Re: [Ejbca-develop] EJBCA WebSockets connection system

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Or we can kindly ask PrimeKey to include Peer Connectors and their new
RA in Community Edition ;)

WT

On Friday, January 6, 2017, Willi Trace <wil...@gm...> wrote:

> Hi Anders,
>
> Seems exactly like I want to do so maybe I can use it with websockets and
> send it to you as update of securityproxy.
>
> As I understand you are proposing to create messages between EJBCA and
> clients in JSON. I was thinking about using ExtRA message format with its
> integrity and encryption. But it may be good idea to do it in JSON.
>
> I wonder how much work there is to integrate this with EJBCA. This is
> actually part where I am thinking about options and what would be the best
> way. It should be also in GUI in order to manage it easily and add, remove,
> etc. authorized clients.
>
> Currently I have updated ExtRA API package for EJBCA 6.5.0. Configuration
> of databases and ExtRAWorker can be done more or less effectivelly using
> predefined scripts but what I would like to eliminate is database polling
> every 5 seconds which is ineffective.
>
> WT
>
>
> On Friday, January 6, 2017, Anders Rundgren <and...@gm...
> <javascript:_e(%7B%7D,'cvml','and...@gm...');>> wrote:
>
>> On 2017-01-06 19:51, Willi Trace wrote:
>>
>>> I am implementing websocket connection pool from EJBCA to clients
>>> primarily as a replacement of external RA and peer connections which are
>>> not available in Community Edition.
>>>
>>> is there any work done on this which I can reuse or build on it?
>>> Of course I would like to publish it to community when it will be ready.
>>>
>>> My first concept is working similar to peer connections (although I do
>>> not know current implementation of Enterprise Edition) but through wss. It
>>> should be effective and easily managed through admin GUI authenticated by
>>> AKB.
>>>
>>
>> Hi Willi,
>>
>> I'm a former PrimeKey employee who some years ago developed a replacement
>> for the external RA:
>> https://cyberphone.github.io/doc/openkeystore/javaapi/org/we
>> bpki/securityproxy/package-summary.html
>>
>> I have integrated this with EJBCA but the integration is owned by
>> PrimeKey.
>>
>> I have been thinking about upgrading the public part (the API above) to
>> use WebSocket but haven't had any time to do that.
>> The current scheme uses serialized Java objects which I also want to
>> shelve.
>> Today I have totally (and forever...) left the WS/XML/XSD camp in favor
>> of JSON.
>> So a new system would (from my perspective) be built on JSON.
>>
>> https://cyberphone.github.io/doc/openkeystore/javaapi/org/we
>> bpki/json/package-summary.html
>>
>> Two-way TLS auth seems good to keep.  In my setup I use a symmetric
>> scheme so that the same cert+key is used in both directions.  That is, the
>> self-signed cert is both server and client.
>>
>> I had no problems integrating the proxy in EJBCA so I would still
>> consider making a separate component.
>>
>> Best
>> Anders
>>
>>
>>
>>> WT
>>>
>>>
>>> ------------------------------------------------------------
>>> ------------------
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>>>
>>>
>>>
>>> _______________________________________________
>>> Ejbca-develop mailing list
>>> Ejb...@li...
>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>>
>>>
>>