-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Getting-Started-with-Akka-http-signature.md #3
base: master
Are you sure you want to change the base?
Changes from 1 commit
595db63
5aca3c7
db93d16
9dca8c0
7281e3a
77326af
a10d456
d4e3797
fc3e478
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -102,11 +102,11 @@ publ: scala.util.Try[java.security.PublicKey] = Success( | |
``` | ||
The .readPublicKeyFrom() function returns a Try of Public/Private key depending on whether the String given can be parsed back to some valid key. If the operation is successful the value of the original key is assigned to the new value in BigInt format. | ||
|
||
The user can then save his keys on his local filesystem by using the following ammonite commands: | ||
The user can then save his keys on his local filesystem within a .keys directory which we will make use of later in the guide by using the following ammonite commands: | ||
|
||
```scala | ||
write(wd/"publicKey.pem", RSAKeys.save(pub)) | ||
write(wd/"privateKey.pem", RSAKeys.save(priv)) | ||
write(wd/".keys"/"publicKey.pem", RSAKeys.save(pub)) | ||
write(wd/".keys"/"privateKey.pem", RSAKeys.save(priv)) | ||
``` | ||
This will save the contents of the key in String format within the file found by following the specified path in .pem files. | ||
|
||
|
@@ -329,4 +329,19 @@ could not find actor for Actor[akka://rww/user/rootContainer/card]rww.ldp.LDPExc | |
at scala.concurrent.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979) | ||
at scala.concurrent.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107) | ||
``` | ||
## Certificate Authority | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. the title should be: ## Adding new CAs to the trust store The point is that test servers running on local machines or internally in an organisations don't need to have the certificates signed by a well known CA - whose keys are located in the Trust Store (the store of CAs one trusts). That is why we show how to add a self signed certificate to the trust store using the config file. |
||
|
||
We have now shown how to use public and private keys to verify the identity of the user. But often we also want to let the user be able to confirm the identity of the server they are connecting to as well. This can be done through Certificate Authority. The user can view this on the rww-play server as it makes a CA for the locally hosted server. | ||
|
||
In order to test whether this functionality works, one first has to save rww-play's certificate locally by using the following command after the server has been run: | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I would add a line to show what not doing this looks like. You get some form of error on connection. Show the error in detail. |
||
|
||
```bash | ||
$ keytool -printcert -sslserver localhost:8443 -rfc > ~/.keys/localhost_8443.crt | ||
``` | ||
In the real world there tends to be a constant communication between the server and its clients so one doesn't have to retrieve the Certificate manually but for the purpose of this guide we will get that certificate in bash and store it in a file. | ||
|
||
The above command will retrieve the certificate and store it in a .crt file within the .keys directory, located in the current home directory for the user's system. For more information on SSL, one can refer to the [Quick start to WS SSL guide](http://typesafehub.github.io/ssl-config/WSQuickStart.html#obtain-the-root-ca-certificate). | ||
|
||
After that, the user can run the getTest script from within ammonite in order to verify the identity of the local server. | ||
|
||
*** |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no it's not in the wd which could be anywhere, and is usually not in the home directory (eg. I have a
~/Programming/Scala/
dir. ammonite.io has ahome
variable for the home dir.