SOLID Design Principle

Structural pattern | Adapter Design Patterns

 

SSL | TLS | Secure communication | Public Private Key | cryptography

Secure Sockets Layer (SSL) is the predecessor of Transport Layer Security (TLS), and has been deprecated since June 2015.

You can configure SSL for encryption or authentication

1. SSL encryption : Data is encrypted and decrypted using pub-pri key
2. SSL Authentication :  Server and Client certificates are authenticated, by Client and Server respectively 

Technically speaking, SSL encryption(Pub-pri Key used) already enables 1-way authentication in which the client authenticates the server certificate.


public Kye
Private key

JWT, O Auth,

Alogorithms : RSA


Most of the end to end communication in modern days uses

public key cryptography, or public key encryption

What Does Encryption Do?
1. Sender encrypts the clear message
2. Intented recievers knows how to decrypt this scemabled message to clear text and use

When there is one key to encrypt and decrypt, like in this example where it’s a simple number of 3, it is called symmetric cryptography.

How does it work, in more simplified way,



Client ------ Server
 Server uses two key to encrypt the message but "Key-1 and Key-2)

Say
key-1 = Shift a letter by 3
key-2 = Shift a letter by 5

Public key = X
where he knows X = +3 and + 5, which only server knows

So even some knows gets the X as public key, he doesnt know , what this means,
only server knows this formula, which he dynamically created for each client and stores the formula,
like client-1 = publickey = X = +3 + 5


Handle man in the middle

with finger print authentication

TRUST STORE :
A place, where you keep all trusted certificates either you trust each and every server wise certificate or you directly trust all certificates signed by a specific CA



Doubts :
Before authentication, client adds in its Truststore saying, trust all certificate coming from xyz servers or trust all certificate issues by xyz CA.

Question:
If I create/generate a certificate saying CA=GTS CA 101(Google Trust Service), and if client has added in trust store keeping in mind that really any server certificate should be issues by actual google.com,
then how client validates, that I have generated this certificate using Keytool/openssl not Google.com ?

Question-2:
If only one way authentication is enabled , i.e. only server's certificate has to be authenticated by client, will not server's data be encrypted while reaching to client, if yes, then on which key ?
if with server's public key, then anyway having server's pub will be able to decrypte server's data sent to client?


Reference  : kubucation


======================================================================

SSL Configurations 

========================================================================

Generate self-signed root CA(root.crt) to sign all of the certificates 

1. Generate a private key named root.key.

openssl genrsa -out root.key #RSA Algo Key

2. Generating a self-signed root CA named root.crt, using this all broker cert will be signed

$ openssl req -new -x509 -key root.key -out root.crt #x509 Certificate standard formate


3. Create  server Key and Certificate

openssl genrsa -out server.key


4. Create a certificate request for server
Need : Hostname/IP/domainname, *.samsung.com, because certificate will be issues 

openssl req -new -key server.key -out server_reqout.txt

5. openssl x509 -req -in server_reqout.txt -days 3650 -sha1 -CAcreateserial -CA root.crt \
> -CAkey root.key -out server.crt

-------------------------------- Make client cetificate ---------------------------------------------------

ch

$ openssl genrsa -out client.key

$openssl req -new -key client.key -out client_reqout.txt

$ openssl x509 -req -in client_reqout.txt -days 3650 -sha1 -CAcreateserial -CA root.crt \

  -CAkey root.key -out client.c

NOTE: In both client and server certificates, I have left common name as 'blank' 

       instead of server name/domain name like *.samsung.com.

       which says, cerificate issueed for all servers whose DNS resolves to

       *.somecompany.com 

       because in kafka brokers as deployed in K8, and i am not sure 

       about its DNS

Part 3: Configure Kafka
In PPT

Docker Kubernetes and microservices

ref : 

Dockers :

Responsibilities :

Contains you app, its required Libs and ships in to Host OS, where docker is already installed.
Deploy your dockerisedApp

Steps:

1. Create a .docker file
2.  Build it, you will get an image
3. you can deploy your application in a machine, which has docker installed

All Design patterns

1.Creational Design Pattern

1. Factory Pattern
2. Abstract Factory Pattern
3. Singleton Pattern
4. Prototype Pattern
5. Builder Pattern.

2. Structural Design Pattern

1. Adapter Pattern
2. Bridge Pattern
3. Composite Pattern
4. Decorator Pattern
5. Facade Pattern
6. Flyweight Pattern
7. Proxy Pattern

3. Behavioral Design Pattern

1. Chain Of Responsibility Pattern
2. Command Pattern
3. Interpreter Pattern
4. Iterator Pattern
5. Mediator Pattern
6. Memento Pattern
7. Observer Pattern
8. State Pattern
9. Strategy Pattern
10. Template Pattern
11. Visitor Pattern

Creational | Factory method design pattern

Creational design pattern.


Principle:
"Separate out the codes which are subject to change and not subject to change"

Manager (talks to) -> Factory (creates) --> Objects


Factory method:

That method, which has the logic of creating the object based on some certain criteria, are calls "factory method"


Advantage:
1. Avoid code duplication by reusing the creational logic.
2. Separate changing logic vs non changing logic
3. OCP, principle applied 


Abstract factory method


MembershipManager (has some concrete policy as general and abstract method for subclass to implement based on region) 

LondonMemborshipManager , NYMembershipManager

Behavioral | Strategy design

Motivation:

While you design a inheritance hierarchy to handle different type of things like
Network devices.

and you find slowly that each NE, has some common behaviour and also some different behaviour.

you also find that, for some types of NE, you are required to provide empty implementation.

you find that , with new requirements you are forced to touch the methods/behaviour of existing code.

then you need to do following

1. separate interfaces for different types
2.  as much as possible create more types of behavioural implementation,

like rebbotable device, repluggabe, nonStoppable, manually Stoppable, autoStoppable, reconfiguration, autoReconfigurable, manualReconfigurable, Updatable,timeUpdatable, versionUpdatable.

3. and then composition this behaviour(object) inside your Network element object.

like OME(with autoupgradable).

so when u create that OME type of NE, you also create autoupgradable object ( behaviour ) and pass to constructor.

so you encapsulate the behaviour .

PROGRAM TO SUPER TYPE

that means , you have a placeholder for plugganle/stoppable etc types of super type interfaces insidr NE class,
and later at runtime you can create and subtype object and assign.