ankit, It's still unclear for me what you want for me to explain. I want to put these in buildpack and specify it’s path in app’s manifest
file which is used while deploying the application on cloud foundry. I think I have explained in this post [1] about where in java buildpack to put cert keys and how to modify java buildpack to put them into the place where an app can access when it is running. So my question, again, is "what do you want to be explained more?" in the post [1]. [1] http://cf-dev.70369.x6.nabble.com/regarding-using-public-key-to-verify-client-tp2711p2732.htmlankit wrote Hi
See basically what I need is to put some file in my custom java buildpack
and let my application use that file when it is deployed on the cloud
foundry whether it is those certificate key files or any other file. So, I
just don’t want to package these files with my app war file. I want to put
these in buildpack and specify it’s path in app’s manifest file which is
used while deploying the application on cloud foundry.
Thanks
Ankit
From: Noburou TANIGUCHI [via CF Dev] [mailto: ml-node+s70369n2741h92(a).nabble ]
Sent: Wednesday, November 18, 2015 7:36 AM
To: ., Ankit < ankit.ankit@ >
Subject: RE: regarding using public key to verify client
Hi ankit,
Can you explain it a little bit or refer any document. That would be
helpful. Would you please narrow the focus of your question?
What do you want to know about?
Thanks.
ankit wrote
Hi
Can you explain it a little bit or refer any document. That would be
helpful.
Thanks
Ankit
From: Noburou TANIGUCHI [via CF Dev] [mailto:[hidden
email]</user/SendEmail.jtp?type=node&node=2741&i=0>]
Sent: Tuesday, November 17, 2015 12:59 PM
To: ., Ankit <[hidden
email]</user/SendEmail.jtp?type=node&node=2741&i=1>>
Subject: RE: regarding using public key to verify client
Hello ankit,
But I just want to know that is there any way where I can put my key
files to java build pack with which I am deploying my application on
cloud foundry and let my application use those keys from build pack to
verify the signature. Because I don’t want to add those key files to my
app’s war. Now I think I've understood what you want to do.
And one more thing that I am using custom java buildpack. (This thing I
forgot to mention earlier.) So I think you can add cert keys anywhere in java buildpack you think
appropriate (`resources` directory, for example), and modify the buildpack
to copy them in the buildpack's compile phase, such like:
```diff
diff --git a/bin/compile b/bin/compile
index 53e0b8d..3d198c9 100755
--- a/bin/compile
+++ b/bin/compile
@@ -23,6 +23,10 @@ require 'java_buildpack/buildpack'
build_dir = ARGV[0]
+require('fileutils')
+cert_keys_path = File.expand_path('../../resources/.ssh', __FILE__)
+FileUtils.cp_r(cert_keys_path, build_dir, {:preserve => true})
+
JavaBuildpack::Buildpack.with_buildpack(build_dir, 'Compile failed with
exception %s') do |buildpack|
buildpack.compile
end
```
(the code above assumes that the cert keys in `resources/.ssh/` and copies
them to `.ssh` under the application directory)
ankit wrote
Hi Taniguchi,
Thank you for your response. You are right that my application is
responsible for verification of the signature. But I just want to know
that is there any way where I can put my key files to java build pack with
which I am deploying my application on cloud foundry and let my
application use those keys from build pack to verify the signature.
Because I don’t want to add those key files to my app’s war.
Just like we put cacerts in java buildpack which is used by application,
can’t we put the key files in buildpack and use those by our application
to verify signature.
And one more thing that I am using custom java buildpack. (This thing I
forgot to mention earlier.)
Thanks
Ankit
From: Noburou TANIGUCHI [via CF Dev] [mailto:[hidden
email]</user/SendEmail.jtp?type=node&node=2732&i=0>]
Sent: Monday, November 16, 2015 6:09 PM
To: ., Ankit <[hidden
email]</user/SendEmail.jtp?type=node&node=2732&i=1>>
Subject: Re: regarding using public key to verify client
Hi ankit,
First of all, do you think who is responsible to verify the signature?
Your application? Or (one of) the components of Cloud Foundry? I assume
the former is your answer. I think there is no functionality in Cloud
Foundry to verify client signature.
Then, if you use the Cloud Foundry java-buildpack to deploy your
application, I think there is the only one way to send key files with your
app on deployment. It is to add your key files to your app's war / jar /
zip file, primitively like:
```
jar uvf your-war-jar-zip-file path-to-your-key-files-or-directories
```
But you may add a maven / gradle task to do such a thing.
This is because the Cloud Foundry java-buildpack accepts only one
zip-format file on a deployment.
# Please correct this post if I am wrong. Thank you.
ankit wrote
Suppose my application is deployed on the cloud foundry and my client
sends a POST request that contains some message but that message is
digitally signed by client’s private key. So, I need client’s public
key(digital id of client) to verify my client for inbound calls in the
cloud foundry where application is running. So, can you tell me where can
I put these public keys(digital IDs of clients) in java build pack or any
other place.
Similarly, for outbound calls I want my message to be digitally signed and
for that I need private key to be used. So, where can I put that also?
I'm not a ...
noburou taniguchi
________________________________
If you reply to this email, your message will be added to the discussion
below:
http://cf-dev.70369.x6.nabble.com/regarding-using-public-key-to-verify-client-tp2711p2719.html
To unsubscribe from regarding using public key to verify client, click
here<http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&;node=2711&code=YW5raXQuYW5raXRAcGhpbGlwcy5jb218MjcxMXw3MzcyNjkwNzY=><http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&;node=2711&code=YW5raXQuYW5raXRAcGhpbGlwcy5jb218MjcxMXw3MzcyNjkwNzY=%3e><http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&;node=2711&code=YW5raXQuYW5raXRAcGhpbGlwcy5jb218MjcxMXw3MzcyNjkwNzY=%3e%3chttp://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&;node=2711&code=YW5raXQuYW5raXRAcGhpbGlwcy5jb218MjcxMXw3MzcyNjkwNzY=%3e%3e>.
NAML<http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&;id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml><http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&;id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml%3e><http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&;id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml%3e%3chttp://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&;id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml%3e%3e>
________________________________
The information contained in this message may be confidential and legally
protected under applicable law. The message is intended solely for the
addressee(s). If you are not the intended recipient, you are hereby
notified that any use, forwarding, dissemination, or reproduction of this
message is strictly prohibited and may be unlawful. If you are not the
intended recipient, please contact the sender by return e-mail and destroy
all copies of the original message.
I'm not a ...
noburou taniguchi
________________________________
If you reply to this email, your message will be added to the discussion
below:
http://cf-dev.70369.x6.nabble.com/regarding-using-public-key-to-verify-client-tp2711p2732.html
To unsubscribe from regarding using public key to verify client, click
here<http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&;node=2711&code=YW5raXQuYW5raXRAcGhpbGlwcy5jb218MjcxMXw3MzcyNjkwNzY=><http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&;node=2711&code=YW5raXQuYW5raXRAcGhpbGlwcy5jb218MjcxMXw3MzcyNjkwNzY=%3e>.
NAML<http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&;id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml><http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&;id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml%3e>
I'm not a ...
noburou taniguchi
________________________________
If you reply to this email, your message will be added to the discussion
below:
http://cf-dev.70369.x6.nabble.com/regarding-using-public-key-to-verify-client-tp2711p2741.html
To unsubscribe from regarding using public key to verify client, click
here<http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&;node=2711&code=YW5raXQuYW5raXRAcGhpbGlwcy5jb218MjcxMXw3MzcyNjkwNzY=>.
NAML<http://cf-dev.70369.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&;id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> ----- I'm not a ... noburou taniguchi -- View this message in context: http://cf-dev.70369.x6.nabble.com/regarding-using-public-key-to-verify-client-tp2711p2746.htmlSent from the CF Dev mailing list archive at Nabble.com.
|
