[foaf-protocols] foafssl.org
Bruno Harbulot
Bruno.Harbulot at manchester.ac.uk
Thu Oct 7 15:35:13 CEST 2010
Hi,
On 07/10/10 11:24, richard.hancock at 3kbo.com wrote:
>>
>> On 7 Oct 2010, at 09:12, richard.hancock at 3kbo.com wrote:
>>
>>> Hi Henry,
>>>
>>> given the current volume of traffic deploying to the Google App Engine
>>> could be an option.
>>>
>>> Objectify (http://code.google.com/p/objectify-appengine/) provides a
>>> simple wrapper over the Google App Engine datastore if you need
>>> persistence.
>>
>> Is it possible to get this to work behind HTTPS? And if so can one get it
>> to ask for the client certificate?
>
> HTTPS is possible ( e.g.
> http://code.google.com/appengine/kb/general.html#https and
> http://code.google.com/googleapps/domain/articles/sso-keygen.html ) and
> java.security.cert.X509Certificate is in the JRE Class White List (
> http://code.google.com/appengine/docs/java/jrewhitelist.html ) so the code
> below should be possible. Haven't tried it myself yet though.
>
> import java.security.cert.X509Certificate;
> protected void doGet(HttpServletRequest request, HttpServletResponse
> response)
> throws ServletException, IOException {
> //...
> X509Certificate[] certificates = (X509Certificate[]) request
> .getAttribute("javax.servlet.request.X509Certificate");
> //...
> }
>
Getting the certificate from the application code (e.g. Servlet) is one
thing, but we do relying on tweaking the SSL/TLS trust management
mechanism for FOAF+SSL to work.
I doubt we can, on a share service like this:
(a) Tell the SSL/TLS server stack to ask for a client certificate.
(b) Change the SSLContext to use our TrustManagers. While there are a
number of java.security.cert.* classes in the white list, I can't find
anything that would allow us to change the trust settings as we need.
Best wishes,
Bruno.
More information about the foaf-protocols
mailing list