[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-ssl]cu|| HELP! Exchange data between servlets using HTTPS protocol.




Hello everybody!

I have the following problem....

I have two servlets: servlet A and a servlet B. Servlet B is running on a
Web Server that supports SSL protocol, so I can crypt and send all the data
of a HTML form to it using  "https" protocol and an url like this:

https://mydomain/servletB (all the data of the HTML form are sent to this
url using https protocol)

In this way the data are crypted from the Web Browser (like IE or Netscape),
while  the process of decrypting the data is carried out from the Web Server
(where is running servlet B) that is configured correctly to support HTTPS
protocol.

What I would like to to is to send data to servlet B not from an HTML form
but from a servlet: what happens in this case?

Can I connect to servet B from servlet A using "https" url like
I did for the HTML form? I mean...what I would like to do are the the
following steps in servlet A:

String urlServlet="https://mydomain/servletB";;
URL Url=new URL(urlServlet);
ServletConn=Url.openConnection();
ServletConn.setDoInput(true);
ServletConn.setDoOutput(true);
...(now I can send data to servlet B)

I am afraid that I cannot use an "https" url to connect from servlet A to
servlet B because servlet A hasn't SSL support! In fact in this case I am
not sending data from an HTML form (but I am connecting from servlet A to
servlet B directly) so I can't use the SSL support of my Web Browser....am I
right? If yes what must I do to connect from servlet A to servlet B using
"https" protocol?


Must I use some particular API to support SSL protocol in servlet A? I have
heard about some cryptografic APIs developed by IAIK called "isasilk
toolkit". You can check their features and download them at URL:

http://jcewww.iaik.tu-graz.ac.at/products/isasilk/index.php

Can I use  "isasilk toolkit"   in my servlet A to support HTTPS protocol? I
ask this question because I have a doubt: this kind of API to implement
HTTPS protocol must have a repository of public signatures of all major
certificate authorities (CA)...or not?  In fact to check if the certificate
sent by servlet B to servlet A during  authentication process of HTTPS
protocol is valid servlet A must check the digital signature of the CA that
released it...and to do this it needs to know the public key of the CA. I
think this is the reason why the WEB Browsers (like IE and Netscape) that
support HTTPS protocol store these kind of information in some folder....am
I right?

I hope someone can help me....thanks a lot in advance!

                        Luca

--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl