Archive for the Category » Coding «

Let’s play tennis, with TDD

TDD & Code Kata’s

Now I’m working since more than four months as a software engineer at bbv Software Services in Switzerland. Every new employee at bbv needs to attend several courses (bbv Academy) to improve and extend his skills towards a good software developer. After my Scrum Master course, the next one on my schedule was Test Driven Development.

In addition to the theory why TDD, clean code and pair programming is highly desirable the course was accompanied with hands-on code kata’s. For those who don’t know what a code kata is, here is a citation from Wikipedia:

A code kata is an exercise in programming which helps a programmer hone their skills through practice and repetition.

One kata of the course was the Tennis Scorer. The goal was to implement a mechanism, which prints the score of a single game (therefore there are no sets).

Our Referee

The rules given were the following:

  1. A game is won by the first player to have won at least four points in total and at least two points more than the opponent.
  2. The running score of each game is described in a manner peculiar to tennis: scores from zero to three points are described as “love”, “fifteen”, “thirty”, and “forty” respectively.
  3. If at least three points have been scored by each player, and the scores are equal, the score is “deuce”.
  4. If at least three points have been scored by each side and a player has one more point than his opponent, the score of the game is “advantage” for the player in the lead.

Our implementation should be based on the ITennisScorer interface, which of yourse was changed during the exercise.

</span>
<pre>namespace Tennis
{
    public interface ITennisScorer
    {
        void AchievesScore(Player player);

        string GameScore { get; }
    }

    public enum Player
    {
        PlayerA,
        PlayerB
    }
}

Because it was a TDD course, we needed to build up a TODO list of appropriate unit tests first (e.g. Game just started, no one scored so far, expected score “love”).

Then we implented the unit tests one by one. Each of them had to fail first. Then came the actual implementation, test should pass afterwards. Code Refactoring -> All tests should pass.

Our Players

My initial implementation was blotched with many if statements, handling all the special cases for the game score (deuce, advantage, …). I also had code duplication, because I needed to track and update the score of player A and B separately.

But here comes the ultimate advantage of TDD. You’re not afraid anymore to refactor your code to a better architecture and solution. Because you know you can (and should) always run your unit tests and see if everything is still behaving as desired. You can sleep comfortably without to fear the next morning from an upcoming design change. Ok, I know. Some can still sleep during the nights without TDD, but they will be haunted by bad dreams 😉

So I refactored my code and eliminated the code duplication. Instead of using an enum to track the actual player score, I simply use a two-dimensional array, which holds all the possible scores of a game.

namespace Tennis
{
    public class TennisScorer : ITennisScorer
    {
        private int scoreA;
        private int scoreB;

        private const string GameA = "gameA";
        private const string GameB = "gameB";
        private const string AdvantageA = "advantageA";
        private const string AdvantageB = "advantageB";

        private static readonly string[][] PlayerScores = new[]
            {
                new[] {"love",  "15:0",     "30:0",     "40:0",     GameA},
                new[] {"0:15",  "15:15",    "30:15",    "40:15",    GameA},
                new[] {"0:30",  "15:30",    "30:30",    "40:30",    GameA},
                new[] {"0:40",  "15:40",    "30:40",    "deuce",    AdvantageA},
                new[] { GameB,   GameB,     GameB,      AdvantageB}
            };

        public void AchievesScore(Player player)
        {
            switch (player)
            {
                case Player.PlayerA:
                    UpdateGameScore(ref scoreA, ref scoreB);
                    break;
                case Player.PlayerB:
                    UpdateGameScore(ref scoreB, ref scoreA);
                    break;
            }
        }

        public string GameScore
        {
            get { return PlayerScores[scoreB][scoreA]; }
        }

        private void UpdateGameScore(ref int playerToAddScore, ref int opponentScore)
        {
            if (GameScore == AdvantageA || GameScore == AdvantageB)
            {
                opponentScore--;
            }
            else if (GameScore != GameA && GameScore != GameB)
            {
                playerToAddScore++;
            }
        }
    }
}

The Regulating Authority

I also refactored my unit tests. There were many tests, testing all the possible game processes. But my course instructor gave me the hint to use Nunit’s RowTest. Instead of writing many, almost identical tests for each case, I wrote just one parametrized unit test and the many case were provided as a parameter.

namespace Tennis.Test
{
    using NUnit.Framework;
    using FluentAssertions;

    [TestFixture]
    public class TennisScorerTest
    {
        private TennisScorer testee;

        [SetUp]
        public void SetUp()
        {
            testee = new TennisScorer();
        }

        [TestCase("", "love")]
        [TestCase("A", "15:0")]
        [TestCase("AAB", "30:15")]
        [TestCase("AAAB", "40:15")]
        [TestCase("BBB", "0:40")]
        [TestCase("BBB", "0:40")]
        [TestCase("ABABAB", "deuce")]
        [TestCase("AAABBB", "deuce")]
        [TestCase("AABBAB", "deuce")]
        [TestCase("AAABBBA", "advantageA")]
        [TestCase("AAABBBB", "advantageB")]
        [TestCase("AAAA", "gameA")]
        [TestCase("AAAAA", "gameA")]
        [TestCase("AAAABBBBBB", "gameA")]
        [TestCase("AAABBBBB", "gameB")]
        [TestCase("ABABABABABABABABABABABAA", "gameA")]
        public void PlayerScores(string game, string expectedScores)
        {
            foreach (var currentScore in game)
            {
                switch (currentScore)
                {
                    case 'A':
                        testee.AchievesScore(Player.PlayerA);
                        break;
                    case 'B':
                        testee.AchievesScore(Player.PlayerB);
                        break;
                }
            }
            testee.GameScore.Should().Be(expectedScores);
        }
    }
}

References & Coaches

If you want to practice your programming skills, I can encourage you to do some code kata’s, or similar challenges, to stay fresh in your head.

Here is a list of some useful sites with some brain-teasers and, if given, their solutions:

My Tennis Scorer implementation is available on GitHub.

Category: C#, Coding  Tags: , ,  One Comment

Debug- und Testcode haben nichts im Release zu suchen

Jaja, da hab ich mir doch die Sunrise Mein Konto App von Google Play runtergeladen. Mit der App kann man unter sein eigenes Sunrise Konto zugreifen und dabei laufende Kosten, Inklusivleistungen und Rechnungen der eigenen Produkte einsehen. Es ist wirklich eine gute App, teilweise umständlich zu navigieren aber ansonsten ist alles ersichtlich was man an Kontoinformationen braucht.

Und Windows Phone 7?

Da dachte ich mir doch: Hey, eine solche App muss ich auf dem Windows Phone 7 auch haben. Aber leider Fehlanzeige. Für WP7 gibts von Sunrise noch keine App.
Ja gut, dann schreib ich doch selber eine Sunrise Mein Konto App fürs WP7.

Doch so einfach ist das nicht: Die Verbindung zwischen App und Server ist mit SSL gesichert. Ich habe keine Ahnung welche Services (REST, SOAP?) an welchen Endpunkten aufgerufen werden. Was für Daten und in welcher Form (JSON, XML?) diese übertragen werden. Wie läuft der Login Vorgang, HTTP Authentication, GET/POST Variablen, selbstgemachtes Gemüse? Hier wurden die Hausaufgaben gut gemacht, der Datenverkehr ist verschlüsselt.

Aber ich möchte dennoch herausfinden was so vor sich geht. Machen wir doch eine Man in the Middle Attacke mit dem Emulator. Dafür werde ich meine persönlichen Login Daten opfern müssen.
Das Übliche halt:

  • Meinen PC als Proxy dazwischenschalten, am Besten mit Charles Web Debugging Proxy
  • Lokales Zertifikat erstellen wo www1.sunrise.ch als Common Name eingetragen ist
  • Das “Sunrise” in den Zertifikatsspeicher des Emulators oder eines echten Android Gerätes (Root Zugriff erforderlich) installieren
  • Applikation auf Emulator oder Android Gerät laufen lassen und mit LogCat zugleich noch den Output der App aufzeigen

Aber ich bin gerade auf Wohnungssuche, habe also keine Zeit und brauche eine schnellere Lösung 😉

Hey App, lass mich rein, ich bin Entwickler

Meine Faulheit muss ja bekanntlich belohnt werden. Und das wurde ich auch. 😀
Ich wollte sehen ob die App irgendwelchen Debug Output an LogCat sendet und habe die offizielle App von Google Play runtergeladen. Der Output war jedoch minimal. Einige Standardmeldungen wie “Login successful” kamen heraus aber nichts Auffschlussreiches über die Internals der App.

Also habe ich mich etwas am APK File zu schaffen gemacht. Mit dem APK MultiTool die App dekompiliert, und anschliessend das AppManifest.xml in Klartext geöffnet.
Folgendes ist mir aufgefallen:

  1. android:debuggable=”true” ist nicht gesetzt. Ist auch gut so, ist ja schliesslich ein Release und keine Debug Version.
  2. Eine Activity mit Namen Administration ist registriert. Lässt vermuten, dass es irgendwo in der ofiziellen App einen ServiceDialog o.ä. gibt.
Also schön das Debug Flag setzen und die XML Datei speichern. Mit dem APK MultiTool die “modifizierte” Applikation wieder in ein APK File builden und anschliessend noch erneut signieren.

Oh, ich bin ja schon drin

Und wer hätte das gedacht: Die Debug Statements wurden alle schön brav mit in die ofizielle App kompiliert. LogCat spuckte fröhlich alle möglichen Statements raus. JSON Objekte und Inhalt, Hostnamen und Pfade der jeweiligen Services, Login Infos uvm.

LogCat Output

Debug Infos im LogCat Output

Nun gut, aber was ist mit der registrierten Administration Activity? War nicht schwer herauszufinden. Sobald man im Login Screen ist, einfach mal den “Search” Button drücken (F5 im Emulator) und schon kommt man ins Service Menü, oder sollte ich besser sagen in den Test Dialog? Das neue APK File auf mein Android Gerät installiert. Übrigens: Die App lässt sich auch installieren, wenn “Installation von Nicht-Market Anwendungen zulassen” deaktiviert ist.

Fazit

Service Dialog

Service Dialog

Es ist nichts sensitives ans Tageslicht gerückt. Ich habe weder Zugriff auf vertrauliche Kundendaten erhalten oder sonstige Hinweise auf sicherheitskritische Bereiche. Da haben die Entwickler der App gute Arbeit geleistet.

Aber dennoch sollte man darum bemüht sein Debug Informationen, Testdaten, Testabläufe und sonstige interne Informationen nicht in den offiziellen Release zu veröffentlichen. Solche Daten verschwenden nicht nur zusätzlichen Speicher auf dem Phone, sondern sie können sicherheitskritische Informationen an jedermann preisgeben.

Testabläufe sollten auch möglichst mithilfe von Tools und Unit Tests vorgenommen werden und nicht mit echten Testern, welche auf Test Screens mit den Fingern herumdrücken. Solche Tests sind nicht immer einfach. Dies resultiert auch oft daraus, dass eine Entkopplung vom User Interface und der Business Logic nicht einfach zu bewerkstelligen ist. Ein guter Ansatz um eine gute Entkopplung zu erzielen und somit die Applikation “testbarer” zu machen wäre das Model View ViewModel (MVVM) Pattern.

Ich persönlich freue mich sehr über die ganze Sache. Dadurch habe ich genug Einblicke bekommen um meine Windows Phone App zu entwickeln. Die Authentisierung läuft über HTTP POST. Die Session wird mittels eines Login Keys, welcher vom Server zugewiesen wird, identifiziert und die Daten werden im JSON Format vom Server zurückgesandt.

Category: android, Coding  Tags: , ,  Leave a Comment

HydroNet and the Babel Routing Protocol

This year I’ve had the task to develop a subset implementation of the Babel routing protocol for low-power wireless devices running the TinyOS operating system. This was done to satisfy the communication requirements (especially to overcome long distances over the air) for the HydroNet project. At the beginning of this article I will give you an overview of this amazing project. Afterwards I will explain you the functionality and advantages of Babel, which was primarily designed for wireless mesh networks.

HydroNet – The Guardians of Water

HydroNet is aimed at designing and developing an autonomous network of sensors to improve the monitoring of water quality in rivers, lakes and lagoons. This autonomous network consists of unmanned catamarans and buoys. Each catamaran or buoy (I will call them simply nodes) is equipped with optical, chemo- and bio-sensors to detect water pollutants like mercury, cadmium, oil and many others. The mission area is 10 x 3 km for open waters (sea, ocean) and 15 km for closed waters (creeks, rivers). Mission and measurement data is exchanged wirelessly between nodes and to the base station at the coast in real-time. Communication problems arise in the mission area due to the long distances, frequency regulations, reflections and obstacles (like ships, river bends). A communication infrastructure had to be built to overcome those challenges.

HydroNet is supported by the Seventh Framework Programme (FP7) from the European Commission and involves ten partners from six countries. Two competence centers at the Lucerne University of Applied Sciences and Arts were assigned to build the communication infrastructure. The CC Electronics center designed and developed the hardware and the D3S (where I work) center implemented the firmware including the routing protocol.

But first lets look at the video to get a better impression of the project:

[youtube width=”480″ height=”390″]http://www.youtube.com/watch?v=yr3WsrCf23M[/youtube]

The communication infrastructure consists mainly of the following components:

  • self-made antenna
  • TI MSP430 ultra-low-power micro-controller (10K RAM, 48K ROM, running @ 8MHz)
  • Semtech XE1205 radio transceiver operating in the 443MHz ISM band
  • An amplifier to boost the signals up to 2.5 Watt, with overload protection
  • TinyOS, an open-source operating system
  • the firmware (written in nesC), interacts with the node’s main computer, handling the radio communication and routing

The hardware components are designed for low-power usage. This is necessary to extend the battery lifetime of the nodes and increase the mission time without human intervention. Of course low-power is generally coupled to limited resources. Therefore you can’t add any extra sugar to your firmware and you need to develop very economically.
The amplifier and the antenna enable to overcome distances up to 3km above the sea (antenna 2m above sea level), but it’s still not enough to cover the whole mission area. Therefore a routing-protocol came into play to allow nodes to act as repeaters. Intermediate nodes on a path can forward data packets to the destination node which is out of range from the originator.

Babel, route me

As partly mentioned, several challenges needed to be achieved by the routing protocol to maintain a reliable communication within the participants:

  • minimal operational data, like routing tables, buffered messages (10K RAM)
  • small footprint (48K ROM)
  • low processing load (only 8MHz)
  • especially designed for wireless mesh networks
  • minimal and efficient bandwidth utilization (avoid collisions, routing-loops, routing overhead)
  • react fast to mobility changes (the catamarans are moving permanently)
  • low power consumption (the radio + amplifier are very hungry)
  • support research & development

Our evaluation of different routing protocols led us to Babel, because its features looked very promising to fulfill the project requirements. Juliusz Chroboczekhas specified Babel in the RFC 6126, which changed its state from draft to experimental in April 2011. He also has developed a stable daemon of Babel (babeld). More information, sources and binaries for Debian/Ubuntu and also for OpenWRT can be found on his official page. Also his slides from a talk about Babel explain well the protocol.

I will summarize some of the main, and in my opinion also very impressive, features of the protocol:

  • distance-vector routing protocol (less computational complexity, less overhead, saves memory)
    • babeld has only 8000 lines of code
  • proactive protocol, with reactive features
    • speeds up convergence by reactively requesting new routing information when a node suffers from route starvation
  • based on the ideas in DSDVAODV and Cisco’s EIGRP
  • designed to work in wired and wireless mesh network simultaneously
  • runs on IPv4 and IPv6 simultaneously
  • feasibility condition guarantees loop-freedom
  • senses link quality for computing route metrics using variant of the ETX algorithm (more adequate for wireless links)
  • also radio-frequency aware to avoid interference

The subset implementation

Of course, some of the features from Babel are not required or appropriate for the HydroNet project (like IPv6, operation in wired networks). Therefore I designed and have developed a subset implementation of the Babel routing protocol for the TinyOS operating system, to fit the needs for HydroNet.

I’ve described the considerations and optimizations in the Work in Progress paper Babel multi-hop routing for TinyOS low-power devices, which will be published at the UBICOMM 2011.

Category: nesC  Tags: , , , ,  Leave a Comment

High delay in RS232 communication on a PXA270

I’m experiencing a long delay (1.5ms – 9.5ms) in a RS232 communication on a PXA270 RISC PC/104. I want to minimize the long delay but I’m a beginner with embedded devices and C++ so I think I’m missing something.

RS232 delay on PXA270

RS232 delay on PXA270

The mentioned delay is at the time when the PXA board receives a packet from the external device via RS232 (115200 baud) until it sends an ACK custom packet back to the external device. I measured the delay on the PXA board with an oscilloscope, one channel at the Tx (green) and the other on the Rx (blue).

The PXA board is running an Arcom Embedded Linux (AEL). I know, it’s not a real-time OS, but I still think, that an average delay of 4.5ms is way too high for extracting the received packet, verify it’s CRC16, construct an ACK packet (with CRC) and send it back the serial line. I also deliberately put the CPU under heavy load (some parallel gzip operations) but the delay time didn’t increase at all. The maximum size of a received packet is 30 bytes.

A C++ application (another former co-worker wrote it) is handling the reception of the packets and their acknowledgement. One thread is sending and the other is receiving the packets.

I thought that the RTC on the PXA board has a very bad resolution and the AEL can not align the timing to the internal RTC resolution. But the RTC has a frequency of 32.768 kHz. The resolution is sufficient, still don’t explain the high delay. Btw, I think the OS is using the internal PXA clock (which has also a sufficient resolution) instead of the RTC for the timing.

Therefore the problem must be in the C++ app or in a driver/OS setting of the RS232 interface.

The following control flags are used for the RS232 communication in the C++ application according to the Serial Programming Guide for POSIX Operating Systems:

// Open RS232 on COM1
mPhysicalComPort = open(aPort, O_RDWR | O_NOCTTY | O_NDELAY);
// Force read call to block if no data available
int f = fcntl(mPhysicalComPort, F_GETFL, 0);
f &= ~O_NONBLOCK;
fcntl(mPhysicalComPort, F_SETFL, f);
// Get the current options for the port and set the desired values
tcgetattr(mPhysicalComPort, &options);
cfsetispeed(&options, baudRate);
cfsetospeed(&options, baudRate);
// no parity (8N1)
options.c_cflag &= ~PARENB;
options.c_cflag &= ~CSTOPB;
options.c_cflag &= ~CSIZE;
options.c_cflag |= CS8;
// disable hardware flow control
options.c_cflag &= ~CRTSCTS;
// raw input
options.c_lflag = 0;
// disable software flow control
options.c_iflag = 0;
// raw output
options.c_oflag = 0;
// Set byte times
options.c_cc[VMIN] = 1;
options.c_cc[VTIME] = 0;
// Set the new options for the port
tcsetattr(mPhysicalComPort, TCSAFLUSH, &options);
// Flush to put settings to work
tcflush(mPhysicalComPort, TCIOFLUSH);

I think I’m missing something very simple. I think, that if the process of the app is running under a higher priority, this will not solve the problem. There must be something, which instructs the RS232 driver to handle the requests with a higher priority to minimize the latency.

Does anyone have any ideas? Thank you very much in advance for your help.

The Solution

I was able to reduce the delay to ~0.4ms. The command setserial(8) was referenced in the AEL manual. And bingo, I found the low_latency flag there with the following description:

Minimize the receive latency of the serial device at the cost of greater CPU utilization. (Normally there is an average of 5-10ms latency before characters are handed off to the line discpline to minimize overhead.) This is off by default, but certain real-time applications may find this useful.

I then executed setserial /dev/ttyS1 low_latency and the delay was reduced to ~0.4ms *yay*
But I wanted to implement this behaviour in the C++ app, without setting this flag globally with setserial (this command is by default not included in all distros).

I’ve added the following code lines, which had the same effect as the low_latency flag from setserial:

#include <sys/ioctl.h>
#include <linux/serial.h>
// Open RS232 on COM1
mPhysicalComPort = open(aPort, O_RDWR | O_NOCTTY | O_NDELAY);
struct serial_struct serial;
ioctl(mPhysicalComPort, TIOCGSERIAL, &serial);
serial.flags |= ASYNC_LOW_LATENCY; // (0x2000)
ioctl(mPhysicalComPort, TIOCSSERIAL, &serial);

Have phun 🙂

Category: C++  Tags: , ,  Leave a Comment

Android: Trusting SSL certificates

Two weeks ago I got the task to establish TLS secured connections via certificates to a service endpoint.
I thought it’s not a big deal, because the endpoint already uses an EV certificate from a trusted CA (SwissSign) in Switzerland. Therefore I shouldn’t have to worry that the certificate would be considered as untrusted so I don’t have to import it to the trusted certs in the  Java  key store etc.
FAIL! I’ve got a security exception, cert is not trusted. Same problem when I visit the website with the browser. Ok, that’s bad, SwissSign is not such a big player like thawte, so, it needs some time till it will be added to the android trusted CA list. But, when I visit thawte.com, their cert is also not trusted by android. WTF?
Windows Phone and iPhone trust my SwissSign CA and don’t complain.

So, let’s ask google, stackoverflow and the blogosphere. Found a lot of solutions how to disable certificate checking entirely.
Yeah, great, this will solve my problem, my connection will be “secure” and everyone will be able to intercept my connection and inject his own certificate. But I finally found the solution with help from other sites and some testing and debugging.

The Solution

The following main steps are required to achieve a secured connection from trusted Certification Authorities.

  1. Grab all required certificates (root and any intermediate CA’s)
  2. Create a keystore with keytool and the BouncyCastle provider and import the certs
  3. Load the keystore in your android app and use it for the secured connections
    • Don’t use the standard java.net.ssl.HttpsURLConnection for the secure connection. Use the Apache HttpClient (Version 4 atm) library, which is already built-in in android. It’s built on top of the java connection libraries and is, in my opinion, faster, better modularized and easier to understand.

Step 1: Grab the certs

You have to obtain all certificates that build a chain from the endpoint certificate the whole way up to the Root CA. This means, any (if present) Intermediate CA certs and also the Root CA cert. You don’t need to obtain the endpoint certificate.
You can obtain those certs from the chain (if provided) included in the endpoint certificate or from the official site of the issuer (in my case SwissSign).

Ensure that you save the obtained certificates in the Base64 encoded X.509 format. The content should look similar to this:

-----BEGIN CERTIFICATE-----
MIIGqTC.....
-----END CERTIFICATE-----

Step 2: Create the keystore

Download the BouncyCastle Provider and store it to a known location.
Also ensure that you can invoke the keytool command (usually located under the bin folder of your JRE installation).

Now import the obtained certs (don’t import the endpoint cert) into a BouncyCastle formatted keystore.
I didn’t tested it, but I think the order of importing the certificates is important. This means, import the lowermost Intermediate CA certificate first and then all the way up to the Root CA certificate.

With the following command a new keystore (if not already present) with the password mysecret will be created and the Intermediate CA certificate will be imported. I also defined the BouncyCastle provider, where it can be found on my file system and the keystore format. Execute this command for each certificate in the chain.

keytool -importcert -v -trustcacerts -file "path_to_cert/interm_ca.cer" -alias IntermediateCA -keystore "res/raw/myKeystore.bks" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath "path_to_bouncycastle/bcprov-jdk16-145.jar" -storetype BKS -storepass mysecret

Verify if the certificates were imported correctly into the keystore:

keytool -list -keystore "res/raw/myKeystore.bks" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath "path_to_bouncycastle/bcprov-jdk16-145.jar" -storetype BKS -storepass mysecret

Should output the whole chain:

RootCA, 22.10.2010, trustedCertEntry, Thumbprint (MD5): 24:77:D9:A8:91:D1:3B:FA:88:2D:C2:FF:F8:CD:33:93
IntermediateCA, 22.10.2010, trustedCertEntry, Thumbprint (MD5): 98:0F:C3:F8:39:F7:D8:05:07:02:0D:E3:14:5B:29:43

Now you can copy the keystore as a raw resource in your android app under res/raw/

Step 3: Use the keystore in your app

First of all we have to create a custom Apache HttpClient that uses our keystore for HTTPS connections:

public class MyHttpClient extends DefaultHttpClient {

	final Context context;

	public MyHttpClient(Context context) {
		this.context = context;
	}

	@Override
	protected ClientConnectionManager createClientConnectionManager() {
		SchemeRegistry registry = new SchemeRegistry();
		registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
		// Register for port 443 our SSLSocketFactory with our keystore
		// to the ConnectionManager
		registry.register(new Scheme("https", newSslSocketFactory(), 443));
		return new SingleClientConnManager(getParams(), registry);
	}

	private SSLSocketFactory newSslSocketFactory() {
		try {
			// Get an instance of the Bouncy Castle KeyStore format
			KeyStore trusted = KeyStore.getInstance("BKS");
			// Get the raw resource, which contains the keystore with
			// your trusted certificates (root and any intermediate certs)
			InputStream in = context.getResources().openRawResource(R.raw.mykeystore);
			try {
				// Initialize the keystore with the provided trusted certificates
				// Also provide the password of the keystore
				trusted.load(in, "mysecret".toCharArray());
			} finally {
				in.close();
			}
			// Pass the keystore to the SSLSocketFactory. The factory is responsible
			// for the verification of the server certificate.
			SSLSocketFactory sf = new SSLSocketFactory(trusted);
			// Hostname verification from certificate
			// http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506
			sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
			return sf;
		} catch (Exception e) {
			throw new AssertionError(e);
		}
	}
}

We have created our custom HttpClient, now we can just use it for secure connections. For example when we make a GET call to a REST resource.

// Instantiate the custom HttpClient
DefaultHttpClient client = new MyHttpClient(getApplicationContext());
HttpGet get = new HttpGet("https://www.mydomain.ch/rest/contacts/23");
// Execute the GET call and obtain the response
HttpResponse getResponse = client.execute(get);
HttpEntity responseEntity = getResponse.getEntity();

That’s it. Took me long to figure it out, hope this helps and saves you that time.

I really hope that the android platform will implement a better mechanism in future releases for defining which Certification Authorities should be trusted or not or just expand their own trusted CA list. If they don’t, I can’t believe they will get good acceptance from the business sector. Ok, you can control which certificates you want to trust in your app, but you still can’t add thawte as a trusted CA in the android keystore and your browser will always complain about an untrusted CA. The only way I know to eliminate this problem is to root your phone (very user friendly) and add your CA manually to the android keystore.

Feel free to comment.

Category: android, Coding  Tags: , , ,  93 Comments

Programming Life and the Zen of Computers

Ich bin kürzlich über den Blog von Scott Hanselman gestossen und war beeindruckt.

Viele State of the Art Einträge über Microsoft Produkte (auch CTPs), Codebeispiele, Guidelines und Tools, die kein Entwickler missen will.

Um stets auf dem aktuellen Stand zu bleiben bietet sich neben dem RSS Feed auch ein Weekly Podcast an.

Ein kürzlich von ihm gehaltene Präsentation Web Deployment Made Awesome: If You’re Using XCopy, You’re Doing It Wrong zeigt sehr ausdrücklich die neuen Deployment-Möglichkeiten (vorallem für ASP.NET) von Visual Studio 2010. Deployment ist an sich keine interessante Arbeit und ich bin sehr froh, dass künftig dem Entwickler dabei viel mühselige Arbeit abgenommen wird.

Besonderes Highlight: Eine ASP.NET Webaaplikation kann im Package auch die IIS Einstellungen enthalten, welche beim Deployment automatisch in den IIS geladen werden. Es können auch eigene Parameter für die Einstellungen definiert werden (siehe Präsentation @30:50). Während der Installation erstellt MSDeploy automatisch ein grafisches Eingabeformular, worin der Benutzer die Parameter bequem eingeben kann (z.B. Datenbankpassword, Webservice URL, ACL’s, …) und diese beim Einspielen in den IIS übernommen werden.

Category: Coding  Tags: ,  Leave a Comment

1km Notenstatistik

Jedes Semester werden die Noten anonymisiert von der HSLU T&A veröffentlicht. Einige Stunden später erscheint auf der 1km Seite auch die entsprechende Notenstatistik.
In der Statistik ist die prozentuale Verteilung der Noten für die Module ersichtlich. Zudem kann jeder Student seine Noten über die persönliche Matrikelnummer abfragen.
Die veröffentlichten Noten wurden bisher in einem aufwendigen Verfahren manuell konvertiert um sie in die Datenbank der Webseite abzufüllen. MS Word & Excel sowie Regex Befehle im Texteditor waren für die Konvertierung notwendig. Der Aufwand belief sich für jedes Semester zwischen 1-3 Stunden.

Nun habe ich ein kleines C# Programm geschrieben, welches die Noten aus der veröffentlichten PDF Datei einliest, diese konvertiert und anschliessend in einem geeigneten Format für das PHP Skript der Webseite abspeichert.

Folgende Features weist das Programm auf:

  • Modularer Code (Strategy und Factory Pattern)
  • Die einzelnen Tasks sind zur Laufzeit austauschbar
  • Tasks werden in Threads abgearbeitet
  • Nutzung von eigenen Events und Eventargumenten um über den Fortschritt der Tasks zu benachrichtigen
  • itextsharp Bibliothek um PDF Datei einzulesen
  • Speicherung der Applikationseinstellungen in Properties
  • Nutzung von ILMerge um alle Abhängigkeiten in eine EXE Datei zu packen

Das C# Projekt gibt es hier.

Notenparser in C#

Notenparser in C#

Category: C#  Tags:  One Comment