-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update Getting-Started-with-Akka-http-signature.md
- Loading branch information
Showing
1 changed file
with
40 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -102,11 +102,13 @@ publ: scala.util.Try[java.security.PublicKey] = Success( | |
``` | ||
The .readPublicKeyFrom() function returns a Try of Public/Private key depending on whether the String given can be parsed back to some valid key. If the operation is successful the value of the original key is assigned to the new value in BigInt format. | ||
|
||
The user can then save his keys on his local filesystem within a .keys directory which we will make use of later in the guide by using the following ammonite commands: | ||
One should then make a .keys directory in their home directory to store the keys in for later use. One can do this via the bash `mkdir` command or navigate to their home directory and make a folder there manually. | ||
|
||
The user can then save his keys within the .keys directory which we will make use of later in the guide by using the following ammonite commands: | ||
|
||
```scala | ||
write(wd/".keys"/"publicKey.pem", RSAKeys.save(pub)) | ||
write(wd/".keys"/"privateKey.pem", RSAKeys.save(priv)) | ||
write([default home Directory]/".keys"/"publicKey.pem", RSAKeys.save(pub)) | ||
This comment has been minimized.
Sorry, something went wrong. |
||
write([default home Directory]/".keys"/"privateKey.pem", RSAKeys.save(priv)) | ||
``` | ||
This will save the contents of the key in String format within the file found by following the specified path in .pem files. | ||
|
||
|
@@ -329,7 +331,7 @@ could not find actor for Actor[akka://rww/user/rootContainer/card]rww.ldp.LDPExc | |
at scala.concurrent.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979) | ||
at scala.concurrent.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107) | ||
``` | ||
## Certificate Authority | ||
## Adding a Certificate Authority to the trust store | ||
|
||
We have now shown how to use public and private keys to verify the identity of the user. But often we also want to let the user be able to confirm the identity of the server they are connecting to as well. This can be done through Certificate Authority. The user can view this on the rww-play server as it makes a CA for the locally hosted server. | ||
|
||
|
@@ -342,6 +344,39 @@ In the real world there tends to be a constant communication between the server | |
|
||
The above command will retrieve the certificate and store it in a .crt file within the .keys directory, located in the current home directory for the user's system. For more information on SSL, one can refer to the [Quick start to WS SSL guide](http://typesafehub.github.io/ssl-config/WSQuickStart.html#obtain-the-root-ca-certificate). | ||
|
||
After that, the user can run the getTest script from within ammonite in order to verify the identity of the local server. | ||
After that, the user can run the getTest script from within ammonite in order to verify the identity of the local server like so: | ||
|
||
```scala | ||
@ import $exec.getTest | ||
SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder". | ||
SLF4J: Defaulting to no-operation (NOP) logger implementation | ||
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details. | ||
[WARN] [08/04/2017 14:49:20.738] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:verisign_class_3_public_primary_certification_authority_2.pem: Certificate failed: cert = "OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024 | ||
[WARN] [08/04/2017 14:49:20.739] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:verisign_class_1_public_primary_certification_authority.pem: Certificate failed: cert = "OU=Class 1 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024 | ||
[WARN] [08/04/2017 14:49:20.740] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:equifax_secure_global_ebusiness_ca.pem: Certificate failed: cert = "CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024 | ||
[WARN] [08/04/2017 14:49:20.748] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:verisign_class_3_public_primary_certification_authority.pem: Certificate failed: cert = "OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024 | ||
[WARN] [08/04/2017 14:49:20.749] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:verisign_class_2_public_primary_certification_authority_-_g2.pem: Certificate failed: cert = "OU=VeriSign Trust Network,OU=(c) 1998 VeriSign\, Inc. - For authorized use only,OU=Class 2 Public Primary Certification Authority - G2,O=VeriSign\, Inc.,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024 | ||
[WARN] [08/04/2017 14:49:20.750] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:equifax_secure_ebusiness_ca_1.pem: Certificate failed: cert = "CN=Equifax Secure eBusiness CA-1,O=Equifax Secure Inc.,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024 | ||
[WARN] [08/04/2017 14:49:20.753] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:netlock_express_=class_c=_root.pem: Certificate failed: cert = "CN=NetLock Expressz (Class C) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024 | ||
[WARN] [08/04/2017 14:49:20.753] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:verisign_class_3_public_primary_certification_authority_-_g2.pem: Certificate failed: cert = "OU=VeriSign Trust Network,OU=(c) 1998 VeriSign\, Inc. - For authorized use only,OU=Class 3 Public Primary Certification Authority - G2,O=VeriSign\, Inc.,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024 | ||
[WARN] [08/04/2017 14:49:20.754] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:netlock_business_=class_b=_root.pem: Certificate failed: cert = "CN=NetLock Uzleti (Class B) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024 | ||
[WARN] [08/04/2017 14:49:20.754] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:equifax_secure_ca.pem: Certificate failed: cert = "OU=Equifax Secure Certificate Authority,O=Equifax,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024 | ||
[WARN] [08/04/2017 14:49:20.755] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:verisign_class_1_public_primary_certification_authority_-_g2.pem: Certificate failed: cert = "OU=VeriSign Trust Network,OU=(c) 1998 VeriSign\, Inc. - For authorized use only,OU=Class 1 Public Primary Certification Authority - G2,O=VeriSign\, Inc.,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024 | ||
[WARN] [08/04/2017 14:49:20.867] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:verisign_class_3_public_primary_certification_authority_2.pem: Certificate failed: cert = "OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024 | ||
[WARN] [08/04/2017 14:49:20.868] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:verisign_class_1_public_primary_certification_authority.pem: Certificate failed: cert = "OU=Class 1 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024 | ||
[WARN] [08/04/2017 14:49:20.868] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:equifax_secure_global_ebusiness_ca.pem: Certificate failed: cert = "CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024 | ||
[WARN] [08/04/2017 14:49:20.869] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:verisign_class_3_public_primary_certification_authority.pem: Certificate failed: cert = "OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024 | ||
[WARN] [08/04/2017 14:49:20.869] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:verisign_class_2_public_primary_certification_authority_-_g2.pem: Certificate failed: cert = "OU=VeriSign Trust Network,OU=(c) 1998 VeriSign\, Inc. - For authorized use only,OU=Class 2 Public Primary Certification Authority - G2,O=VeriSign\, Inc.,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024 | ||
[WARN] [08/04/2017 14:49:20.870] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:equifax_secure_ebusiness_ca_1.pem: Certificate failed: cert = "CN=Equifax Secure eBusiness CA-1,O=Equifax Secure Inc.,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024 | ||
[WARN] [08/04/2017 14:49:20.871] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:netlock_express_=class_c=_root.pem: Certificate failed: cert = "CN=NetLock Expressz (Class C) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024 | ||
[WARN] [08/04/2017 14:49:20.872] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:verisign_class_3_public_primary_certification_authority_-_g2.pem: Certificate failed: cert = "OU=VeriSign Trust Network,OU=(c) 1998 VeriSign\, Inc. - For authorized use only,OU=Class 3 Public Primary Certification Authority - G2,O=VeriSign\, Inc.,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024 | ||
[WARN] [08/04/2017 14:49:20.872] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:netlock_business_=class_b=_root.pem: Certificate failed: cert = "CN=NetLock Uzleti (Class B) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024 | ||
[WARN] [08/04/2017 14:49:20.872] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:equifax_secure_ca.pem: Certificate failed: cert = "OU=Equifax Secure Certificate Authority,O=Equifax,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024 | ||
[WARN] [08/04/2017 14:49:20.873] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:verisign_class_1_public_primary_certification_authority_-_g2.pem: Certificate failed: cert = "OU=VeriSign Trust Network,OU=(c) 1998 VeriSign\, Inc. - For authorized use only,OU=Class 1 Public Primary Certification Authority - G2,O=VeriSign\, Inc.,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024 | ||
|
||
This comment has been minimized.
Sorry, something went wrong.
bblfish
Member
|
||
import $exec.$ | ||
``` | ||
|
||
Currently if the user runs the getTest script they may be presented with SSL Warnings. For more information on the matter one can look at the [Debugging SSL Connections Help page](https://typesafehub.github.io/ssl-config/DebuggingSSL.html). | ||
|
||
*** |
In my version of ammonite the value
home
does this. Does it not work for you?