Simple script to check expiry dates on a java keystore (.jks) file

Here in my company we regularly need to check for expired certificates or just to have a proactive management checking which certificates are close to their expiry dates and issue new ones to avoid service disruption.

For that reason I’ve created a simple bash script which can be used in conjunction with nagios to check for expiring certicates.

#!/bin/sh
 
########################################################
#
#       Check certificates inside a java keystore
#
########################################################
TIMEOUT="timeout -k 10s 5s "
KEYTOOL="$TIMEOUT keytool"
THRESHOLD_IN_DAYS="30"
KEYSTORE=""
PASSWORD=""
RET=0
 
ARGS=`getopt -o "p:k:t:" -l "password:,keystore:,threshold:" -n "$0" -- "$@"`
 
function usage {
        echo "Usage: $0 --keystore <keystore> [--password <password>] [--threshold <number of days until expiry>]"
        exit
}
 
 
 
function start {
        CURRENT=`date +%s`
 
        THRESHOLD=$(($CURRENT + ($THRESHOLD_IN_DAYS*24*60*60)))
        if [ $THRESHOLD -le $CURRENT ]; then
                echo "[ERROR] Invalid date."
                exit 1
        fi
        echo "Looking for certificates inside the keystore $(basename $KEYSTORE) expiring in $THRESHOLD_IN_DAYS day(s)..."
 
        $KEYTOOL -list -v -keystore "$KEYSTORE"  $PASSWORD 2>&1 > /dev/null
        if [ $? -gt 0 ]; then echo "Error opening the keystore."; exit 1; fi
 
        $KEYTOOL -list -v -keystore "$KEYSTORE"  $PASSWORD | grep Alias | awk '{print $3}' | while read ALIAS
        do
                #Iterate through all the certificate alias
                EXPIRACY=`$KEYTOOL -list -v -keystore "$KEYSTORE"  $PASSWORD -alias $ALIAS | grep Valid`
                UNTIL=`$KEYTOOL -list -v -keystore "$KEYSTORE"  $PASSWORD -alias $ALIAS | grep Valid | perl -ne 'if(/until: (.*?)\n/) { print "$1\n"; }'`
                UNTIL_SECONDS=`date -d "$UNTIL" +%s`
                REMAINING_DAYS=$(( ($UNTIL_SECONDS -  $(date +%s)) / 60 / 60 / 24 ))
                if [ $THRESHOLD -le $UNTIL_SECONDS ]; then
                        echo "[OK]      Certificate $ALIAS expires in '$UNTIL' ($REMAINING_DAYS day(s) remaining)."
                else
                        echo "[WARNING] Certificate $ALIAS expires in '$UNTIL' ($REMAINING_DAYS day(s) remaining)."
                        RET=1
                fi
 
        done
        echo "Finished..."
        exit $RET
}
 
eval set -- "$ARGS"
 
while true
do
        case "$1" in
                -p|--password)
                        if [ -n "$2" ]; then PASSWORD=" -storepass $2"; else echo "Invalid password"; exit 1; fi
                        shift 2;;
                -k|--keystore)
                        if [ ! -f "$2" ]; then echo "Keystore not found: $1"; exit 1; else KEYSTORE=$2; fi
                        shift 2;;
                -t|--threshold)
                        if [ -n "$2" ] && [[ $2 =~ ^[0-9]+$ ]]; then THRESHOLD_IN_DAYS=$2; else echo "Invalid threshold"; exit 1; fi
                        shift 2;;
                --)
                        shift
                        break;;
        esac
done
 
if [ -n "$KEYSTORE" ]
then
        start
else
        usage
fi

All you have to do is call it like this:

./checkCertificate --keystore [YOUR_KEYSTORE_FILE] --password [YOUR_PASSWORD] --threshold [THRESHOLD_IN_DAYS]

The threshold indicates how many days are left until the expiry date is reached. I’m sure that there are several other ways of doing it but this is my own :-)

Como remover a barra de notificações da IOL (Push by IOL)

Não sei o que acham do sistema de notificações dos portais da rede IOL mas eu simplesmente não SUPORTO. É extremamente intrusivo, não permite ser desactivado e pior que tudo está sistematicamente a repetir-se (basta fazer um refresh da página e já lá está novamente! *g*).

Felizmente há várias formas de acabar com esta praga, e uma delas é usar o fabuloso plugin AdBlock Plus. Nada mais simples que abrir as opções do plugin no vosso browser favorito (Espero que seja o Firefox ou Chrome :p) e acrescentar as seguintes regras nos filtros:

iol.pt###iolpush_wrapBoxPush
iol.pt##.iolpush_open

20130305224231121

Et voila! A caixa de noticias irritante desapareceu! 😀

CloudPT: Como resolver o erro “A tentar ligar”

Se por algum motivo a instalação e activação do cliente de desktop windows falhar a autorização à primeira vão-se deparar com uma especie de “deadlock” pois não vão conseguir reinstalar correctamente a aplicação para efectuar o pedido de autorizaçao novamente.

Para variar ... um erro

Para variar … um erro


Fartei-me de procurar no registo do Windows, na pasta da aplicação sem nunca ter encontrado uma pista até que acabei por dar com uma pasta que continha estes dados. Bastou desinstalar o programa e apagar a pasta %UserProfile%\AppData\Local\CloudPT para que o pedido de autorização fosse feito novamente.

Mais uma vez uma salva de palmas para o belíssimo serviço prestado pela PT que depois da barracada com o sistema de convites (que entre erros e páginas em branco ainda tinha o problema de passar os pedidos de cada pessoa para o fim da fila caso o registo do mesmo email fosse efectuado mais que uma vez) ainda não corrigiram um simples bug como uma autorização inválida.

Usar a expressão “BETA” num serviço destes é quase um eufemismo…

Very simple bash snippet to something similar to “drop tables like” in MySQL

mysql shop -BNe  "show tables like '[INSERT PATTERN HERE]'" | \
while read T; do mysql shop -e "drop table \`$T\`"; done

Nothing fancy here but this is much better than installing custom libraries to do the trick …

Poor Man’s hydroponics system

Have you ever tried to enter the world of hydroponics but never did it because you thought that it would be very expensive?

 

Now you don’t have an excuse! I’ve prepared a howto using (almost) the cheapest parts that I could get. This was not meant to grow large plants but small ones will do just fine. In my case I intend  to grow chilli peppers so this kit is great!

And this is what you need:

  • Small flower box including the water plate. It is important that the water plate fits perfectly on top of the flower box (just like a lid).
  • Some plastic cups
  • Air pump
  • Plastic tubing
  • Air Stone diffuser
  • Tools ( Electric driller, hole saw, duct tape, sharp knife, etc)
  • Perlite & Vermiculite (you can use rock wool or any other substrate)

Try to buy a hole saw with the same diameter as the plastic cups that you are going to use (or vice versa). This will make things easier, trust me!

Continue reading

Grab yourself a FREE .me domain!

If you like Thunderbird then this is the chance for you to grab yourself a new domain for FREE!

This is what you have to do:

 

  • Download and install the popular e-mail client Thunderbird.
  • Start the client. On the first screen type in the domain you want to register and select only Gandi.net. Click “Search”:

  • From that list, click on the corresponding button showing 0.00 Eur a year.
  • Follow the instructions to register an account. YOU HAVE TO USE AN AMERICAN ADDRESS OTHERWISE IT WONT BE FREE.
  • Profit! Enjoy your brand new domain. You can now access the control panel and point it to your favourite server.

How to bypass facebook spam filter for domains

So you own a blog (or some other kind of website) and you have been blocked by facebook from posting from that domain? Here goes a simple trick to minimize the impact of such problems:

First of you should contact Facebook and ask them to remove your domain from the spam list. You can do this by email, but I advise you to do it by letter because this way you probably show your motivation and real effort in correcting this issue (at least this is my opinion as I think this make things more personal).

But in the meantime here is what I think you should do:

1º buy a second domain. Since you cannot use the original domain while being blocked you are going to need to use this second domain do fool Facebook (at least until they unblock your original domain).
2º point the new domain to the very same page as the domain blocked by Facebook. Create a new VirtualHost entry and find a way of replacing all ocurrences of the original domain by the new domain name. If you are using Apache and have the mod_substitute enabled you can easily do it by adding the following block of code:


AddOutputFilterByType SUBSTITUTE text/html
Substitute "s|originaldomain\.tld|newdomain.tld|i"

3º create a set of rewrite rules as follows:

RewriteCond %{HTTP_USER_AGENT} !facebookexternalhit
RewriteCond %{HTTP_HOST} !originaldomain.tld
RewriteRule ^(.*)$ http://originaldomain.tld/$1 [L,R=301]

Add them to your .htaccess file.

You’r all set! All you need to do now is share the links using the new domain name. For example, instead of sharing links this way:

http://originaldomain.tld/breaking-news-cancer-cure-was-found

You should share them like:

http://newdomain.tld/breaking-news-cancer-cure-was-found

And that’s it! You can now keep sharing links on facebook. Here goes a little explanation about what is being done here:

Whenever facebook marks a domain as spam the validation of further links is done using two methods:

1st – The domain is checked against a blacklist. If it is found in a blacklist then the page you are trying to share is blocked.
2nd – If the domain is not in a blacklist than all the links inside the page that you are trying to share are checked against the same blacklist. If they are found then the page is blocked.

All that the first part of this little trick does is to replace all the ocurrences of the original domain by the new domain name whenever someone opens your eebsite using the new domain, and this way, when facebook connects to your website to retrieve the description and thumbnail, it will find a simple blog that has nothing to do with the one marked as spam.
The second part of this trick is used to redirect all of your users to the original domain. Well, not all… all but facebook! (that is what the line “RewriteCond %{HTTP_USER_AGENT} !facebookexternalhit” do) :)

So in the end, every people (except for facebook) that tries to enter your website using the new domain will be automatically redirected to the original domain.

Pixmania e a forma de lidar com os seus erros…

Há empresas e empresas, e no mercado dos gadgets e informática com as margens de lucro cada vez mais esmagadas, as lojas tentem diferenciar-se por um bom serviço aliado ao preço. Isto é o que deveria acontecer na teoria porque na práctica muitas vezes não acontece.

O exemplo mais recente disso aconteceu com a Pixmania. A Pixmania durante algumas horas teve uma máquina fotográfica Sony DSC-WX100 à venda por vinte e poucos euros. Os anúncios constantes de descontos até 90% espalhados pelo site davam alguma credibilidade ainda que existisse sempre a hipótese de ser um erro. Até aqui tudo bem …

Onde realmente se destacou pela negativa foi no que aconteceu a seguir. Primeiro os compradores começaram a ser notificados com uma indicação que a encomenda tinha sido devidamente “validada pelo serviço de atendimento ao cliente” e que se encontrava em espera para ser entregue. Face a estes dados e se ainda havia dúvidas sobre a veracidade desta venda, então começavam a ser dissipadas.

Acontece porém que após algum tempo, resolvem cancelar a encomenda a todos os utilizadores com o seguinte e-mail:

Exmo(a) Sr(a) XXXXXXXXXXXXX,

Efectuou uma encomenda na Pixmania.com e nós agradecemos.

Conforme o seu pedido, informamos que a sua encomenda CCLXXXXXXXXX, assim como o respectivo pagamento foram anulados.

Se escolheu o modo de pagamento online com Cartão de Crédito, não será debitado.

Ficamos à sua disposição para mais informações e esperamos vê-lo em breve no nosso site.

Com os melhores cumprimentos,

felix
James Felix
Responsável Relação Cliente

Um serviço de qualidade já mais teria validado os pedidos. Mas mesmo ignorando esse facto, tinha entrado em contacto com os clientes, pedia desculpa pelo sucedido indicando que se tinha tratado de um erro. Não é o primeiro caso que acontece, e lembro-me de ainda há uns dois ou três anos ter passado pelo mesmo com um LCD na Worten, uma PS2 na FNAC ou até mesmo mais recentemente com as garrafas de alumínio oferecidas pela TMN.

Enviar e-mails aos clientes a dizer que a encomenda foi cancelada a pedido é do mais ridículo que pode haver e demonstra uma má fé em admitir os seus próprios erros.

É a tal diferença de qualidade que pode ser vista nos serviços fornecidos pela Worten, Fnac ou TMN que está em falta de forma gritante por parte da Pixmania.

A Pixmania pode ter pontos a favor mas qualidade de serviço e pós venda não é uma delas.

How to buy Battlefield 3 Premium pack for less than 20€

For the last days I’ve seen a lot of rage against origin ( and they have reasons to IMHO) due to several motives:

 

* 50€ for the premium pack is expensive (I can argue with that).

*  Some of the premium features ( like the queue priority ) are really unfair.

* There is no discount to who already bought the Back to Karkand expansion pack. This means that you have to pay for it again (by paying the full price of the premium pack).

* They are much more worried in lauching extra contents than in fixing all those bugs or even securing a game which is full of cheaters…

 

Fortunately there is a way of getting the premium pack for less that half the price. I’m not telling that you should, but rather you could. Keep in mind that I’m not even sure that this is legal according to Origin’s T&C so you are on your own if you do that.

 

Here is how you should do it:

1º Clear all your browser cookies.

2º Go to this page and search for a brasilian proxy. Configure your browser to use it.

3º Open Origin’s store and search for the premium pack. You should see it with a price tag of 49,99 Brasilian Reais (~19.5€ by today’s exchange rates).

4º Add it to shopping cart and checkout. Login using your account credentials and use a Brasilian address. You can use a friend’s address or any other. Google is your friend…

5º Use your regular credit card to pay for the order.

6º Profit!

 

 

You can now remove the proxy settings from your browser. Wait a few minutes and your profile in Battlelog should now be updated.

 

UPDATE: It seems that EA has updated the Brazillian price and now it costs twice the previous price. Fortunately you can still buy it from the Indian store at about the same price. Just repeat the steps but replace the Brazillian proxy for an Indian proxy.

Ubuntu and XBMC v11 (Eden) and RAR support …

In case you’ve tried to upgrade your XBMC application using the official repositories from “team-xbmc” you may have already noticed that the rar support was disabled. This means that you won’t be able to play movies or open subtitles without extracting it first.

You have two options to fix this issue:

a) You compile the source code and enable the non free features.

b) You use a precompiled version made by someone else.

Fortunately there are good news for those who want option b.  A guy named Nathan runs a repository where you can download XBMC with these features enabled. Just add his repository to your sources list and you are ready to go.

sudo add-apt-repository ppa:nathan-renniewaldock

apt-get install xbmc

 

You can also manually check out his repository here.

Have fun! :-)