Tech

Truly Great Regex Tool

It isn’t very often that you come across a tool that is truly unique in what it does and is so complete that you abandon all other tools you’ve accumulated over time in favor of that one tool that just works.

I came across a regular expression builder that had me deleting all of my bookmarks for other builders. It is amazingly complete for everything I’ve ever needed in the world of regex. http://RegExr.com it is built using adobe flex and has an amazingly easy to user interface.

Regex Builder
Regular Expression Builder

This tool has a real time view of what your regular expression is doing. It handles both matching and replacing.

Tech

Drop All Tables in a Postgress Database

I came across an interesting technique for dropping all the tables in a PostgreSQL Database without dropping the whole database.  Just drop this little piece of code into the database and the returning set is a list of sql that can be coppied and pasted right back into the database.

[code]SELECT
‘DROP TABLE ‘||c.relname ||’ CASCADE;’
FROM pg_catalog.pg_class c
JOIN pg_catalog.pg_roles r ON r.oid = c.relowner
LEFT JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace
WHERE c.relkind IN (‘r’,”)
AND n.nspname NOT IN (‘pg_catalog’, ‘pg_toast’)
AND pg_catalog.pg_table_is_visible(c.oid)
ORDER BY 1;[/code]

I pulled this snipped of code from http://antydba.blogspot.com/2009/10/how-to-drop-all-tables-from-database.html Many Thanks!

Public Key Infrastructure ( PKI ), Tech

DER vs. CRT vs. CER vs. PEM Certificates

Certificates and Encodings

At its core an X.509 certificate is a digital document that has been encoded and/or digitally signed according to RFC 5280.

In fact, the term X.509 certificate usually refers to the IETF’s PKIX Certificate and CRL Profile of the X.509 v3 certificate standard, as specified in RFC 5280, commonly referred to as PKIX for Public Key Infrastructure (X.509).

X509 File Extensions

The first thing we have to understand is what each type of file extension is.   There is a lot of confusion about what DER, PEM, CRT, and CER are and many have incorrectly said that they are all interchangeable.  While in certain cases some can be interchanged the best practice is to identify how your certificate is encoded and then label it correctly.  Correctly labeled certificates will be much easier to manipulat

Encodings (also used as extensions)

  • .DER = The DER extension is used for binary DER encoded certificates. These files may also bear the CER or the CRT extension.   Proper English usage would be “I have a DER encoded certificate” not “I have a DER certificate”.
  • .PEM = The PEM extension is used for different types of X.509v3 files which contain ASCII (Base64) armored data prefixed with a “—– BEGIN …” line.

Common Extensions

  • .CRT = The CRT extension is used for certificates. The certificates may be encoded as binary DER or as ASCII PEM. The CER and CRT extensions are nearly synonymous.  Most common among *nix systems
  • CER = alternate form of .crt (Microsoft Convention) You can use MS to convert .crt to .cer (.both DER encoded .cer, or base64[PEM] encoded .cer)  The .cer file extension is also recognized by IE as a command to run a MS cryptoAPI command (specifically rundll32.exe cryptext.dll,CryptExtOpenCER) which displays a dialogue for importing and/or viewing certificate contents.
  • .KEY = The KEY extension is used both for public and private PKCS#8 keys. The keys may be encoded as binary DER or as ASCII PEM.

The only time CRT and CER can safely be interchanged is when the encoding type can be identical.  (ie  PEM encoded CRT = PEM encoded CER)

Common OpenSSL Certificate Manipulations

There are four basic types of certificate manipulations. View, Transform, Combination , and Extraction

View

Even though PEM encoded certificates are ASCII they are not human readable.  Here are some commands that will let you output the contents of a certificate in human readable form;

View PEM encoded certificate

Use the command that has the extension of your certificate replacing cert.xxx with the name of your certificate

openssl x509 -in cert.pem -text -noout
openssl x509 -in cert.cer -text -noout
openssl x509 -in cert.crt -text -noout

If you get the folowing error it means that you are trying to view a DER encoded certifciate and need to use the commands in the “View DER encoded certificate  below”

unable to load certificate
12626:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: TRUSTED CERTIFICATE

View DER encoded Certificate

openssl x509 -in certificate.der -inform der -text -noout

If you get the following error it means that you are trying to view a PEM encoded certificate with a command meant for DER encoded certs. Use a command in the “View PEM encoded certificate above

unable to load certificate
13978:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1306:
13978:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:380:Type=X509

Transform

Transforms can take one type of encoded certificate to another. (ie. PEM To DER conversion)

PEM to DER

openssl x509 -in cert.crt -outform der -out cert.der

DER to PEM

openssl x509 -in cert.crt -inform der -outform pem -out cert.pem

Combination

In some cases it is advantageous to combine multiple pieces of the X.509 infrastructure into a single file.  One common example would be to combine both the private key and public key into the same certificate.

The easiest way to combine certs keys and chains is to convert each to a PEM encoded certificate then simple copy the contents of each file into a new file.   This is suitable for combining files to use in applications lie Apache.

Extraction

Some certs will come in a combined form.  Where one file can contain any one of: Certificate, Private Key, Public Key, Signed Certificate, Certificate Authority (CA), and/or Authority Chain.

Tech

Blog Integration

I’ve been trying for some time now to get wordpress to integrate more tightly with Facebook and Twitter.   The Few times I’ve tried this before has provided sub optimal results.   Right now it’s all working using two different plugins that seem to give me more functionality than I really need.

For Twitter i’m using http://www.joedolson.com/articles/wp-to-twitter/ this enables me to post to twitter, and bit.ly for tracking.

The facebook plugin I’m using is much more complicated than just posting to my wall.  It has a much tighter integration with FB.  In fact you have to go get a developer’s key to get this to work.  The name of this plugin is WPBook.  This plugin really embeds WordPress into the facebook canvas.

I hope to be able to share my blog more.  I’ve seen how much my wife loves blogging.  I hope that I can contribute something more useful than m my usual ramblings of an idiot.

Novell

Novel ldentity Manager

I’ve been doing a lot of training lately on Novell Identity Manager.

WOW what a sweet product.   And the ROI is incredible.  I hope to be able to share some of the features and returns here.

Tech

In Search of the Perfect Wiki

I set out on a mission this week to find the perfect wiki, I had been completely on finding a dozen or so wikis and installing them in various fashions and trying out a feature/wish list hoping that I would find one that suited all my needs and as many Wants as I could get.   I fell in love with mediawiki when I was in school to document all my projects, and keep track of my thoughts.  But the lack of ACLs has sent me back to the great cloud to seek out an alternative.

Here were my requirements

Needs

  • Open Source – This particular project had a budget of 0 dollars.  Preferably some GPL or LGPL project.
  • Written in PHP – I already have a LAMP infrastructure so Python/Java/Perl were out.
  • Flat File or MySQL page storage
  • ACLs – Must be able to make some pages readable but not editable by certain groups.
  • LDAP Authentication – Own Database ok but would prefer to centralize passwords
  • Page Versioning – Must be able to roll back changes
  • Search – Page Titles
  • Syntax Highlighting – Trust me, its just better that way.

Wants

  • Easy to setup – I know a pipe dream but there’s always hope.
  • Page Versioning – Be able to diff pages between all versions
  • Search – Full text
  • Syntax similar to MediaWiki – Its what I’m used to
  • Tagging – Have be able to order/organize the pages someway.

Then as I started my search I found a little site that took all the fun out of it.

http://www.wikimatrix.org/

The search feature quickly narrowed my search down to these few wikis. I threw MediaWIki into the works just to keep a baseline for features I would gain or lose.

http://www.wikimatrix.org/compare/DokuWiki+MoinMoin+PhpWiki+TikiWiki-CMS-Groupware+MediaWiki

These are my finalists that I will be installing an playing with.

DokuWiki

MoinMoin – was quickly discarded because it was written in python.

PHPWiki

TikiWiki

MediaWIki – I’ve heard rumors of an ACL plugin that would just barely give the amount of control needed.