[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [iaik-ssl]cu|| [iaik-jce] HELP! Exchange data between servlets using HTTPS protocol.





> -----Original Message-----
> From: iaik-jce-owner@iaik.at [mailto:iaik-jce-owner@iaik.at] 
> On Behalf Of Luca Ventura
> Sent: Friday, May 31, 2002 1:29 PM
> To: iaik-ssl; iaik-jce(2); iaik-jce
> Subject: [iaik-jce] HELP! Exchange data between servlets 
> using HTTPS protocol.
> 
> 
> 
> Hello everybody!
> 
> I have the following problem....
> 
> I have two servlets: servlet A and a servlet B. Servlet B is 
> running on a
> Web Server that supports SSL protocol, so I can crypt and 
> send all the data
> of a HTML form to it using  "https" protocol and an url like this:
> 
> https://mydomain/servletB (all the data of the HTML form are 
> sent to this
> url using https protocol)
> 
> In this way the data are crypted from the Web Browser (like 
> IE or Netscape),
> while  the process of decrypting the data is carried out from 
> the Web Server
> (where is running servlet B) that is configured correctly to 
> support HTTPS
> protocol.
> 
> What I would like to to is to send data to servlet B not from 
> an HTML form
> but from a servlet: what happens in this case?
> 
> Can I connect to servet B from servlet A using "https" url like
> I did for the HTML form? I mean...what I would like to do are the the
> following steps in servlet A:
> 
> String urlServlet="https://mydomain/servletB";;
> URL Url=new URL(urlServlet);
> ServletConn=Url.openConnection();
> ServletConn.setDoInput(true);
> ServletConn.setDoOutput(true);
> ...(now I can send data to servlet B)
> 
> I am afraid that I cannot use an "https" url to connect from 
> servlet A to
> servlet B because servlet A hasn't SSL support! In fact in 
> this case I am
> not sending data from an HTML form (but I am connecting from 
> servlet A to
> servlet B directly) so I can't use the SSL support of my Web 
> Browser....am I
> right? If yes what must I do to connect from servlet A to 
> servlet B using
> "https" protocol?
> 
> 
> Must I use some particular API to support SSL protocol in 
> servlet A? I have
> heard about some cryptografic APIs developed by IAIK called "isasilk
> toolkit". You can check their features and download them at URL:
> 
> http://jcewww.iaik.tu-graz.ac.at/products/isasilk/index.php
> Can I use  "isasilk toolkit"   in my servlet A to support HTTPS
protocol? I

yes, you can use iSaSiLk for this purpose. e.g. read
http://jcewww.iaik.tu-graz.ac.at/products/isasilk/documentation/https/in
dex.php

> ask this question because I have a doubt: this kind of API to
implement
> HTTPS protocol must have a repository of public signatures of all
major
> certificate authorities (CA)...or not?  In fact to check if the
certificate
> sent by servlet B to servlet A during  authentication process of HTTPS
> protocol is valid servlet A must check the digital signature of the CA
that
> released it...and to do this it needs to know the public key of the
CA. I
> think this is the reason why the WEB Browsers (like IE and Netscape)
that
> support HTTPS protocol store these kind of information in some
folder....am
> I right?

with IE and Netscape your browser has some default trust-settings per
default; i.e. after installing it, it fully trusts certain CAs. critical
users throw out many of these default CAs.
with iSaSiLk there are no trusted default CAs. however, the application
can define itself, which certificates (CAs) it trusts. you can read
details in
http://jcewww.iaik.tu-graz.ac.at/products/isasilk/documentation/certific
ates/index.php.

>I hope someone can help me....thanks a lot in advance!

regards

  Karl



Attachment: smime.p7s
Description: application/pkcs7-signature