by: sun.security.validator.ValidatorException: No trusted certificate found
at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304)
at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107)
at sun.security.validator.Validator.validate(Validator.java:202)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA12275)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA12275)
... 53 more
%%
looking at the keys with keytool I've noticed:
%%
Ofbiz CA
----------------
Owner: EMAILADDRESS=ca@ofbiz.org, CN=OFBiz Signing Authority, OU=http://www.ofbiz.org, O=OFBiz CA, C=US
Issuer: EMAILADDRESS=ca@ofbiz.org, CN=OFBiz Signing Authority, OU=http://www.ofbiz.org, O=OFBiz CA, C=US
Serial number: 0
Valid from: Wed Oct 27 12:48:36 PDT 2004 until: Fri Oct 20 12:48:36 PDT 2034
Certificate fingerprints:
MD5: D6:3D:03:DE:75:53:44:30:BF:DE:30:B4:9E:47:DD:8F
SHA1: 6B:4B:AF:86:C8:6B:79:12:C8:94:85:7C:88:BC:8D:7B:CC:51:B0:CC
client1:
------------------
Owner: CN=RMI Client, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
Issuer: EMAILADDRESS=ca@ofbiz.org, CN=OFBiz Signing Authority, OU=http://www.ofbiz.org, O=OFBiz CA, C=US
Serial number: 2
Valid from: Wed Oct 27 14:18:58 PDT 2004 until: Thu Oct 27 14:18:58 PDT 2005
Certificate fingerprints:
MD5: F3:CC:71:5C:A9:C8:EA:CC:AF:C6:24:F4:BA:FC:8E:10
SHA1: DE:DA:65:EA:18:7F:57:CB:03:E1:A9:85:FA:2D:80:CB:84:3C:28:DD
rmissl:
------------------
Owner: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
Issuer: EMAILADDRESS=ca@ofbiz.org, CN=OFBiz Signing Authority, OU=http://www.ofbiz.org, O=OFBiz CA, C=US
Serial number: 1
Valid from: Wed Oct 27 13:03:44 PDT 2004 until: Thu Oct 27 13:03:44 PDT 2005
Certificate fingerprints:
MD5: A4:ED:25:BA:10:19:DE:4C:7C:76:38:4B:2C:6E:E4:F6
SHA1: 3E:E1:AB:60:A0:C5:81:D7:4F:2E:CB:7A:CE:7D:72:24:B4:CC:B6:BF
%%
It seems to me that I'll need to do some hackery for client1/rmissl. I'm assuming that I don't trust myself, but perhaps a selfsign will work. Here's to the attempt...
Deletions:
Additions:
Wow, these dependencies are annoying if you're using Netbeans... I'll post something soon as I get it working
Additions:
** UPDATE **
It appears that the Authentication can be done by passing in a map of IN values, so that shouldn't be too bad. It also looks like I can leverage the existing system, and possibly create new roles that only exist for the PoS. David E. Jones pointed me to ExampleRemoteClient.java in framework\service\src\org\ofbiz\service\rmi which has some examples, as well as JARs and property files (not really sure why... must be something at runtime. I'll have to check later). Thankfully I'm using Ant for builds, so throwing in new libs shouldn't be too difficult - although my dist will be enormous in comparison to what it was (~496K if I remember correctly - writing this from memory at 0228 so I don't forget).
There are also examples in the handbook I picked up, so hopefully I can make a forray into the RMI soon.
PS - I think that I probably annoyed the hell out of David at the convention, he sure seemed agitated. My apologies, but in my defense the system really isn't that simple for someone going from 0-60 in a whole new arena of technologies. It becomes easy after the several years of experience one from the project possesses... I'd also say that picking up a lot in a few days is a definately admirable and defensible position...
That being said, sorry for disturbing and otherwise annoying.
It appears that the Authentication can be done by passing in a map of IN values, so that shouldn't be too bad. It also looks like I can leverage the existing system, and possibly create new roles that only exist for the PoS. David E. Jones pointed me to ExampleRemoteClient.java in framework\service\src\org\ofbiz\service\rmi which has some examples, as well as JARs and property files (not really sure why... must be something at runtime. I'll have to check later). Thankfully I'm using Ant for builds, so throwing in new libs shouldn't be too difficult - although my dist will be enormous in comparison to what it was (~496K if I remember correctly - writing this from memory at 0228 so I don't forget).
There are also examples in the handbook I picked up, so hopefully I can make a forray into the RMI soon.
PS - I think that I probably annoyed the hell out of David at the convention, he sure seemed agitated. My apologies, but in my defense the system really isn't that simple for someone going from 0-60 in a whole new arena of technologies. It becomes easy after the several years of experience one from the project possesses... I'd also say that picking up a lot in a few days is a definately admirable and defensible position...
That being said, sorry for disturbing and otherwise annoying.
Additions:
<< UPDATE: RMI goodness from OSCon 2006 << ::c::
==== RMI ====
It seems that after talking to folks at the BOF (David E Jones) last night, all I need to do to get my RMI on is the following:
1 - Create service definitions. I'll start with the already created one to check a price, and try that one
2 - Grab the RMI libs from the distro and compile against it
3 - call the method remotely and execute the service giving it call(method, valuemap) and get back a valuemap.
Authentication will still probably be a problem, we'll see. I'd love to see documentation of this somewhere - David said it exists somewhere, and sometime when it's not 0229 and I don't have to be up in a few hours, I'll indeed go and look... I promise
==== RMI ====
It seems that after talking to folks at the BOF (David E Jones) last night, all I need to do to get my RMI on is the following:
1 - Create service definitions. I'll start with the already created one to check a price, and try that one
2 - Grab the RMI libs from the distro and compile against it
3 - call the method remotely and execute the service giving it call(method, valuemap) and get back a valuemap.
Authentication will still probably be a problem, we'll see. I'd love to see documentation of this somewhere - David said it exists somewhere, and sometime when it's not 0229 and I don't have to be up in a few hours, I'll indeed go and look... I promise
Additions:
I'm not sure how the update queue(s) will work right now because I haven't begun researching how to build the servlet, and then the RMI on top of that. I'm hoping to just spin off a thread in the ""PoS"" Agent and have it ask the server every x minutes for taints. All caches will have standard methods: cache, destroy item, item tainted, lookup. It's also conceivable that you want to spin off a thread that does cache reclaiming every x seconds, or even use priority queues and lifetimes for individual datum (see below).
//Update//
I've implemented the caches as a factory pattern [[http://en.wikipedia.org/wiki/Factory_method_pattern (WikiPedia entry on pattern)]], so you grab a cache factory and ask it for a cache of users, products or orders. Right now it's implemented as a singleton, but part of the beauty of a factory is such that it's easily modifiable - it's conceivable that you might need multiple cache stores, partitioning for different reasons. It's also nice to be able to tweak the cache such that it can always lookup, that it can use a pqueue instead of a hashtable or any number of mutations.
Currently the ""RegisterAgent"" class contains caches and lookups are made against the agent itself. You could consider the register agent as the state of the register itself (see my comments on semi-autonomous negotiations and curvy clients). All caches will be purged upon shutdown (register close, app close) - there should be no writes to the backing store.
//Update//
I've implemented the caches as a factory pattern [[http://en.wikipedia.org/wiki/Factory_method_pattern (WikiPedia entry on pattern)]], so you grab a cache factory and ask it for a cache of users, products or orders. Right now it's implemented as a singleton, but part of the beauty of a factory is such that it's easily modifiable - it's conceivable that you might need multiple cache stores, partitioning for different reasons. It's also nice to be able to tweak the cache such that it can always lookup, that it can use a pqueue instead of a hashtable or any number of mutations.
Currently the ""RegisterAgent"" class contains caches and lookups are made against the agent itself. You could consider the register agent as the state of the register itself (see my comments on semi-autonomous negotiations and curvy clients). All caches will be purged upon shutdown (register close, app close) - there should be no writes to the backing store.
Deletions:
No Differences
