Skip to content

Commit

Permalink
Update Getting-Started-with-Akka-http-signature.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@fstoqnov
fstoqnov committed Aug 4, 2017
1 parent 595db63 commit 5aca3c7
Showing 1 changed file with 40 additions and 5 deletions.
45 changes: 40 additions & 5 deletions Getting-Started-with-Akka-http-signature.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,11 +102,13 @@ publ: scala.util.Try[java.security.PublicKey] = Success(
```
The .readPublicKeyFrom() function returns a Try of Public/Private key depending on whether the String given can be parsed back to some valid key. If the operation is successful the value of the original key is assigned to the new value in BigInt format.

The user can then save his keys on his local filesystem within a .keys directory which we will make use of later in the guide by using the following ammonite commands:
One should then make a .keys directory in their home directory to store the keys in for later use. One can do this via the bash `mkdir` command or navigate to their home directory and make a folder there manually.

The user can then save his keys within the .keys directory which we will make use of later in the guide by using the following ammonite commands:

```scala
write(wd/".keys"/"publicKey.pem", RSAKeys.save(pub))
write(wd/".keys"/"privateKey.pem", RSAKeys.save(priv))
write([default home Directory]/".keys"/"publicKey.pem", RSAKeys.save(pub))

This comment has been minimized.

Sign in to view

Copy link
@bblfish

bblfish Aug 4, 2017
edited

Member

In my version of ammonite the value home does this. Does it not work for you?

hjs-ammonite@ home
res4: Path = root/'Users/'hjs
write([default home Directory]/".keys"/"privateKey.pem", RSAKeys.save(priv))
```
This will save the contents of the key in String format within the file found by following the specified path in .pem files.

Expand Down Expand Up @@ -329,7 +331,7 @@ could not find actor for Actor[akka://rww/user/rootContainer/card]rww.ldp.LDPExc
at scala.concurrent.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979)
at scala.concurrent.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107)
```
## Certificate Authority
## Adding a Certificate Authority to the trust store

We have now shown how to use public and private keys to verify the identity of the user. But often we also want to let the user be able to confirm the identity of the server they are connecting to as well. This can be done through Certificate Authority. The user can view this on the rww-play server as it makes a CA for the locally hosted server.

Expand All @@ -342,6 +344,39 @@ In the real world there tends to be a constant communication between the server

The above command will retrieve the certificate and store it in a .crt file within the .keys directory, located in the current home directory for the user's system. For more information on SSL, one can refer to the [Quick start to WS SSL guide](http://typesafehub.github.io/ssl-config/WSQuickStart.html#obtain-the-root-ca-certificate).

After that, the user can run the getTest script from within ammonite in order to verify the identity of the local server.
After that, the user can run the getTest script from within ammonite in order to verify the identity of the local server like so:

```scala
@ import $exec.getTest
SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
[WARN] [08/04/2017 14:49:20.738] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:verisign_class_3_public_primary_certification_authority_2.pem: Certificate failed: cert = "OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024
[WARN] [08/04/2017 14:49:20.739] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:verisign_class_1_public_primary_certification_authority.pem: Certificate failed: cert = "OU=Class 1 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024
[WARN] [08/04/2017 14:49:20.740] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:equifax_secure_global_ebusiness_ca.pem: Certificate failed: cert = "CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024
[WARN] [08/04/2017 14:49:20.748] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:verisign_class_3_public_primary_certification_authority.pem: Certificate failed: cert = "OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024
[WARN] [08/04/2017 14:49:20.749] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:verisign_class_2_public_primary_certification_authority_-_g2.pem: Certificate failed: cert = "OU=VeriSign Trust Network,OU=(c) 1998 VeriSign\, Inc. - For authorized use only,OU=Class 2 Public Primary Certification Authority - G2,O=VeriSign\, Inc.,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024
[WARN] [08/04/2017 14:49:20.750] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:equifax_secure_ebusiness_ca_1.pem: Certificate failed: cert = "CN=Equifax Secure eBusiness CA-1,O=Equifax Secure Inc.,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024
[WARN] [08/04/2017 14:49:20.753] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:netlock_express_=class_c=_root.pem: Certificate failed: cert = "CN=NetLock Expressz (Class C) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024
[WARN] [08/04/2017 14:49:20.753] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:verisign_class_3_public_primary_certification_authority_-_g2.pem: Certificate failed: cert = "OU=VeriSign Trust Network,OU=(c) 1998 VeriSign\, Inc. - For authorized use only,OU=Class 3 Public Primary Certification Authority - G2,O=VeriSign\, Inc.,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024
[WARN] [08/04/2017 14:49:20.754] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:netlock_business_=class_b=_root.pem: Certificate failed: cert = "CN=NetLock Uzleti (Class B) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024
[WARN] [08/04/2017 14:49:20.754] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:equifax_secure_ca.pem: Certificate failed: cert = "OU=Equifax Secure Certificate Authority,O=Equifax,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024
[WARN] [08/04/2017 14:49:20.755] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:verisign_class_1_public_primary_certification_authority_-_g2.pem: Certificate failed: cert = "OU=VeriSign Trust Network,OU=(c) 1998 VeriSign\, Inc. - For authorized use only,OU=Class 1 Public Primary Certification Authority - G2,O=VeriSign\, Inc.,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024
[WARN] [08/04/2017 14:49:20.867] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:verisign_class_3_public_primary_certification_authority_2.pem: Certificate failed: cert = "OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024
[WARN] [08/04/2017 14:49:20.868] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:verisign_class_1_public_primary_certification_authority.pem: Certificate failed: cert = "OU=Class 1 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024
[WARN] [08/04/2017 14:49:20.868] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:equifax_secure_global_ebusiness_ca.pem: Certificate failed: cert = "CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024
[WARN] [08/04/2017 14:49:20.869] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:verisign_class_3_public_primary_certification_authority.pem: Certificate failed: cert = "OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024
[WARN] [08/04/2017 14:49:20.869] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:verisign_class_2_public_primary_certification_authority_-_g2.pem: Certificate failed: cert = "OU=VeriSign Trust Network,OU=(c) 1998 VeriSign\, Inc. - For authorized use only,OU=Class 2 Public Primary Certification Authority - G2,O=VeriSign\, Inc.,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024
[WARN] [08/04/2017 14:49:20.870] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:equifax_secure_ebusiness_ca_1.pem: Certificate failed: cert = "CN=Equifax Secure eBusiness CA-1,O=Equifax Secure Inc.,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024
[WARN] [08/04/2017 14:49:20.871] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:netlock_express_=class_c=_root.pem: Certificate failed: cert = "CN=NetLock Expressz (Class C) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024
[WARN] [08/04/2017 14:49:20.872] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:verisign_class_3_public_primary_certification_authority_-_g2.pem: Certificate failed: cert = "OU=VeriSign Trust Network,OU=(c) 1998 VeriSign\, Inc. - For authorized use only,OU=Class 3 Public Primary Certification Authority - G2,O=VeriSign\, Inc.,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024
[WARN] [08/04/2017 14:49:20.872] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:netlock_business_=class_b=_root.pem: Certificate failed: cert = "CN=NetLock Uzleti (Class B) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024
[WARN] [08/04/2017 14:49:20.872] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:equifax_secure_ca.pem: Certificate failed: cert = "OU=Equifax Secure Certificate Authority,O=Equifax,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024
[WARN] [08/04/2017 14:49:20.873] [main] [com.typesafe.sslconfig.ssl.ConfigSSLContextBuilder] validateStore: Skipping certificate with weak key size in debian:verisign_class_1_public_primary_certification_authority_-_g2.pem: Certificate failed: cert = "OU=VeriSign Trust Network,OU=(c) 1998 VeriSign\, Inc. - For authorized use only,OU=Class 1 Public Primary Certification Authority - G2,O=VeriSign\, Inc.,C=US" failed on constraint RSA keySize < 2048, algorithm = RSA, keySize = 1024

This comment has been minimized.

Sign in to view

Copy link
@bblfish

bblfish Aug 4, 2017

Member

All of the above is completely uninteresting at this point in the argument, and I think we agreed that it was just a question of finding out how to hide those warning messages from appearing. We are not discussing the weaknesses of the CAs shipped with the JDK here.

We are discussing why you may need to add a CA for your locahost server to your trust store. So show what happens when you don't add it to your trust store that is different from when you do.
import $exec.$
```

Currently if the user runs the getTest script they may be presented with SSL Warnings. For more information on the matter one can look at the [Debugging SSL Connections Help page](https://typesafehub.github.io/ssl-config/DebuggingSSL.html).

***

0 comments on commit 5aca3c7

Please sign in to comment.