configurable user-agent, https with mutual authentication
Koper, Dies
cannot be "jclouds...".
Also, it uses client authentication with certificates, so I want to pass
a customized SSLContext instance to sslCon.setSSLSocketFactory in
JavaUrlHttpsCommandExecutorService.
I'd like to modify this class to make this possible.
I'm new to guice so if I were to do it I'd probably just refactor the
class a bit so I could subclass it with my customized user-agent and
sslcontext.
Do you have a better way you'd like this to be done?
Cheers,
Dies
Andrei Savu
The FGCP endpoint requires clients to use a particular user-agent. It
cannot be "jclouds...".
Also, it uses client authentication with certificates, so I want to pass
a customized SSLContext instance to sslCon.setSSLSocketFactory in
JavaUrlHttpsCommandExecutorService.
I'd like to modify this class to make this possible.
I'm new to guice so if I were to do it I'd probably just refactor the
class a bit so I could subclass it with my customized user-agent and
sslcontext.
Do you have a better way you'd like this to be done
Cheers,
Dies
--
You received this message because you are subscribed to the Google Groups "jclouds-dev" group.
To post to this group, send email to jclou...@googlegroups.com.
To unsubscribe from this group, send email to jclouds-dev...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/jclouds-dev?hl=en.
Adrian Cole
I think we'd need to refactor out the user-agent stuff so that you can
override it. Same with SSLContext.
start with subclassing JavaUrlHttpsCommandExecutorService to whatever
you need. then, add to your *RestContextModule.configure() the
following
bind(JavaUrlHttpsCommandExecutorService.class).to(HackedUpJavaUrlHttpsCommandExecutorService.class);
we can refactor later, and will need to consider alternate http implementations.
Cheers,
-A
On Tue, Feb 28, 2012 at 4:47 AM, Koper, Dies <di...@fast.au.fujitsu.com> wrote:
Gérald Pereira
Koper, Dies
Hi Gérald,
Let me explain what I’m currently doing for fgcp and its status.
FGCP users issue a client certificate from the FGCP portal. This is stored in a password encrypted pkcs12 file.
I’m considering two approaches to using this file in jclouds:
1. As jclouds “identity” the user passes the filepath to this file, and the keystore password as “credential”. This is easy to read using standard Java APIs and is working well.
2. The user converts the pkcs12 file to PEM format using something like openssl. As jclouds “identity” the user passes the PEM string and the keystore password as “credential”. The advantage of this approach is that it also works on GAE (which doesn’t give you file system access) and is Adrian’s suggested approach. I haven’t found an easy way to read the PEM string into Java but have confirmed it’s possible so will implement it later.
The code discussed in the e-mail you replied to is all implemented and working well. I was planning to push it to my fork by the end of this week, but can send you the relevant files if you need it sooner.
Regards,
Dies Koper
Andrea Turli
Dies,
look at bouncycastle library to manage PEM certificate and other formats .
Hope this helps,
Andrea
Koper, Dies
Hi Andrea,
Yes, Bouncycastle is the way I probably need to go. Just haven’t been able to find any good documentation on how to use it for my case.
Possibly because I’m not familiar enough with the certificate related terminology to know what I’m looking for though.
Cheers,
Dies Koper
--
Koper, Dies
Hi Gérald,
I’ve pushed my code. This is the main class you can start from:
Regards,
Dies Koper
From: jclou...@googlegroups.com [mailto:jclou...@googlegroups.com] On Behalf Of Koper, Dies
Sent: Tuesday, 31 July 2012 10:17 AM
To: jclou...@googlegroups.com
Subject: RE: configurable user-agent, https with mutual authentication
Hi Gérald,
Let me explain what I’m currently doing for fgcp and its status.
FGCP users issue a client certificate from the FGCP portal. This is stored in a password encrypted pkcs12 file.
I’m considering two approaches to using this file in jclouds:
As jclouds “identity” the user passes the filepath to this file, and the keystore password as “credential”. This is easy to read using standard Java APIs and is working well.
The user converts the pkcs12 file to PEM format using something like openssl. As jclouds “identity” the user passes the PEM string and the keystore password as “credential”. The advantage of this approach is that it also works on GAE (which doesn’t give you file system access) and is Adrian’s suggested approach. I haven’t found an easy way to read the PEM string into Java but have confirmed it’s possible so will implement it later.
--
Ignasi
You can also take a look at the org.jclouds.crypto package in jclouds-core to see some examples, and maybe extend the Pems.java class to fit your needs.