Eclipse generated .cap file cannot be installed on JavaCard - eclipse

I am trying to install applets on my JavaCard (Gemalto IDCore3010). I succeeded with the GlobalPlatform helloworld.cap file, but when it was me generating the .cap file in Eclipse (4.4.2) using the very same sourcecode (with different package name though, but that shouldn't matter) I got error messages both with GlobalPlatformShell and GlobalPlatformProShell. I was using the same command and script as in case of the original file. I also tried other .cap files that had been working on emulators, so the code itself should be fine.
I uploaded the original GlobalPlatform helloworld.cap file, my helloworld2.cap file generated in eclipse, and also another jctest.cap file that was working in the emulator in this zip.
Do you have any idea what could possibly cause this problem? Thank you!
This is the GPShell script:
mode_201
enable_trace
establish_context
card_connect
select -AID A000000018434D00
open_sc -scp 1 -scpimpl 0x15 -security 3 -keyind 0 -keyver 0 -key 47454d5850524553534f53414d504c45 -keyDerivation visa2
//delete -AID D0D1D2D3D4D50101
//delete -AID D0D1D2D3D4D501
install -file helloworld.cap -nvDataLimit 500 -instParam 00 -priv 2
# getdata
# close_sc // Close secure channel
# putkey // Put key
// options:
// -keyind Key index
// -keyver Key version
// -key Key value in hex
card_disconnect
release_context
Output in case of GP:
C:\JavaCard\Shells>GPShell.exe installhelloworld.txt
mode_201
enable_trace
establish_context
card_connect
select -AID A000000018434D00
Command --> 00A4040008A000000018434D00
Wrapped command --> 00A4040008A000000018434D00
Response <-- 6F198408A000000018434D00A50D9F6E061291518101009F6501FF9000
open_sc -scp 1 -scpimpl 0x15 -security 3 -keyind 0 -keyver 0 -key 47454d58505245
53534f53414d504c45 -keyDerivation visa2
Command --> 8050000008ABAF3657F2F2522700
Wrapped command --> 8050000008ABAF3657F2F2522700
Response <-- 4D00927100004DD4C6C0FF014E7B8EBB606E082481D620728C695C779000
Command --> 8482030010ACE530BFF09C56478583FE9A69221530
Wrapped command --> 8482030010ACE530BFF09C56478583FE9A69221530
Response <-- 9000
install -file helloworld.cap -nvDataLimit 500 -instParam 00 -priv 2
Command --> 80E602001906A1A2A3A4A50108A000000018434D000006EF04C60201680000
Wrapped command --> 84E6020028955DC0D94AEEFDF116150C04C39F086D2B605F584F76C2CC76
77DF8D69824AB8EBBB47A7C4936FBD00
Response <-- 009000
Command --> 80E80000EFC482015D010010DECAFFED010204000106A1A2A3A4A50102001F001000
1F000B00150026000C00390019000F0000005D00020001000C02010004001502030107A000000062
0101000107A000000062000103000B0107A1A2A3A4A50101000C06000C00800300FF000701000000
15070039000110188C0000188B00017A01308F00028C00037A0521198B00042D198B00053B7B0006
031A037B0006928D00073B19037B0006928B00087A08001900020001000103000C48656C6C6F2057
6F726C64210000000005002600090680030003800301010000000600000103800A0103800A060500
00000680100203800A08
Wrapped command --> 84E80000F86937B224616C3940252139576B04271DB825D14655DAAE1646
49D3AD978709AFD0574F2C05CD2C621C8603DC425ADCA804B473B791716F6D63830A60F9220E370E
2949FEAA1799E7CD7EF685EAE3BE9B38D1249C2E78C54F1A4EB1BD30CAB08A07CBABC650AAC167B9
AEB29F4D7A89693841F8B5B3169369C05C30C0E3C13ADA46DCFB238999317C24F129507DF1319FF6
2C4682664FF7971CCB00D72B17E25F8D84810FA1DCD48D4505E2726471DAB4E5CD20A9FFF530CF34
3E9A8E10FF1E86081047106BCAD404778190855C5AE4921818048900FE30E5F3264CA0F5E6C0306C
26AE2762BFCEE7A64E5D7A41B2F5CCF619D1ECED4EE4CF
Response <-- 6985
load() returns 0x80206985 (6985: Command not allowed - Conditions of use not sat
isfied.)
Output in case of GPP:
C:\JavaCard\Shells\tmp>gp -d -v -visa2 -key 47454D5850524553534F53414D504C45 -in
stall helloworld.cap
# Detected readers from SunPCSC
[*] OMNIKEY CardMan 3x21 0
SCardConnect("OMNIKEY CardMan 3x21 0", T=*) -> T=0, 3B7D96000080318065B0831111AC
83009000
SCardBeginTransaction("OMNIKEY CardMan 3x21 0")
Reader: OMNIKEY CardMan 3x21 0
ATR: 3B7D96000080318065B0831111AC83009000
More information about your card:
http://smartcard-atr.appspot.com/parse?ATR=3B7D96000080318065B0831111AC83009
000
A>> T=0 (4+0000) 00A40400 00
A<< (0027+2) (645ms) 6F198408A000000018434D00A50D9F6E061291518101009F6501FF 9000
Auto-detected ISD AID: A000000018434D00
A>> T=0 (4+0008) 80500000 08 F888243B93B0AEFC 00
A<< (0028+2) (72ms) 4D00927100004DD4C6C0FF01F1AC32CF3E3A139896399AA2549D41EC 900
0
Host challenge: F888243B93B0AEFC
Card challenge: F1AC32CF3E3A1398
Card reports SCP01 with version 255 keys
Master keys:
Version 0
ENC: Ver:0 ID:0 Type:DES3 Len:16 Value:47454D5850524553534F53414D504C45
MAC: Ver:0 ID:0 Type:DES3 Len:16 Value:47454D5850524553534F53414D504C45
KEK: Ver:0 ID:0 Type:DES3 Len:16 Value:47454D5850524553534F53414D504C45
Diversififed master keys:
Version 0
ENC: Ver:0 ID:0 Type:DES3 Len:16 Value:5B9387DE5E618B12760EBE6037B077AC
MAC: Ver:0 ID:0 Type:DES3 Len:16 Value:5454366589B6AE522F58EE7072C101DF
KEK: Ver:0 ID:0 Type:DES3 Len:16 Value:72590E8782F97E80406E4B66199B7CB2
Derived session keys:
Version 0
ENC: Ver:0 ID:0 Type:DES3 Len:16 Value:FDA5AC97ED1C755D795C3D19175AF8DC
MAC: Ver:0 ID:0 Type:DES3 Len:16 Value:D9E46A262F4E729952EDAFE7AD6CA3FA
KEK: Ver:0 ID:0 Type:DES3 Len:16 Value:72590E8782F97E80406E4B66199B7CB2
Verified card cryptogram: 96399AA2549D41EC
Calculated host cryptogram: 871DBF6DC2F054DF
A>> T=0 (4+0016) 84820100 10 871DBF6DC2F054DF061ADD256D383068
A<< (0000+2) (37ms) 9000
CAP file (v2.1) generated on Fri Mar 27 16:17:51 CET 2015
By Sun Microsystems Inc. converter 1.3 with JDK 1.8.0_40 (Oracle Corporation)
Package: helloworld v1.0 with AID A1A2A3A4A501
Applet: HelloWorldApplet with AID A1A2A3A4A50101
Import: A0000000620101 v1.3
Import: A0000000620001 v1.0
A>> T=0 (4+0010) 84F28000 0A 4F00DBC4BDEABE26BDFD 00
A<< (0011+2) (14ms) 08A000000018434D00019E 9000
A>> T=0 (4+0010) 84F24000 0A 4F00AA1B69956033DFC8 00
A<< (0030+2) (18ms) 10A0000000183003010000000000000000070008D0D1D2D3D4D501010702
9000
A>> T=0 (4+0010) 84F22000 0A 4F00FDFB0B960D7A008A 00
A<< (0211+2) (55ms) 07A0000000620001010007A0000000620002010007A00000006200030100
07A0000000620101010008A000000062010101010007A0000000620102010007A000000062020101
0007A0000000030000010007A0000001320001010008A000000018100106010008A0000000181002
01010008A000000018100101010006A00000015100010008A000000018100301010010A000000018
30060100000000000000FF010010A00000001830060200000000000000FF010010A0000000183003
0100000000000000FF010007D0D1D2D3D4D5010100 9000
A>> T=0 (4+0010) 84F21000 0A 4F007B25AA477B85E2B2 00
A<< (0233+2) (59ms) 07A000000062000101000007A000000062000201000007A0000000620003
01000007A000000062010101000008A00000006201010101000007A000000062010201000007A000
000062020101000007A000000003000001000007A000000132000101000008A00000001810010601
000008A00000001810020101000008A00000001810010101000108A00000001853444106A0000001
510001000008A00000001810030101000108A00000001841435410A0000000183006010000000000
0000FF01000010A00000001830060200000000000000FF01000110A0000000183006020000000000
000000 6310
A>> T=0 (4+0010) 84F21001 0A 4F005CC7C8EEACBEF648 00
A<< (0057+2) (20ms) 10A00000001830030100000000000000FF01000110A00000001830030100
0000000000000007D0D1D2D3D4D50101000108D0D1D2D3D4D50101 9000
A>> T=0 (4+0027) 84E60200 1B 06A1A2A3A4A50108A000000018434D00000000896DC5D8DC755
5DC
A<< (0001+2) (71ms) 9000
A>> T=0 (4+0255) 84E80000 FF C481FD010010DECAFFED010204000106A1A2A3A4A50102001F0
010001F000B00150026000C00390019000F0000005D00020001000C02010004001502030107A0000
000620101000107A000000062000103000B0107A1A2A3A4A50101000C06000C00800300FF0007010
0000015070039000110188C0000188B00017A01308F00028C00037A0521198B00042D198B00053B7
B0006031A037B0006928D00073B19037B0006928B00087A08001900020001000103000C48656C6C6
F20576F726C64210000000005002600090680030003800301010000000600000103800A0103800A0
6050000000680100203800A0809000F0000000B0504637BA24469BAECA3
A<< (0000+2) (181ms) 6985
Applet loading failed. Are you sure the CAP file target is compatible with your
card?
CAP loaded
A>> T=0 (4+0037) 84E60C00 25 06A1A2A3A4A50107A1A2A3A4A5010107A1A2A3A4A5010101000
2C9000089985BB5541BF631
A<< (0000+2) (15ms) 6A88
pro.javacard.gp.GPException: Install for Install and make selectable failed SW:
6A88
at pro.javacard.gp.GlobalPlatform.check(GlobalPlatform.java:1092)
at pro.javacard.gp.GlobalPlatform.installAndMakeSelectable(GlobalPlatfor
m.java:798)
at pro.javacard.gp.GPTool.main(GPTool.java:478)

It seems that your .cap file is not compatible with your card. You should check the following items :
1 : The version of Java Card Development Kit that you use for generating cap files must be lower than/equal with the version of Java Card that your card is compatible with.
2 : The Eclipse Compiler Compatible Level must be equal to 1.3 (I think this is mandatory for JC 2.2.1 and JC 2.2.2 only and not for the newer versions)
3 : Some features of Java Card APIs are optional. In cases that you use some optional features that your card not support them, applet uploading fails also. (Although the card JC version is equal to the JCDK you use)
* BTW, this is not your problem,because your applet is not using any optional feature.
You can check the Compiler Compatible Level as follow :
Notes:
1- Please check section 2 first!
2- As you use Eclipse with Eclipse-JCDE plugin, and this plugin support JCDK 2.2.2 only, you may need this trick to check the JCDK 2.2.1 also.

Use javacos software. It can generate cap file with both version 2.2.2. and 2.2.1

Related

Control USART RTS pin from driver on embedded board

I'm porting the lirc_serial kernel module to work on our embedded board. We only need to implement the IR transmitter function.
For only the transmitter, the custom driver need only control the RTS pin on /dev/ttyS0, from within the module.
On standard hardware, the driver loads:
00:05: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A
NEW APPROACH
I have not figured out how to deactivate the current driver for the serial port, so rather than create a new driver, how would you use the current 8250-dw driver to change the RTS pin on behalf of my kernel module? Something like this?
Using line disciplines per this article on the slip driver looked promising, Just take slip.c and remove the network side of the code. But it needs a user space program (slattach or dip) to open /dev/ttyS0 and activate the line discipline.
Is that possible (or a good idea) from within a kernel module?
In this similar question, How do I open/write/read a uart device from a kernel module?, Ian Abbott suggested backporting serdev to kernel 4.9.
That's getting a bit involved and we're already behind schedule. Is there an easier way?
ORIGINAL QUESTION
However, the embedded board (based on the BayTrail Atom E3845) has the serial port controller in memory mapped I/O:
80860F0A:00: ttyS0 at MMIO 0x90a0c000 (irq = 39, base_baud = 2764800) is a 16550A
80860F0A:01: ttyS1 at MMIO 0x90a0e000 (irq = 40, base_baud = 2764800) is a 16550A
I'm new to driver development. I guess 0x90a0c000 is the physical address of the controller?
To probe the module, I first remapped 0x90a0c000 to a virtual address using ioremap_nocache and then tried to reserve the memory using request_mem_region. That failed.
ioVirtBase = ioremap_nocache(iommap, 8);
TQTRACE("ecp_serial_probe: devm_ioremap for MMIO 0x%X returned 0x%X\n", (uint32_t)iommap, (uint32_t)ioVirtBase);
if (ioVirtBase != NULL)
{
tqDumpBuffer(ioVirtBase, 8);
}
tqRes = request_mem_region((uint32_t)ioVirtBase, 8, ECP_DRIVER_NAME);
TQTRACE("ecp_serial_probe: request_mem_region for 0x%X returned 0x%X\n", (uint32_t)ioVirtBase, (uint32_t)tqRes);
if (!tqRes)
{
TQTRACE("ecp_serial_probe: Cannot request memory at 0x%X\n", (uint32_t)iommap);
return -ENXIO;
}
Is this the correct order of the functions?
Also, it seems request_mem_region fails because the device is under control of 80860F0A ?? There is no such entry in lsmod but there is an entry in /sys/devices.
Do I need to unload that driver to control the USART? How?
# ls -l /sys/devices/platform/80860F0A\:00
lrwxrwxrwx 1 root root 0 Jul 8 23:30 driver -> ../../../bus/platform/drivers/dw-apb-uart
-rw-r--r-- 1 root root 4096 Jul 9 17:02 driver_override
lrwxrwxrwx 1 root root 0 Jul 9 17:14 firmware_node -> ../../LNXSYSTM:00/LNXSYBUS:00/80860F0A:00
-r--r--r-- 1 root root 4096 Jul 9 17:02 modalias
drwxr-xr-x 2 root root 0 Jul 9 17:02 power
lrwxrwxrwx 1 root root 0 Jul 8 23:30 subsystem -> ../../../bus/platform
drwxr-xr-x 3 root root 0 Jul 8 23:30 tty
-rw-r--r-- 1 root root 4096 Jul 9 17:02 uevent
drwxr-xr-x 3 root root 0 Jul 8 23:30 VCOM0001:00
dmesg output below. Dumping the data at the remapped virtual address is not consistent. Sometimes all 0xFF, other times, 00 00 00 00 41 02 1C 48. I don't understand that either...
MARK Tue Jul 9 17:45:35 SGT 2019
ecp_serial: ecp_serial_exit_module()
Spectre V2 : System may be vulnerable to spectre v2
ecp_serial: loading module not compiled with retpoline compiler.
ecp_serial: ecp_serial_init_module()
ecp_serial: ecp_serial_init()
ecp_serial: ecp_serial_probe() iommap=0x90A0C000
ecp_serial: ecp_serial_probe: devm_ioremap for MMIO 0x90A0C000 returned 0xE3296000
ecp_serial: Dump address 0xE3296000:
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
0000 FF FF FF FF FF FF FF FF
ecp_serial: ecp_serial_probe: request_mem_region for 0xE3296000 returned 0x0
ecp_serial: ecp_serial_probe: Cannot request memory at 0x90A0C000
platform ecp_serial.0: lirc_dev: driver ecp_serial registered at minor = 0
MARK Tue Jul 9 17:46:08 SGT 2019
ecp_serial: ecp_serial_exit_module()
Spectre V2 : System may be vulnerable to spectre v2
ecp_serial: loading module not compiled with retpoline compiler.
ecp_serial: ecp_serial_init_module()
ecp_serial: ecp_serial_init()
ecp_serial: ecp_serial_probe() iommap=0x90A0C000
ecp_serial: ecp_serial_probe: devm_ioremap for MMIO 0x90A0C000 returned 0xE32A2000
ecp_serial: Dump address 0xE32A2000:
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
0000 00 00 00 00 41 02 1C 48
ecp_serial: ecp_serial_probe: request_mem_region for 0xE32A2000 returned 0x0
ecp_serial: ecp_serial_probe: Cannot request memory at 0x90A0C000
platform ecp_serial.0: lirc_dev: driver ecp_serial registered at minor = 0
What proc/iomem has to say
90a0c000-90a0cfff : 80860F0A:00
90a0e000-90a0efff : 80860F0A:01
So indeed, the memory is under control of another driver... But how to unload it if it is not listed in lsmod ?
# rmmod 80860F0A:00
ERROR: Module 80860F0A:00 does not exist in /proc/modules
# rmmod 80860F0A
ERROR: Module 80860F0A does not exist in /proc/modules
OS INFO
# uname -a
Linux ecp 4.4.127-1.el6.elrepo.i686 #1 SMP Sun Apr 8 09:44:43 EDT 2018 i686 i686 i386 GNU/Linux
# cat /etc/centos-release
CentOS release 6.6 (Final)

Unable to see Glassfish logs in eclipse console

I am unable to see Glassfish's log in the eclipse console.
I have tried right-clicking on the GlassFish server in Servers -> Glassfish -> View log file but it shows me a file which ends with this:
2018-09-04T18:36:51.945+0100|Severe: The SSL certificate has expired: [
[
Version: V3
Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 135786214035069526348186531221551781468391756233528066061569654028671100866720352830303278016129003918213826297308054231261658522889438712013757624116391437358730449661353175673177742307421061340003741057138887918110217006515773038453829253517076741780039735595086881329494037450587568122088113584549069375417
public exponent: 65537
Validity: [From: Sat Aug 22 17:41:51 BST 1998,
To: Wed Aug 22 17:41:51 BST 2018]
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
SerialNumber: [ 35def4cf]
Certificate Extensions: 7
[1]: ObjectId: 1.2.840.113533.7.65.0 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 0D 30 0B 1B 05 56 33 2E 30 63 03 02 06 C0 ..0...V3.0c....
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
]
]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[CN=CRL1, OU=Equifax Secure Certificate Authority, O=Equifax, C=US]
which does not change at all, whether I stop,restart,run a webapp on the GF server, etc, and if I actually look at the file (...\glassfish5\glassfish\domains\domain1\logs\server.log) I find that the content that it is showing is at around line 5400 and there are actually 8600 lines in the server.log file, so there are actually over 3000 lines in the server.log file than the last ones that are shown in eclipse. For example, the timestamp in the log extract is 18:36 but the current time is 21:21 and the current tail of hte file is this:
[2018-09-04T21:02:45.234+0100] [glassfish 5.0] [INFO] [AS-WEB-GLUE-00172] [javax.enterprise.web] [tid: _ThreadID=100 _ThreadName=Thread-23] [timeMillis: 1536091365234] [levelValue: 800] [[
Loading application [__admingui] at [/]]]
[2018-09-04T21:02:45.235+0100] [glassfish 5.0] [INFO] [NCLS-CORE-00022] [javax.enterprise.system.core] [tid: _ThreadID=100 _ThreadName=Thread-23] [timeMillis: 1536091365235] [levelValue: 800] [[
Loading application __admingui done in 2,175 ms]]
[2018-09-04T21:14:29.419+0100] [glassfish 5.0] [INFO] [] [] [tid: _ThreadID=30 _ThreadName=Thread-8] [timeMillis: 1536092069419] [levelValue: 800] [[
doGet - name=null]]
Furthermore, the server.log file, when I open it in Notepad++, maddeningly does not refresh when the file is modified. I have to reload it from disk to see changes in the file.
Consequently, the only way it seems that I can actually monitor this log file is by using a tail -f from cygwin.
Anyone have any ideas how to fix this, in particular how I can see glassfish's log output, including SOPs, in real time in eclipse? It works fine in Netbeans.
Thanks very much for any help.
EDIT
I have noticed that when I restart the server, in eclipse's console the server.log file is re-read, but always (it seems) only up to the same point: the bit where the severe warning about the SSL certificate expiry appears:
2018-09-04T23:27:33.879+0100|Info: visiting unvisited references
2018-09-04T23:27:34.425+0100|Severe: The SSL certificate has expired: [
[
Version: V3
Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 135786214035069526348186531221551781468391756233528066061569654028671100866720352830303278016129003918213826297308054231261658522889438712013757624116391437358730449661353175673177742307421061340003741057138887918110217006515773038453829253517076741780039735595086881329494037450587568122088113584549069375417
public exponent: 65537
Validity: [From: Sat Aug 22 17:41:51 BST 1998,
To: Wed Aug 22 17:41:51 BST 2018]
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
SerialNumber: [ 35def4cf]
Certificate Extensions: 7
[1]: ObjectId: 1.2.840.113533.7.65.0 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 0D 30 0B 1B 05 56 33 2E 30 63 03 02 06 C0 ..0...V3.0c....
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
]
]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[CN=CRL1, OU=Equifax Secure Certificate Authority, O=Equifax, C=US]
Here, the server.log stops. No further content from the server.log file ever appears in eclipse's console.
What's strange, is that it - on a fresh glassfish install - initially isn't a problem and everything's logged as expected. But after a while, the log will become empty.
I finally found that removing the expired certificates from glassfish returns logging to normal.
What i did:
Figure out the aliases for the expired certificates. Run:
cd domains/<domain>/config
keytool -v -list -keystore cacerts.jks
For example you'll see that the equifax you've mentioned will resolve to the following alias: equifaxsecureca
Remove the certificate from your certs file: RUN:
keytool -delete -keystore cacerts.jks -alias equifaxsecureca -storePass changeit
For convenience, the below script is what i currently (28th july) use on glassfish & payara.
cd ${GLASSFISH_HOME}/glassfish/domains/domain1/config/ && \
for cert in "equifaxsecureca" "gtecybertrustglobalca" "utnuserfirstclientauthemailca" "deutschetelekomrootca2" "secomvalicertclass1ca" "valicertclass2ca" "entrustsslca" "certplusclass2primaryca" "certplusclass3pprimaryca" "utndatacorpsgcca" "utnuserfirstobjectca" "utnuserfirstobjectca [jdk]" "utnuserfirsthardwareca" "cert_45_deutsche_telekom_root_ca_245" "cert_29_certplus_class_2_primary_ca29" "cert_38_deutsche_telekom_root_ca_238" "utnuserfirsthardwareca [jdk]" "certplusclass3pprimaryca [jdk]" "certplusclass2primaryca [jdk]" "utnuserfirstclientauthemailca [jdk]"; \
do \
keytool -delete -keystore cacerts.jks -alias "$cert" -storePass changeit || echo "cert not present";\
done
keytool can be found in your jdk/bin folder.
The same applies to payara as well.

Raspbian enable SPI module

sorry if this is not the right forum for this question but I
can't find the answer anywhere. I'm working on a raspberry pi project
which requires the SPI module to be loaded. I can't get it to load.
Here's what I've done
sudo apt-get update
sudo apt-get upgrade
sudo rpi-update
Here's what my blacklist.conf file looks like
#blacklist spi and i2c by default (many users don't need them)
#blacklist spi-bcm2708
blacklist i2c-bcm2708
I've rebooted several times with no luck. When I run sudo uname -a I get
Linux raspberrypi 3.18.5+ #744 PREEMPT Fri Jan 30 18:19:07 GMT2015 armv6l GNU/Linux
See http://www.raspberrypi.org/forums/viewtopic.php?f=28&t=97314
Fixed my i2c and one-wire interfaces.
This is required with the new kernal upgrade to 3.18.5 on Jan 21st.
You should have it enabled. You did not specify how you test if it works.
What I suggest
Check if you have it enabled using lsmod | grep spi_ or ls -al /dev/spi*
If it does not work in your program try sudo adduser pi spi (if you use the pi user)
a) Download http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/plain/Documentation/spi/spidev_test.c
b) compile it with gcc spidev_test.c -o spidev_test. If you get compilation error try downloading this file and compiling it: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/plain/Documentation/spi/spidev_test.c?id=95b1ed2ac7ffe3205afc6f5a20320fbdb984da92 (it is older version of this file)
c) shorten your MOSI and MISO pins on your Raspberry ( http://neophob.com/wp-content/uploads/2012/08/254px-GPIOs.png pins 9 and 10 on this schematics, but please double check what pins you should shorten on schematics for your raspberry)
d) run the compiled program sudo ./spidev_test -D /dev/spidev0.0
e) if it returns
FF FF FF FF FF FF
40 00 00 00 00 95
FF FF FF FF FF FF
FF FF FF FF FF FF
FF FF FF FF FF FF
DE AD BE EF BA AD
F0 0D
it works and you might have some issue with your program or with connection to some other device.

KDE won't automount dvd on CentOS

This is driving me crazy. I have CentOS 5.5 installed running KDE desktop. I have an NEC 3550 DVDRW drive on /dev/hda. When I put in a DVD, I want it to automount it and provide an icon on the desktop, as well as under /media mount point. It will not automount. Automount is running. HALD is running. Drive is on /dev/hda. It is NOT listed in /etc/fstab. There is NOT a remove policy setup for hald-addon-storage for polling. I can read from the drive using dd. K3B burn utility can see the drive and read disk info. Running eject and eject -t ejects the drive ok.
I cannot mount from the command line. Says:
mount: block device /dev/hda is write-protected, mounting read-only
mount: wrong fs type, bad option, bad superblock on /dev/hda,
missing codepage or other error
In some cases useful info is found in syslog - try
dmesg | tail or so
dmesg says:
ide: failed opcode was: unknown
ATAPI device hda:
Error: Illegal request -- (Sense key=0x05)
Cannot read medium - incompatible format -- (asc=0x30, ascq=0x02)
The failed "Read Subchannel" packet command was:
"42 02 40 01 00 00 00 00 10 00 00 00 00 00 00 00 "
hfs: unable to parse mount options
attempt to access beyond end of device
hda: rw=0, want=68, limit=4
isofs_fill_super: bread failed, dev=hda, iso_blknum=16, block=16
To me, seems like some kind of media format issue, but I have no idea. Ideas?
no real solution, started working on its own.

Java Card: Problems selecting app with APDUtool

I'm using Eclipse with EclipseJCDE.
I made a simple java card applet as a .cap file to install on the simulator. I don't know if the installation failed because the download script is a bunch of ADPU commands which I don't understand. Is there any way to see what applets are currently on the simulator and what their AIDs are?
I then made a script for ADPUtool with just one command, selecting the applet. According to the .jca file in my project.
The AID for my applet:
0x1:0x2:0x3:0x4:0x5:0x6:0x7:0x8:0x9:0x0:0x0.
The command I made for selecting the applet:
0x00 0xA4 0x04 0x00 0x0b 0x1 0x2 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0x0 0x0
The 0x00 0xA4 0x04 0x00 at the beginning is for the select command, then 0x0b for the length, than the AID, and then 0x0 at the end for the Le byte which I don't think matters for this command. When I run this script with the ADPU tool I get this:
CLA: 00
INS: a4
P1: 04
P2: 00
Lc: 0b 01 02 03 04 05 06 07 08 09 00 00
Le: 00
SW1: 6d
SW2: 00
I believe the SW1 and SW2 bytes are the response to my command and I think 6d means it didn't find or wasn't able to load the applet. What am I doing wrong?
6D00 means bad instruction (INS byte 'A4' not existing in class '00').
Post full trace of APDUs after ATR else I recommend you to check section 10 from http://www.etsi.eu/deliver/etsi_ts/102200_102299/102221/08.02.00_60/ts_102221v080200p.pdf, for example.