Hi Chuck, The format is standard diff files, ideally created with SVN. For details on the contribution process see here: http://www.restlet.org/community/contribute
Best regards, Jerome > -----Message d'origine----- > De : Chuck Hinson [mailto:[EMAIL PROTECTED] > Envoyé : lundi 4 juin 2007 21:40 > À : [email protected] > Objet : RE: RE: 2-way ssl > > I'd be happy to contribute a patch, though I don't know how > one submits such a thing or in what format it should be submitted. > > --Chuck > > -----Original Message----- > From: Jerome Louvel [mailto:[EMAIL PROTECTED] > Sent: Monday, June 04, 2007 3:35 PM > To: [email protected] > Subject: RE: 2-way ssl > > > Hi Chuck, > > This sounds good. If you have time to contribute a patch that > would help. > Otherwise, I'll get back to this a bit later. I've updated > the issue with your suggestion: > http://restlet.tigris.org/issues/show_bug.cgi?id=281 > > Best regards, > Jerome > > > -----Message d'origine----- > > De : Chuck Hinson [mailto:[EMAIL PROTECTED] Envoyé : lundi 4 > > juin 2007 20:38 À : [email protected] Objet : 2-way ssl > > > > Thanks to some help from Toby, I've managed to get 2-way > > authentication working. > > > > However, it was not quite as simple as I expected. The > problem is in > > the way the simple extension is handling keystores. > > > > Usually, you have two keystores - one that contains all of the > > certificates that you trust (called a trust store), and one that > > contains the certificate and private keys used to sign > things (called > > a key store). Most security policies require that the two > stores be > > separate files. In particular, a keystore should only ever > have one > > entry in it, while a trust store will have many entries > (one per root > > cert that is trusted). > > > > The simple extension, however, is using the same keystore file for > > both the trust store as well as the keystore: > > > > KeyStore keyStore = KeyStore.getInstance(getKeystoreType()); > > FileInputStream fis = new > FileInputStream(getKeystorePath()); > > keyStore.load(fis, getKeystorePassword().toCharArray()); > > > > KeyManagerFactory keyManagerFactory = KeyManagerFactory > > .getInstance(getCertAlgorithm()); > > keyManagerFactory.init(keyStore, > > getKeyPassword().toCharArray()); > > > > TrustManagerFactory trustManagerFactory = > TrustManagerFactory > > .getInstance(getCertAlgorithm()); > > trustManagerFactory.init(keyStore); > > > > I was able to get this to work by putting everything into a > single jks > > file, but, as I said above, this violates most security > policies (at > > least those of current my project and those in the US Dept > of Defense) > > > > This needs to be changed so that two separate files can be > used - one > > for trust and one for keys. Something along the lines of (this is > > untested, so dont copy and paste): > > > > > > KeyStore keyStore = KeyStore.getInstance(getKeystoreType()); > > FileInputStream fis = new > FileInputStream(getKeystorePath()); > > keyStore.load(fis, getKeystorePassword().toCharArray()); > > > > KeyManagerFactory keyManagerFactory = KeyManagerFactory > > .getInstance(getCertAlgorithm()); > > keyManagerFactory.init(keyStore, > > getKeyPassword().toCharArray()); > > > > KeyStore trustStore = > > KeyStore.getInstance(getTruststoreType()); > > fis = new FileInputStream(getTruststorePath()); > > trustStore.load(fis, getTruststorePassword().toCharArray()); > > > > TrustManagerFactory trustManagerFactory = > TrustManagerFactory > > .getInstance(getCertAlgorithm()); > > trustManagerFactory.init(trustStore); > > > > which also would require the following additional properties to be > > defined: > > truststorePath > > truststorePassword > > truststoreType > > > > Thanks. > > > > --Chuck > > > > ------------------------------------ > > Chuck Hinson > > Gestalt LLC > > phone: 610.994.2833 > > IM: chucking24 (Yahoo) > >
