Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set up skeleton. #5

Merged
merged 1 commit into from
Oct 27, 2019
Merged

Set up skeleton. #5

merged 1 commit into from
Oct 27, 2019

Conversation

lsgier
Copy link
Collaborator

@lsgier lsgier commented Oct 27, 2019

No description provided.

KTiago
KTiago reviewed Oct 27, 2019
View reviewed changes
cacore/appseclab/src/main/java/netsec/group2/Certs.java

public class Certs {

final String ROOT_CA = "";
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there an intermediate CA key or is the root CA key going to sign certificates directly ? (I would argue the former is safer)

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think it makes a big difference in our small scale example. Having an intermediate CA adds just another link in the chain. The system would be equally compromised because I think all the certificates will then be signed with the intermediate certificate?

cacore/appseclab/src/main/java/netsec/group2/Entry.java

public static void main( String[] args ) throws IOException {

HttpsServer srvr = new HttpsServer("",PORT_NUMBER);
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm guessing the way the server is started now its HTTP and not HTTPS, right ? We would need something like the following before starting the server:
server.makeSecure(NanoHTTPD.makeSSLSocketFactory("/keystore.jks", "password".toCharArray()), null);

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Exactly, before srvr.start() is called, srvr.makeSecure() is executed with (probably) the root certificate used for the web server as well

@lsgier lsgier merged commit 9f1e563 into master Oct 27, 2019
@lsgier lsgier deleted the report branch October 27, 2019 13:32
@dorlafo dorlafo mentioned this pull request Nov 16, 2019
Closed
54 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@KTiago KTiago KTiago approved these changes

@alex-chambet alex-chambet Awaiting requested review from alex-chambet

@dorlafo dorlafo Awaiting requested review from dorlafo

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@lsgier @KTiago