sure Michele, let me go through the code,If i am not wrong simpatica is to generate the certificate file for the client and if you are having any sample code to use x509 in case of web service then please do share with me.
Thanks, Amit On Wed, Jul 25, 2012 at 12:34 PM, Michele Comitini < michele.comit...@gmail.com> wrote: > Amit > If you need advice with simpatica don't worry to ask. I never had time to > write some documentation so you have to look at the code and/or ask... > > mic > > > Il giorno mercoledì 25 luglio 2012 05:14:52 UTC+2, Amit ha scritto: > >> Thanks Michele and Derek..nice post , i am looking exactly the same :) >> >> On Wed, Jul 25, 2012 at 4:09 AM, Michele Comitini < >> michele.comit...@gmail.com> wrote: >> >>> >>> This is very similar to what TSL accomplishes with x509 certificates. >>> There is a slight difference, the server does not own a public key for >>> each client: it verifies that the client owns an x509 certificate signed >>> by the correct certification authority. So no need to store public keys. >>> in any case AFAIK in public/private key algorithms the private key always >>> allows generation of the corresponding public key, not the contrary of >>> course. >>> >>> To accomplish what you need in the simplest way you have to: >>> >>> - create a certification authority with self signed certificate >>> - create certificate for you webserver signed with the private key of >>> the certification authority above. >>> - configure your webserver to require a client certificate (with rocket >>> look at --ca-cert option) >>> - In case you need to know some infos about the connecting client as >>> reported in its certificate you can use x509_auth.py to use x509 >>> authentication and configure your REST action with @auth.requires_login(). >>> This will give you access to information contained in the certificate >>> such common name or serial id. To customize you can extend the X509_Auth >>> class. >>> >>> To generate test certificates fast you can use simpatica as Derek >>> correctly suggests. >>> >>> mic >>> >>> Il giorno martedì 24 luglio 2012 10:33:48 UTC+2, Amit ha scritto: >>> >>>> Hi, >>>> I have to provide public/private key authentication for accessing web >>>> service (REST) from client in my web2py application.How to achieve it? >>>> >>>> Scenario: >>>> 1.Each client will have unique private key which will be sent to the >>>> server alongwith request. >>>> 2. Server has to authenticate private key using public key(unique for >>>> each client) and then allow to access the web service method. For e.g. >>>> suppose one client say X has requested for web service "add()" so server >>>> has to first validate the public key with client's private key and if >>>> validation is successful then allow to access the web service "add()". >>>> >>>> Challenges: >>>> where to store public key of each client?we can't store it in the db >>>> because server can't access db before validation of web service method.So >>>> will it be store somewhere in PC(where server is running)?if yes then how >>>> and which format? >>>> >>>> >>>> NOTE: Here Server will be completely written in web2py and client is >>>> separate application running on the hardware device. >>>> >>>> -- >>> >>> >>> >>> >> >> -- > > > > --
