ColdFusion Implicit Struct Creation Oddness

Totally unexpected behavior, possibly showing some insight into how the Adobe's implementation of implicit struct creation works behind the scenes. I'd be curious to see if this different in Railo1

<cfscript>
wsConfig = {
 root = "https://example.com/baaws/",
 corews = wsConfig.root & "core/ws?wsdl",
 utilws = wsConfig.root & "core/wsutil?wsdl",
 dispatcherws = wsConfig.root & "dispatcher/ws?wsdl",
 emailexchangews = wsConfig.root & "emailexchange/ws?wsdl",
 emaildominows = wsConfig.root & "emaildomino/ws?wsdl",
 emailgroupwisews = wsConfig.root & "emailgroupwise/ws?wsdl"
};
</cfscript>

You're able to reference a member of the wsConfig struct before the struct is even created! At least before I'd expect it to be created. To accomplish the same thing (avoid using temporary variables to create the object, but define my root URL for reuse) in PHP (without using unset()) I'd do something like:

<?php
$wsConfig = array(
 root => 'https://example.com/baaws/',
);
 
$wsConfig = array(
 root => $wsConfig['root'],
 corews => $wsConfig['root'] . 'core/ws?wsdl',
 utilws => $wsConfig['root'] . 'core/wsutil?wsdl',
 dispatcherws => $wsConfig['root'] . 'dispatcher/ws?wsdl',
 emailexchangews => $wsConfig['root'] . 'emailexchange/ws?wsdl',
 emaildominows => $wsConfig['root'] . 'emaildomino/ws?wsdl',
 emailgroupwisews => $wsConfig['root'] . 'emailgroupwise/ws?wsdl',
);
?>

In this case the second time I reference $wsConfig I'm using the values from the first copy. The first copy isn't destroyed until after the second copy is set.

Performance Impact

The first question I have is if there is any performance impact to creating a large struct implicitly versus using a Java object. In Adobe ColdFusion it seems the largest struct you can implicitly create outside of a function is one with 16319 members. Inside of a function the limit appears to be 3451 members.

Build yourself a testcase using the following code, or download a pre-assembled testcase:

<cfsetting enablecfoutputonly="yes" showdebugoutput="no">
<cfscript>
writeoutput("&lt;cfscript&gt;<br />struct = {<br />");
for( x = 1; x LT 16319; x = x+1 ) {
	writeoutput("abc#x# = 'abc#x#',<br />" );
}
x = x+1;
writeoutput("abc#x# = 'abc#x#'<br />" );
writeoutput("};<br />&lt;/cfscript&gt;");
</cfscript>

I'm not sure if you can use Java to implicitly create a struct (coldfusion.runtime.Struct in Adobe CF) or implicitly create a java.lang.object. Implicit creation of a large struct is much faster than creating a struct repeatedly calling StructInsert() (download testcase).

  1. OpenBD doesn't support implicit creation yet. [back]

Tags: ,
Posted in Development, Software, Technology on June 2nd, 2009 at 07:06pm

Add Comment »  | 

Install a Go Daddy SSL Certificate for use with JBoss or the BES 5 BAS

I'm working on an application that uses the BlackBerry Enterprise Server 5.0 API and I wanted to install a valid SSL certificate to make development easier since it's a bit of a pain to trust self-signed certificates with ColdFusion. I figured that a $12.99 SSL certificate from Go Daddy was cheap compared to the trouble I was having with ColdFusion. Big mistake.

99% of these instructions apply to JBoss as well as the BlackBerry Administration Service (BAS) which is running on top of JBoss. I read a few guides on installing a SSL Certificate in JBoss, but ran into issues with each of them.

For anyone who only needs vanillla JBoss instructions I'll flag BAS-specific items that can be ignored. Some guides will have you extract the private key from your certificate and generate a PKCS12 keystore using openssl. I'm intentionally not taking that approach to avoid modifying the BAS server.xml.

Installation

Outline

The process goes like this:

  1. Generate a new key, optionally create a new keystore
  2. Generate a CSR
  3. Purchase the SSL certificate
  4. Prepare chained certificates – gather root certificate, intermediate certificates, reply
  5. Import certificates
  6. Install new certificate

Prerequisites

Everything will be easier if you keep all the related files in a single location initially.

  1. Create a directory called "req" and open a new command prompt inside of it.
  2. Choose a keystore name and certificate alias. In the examples I'm using web.keystore and bas respectively.
    (BAS only) the keystore name must be web.keystore
  3. Locate keytool.exe in the JRE bin directory. On my server it was in C:\Program Files\Java\jre1.6.0_07\bin\keytool.exe
  4. (BAS only)Back up the current keystore file located in <drive:\program files>\Research In Motion\BlackBerry Enterprise Server\BAS\bin\web.keystore
    Note: Most likely this is in     <drive>:\Program Files\ unless you're on 64-bit Windows, in which case it will be <drive>:\Program Files (X86)
  5. (BAS only)You'll need to know your current keystore password, use that whenever prompted for a password. If you want to set a new password you will need to change the cacerts keystore password in the BlackBerry Server Configuration.
    BAS - cacerts keystore

Step 1 – Generate the Key

keytool -genkey -alias bas -keyalg RSA -keystore web.keystore

This will generate a new key with the alias bas and create a new keystore in web.keystore (if it doesn't exist). (BAS only) When prompted for a password us your current BAS cacert password.

Press RETURN when prompted for a key password to use the keystore password. Replace bas.example.com with the hostname you are purchasing a SSL certificate for. Replace bas and web.keystore with the keystore name and certificate alias you chose in the Prerequisites section.

C:\req>keytool -genkey -alias bas -keyalg RSA -keystore web.keystore
Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:  bas.example.com
What is the name of your organizational unit?
  [Unknown]:  bas.example.com
What is the name of your organization?
  [Unknown]:  bas.example.com
What is the name of your City or Locality?
  [Unknown]:  Denver
What is the name of your State or Province?
  [Unknown]:  CO
What is the two-letter country code for this unit?
  [Unknown]:  US
Is CN=bas.example.com, OU=bas.example.com, O=bas.example.com, L=Denver, ST=CO, C=US correct?
  [no]:  yes
 
Enter key password for
        (RETURN if same as keystore password):

Step 2 – Generate the CSR

Next you must generate a Certificate Signing Request (CSR) to submit to Go Daddy (or whoever you've chosen).

keytool -certreq -keyalg RSA -alias bas -file bas.example.com.csr -keystore web.keystore

Provide your keystore password when prompted. This will generate a CSR from web.keystore for the bas entry.

The CSR should look something like:

-----BEGIN NEW CERTIFICATE REQUEST-----
MIIBuTCCASICAQAweTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNPMQ8wDQYDVQQHEwZEZW52ZXIx
GDAWBgNVBAoTD2Jhcy5leGFtcGxlLmNvbTEYMBYGA1UECxMPYmFzLmV4YW1wbGUuY29tMRgwFgYD
VQQDEw9iYXMuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNSDrG1vAxX
zaEelgKxl2Sr7zxTdUh+muoBN/uBiLrIZjMzz278tmqbKbZ3+ok4ZB99Pzto5SLKnpi1i8tuHL51
unGXqAZRCSQgN7agT4HqURsURjKEPJsvjR7pjRKcPOzmCYaus2KeOAP8BHCPCGZbZRlAS7aND3Qi
r4ArNFjrAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQAs4avQ2JiUfAA2N2hOHwbPE7Wax5kIIldS
RNIpSW2jButL4YdbNoj1BgVGtY1D+/9vOUnMYWl63rHRGv1StTHzaqsZE3Wmb8b5epZbzfKe9p0b
pewqnuGnwcqTz9HRkR+rXizF0vPGnyKWQKRYuqFxtnCqVYXDbWYxv32qgggtQQ==
-----END NEW CERTIFICATE REQUEST-----

Step 3 – Purchase the SSL Certificate

Open the generated CSR up in a text editor( eg, notepad bas.example.com.csr) and paste the contents into the CSR Data field on Go Daddy.You're given the choice of which issuing organization to use (Starfield Root or Godaddy Root), and the Web Server Type. I chose Starfield Root. The Web Server Type must be Tomcat.

Go Daddy SSL Request - CSR Data

Once you've verified the ownership of the domain you will receive a zip file containing the SSL certificate and the intermediate certificates.

Step 4 – Prepare chained certificates

Extract the contents of the the zip file (mine was named certbundle.zip) into your req working directory. If you chose Starfield Root for the issuing organization you should have the following files in req:

  • web.keystore – Your keystore file
  • bas.example.com.csr – Your generated CSR
  • bas.example.com.crt – Your certificate response
  • sf_bundle.crt (or gd_bundle.crt) – Bundled intermediate certificates
  • sf_intermediate.crt (or gd_intermediate.crt) – Intermediate certificate
  • sf_cross_intermediate.crt (or gd_cross_intermediate.crt) – Cross intermediate certificate

I'm not sure if this step is 100% necessary, but I did it and my certificate worked. Download the appropriate root certificate for your issuing organization and save it into your req working directory – Starfield Root (sfsroot.crt) or Go Daddy Root (gd-class2-root.crt).

Step 5 – Import Certificates

Once you've gathered the various certificates they must be imported into your keystore. The root and intermediate certificate are used to establish a chain of trust which eventually ends with your self-signed keystore.

  1. Import the root certificate (sfsroot.crt or gd-class2-root.crt) 
    keytool -import -alias root -keystore web.keystore -trustcacerts -file sfsroot.crt
  2. Import the cross intermediate certificate (sf_cross_intermediate.crt or gd_cross_intermediate.crt) 
    keytool -import -alias cross -keystore web.keystore -trustcacerts -file sf_cross_intermediate.crt
  3. Import the intermediate certificate (sf_intermediate.crt or gd_intermediate.crt) 
    keytool -import -alias intermed -keystore web.keystore -trustcacerts -file sf_intermediate.crt
  4. Import your reply. The alias you use here MUST match the alias you used when you generated the certificate in Step 1. 
    keytool -import -alias bas -keystore web.keystore -trustcacerts -file bas.example.com.crt

    The output should be similar to:

    C:\req>keytool -import -alias bas -keystore web.keystore -trustcacerts -file bas.example.com.crt
Enter keystore password:
Certificate reply was installed in keystore

Your request is now complete, and your keystore contains a trusted, signed request. You can verify this:

C:\req>keytool -list -keystore web.keystore -storetype jks
Enter keystore password:
 
Keystore type: JKS
Keystore provider: SUN
 
Your keystore contains 1 entry
 
bas, Jun 2, 2009, PrivateKeyEntry,
Certificate fingerprint (MD5): F4:63:44:DA:33:BA:C2:2A:C3:0E:6C:92:AB:E9:45:12

Step 6 – Install the Certificate

JBoss

Install and activate your new keystore using the instructions on the JBoss SSL Setup wiki page. If you've followed all the steps properly you will have a JKS-type keystore, not PKCS12.

BAS

  1. Back up your web.keystore file if you haven't already.
  2. If the new keystore has a different password than the current keystore change the password in the BlackBerry Server Configuration tool, under the Administration Service – Cacerts keystore tab.
  3. Stop the BAS services – BlackBerry Administration Service – Native Code Container and BlackBerry Administration Service – Application Server.
  4. Rename <drive:\program files>\Research In Motion\BlackBerry Enterprise Server\BAS\bin\web.keystore to web.keystore.original
  5. Copy web.keystore from your req working directory into the BAS\bin directory.
  6. Restart the BAS services – starting the Application Server service will automatically start the Native Code Container service.

Browse to your BAS using HTTPS and verify the server is working correctly. To undo the changes stop the BAS services, delete web.keystore and rename web.keystore.original to web.keystore. Restart the BAS services, which are now using the original, working keystore.

Troubleshooting

  • When importing your reply you must use the same alias as you did to generate the original key which was used to generate the CSR.
  • The key password must match the keystore password.
  • (BAS only) The keystore filename must be web.keystore
  • (BAS only) The keystore password must match what is entered in BlackBerry Server Configuration > Administration Service – Cacerts keystore
  • (BAS only) Open the highest-numbered <servername>_BBAS-AS_01_YYYYMMDD_00##.txt log file and search for error, ssl and keystore for information about why the server didn't start. Most commonly this will be a password mismatch between the keystore and the BAS or a missing certificate.
  • Verify the keystore using keytool -list.
  • If the keystore is valid but the certificate is shown to be issued by bas.example.com instead of Go Daddy or Starfield you most likely did not import your reply (Step 5, keytool -import … bas.example.com.crt) using the same alias as the generated key (Step 1, keytool -genkey).

Resources

The following sites were helpful:

Tags: , , , , , , ,
Posted in BlackBerry, Development, Software, Technology on June 2nd, 2009 at 03:06pm

Comments (2)  | 

Wishlist for the ColdFusion Advisory Committee

I only recently learned about the CFML Advisory Committee, but I was impressed that such a thing would even exist. I suppose with two open source CFML engines (Open BlueDragon and Railo) it was only a matter of time, but without buy-in from Adobe the utility of such an organization is seriously limited. Fortunately Adobe has bought in and has members on the committee.

I'm not sure what percentage of my time I spend working with ColdFusion, but whenever I do I always run into arbitrary limitations or inconsistencies that are incredibly obnoxious. It gives ColdFusion the feeling of a language that was started by one group of people, picked up half-finished by another group with many features are implemented very shallowly in order to meet a ship date. And all too often Adobe never looks back to address those flaws. Hopefully the CFML Advisory Committee will address these flaws.

A great example blatantly rushing a feature is the implicit creation of structs and arrays. With the initial release of ColdFusion 8.0 you could use { } and [ ] notation to create both inside of a CFSCRIPT block, but you couldn't nest them until the release of ColdFusion 8.0.1

<cfscript>
// This only works in Adobe ColdFusion 8.0.1+
someStruct = {
 key1 = {
  subKey1 = 'xyz'
 }
};
</cfscript>

I'm hesitant to email my entire wishlist the Committee as Sean suggested, but I did want to write it out and solicit some feedback. Some of these are specific to Adobe ColdFusion (such as var declaration positions), and there is the possibility that some of the issues are fixed or under consideration to be fixed in the upcoming release of CF 9 Centaur.

ColdFusion/CFML Wishlist (or gripes)

  • Consistency between cfscript, cfml functions. cfquery, cfdump, and all of the other functions missing from CFSCRIPT
  • Allow var declarations anywhere (Note: Supported in OpenBD)
  • Fully document CFQUERYPARAM type mapping (cf_sqltype_* to actual SQL type)
  • Fully document the SQL commands/functions available for CFQUERY Query-of-Queries
  • Ordered structs – I can't think of a good reason not to preserve the order of items.
  • Implicit creation of structs with case sensitive names and names containing spaces 
    <cfscript>
struct = {
 'one key' = 'abc',
 'mixedCase' = 'def'
};
</cfscript>
  • Support a more standard struct declaration format. 
    <cfscript>
struct = {
	key: 'val',
	orKey =&gt; 'val'
};
</cfscript>
  • Pass implicitly created objects as function arguments.
  • Allow [] notation to append to arrays. 
    <cfscript>
someArr = [ 'one, 'two', 'three' ];
someArr[] = 'four';
// someArr is now [ 'one, 'two', 'three', 'four' ]
</cfscript>
  • NO WHITESPACE RESIDUE FROM ANY CFML CODE – Seriously, don't leave a mess when you're parsing. Every byte counts.
  • Defined way to pass any variable by reference
  • Allow optional args and default values in cfscript function declarations
  • True eval() function. I want to be able to dynamically parse code. DE and EVALUATE are about as healthy as cigarettes.
  • Public/private key encryption added to cfencrypt w/o needing Bouncy Castle. OK, this one is probably just for me :)
  • Zero-based arrays. I bet people that like 1-based arrays also hang their toilet paper under instead of over. Savages.
  • A better way to handle caching, such as named caches so that you can expire individual caches easier if/when they need to change. (Note: Supported in OpenBD and Railo)
  • Dynamic function calls. Also check out the PHP call_user_func_array function. 
    <cfscript>
function printPrefix(str) {
	writeoutput("PREFIX: #str#\n");
}
func = "printPrefix";
#func#("test");
// Outputs:
//  PREFIX:TEST
</cfscript>
  • Ternary operator. WTF? Anyone who is thinking about suggesting IIF should stop right now. IIF doesn't even come close to being true ternary operator.
  • Improved For-In loops – Loop through structs with keys/values, like foreach in PHP 
    <cfscript>
for( key =&gt; val IN someStruct ) {
	writeoutput("someStruct[#key#] = #val#\n");
}
</cfscript>
  • StructValueArray – Return an array of all the values from a struct (just as StructKeyArray returns an array of all the keys). (Note: Matt has requested this for OpenBD.)

In a perfect world things like zero-based array indexes and ordered structs could be set at the application level to maintain backwards compatibility, but I'd even settle for server-wide.

Leave a comment if I'm missing compatibility for one of the CFML engines and I'll update the post accordingly.

Tags: , , ,
Posted in Development, Software, Technology on April 17th, 2009 at 03:04pm

Comments (1)  | 

The VAR parameter to the renderOutput function is required but was not passed in.

Man, I love ColdFusion.  In my debug output I kept seeing:

The VAR parameter to the renderOutput function is required but was not passed in.

I didn't have any functions named renderOutput.  Nor did I have any arguments named VAR.

Apparently this is the error you get when you've got CFDUMP call inside of a function with output="no".

Did I say apparently? I meant obviously.

Tags:
Posted in Development, Technology on March 26th, 2009 at 07:03am

Add Comment »  | 


© 2007-2012, Corey Gilmore | Posts RSS Feed | Comments RSS Feed | Contact

 

The views expressed on these pages are mine alone and not those of any past or present employer. All information presented on this site was obtained lawfully and not through disclosure under the terms of an NDA.