Howto use the tool

[Rocco83]

Hi,

First of all, thank you very much. Sometimes old stuff are needed in IT, and having this piece of tool really helps.

Unfortunately this code is not really documented -- hey, thanks for sharing, again -- so the goal of this issue is to address a quick howto to have the code running. The trip is not yet completed and if you wish to correct it / add the missing pieces, it would be very welcome on my side!

A PR will be likely released afterward :)

Back to the topic, According to README, following files are needed

rc.jar | lib | From Intel RMM2 Module
rclang_en.jar | lib | From Intel RMM2 Module
DrvRedirNative.dll | . | From Intel RMM2 Module
selfsigned.jks | . | Keystore for code signing. See build.xml

To be more clear, rc.jar, rclang_en.jar and DrvRedirNative.dll must be downloaded from RMM2 itself even without login: e.g.:

$ wget http://rmm2ip/rc.jar
$ wget http://rmm2ip/DrvRedirNative.dll
$ wget http://rmm2ip/rclang_en.jar

The missing part of the puzzle is that build.xml is a file parsed by ant, meant to create the project build.

bin directory must be created in advance /home/user/rmm2vnc/build.xml:15: destination directory "/home/user/rmm2vnc/bin" does not exist or is not a directory

I thought then bingo, but ant return an error

daniele@kes:~/rmm2vnc$ ant
Buildfile: /home/daniele/rmm2vnc/build.xml

compile:
    [javac] /home/daniele/rmm2vnc/build.xml:15: warning: 'includeantruntime' was not set, defaulting to build.sysclasspath=last; set to false for repeatable builds
    [javac] Compiling 8 source files to /home/daniele/rmm2vnc/bin
    [javac] Note: /home/daniele/rmm2vnc/src/de/bklosr/rmm2/Hostchooser.java uses unchecked or unsafe operations.
    [javac] Note: Recompile with -Xlint:unchecked for details.

jar:
      [jar] Building jar: /home/daniele/rmm2vnc/jar/kvm.jar
  [signjar] Signing JAR: /home/daniele/rmm2vnc/jar/kvm.jar to /home/daniele/rmm2vnc/jar/kvm.jar as codesigning
  [signjar] jarsigner error: java.lang.RuntimeException: keystore load: /home/daniele/Documents/FREIZEIT/codesigning3.jks (No such file or directory)

BUILD FAILED
/home/daniele/rmm2vnc/build.xml:30: jarsigner returned: 1

Total time: 4 seconds
daniele@kes:~/rmm2vnc$

The file is reported effectively in build.xml (i think this is the reason why you have referred it):

daniele@kes:~/rmm2vnc$ grep -re FREIZEIT .
./build.xml:  <signjar jar="./jar/kvm.jar" lazy="true" alias="codesigning" keystore="${user.home}/Documents/FREIZEIT/codesigning3.jks" keypass="codesigning3" storepass="codesigning3" verbose="true"/>
./build.xml:    <signjar jar="./lib/*.jar" lazy="true" alias="codesigning" keystore="${user.home}/Documents/FREIZEIT/codesigning3.jks" keypass="codesigning3" storepass="codesigning3" verbose="true"/>
daniele@kes:~/rmm2vnc$

So we need now to create a keystore. According to the documentation, we can only export CSR, meaning that private key is stored in rmm2 only.

Download the cert from the RMM2. Please set a password, because keytool will request otherwise 2 password, and will set anyway the password for the keystore.

daniele@kes:~/rmm2vnc$ openssl s_client -showcerts -connect 172.16.66.99:443 </dev/null 2>/dev/null|openssl pkcs12  -nokeys -export -out rmm2.p12
Enter Export Password:
Verifying - Enter Export Password:
daniele@kes:~/rmm2vnc$

daniele@kes:~/rmm2vnc$ openssl pkcs12 -info  -in rmm2.p12
Enter Import Password:
MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
Bag Attributes: <No Attributes>
subject=/C=DE/ST=Saxony/O=Peppercon AG/OU=R&D/CN=rc1/emailAddress=info@peppercon.de
issuer=/C=DE/ST=Saxony/L=Zwickau/O=Peppercon AG/OU=Security Department/CN=Peppercon CA/emailAddress=ca@peppercon.de
-----BEGIN CERTIFICATE-----
MIIDsDCCAxmgAwIBAgIBGDANBgkqhkiG9w0BAQQFADCBnDELMAkGA1UEBhMCREUx
[...]
QRmt6fFwjOyMxggoNDqBvNTRsr0kN12MTicWiLp18cV9BfPq
-----END CERTIFICATE-----
daniele@kes:~/rmm2vnc$

Unfortunately, the certificate is not seen by keytool

daniele@kes:~/rmm2vnc$ keytool -list -storetype pkcs12 -keystore rmm2.p12
Enter keystore password:
Keystore type: PKCS12
Keystore provider: SunJSSE

Your keystore contains 0 entries

daniele@kes:~/rmm2vnc$

My best bet is that the certificate i am trying to import does not have a CN. Here 2 ways are possible:

• disable ssl for the client (not the best)
• create a cert from the CSR, with a valid CN, import it. But has to be tested.

Ref: https://superuser.com/questions/97201/how-to-save-a-remote-server-ssl-certificate-locally-as-a-file https://stackoverflow.com/questions/23935820/how-can-i-create-a-p12-or-pfx-file-without-a-private-key https://stackoverflow.com/questions/11952274/how-can-i-create-keystore-from-an-existing-certificate-abc-crt-and-abc-key-fil

[janhf]

The keystore is generated with the java "keytool" from the java sdk. It was sufficient to generate a selfsigned certificate.

keytool -genkeypair -alias codesigning -keystore codesigning3.jks -keypass codesigning3 -storepass codesigning3

This will produce an "self- signed" error message when you start the WebStart file, but it worked years ago (maybe they changed the policy, if have not used/developed for webstart in the last 3 years). This certificate has nothing todo with the SSL certificate used by the rmm2 for the webpage.

A graphical equivalent for the keytool would be https://keystore-explorer.org/ but it didn't use it in the last years either.

Hopefully this helps. Can you send me an updated readme file afterwards? I will update the github code then.

Kind regards, Jan-Philipp Hülshoff

[oxpa]

I have the same problem as the original poster: don't really knew how to use the tool. So I had to download files (as mentioned above), generate keys with keytool (once again - as mentioned above), edit build.xml to use keystore from . directory instead of ~/... . Also, it looks like there a typo in build.xml: lib/swingx-1.6.4.jar is used while there is only swingx-all file. And then I stumbled upon an error like:

Thread Thread[AWT-EventQueue-0,6,main] caused a crash: 
java.lang.NoClassDefFoundError: org/jdesktop/swingx/JXTable
        at de.bklosr.rmm2.Main$2.run(Unknown Source)
        at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:311)
        at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:756)
        at java.awt.EventQueue.access$500(EventQueue.java:97)
        at java.awt.EventQueue$3.run(EventQueue.java:709)
        at java.awt.EventQueue$3.run(EventQueue.java:703)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:76)
        at java.awt.EventQueue.dispatchEvent(EventQueue.java:726)
        at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201)
        at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
        at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
        at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
        at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)
Caused by: java.lang.ClassNotFoundException: org.jdesktop.swingx.JXTable
        at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
        at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:331)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
        ... 15 more

To solve this I had to do something like:

java -cp 'bin:lib/*'  -DsocksProxyHost=127.0.0.1 -DsocksProxyPort=3128 de.bklosr.rmm2.Main 

This also solves issue of having no proxy by default.

All in all it works but not perfectly ;) Should I submit a pull request with any changes? I'm not really into java :-\

[oxpa]

ha! Got it:

-      <attribute name="Class-Path" value="lib/rc.jar lib/rclang_en.jar lib/swingx-1.6.4.jar" />
+      <attribute name="Class-Path" value="../lib/swingx-all-1.6.4.jar ../lib/rc.jar ../lib/rclang_en.jar " />

this solves the issue for me when running ant run