Skip to content

Instantly share code, notes, and snippets.

View usmansaleem's full-sized avatar

Usman Saleem usmansaleem

40 followers · 2 following
View GitHub Profile
@usmansaleem
usmansaleem / web3signer_docker_tls.md
Last active November 10, 2021 06:04
Running web3signer in docker with TLS enabled

Self signed certificate in PKCS12 keystore

Keystore is created using JDK's keytool command (OpenSSL can be used as well). First keystore is required for Web3Signer, second for client (such as Teku or curl). Pay special attention to specify CN for the client keystore/certificate as it is required by knownClients file in Web3Signer.

keytool -genkeypair -keystore web3signer_keystore.p12 -storetype PKCS12 -storepass MY_PASSWORD -alias SOME_ALIAS \
-keyalg RSA -keysize 2048 -validity 700 -dname "CN=localhost, OU=PegaSys, O=ConsenSys, L=Brisbane, ST=QLD, C=AU" \
-ext san=dns:localhost,ip:127.0.0.1
@usmansaleem
usmansaleem / bintrayMavenExport.sh
Created March 10, 2021 02:09
Export maven artifacts from bintray to cloudsmith consensys/maven
#! /bin/bash
set -euo pipefail
export CLOUDSMITH_API_KEY=YOUR_CS_API_KEY
repo="https://consensys.bintray.com/pegasys-repo/tech/pegasys/ethsigner/internal"
declare -a versions=("0.2.0" "0.3.0" "0.3.1-SNAPSHOT" "0.4.1-SNAPSHOT" "0.5.0" "0.5.1-SNAPSHOT" "0.6.0" "0.6.1-SNAPSHOT" "0.7.0" "0.7.1-SNAPSHOT" "0.7.1" "0.7.2-SNAPSHOT" "20.10.0" "20.10.1-SNAPSHOT")
declare -a packages=("app" "azure" "commandline" "common" "core" "file-based" "hashicorp" "multifile-based" "multikey" "multiplatform" "raw" "signing-api" "subcommands")
ENV_DIR=./build/tmp/cloudsmith-env
@usmansaleem
usmansaleem / DecryptKeystore.java
Last active July 18, 2023 11:17
Decrypt EIP-2335 Keystore. Place it in web3signer installation and invoke it as `java -cp "lib/*" ./DecryptKeystore.java ./scryptTestVector.json`
/*
* Copyright 2020 ConsenSys AG.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
@usmansaleem
usmansaleem / yubihsm_notes.md
Created September 29, 2020 08:29
YubiHSM Shell batch mode - Opaque data
  • Total objects that can be stored = 256
  • Object ID (in hex) between 0000 and ffff

Add new authentication key (id: 3) for opaque data management

> ./yubihsm-shell --connector=http://localhost:12345 --authkey=1 \
--action=put-authentication-key --new-password=password3 --object-id=3 --domains=1,2,3 \
--capabilities=get-opaque,put-opaque,delete-opaque,export-wrapped,get-pseudo-random,put-wrap-key,import-wrapped \
--delegated=exportable-under-wrap,export-wrapped,import-wrapped
@usmansaleem
usmansaleem / gist:eec7ddbf69d6fef6ce61714351c03c84
Last active September 29, 2020 08:55
Forceful crash of JVM
static void crash() {
try {
final Field f = Unsafe.class.getDeclaredField("theUnsafe");
f.setAccessible(true);
final Unsafe unsafe = (Unsafe) f.get(null);
unsafe.putAddress(0, 0);
} catch (final NoSuchFieldException | IllegalAccessException e) {
throw new RuntimeException(e);
}
}
@usmansaleem
usmansaleem / TestOkHttp.java
Created December 24, 2019 03:02
OkHttp3 TLS Enabled Client with custom PKCS12 Trust Store
OkHttpClient getTlsEnabledOkHttpClient() {
try {
final KeyStore keyStore = KeyStore.getInstance("pkcs12");
try (final InputStream keystoreStream =
ClassLoader.getSystemResource(KEYSTORE_RESOURCE).openStream()) {
keyStore.load(keystoreStream, "changeit".toCharArray());
} catch (IOException e) {
throw new RuntimeException("Unable to load keystore.", e);
}
@usmansaleem
usmansaleem / keystore_cmd.sh
Created December 24, 2019 02:00
Self Signed PFX key store using keytool
keytool -genkeypair -keystore rpc_keystore.pfx -storetype PKCS12 -storepass changeit -alias testrpcserver -keyalg RSA -keysize 2048 -validity 109500 -dname "CN=localhost, OU=PegaSys, O=ConsenSys, L=Brisbane, ST=QLD, C=AU" -ext san=dns:localhost,ip:127.0.0.1
@usmansaleem
usmansaleem / blog-node.service
Created November 19, 2019 06:18
Systemd file blog backend - place the file in /etc/systemd/system
[Unit]
Description=Usman Saleem Blog - NodeJS Backend
Documentation=https://usmans.info
After=network.target
[Service]
Type=simple
User=blog
WorkingDirectory=/opt/blog-nodejs-ts
ExecStart=/usr/bin/yarn start
@usmansaleem
usmansaleem / initVault.sh
Last active March 7, 2023 02:07
Initialise, Unseal, kv v2 mount Hashicorp Vault server running in docker via API calls (curl)
#! /bin/bash
# Initialize Hashicorp vault with KV-V2 secrets enginer mounted at /secret
# Assuming Hashicorp vault is running in docker and jq utility is available to parse json output
# See https://gist.github.com/usmansaleem/891d8b3de03786b89b45e62f97fdefa9 which launches Vault server with TLS support.
# exit when any command fails
set -e
echo "Init Hashicorp vault"
@usmansaleem
usmansaleem / launchVaultServer.sh
Last active March 7, 2023 01:37
Launch Hashicorp Vault in docker in server mode with TLS enabled with inmem storage
#! /bin/bash
set -e #exit if any command fails
# Run Hashicorp Vault in server mode with inmem storage and TLS enabled
VAULT_IMAGE="vault:latest"
VAULT_MOUNT="./vault/tls"
mkdir -p "$VAULT_MOUNT"
#Generate SSL certificates