JAAS, EJB, GlassFish2 and session key/id
I use standalone EJB client to connect to GlassFish 2. I use custom login module on Aplication server side and ProgrammaticLogin to enter login and password.
I see that every call to any of my remote methods is resulted in sending my login and password to Application server (to my login module).
I do not want it sends login/password every time but only first time. Id like to do smth as it is done in http session.
Id like to send login and password only once when I lookup my remote interface or when I do explicit login. Then if authentication is successes Ive got smth like session key/id and use it for client identification.
How I can implement it? How I can send session key back to client on successful login? Is it possible at all in JAAS/EJB world?
I think there's something wrong with your application. Have you checked google? There's plenty of threads about this same problem here already please refer to them. Please copy paste your whole stacktrace here, we experts can't help you otherwise.
Best Regards, Angus
Similar Messages
-
With LEAP, a session key is used. Cisco docs point out, that after the authentication phase, the session key is distributed from the RADIUS Server to the AP and Client.
Does this mean, that the session key is transmitted in cleartext?
I would be very happy to have an answer or doc, which offers an answer to my question.
Thanks in advance
EdgarLEAP is based on symetric keys which are generated on the RADIUS Server and the Client. The Client and Server do authentication using MS-CHAP which uses a U/P. The password is not sent over the network instead a hash key is sent. MSCHAP hashes are known to be volnurable to dictionary attacks. (If I remember correctly LEAP supports mutual auth but I forget how the client authenticates the server). If successfull both the client and the server generate the same WEP key based on the password and other clear text values. The server sends the key to the AP. This transfer is over a wired network but is encrypted. When LEAP is setup, a shared secret must be configured on the RADIUS server and the AP. This secret is used to encrypt the keys passed between the Server and AP. LEAP will also make sure that the WEP keys are rotated.
Serge -
EJB - MDB and Session and Entity - Seem to always run under same Thread
I am working on an application that implemets a connection from an MDB to a Session EJB which inturn connects to a Entity EJB. All connections are impemented as Local Home. I use log4j for tracing and notice that the thread ID reported for all activity is the same "Thread ID: MessageListenerThreadPool : 0" .
This confuses me because I thought that all EJB's would execute under different threads. Have I done something wrong? Have I missinterpreted the EJB implementation? Any opinions would be greatly appreciated!!Hi Kelly,
This is a slight misinterpretation of the EJB threading requirements. There are a couple different issues as play here. First, the main threading guarantee made by the spec is that a particular instance of an EJB will not be invoked by the container on more than one thread at a time. This is one of the guarantees that simplifies the EJB programming model so that developers don't have to do anything special (e.g. the use of synchronized blocks) to handle concurrent access. Second, the EJB Local programming model requires that invocations have pass-by-reference semantics. Of course, the easiest way for the container to provide that behavior is to literally make the local invocation on the same thread.
The call-flow you're describing touches a single instance from three different beans, so the threading guarantee is not violated. Hope that clears things up a bit.
--ken -
Session key and MAC generation in SCP '02' i='15'
Hi,
I am trying send a PUT KEY command and it resolves to '6982' after a '9000' EXTERNAL AUTHENTICATE.
I suspect that my encryption is causing the problem.(not really sure!)
I compare my session keys to some that ppl had derived and posted on the forum and I don't really get what they did.
I am trying to find out if I'm deriving the correct session keys or not?!?!
e.g
//Calculating session keys with
//static key = '404142434445464748494a4b4c4d4e4f' (keyData)
//sequence counter = '003b'
//"0101" + sequenceCounter + "000000000000000000000000" for session CMAC key (data)
//"0102" + sequenceCounter + "000000000000000000000000" for session RMAC key (data)
//"0181" + sequenceCounter + "000000000000000000000000" for session DEK key (data)
//"0182" + sequenceCounter + "000000000000000000000000" for session ENC key (data)
//sessionCMAC is :3213860da8f8d9796794cbcec43ef7a23213860da8f8d979: with sequence counter:003b (result)
//sessionRMAC is :042a687f6e0dd3f80eabf1e5d51ccefe042a687f6e0dd3f8: with sequence counter:003b (result)
//sessionDEK is :1fe31370c22354e3b90d6b8ad5686d371fe31370c22354e3: with sequence counter:003b (result)
//sessionENC is :94a47ad54ffbf423fe4a9d915befab5294a47ad54ffbf423: with sequence counter:003b (result)
<code>
if (keyData.length == 16) {
byte[] temp = (byte[]) keyData.clone();
keyData = new byte[24];
System.arraycopy(temp, 0, keyData, 0, temp.length);
System.arraycopy(temp, 0, keyData, 16, 8);
DESedeKeySpec keySpec = new DESedeKeySpec(keyData);
SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("DESede");
SecretKey key = secretKeyFactory.generateSecret(keySpec);
IvParameterSpec iv = new IvParameterSpec(new byte[]{0, 0, 0, 0, 0, 0, 0, 0});
Cipher desedeCBCCipher = Cipher.getInstance("DESede/CBC/NoPadding");
desedeCBCCipher.init(Cipher.ENCRYPT_MODE, key, iv);
byte[] result = desedeCBCCipher.doFinal(data);
if (result .length == 16) {
byte[] temp = (byte[]) result .clone();
result = new byte[24];
System.arraycopy(temp, 0, result , 0, temp.length);
System.arraycopy(temp, 0, result , 16, 8);
keySpec = new DESedeKeySpec(result);
secretKeyFactory = SecretKeyFactory.getInstance("DESede");
key = secretKeyFactory.generateSecret(keySpec);
</code>
I use the same encrytion to derive KeyCheckValue with
newKey ='505152535455565758595a5b5c5d5e5f', data = '0000000000000000'
and it results to : '6d377e' (of course the last 3 bytes)
Even though my CMAC session key is different from others (e.g "RLopes" in "http://192.9.162.102/thread.jspa?threadID=5365173&tstart=363" and I have seen it in others too and its really odd to me that its slightly different if you take a close look you will get what i mean) i get the EXTERNAL AUTHENTICATION to work.
If there is anyone who is 100% sure meaning he/she got other commands to work after EXTERNAL AUTHENTICATE using CMAC please help me verify the keys I got?
Can he/she test with his code to see if he/she is getting the same session keys or check value?
Thanks in advance
KamranHi,
Here is the Class and thanks for the tip, I've honestly tried these <code></code> but didn't work and I know it is indeed annoying without the tags :D
I really hope it helps...
* To change this template, choose Tools | Templates
* and open the template in the editor.
package terminalpcsc;
import java.lang.Exception;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.SecureRandom;
import java.util.List;
import javax.crypto.*;
import javax.crypto.spec.*;
import javax.security.sasl.AuthenticationException;
import javax.smartcardio.*;
* @author Kamran
* @param args the command line arguments
public class Main {
private static CardChannel channel;
private static Card card;
private static int CHALLENGE_LENGTH = 8;
private static byte[] keyDiversification = new byte[10];
private static byte[] keyInformation = new byte[2];
private static byte[] sequenceCounter = new byte[2];
private static byte[] cardChallenge = new byte[6];
private static byte[] cardCryptogram = new byte[8];
private static byte[] hostChallenge = new byte[8];
private static byte[] hostCryptogram = new byte[8];
private static String keyDiversificationHexString;
private static String keyInformationHexString;
private static String sequenceCounterHexString;
private static String cardChallengeHexString;
private static String cardCryptogramHexString;
private static String hostChallengeHexString;
private static String hostCryptogramHexString;
private static byte[] sessionCMAC;
private static byte[] sessionDEK;
private static byte[] sessionENC;
private static byte[] sessionRMAC;
private static byte[] icvNextCommand;
private static IvParameterSpec ivAllZeros = new IvParameterSpec(new byte[]{0, 0, 0, 0, 0, 0, 0, 0});
private static byte[] staticKey = hexStringToByteArray("404142434445464748494a4b4c4d4e4f4041424344454647");
private static byte[] newKey = hexStringToByteArray("505152535455565758595a5b5c5d5e5f");
private static byte[] CMAC;
* @param args the command line arguments
public static void main(String[] args) throws Exception {
initiateCardChannel();
String apduString = generateSelectAPDU("a000000003535041");
byte[] bufferC = hexStringToByteArray(apduString);
CommandAPDU capdu = new CommandAPDU(bufferC);
System.out.println("Sending APDU Select AID: " + byteArrayToHexString(bufferC));
ResponseAPDU rapdu = channel.transmit(capdu);
System.out.println("Sending Apdu: Done!");
System.out.println("Waiting For Response...");
byte[] bufferR = rapdu.getData();
String responseData = byteArrayToHexString(rapdu.getBytes());
System.out.println("Response: " + responseData);
apduString = generateInitializeUpdateAPDU();
bufferC = hexStringToByteArray(apduString);
capdu = new CommandAPDU(bufferC);
System.out.println("Sending APDU Initialize Update: " + byteArrayToHexString(bufferC));
rapdu = channel.transmit(capdu);
System.out.println("Sending Apdu: Done!");
System.out.println("Waiting For Response...");
bufferR = rapdu.getData();
responseData = byteArrayToHexString(rapdu.getBytes());
System.out.println("Response: " + responseData);
// protocol 01
//System.arraycopy(bufferR,0,keyDiversification,0,10);
//System.arraycopy(bufferR,10,keyInformation,0,2);
//System.arraycopy(bufferR,12,cardChallenge,0,8);
//System.arraycopy(bufferR,20,cardCryptogram,0,8);
// protocol 02
System.arraycopy(bufferR, 0, keyDiversification, 0, 10);
System.arraycopy(bufferR, 10, keyInformation, 0, 2);
System.arraycopy(bufferR, 12, sequenceCounter, 0, 2);
System.arraycopy(bufferR, 14, cardChallenge, 0, 6);
System.arraycopy(bufferR, 20, cardCryptogram, 0, 8);
keyDiversificationHexString = byteArrayToHexString(keyDiversification);
keyInformationHexString = byteArrayToHexString(keyInformation);
sequenceCounterHexString = byteArrayToHexString(sequenceCounter);
cardChallengeHexString = byteArrayToHexString(cardChallenge);
cardCryptogramHexString = byteArrayToHexString(cardCryptogram);
System.out.println("keyDiversification: " + keyDiversificationHexString);
System.out.println("keyInformation: " + keyInformationHexString);
System.out.println("sequenceCounter: " + sequenceCounterHexString);
System.out.println("cardChallenge: " + cardChallengeHexString);
System.out.println("cardCryptogram: " + cardCryptogramHexString);
System.out.println("Calculating Session Keys... encryption with CBC");
//E.4.1 GP 2.1.1
sessionCMAC = deriveEncryptionCBC(staticKey, hexStringToByteArray("0101" + sequenceCounterHexString + "000000000000000000000000"));
System.out.println("sessionCMAC is :" + byteArrayToHexString(sessionCMAC) + ": with sequence counter:" + sequenceCounterHexString);
sessionRMAC = deriveEncryptionCBC(staticKey, hexStringToByteArray("0102" + sequenceCounterHexString + "000000000000000000000000"));
System.out.println("sessionRMAC is :" + byteArrayToHexString(sessionRMAC) + ": with sequence counter:" + sequenceCounterHexString);
sessionDEK = deriveEncryptionCBC(staticKey, hexStringToByteArray("0181" + sequenceCounterHexString + "000000000000000000000000"));
System.out.println("sessionDEK is :" + byteArrayToHexString(sessionDEK) + ": with sequence counter:" + sequenceCounterHexString);
sessionENC = deriveEncryptionCBC(staticKey, hexStringToByteArray("0182" + sequenceCounterHexString + "000000000000000000000000"));
System.out.println("sessionENC is :" + byteArrayToHexString(sessionENC) + ": with sequence counter:" + sequenceCounterHexString);
System.out.println("Calculating and Verifying Card Cryptogram...");
byte[] signature = cbcMACSignature(hexStringToByteArray(hostChallengeHexString + sequenceCounterHexString + cardChallengeHexString + "8000000000000000"), sessionENC);
String signatureHexString = byteArrayToHexString(signature);
if (signatureHexString.equalsIgnoreCase(cardCryptogramHexString)) {
System.out.println("signature is :" + signatureHexString + "\ncardCryptogram is :" + cardCryptogramHexString + " \nCard cryptogram authenticated");
apduString = generateExternalAuthenticateAPDU();
bufferC = hexStringToByteArray(apduString);
capdu = new CommandAPDU(bufferC);
System.out.println("Sending APDU External Authenticate: " + byteArrayToHexString(bufferC));
rapdu = channel.transmit(capdu);
System.out.println("Sending Apdu: Done!");
System.out.println("Waiting For Response...");
bufferR = rapdu.getData();
responseData = byteArrayToHexString(rapdu.getBytes());
System.out.println("Response: " + responseData);
apduString = generatePutKeyAPDU();
bufferC = hexStringToByteArray(apduString);
capdu = new CommandAPDU(bufferC);
System.out.println("Sending APDU Put Key: " + byteArrayToHexString(bufferC));
rapdu = channel.transmit(capdu);
System.out.println("Sending Apdu: Done!");
System.out.println("Waiting For Response...");
bufferR = rapdu.getData();
responseData = byteArrayToHexString(rapdu.getBytes());
System.out.println("Response: " + responseData);
} else {
System.out.println("signature is :" + signatureHexString + "\ncardCryptogram is :" + cardCryptogramHexString + " \nCard cryptogram is not authenticated");
releaseCardChannel();
public static byte[] cbcMACSignature(byte[] data, byte[] sessionSENC) throws AuthenticationException {
IvParameterSpec params =
new IvParameterSpec(new byte[]{0, 0, 0, 0, 0, 0, 0, 0});
if (sessionSENC.length == 16) {
byte[] temp = (byte[]) sessionSENC.clone();
sessionSENC = new byte[24];
System.arraycopy(temp, 0, sessionSENC, 0, temp.length);
System.arraycopy(temp, 0, sessionSENC, 16, 8);
byte[] temp = null;
SecretKey secretKey = new SecretKeySpec(sessionSENC, "DESede");
try {
Cipher cbcDES = Cipher.getInstance("DESede/CBC/NoPadding");
cbcDES.init(Cipher.ENCRYPT_MODE, secretKey, params);
temp = cbcDES.doFinal(data);
} catch (GeneralSecurityException e) {
e.printStackTrace();
byte[] signature = new byte[8];
System.arraycopy(temp, temp.length - 8, signature, 0, signature.length);
return signature;
// generateInitialUpdateAPDU()
//CLA '80'
//INS '50' INITIALIZE UPDATE
//P1 'xx' Key Version Number
//P2 '00' Reference control parameter P2
//Lc '08' Length of host challenge
//Data 'xx xx…' Host challenge
//Le '00'
//RESPONSE TEMPLATE
//Key diversification data 10 bytes
//Key information 2 bytes
//Card challenge 8 bytes
//Card cryptogram 8 bytes
public static String generateInitializeUpdateAPDU() throws Exception {
hostChallenge = generateHostChallenge();
hostChallengeHexString = byteArrayToHexString(hostChallenge);
return "8050000008" + hostChallengeHexString + "00";
//CLA '80' or '84'
//INS 'D8' PUT KEY
//P1 'xx' Reference control parameter P1 Key Version Number -- '00' is new key range is '01' to '7F'
//P2 'xx' Reference control parameter P2 Key Identifier -- '00' to '7F'
//Lc 'xx' Length of data field
//Data 'xxxx..' Key data (and MAC if present)
//Le '00'
public static String generatePutKeyAPDU() throws Exception {
String keyCheckValue = new String();
//keyCheckValue = keyCheckValue.substring(keyCheckValue.length() - (3 * 2));
keyCheckValue = byteArrayToHexString(deriveEncryptionECB(newKey, hexStringToByteArray("0000000000000000")));
keyCheckValue = keyCheckValue.substring(keyCheckValue.length() - (3 * 2));
System.out.println("keyCheckValue :" + keyCheckValue + " 3DES ECB, key is new key '505152535455565758595a5b5c5d5e5f5051525354555657', data is 8 zeroes");
String encryptedNewKey = byteArrayToHexString(deriveEncryptionECB(sessionDEK, newKey));
//System.out.println("sessionDEK.getEncoded() :" + sessionDEK.getEncoded() + " len is:" + sessionDEK.getEncoded().length);
System.out.println("encryptedNewKey :" + encryptedNewKey);
//testing newKey
String dataField = "01" + "8010" + encryptedNewKey + "03" + keyCheckValue + "8010" + encryptedNewKey + "03" + keyCheckValue + "8010" + encryptedNewKey + "03" + keyCheckValue;
// String dataField2 = "01" + "8010" + byteArrayToHexString(newKey) + "03" + keyCheckValue + "8010" + byteArrayToHexString(newKey) + "03" + keyCheckValue + "8010" + byteArrayToHexString(newKey) + "03" + keyCheckValue;
System.out.println("datafield to calculate cmac :" + dataField);
System.out.println("icv to calculate cmac is previous mac first 8 byte sessionCMAC in CBC single des :" + byteArrayToHexString(icvNextCommand));
CMAC = generateCMac2((byte) 0x84, (byte) 0xD8, (byte) 0x00, (byte) 0x81, hexStringToByteArray(dataField), sessionCMAC, icvNextCommand);
System.out.println("data field with des padding for encryption (encryption in CBC sessionENC) :" + desPadding(dataField));
String dataField3 = byteArrayToHexString(deriveEncryptionCBC(sessionENC, hexStringToByteArray(desPadding(dataField))));
System.out.println("data field after encryption :" + dataField3);
Integer CMACLen = byteArrayToHexString(CMAC).length() / 2;
System.out.println("CMACLen :" + CMACLen);
Integer dataFieldLen = dataField3.length() / 2;
System.out.println("dataFieldLen :" + dataFieldLen);
Integer intLc = dataFieldLen + CMACLen;
System.out.println("intLc :" + intLc);
String hexLc = Integer.toString(intLc, 16);
System.out.println("hexLc :" + hexLc);
return "84D80081" + hexLc + dataField3 + byteArrayToHexString(CMAC) + "00";
//generateExternalAuthenticateAPDU()
//CLA '84'
//INS '82' EXTERNAL AUTHENTICATE
//P1 'xx' Security level --'03' C-DECRYPTION and C-MAC.--'01' C-MAC.'00' No secure messaging expected.
//P2 '00' Reference control parameter P2
//Lc '10' Length of host cryptogram and MAC
//Data 'xx xx…' Host cryptogram and MAC
//Le Not present
public static String generateExternalAuthenticateAPDU() throws Exception {
System.out.println("Calculating and Verifying Host Cryptogram...");
hostCryptogram = cbcMACSignature(hexStringToByteArray(sequenceCounterHexString + cardChallengeHexString + hostChallengeHexString + "8000000000000000"), sessionENC);
hostCryptogramHexString = byteArrayToHexString(hostCryptogram);
System.out.println("hostCryptogram is :" + hostCryptogramHexString);
CMAC = generateCMac2((byte) 0x84, (byte) 0x82, (byte) 0x03, (byte) 0x00, hostCryptogram, sessionCMAC, new byte[]{0, 0, 0, 0, 0, 0, 0, 0});
return "8482030010" + hostCryptogramHexString + byteArrayToHexString(CMAC);
// generateSelectAPDU()
//CLA '00' ISO/IEC 7816-4 command
//INS 'A4' SELECT
//P1 'xx' Reference control parameter P1 --'04' select by name
//P2 'xx' Reference control parameter P2 --'00' First or only occurrence --'02' Next occurrence
//Lc 'xx' Length of AID
//Data 'xxxx..' AID of Application to be selected
//Le '00'
// RESPONSE TEMPLATE
//'6F' File Control Information (FCI template) Mandatory
//'84' Application / file AID Mandatory
//'A5' Proprietary data Mandatory
//'73' Security Domain Management Data (see Appendix F for detailed coding) Optional
//'9F6E' Application production life cycle data Optional
//'9F65' Maximum length of data field in command message Mandatory
public static String generateSelectAPDU(String AID) throws Exception {
String AIDlen = Integer.toString(AID.length() / 2, 16);
if (AIDlen.length() == 1) {
AIDlen = "0" + AIDlen;
System.out.println("00A40400" + AIDlen + AID);
return "00A40400" + AIDlen + AID;
public static String byteArrayToHexString(byte[] b) throws Exception {
String result = "";
for (int i = 0; i < b.length; i++) {
result +=
Integer.toString((b[i] & 0xff) + 0x100, 16).substring(1);
return result;
public static void initiateCardChannel() throws CardException {
System.out.println("Connecting to Java Card...");
TerminalFactory factory = TerminalFactory.getDefault();
List<CardTerminal> terminals = factory.terminals().list();
System.out.println("Terminals Detected: " + terminals);
// get the first terminal
System.out.println("Connecting to: " + terminals + "...");
CardTerminal terminal = terminals.get(0);
System.out.println("Connected to: " + terminals);
// establish a connection with the card
System.out.println("Connecting to Java Card...");
card = terminal.connect("T=0");
System.out.println("Connected to card: " + card);
System.out.println("Obtaining Channel...");
channel = card.getBasicChannel();
System.out.println("Connecting to Channel: " + channel.getChannelNumber());
public static void releaseCardChannel() throws CardException {
System.out.println("Disconnection all...");
card.disconnect(false);
System.out.println("Disconnection Done");
System.out.println("*END*");
public static byte[] hexStringToByteArray(String s) {
int len = s.length();
byte[] data = new byte[len / 2];
for (int i = 0; i < len; i += 2) {
data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4) + Character.digit(s.charAt(i + 1), 16));
return data;
//To generate the derivation data:
public static byte[] deriveEncryptionCBC(byte[] keyData, byte[] data) throws GeneralSecurityException {
//Key key = getSecretKey(keyData);
if (keyData.length == 16) {
byte[] temp = (byte[]) keyData.clone();
keyData = new byte[24];
System.arraycopy(temp, 0, keyData, 0, temp.length);
System.arraycopy(temp, 0, keyData, 16, 8);
SecretKey secretKey = new SecretKeySpec(keyData, "DESede");
IvParameterSpec dps =
new IvParameterSpec(new byte[]{0, 0, 0, 0, 0, 0, 0, 0});
String algorithm = "DESede/CBC/NoPadding";
Cipher desedeCBCCipher = Cipher.getInstance(algorithm);
desedeCBCCipher.init(Cipher.ENCRYPT_MODE, secretKey, dps);
byte[] result = desedeCBCCipher.doFinal(data);
//adjustParity(result);
return result;
public static byte[] deriveEncryptionECB(byte[] keyData, byte[] data) throws GeneralSecurityException {
//Key key = getSecretKey(keyData);
if (keyData.length == 16) {
byte[] temp = (byte[]) keyData.clone();
keyData = new byte[24];
System.arraycopy(temp, 0, keyData, 0, temp.length);
System.arraycopy(temp, 0, keyData, 16, 8);
SecretKey secretKey = new SecretKeySpec(keyData, "DESede");
String algorithm = "DESede/ECB/NoPadding";
Cipher desedeCBCCipher = Cipher.getInstance(algorithm);
desedeCBCCipher.init(Cipher.ENCRYPT_MODE, secretKey);
byte[] result = desedeCBCCipher.doFinal(data);
//adjustParity(result);
return result;
* Adjust a DES key to odd parity
* @param key
* to be adjusted
public static byte[] adjustParity(byte[] key) {
for (int i = 0; i < key.length; i++) {
int akku = (key[i] & 0xFF) | 1;
for (int c = 7; c > 0; c--) {
akku = (akku & 1) ^ (akku >> 1);
key[i] = (byte) ((key[i] & 0xFE) | akku);
return key;
public static byte[] generateCMac2(byte cla, byte ins, byte p1, byte p2, byte[] dataField, byte[] SMacSessionKey, byte[] icv) throws GeneralSecurityException, Exception {
if (SMacSessionKey.length == 16) {
byte[] temp = (byte[]) SMacSessionKey.clone();
SMacSessionKey = new byte[24];
System.arraycopy(temp, 0, SMacSessionKey, 0, temp.length);
System.arraycopy(temp, 0, SMacSessionKey, 16, 8);
byte[] cMac = new byte[8];
byte[] padding = {(byte) 0x80, 0, 0, 0, 0, 0, 0, 0};
int paddingRequired = 8 - (5 + dataField.length) % 8;
byte[] data = new byte[5 + dataField.length + paddingRequired];
//Build APDU
data[0] = cla;
data[1] = ins;
data[2] = p1;
data[3] = p2;
data[4] = (byte) ((byte) dataField.length + (byte) 0x08);
System.arraycopy(dataField, 0, data, 5, dataField.length);
System.arraycopy(padding, 0, data, 5 + dataField.length, paddingRequired);
System.out.println("data to calculate mac :" + byteArrayToHexString(data));
System.out.println("icv to calculate mac :" + byteArrayToHexString(icv));
Cipher cipher = Cipher.getInstance("DESede/CBC/NoPadding");
Cipher singleDesCipher = Cipher.getInstance("DES/CBC/NoPadding", "SunJCE");
SecretKeySpec desSingleKey = new SecretKeySpec(SMacSessionKey, 0, 8, "DES");
SecretKey secretKey = new SecretKeySpec(SMacSessionKey, "DESede");
//Calculate the first n - 1 block. For this case, n = 1
IvParameterSpec ivSpec = new IvParameterSpec(icv);
singleDesCipher.init(Cipher.ENCRYPT_MODE, desSingleKey, ivSpec);
byte ivForLastBlock[] = singleDesCipher.doFinal(data, 0, 8);
int blocks = data.length / 8;
for (int i = 0; i < blocks - 1; i++) {
singleDesCipher.init(Cipher.ENCRYPT_MODE, desSingleKey, ivSpec);
byte[] block = singleDesCipher.doFinal(data, i * 8, 8);
ivSpec = new IvParameterSpec(block);
int offset = (blocks - 1) * 8;
cipher.init(Cipher.ENCRYPT_MODE, secretKey, ivSpec);
cMac = cipher.doFinal(data, offset, 8);
ivSpec = new IvParameterSpec(new byte[8]);
singleDesCipher.init(Cipher.ENCRYPT_MODE, desSingleKey, ivSpec);
icvNextCommand = singleDesCipher.doFinal(cMac);
return cMac;
public static byte[] generateHostChallenge() {
byte[] hostChallenge = new byte[CHALLENGE_LENGTH];
SecureRandom random = new SecureRandom();
random.nextBytes(hostChallenge);
return hostChallenge;
public static String desPadding(String hexString) {
System.out.println("String to pad before:" + hexString);
hexString = hexString + "80";
int hexStringLen = hexString.length() / 2;
int padding = 8 - (hexStringLen % 8);
for (int i = 0; i < padding; i++) {
hexString = hexString + "00";
System.out.println("String to pad after :" + hexString);
return hexString;
}Thanks in advance
Kamran -
ADF – Could I have HttpSession and EJB 3 Statefull session in same applicat
I am using JDeveloper 10.3.2. Fist I create a single demo application to create EJB Session Bean (Statefull) and is working fine.
When I am trying to use the same EJB to my large Application a got runtime Error,
Without any exception. (Losing the information of EJB).
And the Question is, Shall I use HttpSession and EJB 3 Statefull session in same application?Hi,
if it is a Web application you need the https session anyway and the two are different kind of beasts, one handled by teh EJB container, the other by the web container.
The question is why you ned stateful session beans - which seems to be a rare usecase? Usually state is persisted and tracked in the business service.
However, without an error message its hard to tell what going wrong here
Frank -
Session Key and initialization vector
Hi,
is the session key the key used with the initialization vector IV as input parameters for the RC4algorithm? In this way the server and the client derive the WEP key for the data unicast encryption.
Very thancks.Since december 2000, we support a session key, which is negociated by the LEAP protocol after a login/password authentication with the Cisco Secure ACS Radius server. With this implementation the session key is used as the input parameter for the RC4 algorithm.
Since december 2001, we have a new firmware release (actual AP release 11.21 available on CCO) that support a 'TKIP' implementation, where the session key is hashed for each packet to obtain a uniq 'packet' key, used as the input parameter for the RC4 algo for the packet. The radio firmware must be upgraded in both AP and Client. -
Javacard and session variables
Hello,
I'm trying to find a reasonable Javacard technique to handle "session variables" that must be kept between successive APDUs, but must be re-initialized on each card reset (and/or each time the application is selected); e.g. currently selected file, currently selected record, current session key, has the user PIN been verified...
Such variables are best held in RAM, since changing permanent (EEPROM or Flash) variables is so slow (and in the long run limiting the operational life of the card).
Examples in the Java Card Kit 2.2.2 (e.g. JavaPurseCrypto.java) manipulate session variables in the following way:
1) The programmers group session variables of basic type (Short, Byte, Boolean) according to type, and map each such variable at an explicit index of a vector (one per basic type used as session variable).
2) At install() time, each such vector, and each vector session variable, is explicitly allocated as a transient object, and this object is stored in a field of the application (in permanent memory), where it remains across resets.
3) Each use of a session variable of basic type is explicitly translated by the programmer into using the appropriately numbered element of the appropriate vector.
4) Vector session variables require no further syntactic juggling, but eat up an object descriptor worth of permanent data memory (EEPROM or Flash), and a function call + object affectation worth of applet-storage memory (EEPROM, Flash or ROM).
The preparatory phase goes:
public class MyApp extends Applet {
// transientShorts array indices
final static byte TN_IX = 0;
final static byte NEW_BALANCE_IX=(byte)TN_IX+1;
final static byte CURRENT_BALANCE_IX=(byte)NEW_BALANCE_IX+1;
final static byte AMOUNT_IX=(byte)CURRENT_BALANCE_IX+1;
final static byte TRANSACTION_TYPE_IX=(byte)AMOUNT_IX+1;
final static byte SELECTED_FILE_IX=(byte)TRANSACTION_TYPE_IX+1;
final static byte NUM_TRANSIENT_SHORTS=(byte)SELECTED_FILE_IX+1;
// transientBools array indices
final static byte TRANSACTION_INITIALIZED=0;
final static byte UPDATE_INITIALIZED=(byte)TRANSACTION_INITIALIZED+1;
final static byte NUM_TRANSIENT_BOOLS=(byte)UPDATE_INITIALIZED+1;
// remanent variables holding reference for transient variables
private short[] transientShorts;
private boolean[] transientBools;
private byte[] CAD_ID_array;
private byte[] byteArray8; // Signature work array
// install method
public static void install( byte[] bArray, short bOffset, byte bLength ) {
//Create transient objects.
transientShorts = JCSystem.makeTransientShortArray( NUM_TRANSIENT_SHORTS,
JCSystem.CLEAR_ON_DESELECT);
transientBools = JCSystem.makeTransientBooleanArray( NUM_TRANSIENT_BOOLS,
JCSystem.CLEAR_ON_DESELECT);
CAD_ID_array = JCSystem.makeTransientByteArray( (short)4,
JCSystem.CLEAR_ON_DESELECT);
byteArray8 = JCSystem.makeTransientByteArray( (short)8,
JCSystem.CLEAR_ON_DESELECT);
(..)and when it's time for usage, things go:
if (transientShorts[SELECTED_FILE_IX] == (short)0)
transientShorts[SELECTED_FILE_IX] == fid;
transientBools[UPDATE_INITIALIZED] =
sig.verify(MAC_buffer, (short)0, (short)10,
byteArray8, START, SIGNATURE_LENGTH);I find this
a) Verbose and complex.
b) Error-prone: there is nothing to prevent the accidental use of transientShorts[UPDATE_INITIALIZED].
c) Wastefull of memory: each use of a basic-type state variable wastes some code; each vector state variable wastes an object-descriptor worth of permanent data memory, and code for its allocation.
d) Slow at runtime: each use of a "session variable", especially of a basic type, goes thru method invocation(s) which end up painfully slow (at least on some cards), to the point that for repeated uses, one often attain a nice speedup by caching a session variable, and/or transientShorts and the like, into local variables.
As an aside, I don't get if the true allocation of RAM occurs at install time (implying non-selected applications eat up RAM), or at application selection (implying hidden extra overhead).
I dream of an equivalent for the C idiom "struct of state variables". Are these issues discussed, in a Sun manual, or elsewhere? Is there a better way?
Other desperate questions: does a C compiler that output Javacard bytecode make sense/exists? Or a usable Javacard bytecode assembler?
Francois GrieuInteresting post.
I don't have a solution to your problem, but caching the session variables arrays in local variable arrays is a good start. This should be only done when the applet is in context, e.g. selected or accessed through the shareable interface. This values should be written back to EEPROM at e.g. deselect or some other important point of time. Do you run into problems if a tear happens? I don't think so since the session variables should be transactional, and a defined point will commit a transaction.
Analyzing the bytecode is a good idea. I know of a view in JCOP Tools (Eclipse plugin) where you can analyze the bytecode and optimize it to your needs. -
I can edit on Premiere Pro 6 files, but after a dozen keystrokes, the space bar and cursor keys stop working while the save function, render workspace function, export file are still operational. How can I fix it so I may complete my assignment?
Besides DaVinci Resolve, Adobe Creative Suite 6 is the only software on the machine. I am using Windows 7 Professional 64-bit Operating System on AMD FX 6100 six-Core Processor at 3.31gHz and 32 GB RAM memory. There are two SLI-bridged GTX680 NVidia cards.
The software was very stable for the last six months, working with 720P proxy files from 2.5K masters (Blackmagic Design Camera). I am working on a feature-length project that exceeds 1000 edits. I have broken the file into 2 one hour segments.
I have deactivated the software before reinstalling the entire OS from scratch. PP6 was very stable for 48 hours. Then the freezing space bar returns. After a dozen strokes into the project, same problem. I have made cache files store next to originals, I have deleted preview files if they were corrupted and causing instability. Am I missing something?
I have Microsoft Security Essentials for virus protection. I double checked the memory for damage/defect. Nothing says that the motherboard or other components are damaged.
I am in film competition overseas and need to have deliverables in less than a month's time. I lost the last two weeks troubleshooting and this crisis came at an inopportune moment of the project.
Any assistance would be greatly appreciated.Still getting software freezes but found a way to mitigate for the mean time.
Upon launching Adobe Premiere Pro, hit CTRL-ALT-DEL to launch TaskManager as well.
You will want to highlight Adobe QT32 Server.exe
Right click and select "End Process Tree"
You will get considerable stability in the program, long enough to get timing of cuts done. Be sure to save often.
If the program freezes, do not hit Save. You definitely want to avoid saving the corruption into your TimeLine
CTRL-ALT-DEL to relaunch the TaskManager and highlight Adobe Premiere Pro.exe
Right-click to "End Process"
No need to reboot the whole system; just launch Premiere Pro again and continue with the session. Note that your work reverted to Last Save.
Hope this helps until the bug is fixed. -
How do I lookup an EJB 3.0 Session bean from servlet or JSP?
Does anyone knows how can I invoke an EJB from a servlet or JSP ?
I deployed a simple EJB on a Oracle Application Server 10g release 10.1.3 and I'm working with JDeveloper 10.1.3. I deployed the files via JDeveloper, and I didn´t specify any orion-ejb-jar.xml or ejb-jar.xml file
After deployment, the orion-ejb-jar.xml look like this in the server:
<?xml version="1.0" encoding="utf-8"?>
<orion-ejb-jar xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/orion-ejb-jar-10_0.xsd" deployment-version="10.1.3.0.0" deployment-time="10b49516c8f" schema-major-version="10" schema-minor-version="0" >
<enterprise-beans>
<session-deployment name="HolaMundoEJB" location="HolaMundoEJB" local-location="HolaMundoEJB_HolaMundoEJBLocal" local-wrapper-name="HolaMundoEJBLocal_StatelessSessionBeanWrapper6" remote-wrapper-name="HolaMundoEJB_StatelessSessionBeanWrapper7" persistence-filename="HolaMundoEJB.home_default_group_1">
</session-deployment>
</enterprise-beans>
<assembly-descriptor>
<default-method-access>
<security-role-mapping name="<default-ejb-caller-role>" impliesAll="true" />
</default-method-access>
</assembly-descriptor>
</orion-ejb-jar>
I'm trying to invoke the ejb in a servlet by doing the following:
public void doGet(HttpServletRequest request, ....
Context context = new InitialContext();
HolaMundoEJB helloWorld =
(HolaMundoEJB)context.lookup("java:com/env/ejb/HolaMundoEJB");
String respuesta = helloWorld.sayHello("David");
When i invoke the servlet I catch a NamingException whose message says something
like this ....java:com/env/ejb/HolaMundoEJB not found in webLlamaEJB
I tried different paths for the lookup but nothing....
Can anyone help me with this topic? Thank you.Please try the following code:
HelloEJBBean.java:
@Stateless(name="Hello")
@Remote(value={Hello.class})
public class HelloEJBBean implements Hello { ... }
hello.jsp:
Context ctx = new InitialContext();
Hello h = (Hello)ctx.lookup("ejb/Hello");
web.xml:
<ejb-ref>
<ejb-ref-name>ejb/Hello</ejb-ref-name>
<ejb-ref-type>Session</ejb-ref-type>
<remote>fi.kronodoc.test.model.Hello</remote>
</ejb-ref>
i think you should also define jndi mappings for the references in orion-ejb-jar.xml and orion-web.xml but for some reason it seems to be working also without these. -
Cannot deploy a EJB 3.0 Session bean to the OAS 10.1.3.4
Hi All,
I am unable to deploy a EJB 3.0 Session bean with no deployment descriptors to OAS 10.1.3.4 App server.This Session bean is also exposed as a web service using annotations. I am able to deploy this bean to a standalone oc4j 10.1.3.x containers and test it successfully.
i have written a simple stateless session bean ( exposed as webservice) and every bean is having issues with deployment having the same exception stated below
Can some one please help as i need to deploy this urgently.
below is the session bean code:
import javax.ejb.Stateless;
@Stateless(name="SiebelQuoteEJB")
public class SiebelQuoteEJBBean implements SiebelQuoteEJBLocal,
SiebelQuoteEJBWebService {
public SiebelQuoteEJBBean() {
public String publishMessage(String message,String type) throws java.rmi.RemoteException {
client.publishMessage(message,type);
return "SUCCESS";
Below is the error while deploying:
11/01/06 15:03:49 WARNING: Application.setConfig Application: javasso is in failed state as initialization failed.
java.lang.NullPointerException
11/01/06 15:03:50 WARNING: Application.setConfig Application: SiebelQuoteEJB is in failed state as initialization failed.
java.lang.InstantiationException: Error initializing ejb-modules: null Error parsing application-server config file: null
11/01/06 15:03:50 java.lang.NullPointerException
at com.evermind.server.ObjectReferenceCleaner.cleanupApplicationLogLevels(ObjectReferenceCleaner.java:166)
at com.evermind.server.ObjectReferenceCleaner.loaderDestroyed(ObjectReferenceCleaner.java:88)
at oracle.classloader.EventDispatcher.loaderDestroyed(EventDispatcher.java:248)
at oracle.classloader.PolicyClassLoader.close(PolicyClassLoader.java:1113)
at oracle.classloader.PolicyClassLoader.close(PolicyClassLoader.java:1041)
at com.evermind.server.ApplicationStateRunning.destroyClassLoaders(ApplicationStateRunning.java:1171)
at com.evermind.server.Application.stateCleanUp(Application.java:3635)
at com.evermind.server.Application.setConfig(Application.java:506)
at com.evermind.server.Application.setConfig(Application.java:355)
at com.evermind.server.ApplicationServer.addApplication(ApplicationServer.java:1895)
at com.evermind.server.ApplicationServer.initializeDeployedApplications(ApplicationServer.java:1651)
at com.evermind.server.ApplicationServer.setConfig(ApplicationServer.java:1034)
at com.evermind.server.ApplicationServerLauncher.run(ApplicationServerLauncher.java:131)
at java.lang.Thread.run(Thread.java:736)which jdk version? Had this with 1.6 and had to install an up-to-date jdbc.
-
How to lookup a EJB 3.0 session bean which is deployed in WebLogic 10.3
Now Jdeveloper 11.1.1, is giving WebLogic server 10.3.
With internal WebLogic server, when I created a Sample client, it generated code as:
private static Context getInitialContext() throws NamingException {
Hashtable env = new Hashtable();
// WebLogic Server 10.x connection details
env.put( Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory" );
env.put(Context.PROVIDER_URL, "t3://127.0.0.1:7101");
return new InitialContext( env );
public static void main(String [] args) {
try {
final Context context = getInitialContext();
DefaultSession defaultSession = (DefaultSession)context.lookup("property-DefaultSession#com.vs.property.model.session.DefaultSession");
} catch (Exception ex) {
}How to update the above code to lookup the EJB 3.0 session beans with an external WebLogic server 10.3?
Is there any documentation available on how to install weblogic, troubleshoot, debug, WebLogic server 10.3?
regds
-rajuRaju,
Hi, to start, here is a tutorial on a quickstart web application using an EJB 3.0 stateless session bean that fronts a container managed EclipseLink JPA entity manager on WebLogic 10.3, you will find references there to other general WebLogic documentation.
[http://wiki.eclipse.org/EclipseLink/Examples/JPA/WebLogic_Web_Tutorial]
using @EJB injection on the client instead of a JNDI lookup as below
[http://edocs.bea.com/wls/docs103/ejb30/annotations.html#wp1417411]
1) in your second env.put I noticed that your t3 port is 7101, I usually use the default 7001 - but It looks like this port is valid for the JDeveloper embedded version of WebLogic server runs - just verify that it matches the port of your server.
2) your name#qualified-name lookup looks ok. Verify that the jndi-name element is set in your weblogic-ejb-jar.xml for non injection clients like the following
<weblogic-ejb-jar>
<weblogic-enterprise-bean>
<ejb-name>ApplicationService</ejb-name>
<jndi-name>ApplicationService</jndi-name>
3) as a test outside of your application - launch the WebLogic admin console and goto the testing tab of your bean in [Home > Summary of Deployments > "application" > "session bean name"
thank you
/michael : http://www.eclipselink.org -
EJB 2.1 session bean calling EJB 3 session bean?
I have a WL 10 (JDK 1.5/EE 5) server that has several EJB 3 stateless session beans deployed and working well. But now I need to allow a JBoss 3.2.3 (JDK 1.4) EJB 2.1 session bean make remote calls into these EJB 3 EJBs. Can this even work?
It seems to me that EJB 3 calling EJB 2 would be fine, but not in the reverse?I have a WL 10 (JDK 1.5/EE 5) server that has several EJB 3 stateless session beans deployed and working well. But now I need to allow a JBoss 3.2.3 (JDK 1.4) EJB 2.1 session bean make remote calls into these EJB 3 EJBs. Can this even work?
It seems to me that EJB 3 calling EJB 2 would be fine, but not in the reverse? -
Best practices with sequences and primary keys
We have a table of system logs that has a column called created_date. We also have a UI that displays these logs ordered by created_date. Sometimes, two rows have the exact same created_date down to the millisecond and are displayed in the UI in the wrong order. The suggestion was to order by primary key instead since the application uses an oracle sequence to insert records so the order of the primary key will be chronological. I felt this may be a bad idea as a best practice since the primary key should not be used to guarantee chronological order although in this particular application's case, since it is not a multi-threaded environment, it will work so we are proceeding with it.
The value for the created_date is NOT set at the database level (as sysdate) but rather by the application when it creates the object which is persisted by Hibernate. In a multi-threaded environment, thread A could create the object and then get blocked by thread B which is able to create the object and persist it with key N after which control returns to thread A it persists it with key N+1. In this scenario thread A has an earlier timestamp but a larger key so will be ordered before thread B which is in error.
I like to think of primary keys as solely something to be used for referential purposes at the database level rather than inferring application level meaning (like the larger the key the more recent the record etc.). What do you guys think? Am I being too rigorous in my views here? Or perhaps I am even mistaken in how I interpret this?>
I think the chronological order of records should be using a timestamp (i.e. "order by created_date desc" etc.)
>
Not that old MYTH again! That has been busted so many times it's hard to believe anyone still wants to try to do that.
Times are in chronological order: t1 is earlier (SYSDATE-wise) than t2 which is earlier than t3, etc.
1. at time t1 session 1 does an insert of ONE record and provides SYSDATE in the INSERT statement (or using a trigger).
2. at time t3 session 2 does an insert of ONE record and provides SYSDATE
(which now has a value LATER than the value used by session 1) in the INSERT statement.
3. at time t5 session 2 COMMITs.
4. at time t7 session 1 COMMITs.
Tell us: which row was added FIRST?
If you extract data at time t4 you won't see ANY of those rows above since none were committed.
If you extract data at time t6 you will only see session 2 rows that were committed at time t5.
For example if you extract data at 2:01pm for the period 1pm thru 1:59pm and session 1 does an INSERT at 1:55pm but does not COMMIT until 2:05pm your extract will NOT include that data.
Even worse - your next extract wll pull data for 2pm thru 2:59pm and that extract will NOT include that data either since the SYSDATE value in the rows are 1:55pm.
The crux of the problem is that the SYSDATE value stored in the row is determined BEFORE the row is committed but the only values that can be queried are the ones that exist AFTER the row is committed.
About the best you, the user (i.e. not ORACLE the superuser), can do is to
1. create the table with ROWDEPENDENCIES
2. force delayed-block cleanout prior to selecting data
3. use ORA_ROWSCN to determine the order that rows were inserted or modified
As luck would have it there is a thread discussing just that in the Database - General forum here:
ORA_ROWSCN keeps increasing without any DML -
Business delegate and Session facade design patterns
Does any one tell me, what is the difference between business delegate and session facade design patterns.
1. Session Facade decouples client code from Entity beans introducing session bean as a middle layer while Business Delegate decouples client code from EJB layer ( Session beans).
2. SF reduces network overhead while BD reduces maintenance overhead.
3. In SF any change in Session bean would make client code change.
While in DB client is totally separate from Session bean because BD layer insulate client from Session beans(EJB layer).
3. In only SF scenario, Client coder has to know about EJB programming but BD pattern no EJB specialization needed.
4.SF emphasizes on separation of Verb, Noun scenario while BD emphasizes on separation of client(presentable) and EJB layer.
Anybody pls suggest more differences ? -
Facebook Export issue - session key validity?
Love the new feature to upload to Facebook/Flickr - however, everything has been working fine until this morning, went to upload a jpg to Facebook and I get the following error message:
"Bridge encountered and error while exporting: Session key invalid or no longer valid."
The very same file just exported to Flickr no problems. Tried resetting the Module (re-creating from scratch), logged back into Facebook through Bridge, re-authorized, even restarted Bridge and made a completely new file to try in case that jpg was corrupt. Same error every time. I blame Facebook, just wondering if there's a workaround.
Cheers on CS5!Sorry, should've mentioned, I did run the updater beforehand and am currently having these issues in 4.0.2.1
EDIT 1:
Solved (see below), per other post:
In the export panel choose the tiny menu icon top right and click on manage modules. In this view there is also a toothed wheel icon. Click on it and choose reinstall all modules. After this you should restart Bridge.
EDIT 2:
Not so solved - worked for awhile, then suddenly stopped working, tried reinstalling all the modules again, restarting Bridge and now cannot repair the Facebook functionality. Submitting as bug, since only 'fix' is temporary and unreliable.
Message was edited by: ficholasnorneris
Maybe you are looking for
-
Product cost collectord during period end
As I am aware that the actual product is the Product cost collector during the month end process. We always do the reporting in header level. During month end process lets take a scenario here.. Scenario 1: For manufacturing a product for example ta
-
Forms without a CAPTCHA error message.
Has anyone received the below error? I don't want to use a CAPTCHA and have disabled it in the admin settings. Anyone know if I can at least stylize the error? Multiple requests per IP address are rate-limited for forms without a CAPTCHA. Please cont
-
Hi, Can anyone give me the links for oracle forms and reports 6i tutorials which can download free. Thanks. Regards, Manoj
-
Blue Screen Of Death after installing Ovi/PC Suite...
Windows Vista, 32-bit, Home Premium, Service Pack 2 Nokia 5530 XpressMusic Problem: BSOD (Blue Screen of Death) occurs constantly. I think the problem is the phone drivers (via cable). The program itself shouldn't be it. I made a system recovery, wh
-
Activate Office 365 windows desktop application Licenses throug GPO !!!
Hi all , we have Office 365 A3 plan for 300 user cal and unlimited student license in our university , all computers in the labs are domain joined , computers not assign to specific persons .. the computers may be used by many people now, after I de