通过GAE Java中的证书进行客户端身份验证 [英] Client Authentication by Certificate in GAE java

问题描述

我正在用 GAE Java 编写应用程序，该应用程序通过其证书对用户进行身份验证。我已经在客户端使用 keytool 创建了一个自签名证书。我还为我的应用程序在Google App Engine中启用了https请求。申请流程十分简单。用户使用任何浏览器来到应用程序的主页，然后尝试访问应用程序的资源。我只是验证用户是否具有有效的证书。我缺少这样的部分：当用户通过任何浏览器访问我的应用程序时，我在客户端创建的证书将如何发送到应用程序？还有我如何验证证书？预先感谢

I am writing an application in GAE java which authenticate the user by its certificate. I have created a self signed certificate using keytool at client side. I also enable the https request in google app engine for my application. The flow of application is every simple. User come at home page of application using any browser and then try to access a resource of application. I just authenticate the user is it has valid certificate. I am missing the part that how this certificate that i created at client side will be sent to the application when user access my application by any browser?? Also How i validate the certificate?? Thanks in advance

推荐答案

我做了很多搜索，得出了这些要点，并在此处共享。

I did lot of search and come to these point and sharing it here.

1-在这种情况下，当我的浏览器与服务器连接时，发送客户端证书是浏览器的责任。客户端证书应在浏览器中进行配置/安装/导入。如果正在开发客户端，则可以编写代码以从本地计算机读取证书，然后将其嵌入请求中，然后将其发送到服务器。

1- In this scenario when i browser connect with the server, sending client certificate is the responsibility of browser. The client certificate should have to configured/install/import in the browser. If you are developing client side then you can code to read certificate from you local machine and embed it in the request and then send it to the server.

2-仅浏览器当服务器请求证书并且服务器已经将其证书发送到浏览器并且该证书已被浏览器验证时，将证书发送到服务器。我们必须首先将服务器配置为将证书发送到客户端，然后再请求客户端证书。我们可以在我们的应用程序中验证客户证书。我们只需要从请求中提取证书即可。

2- Browser only send certificate to server when server request for it and server had already sent his certificate to browser and this certificate has been validated by the browser. We have to first configured our server to send certificate to client and also request for client certificate. We can validate the client certificate in our application. we just have to extract certificate from the request.

3-到目前为止，GAE不提供客户证书服务。我们无法配置GAE服务器来请求客户端证书。也许还有另一种方法可以做到这一点，但我没有找到任何解决方案。我希望将来GAE将支持客户端证书身份验证。

3- Till now GAE don't provide client certificate service. There is no way we can configured our GAE server to request client certificate. May be there would another way to do this but I didn't find any solution for it. I hope in future GAE will support client certificate authentication.

这篇关于通过GAE Java中的证书进行客户端身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！