开发者

SSL Client Side Certificate authentication in Adobe AIR

I'm trying to use a RESTful web service in Adobe AIR. The service uses client side certificates for authentication, thus I need to set the cert and private key used by AIR/Actionscript's URLRequest when connecting to this RESTful service.

Is setting the Cert/Private Key possible in Adobe AIR?

I did find some documentation from Adobe pe开发者_如何学运维rtaining to adding to the SSL certificate store for AIR 1.5 on Linux, but I was hoping for a platform independent solution.


I couldn't find any way of doing this (well, not yet anyway).

Adobe uses the underlying OS certificate store. In Windows, this means the same one that IE (and Google Chrome) use.

The only solution I've come up with is to, under linux, follow the instructions in the link you included, and for Windows, have the user download/install the client certificate via IE (and the server root CA as well, as we've a self-signed certificate for the organisation), then Air uses those certificates.

This comes with some annoyances -

  1. Unless the user installs the root CA, they are asked to confirm the server's security certificate.
  2. The user will be asked to confirm the client certificate is used on every request to the server (and in a business application that does a lot of data requests, this makes it unusable). To work around this, the only way I've found is to have the user go into IE, go and enable Tools -> Internet Options -> Security -> Custom Level -> Miscellaneous -> "Don't prompt for client certificate selection when no certificate or only one certificate exists". This stops the constant requests (though of course, doesn't work if there is more than one certificate.
  3. Adobe Air will still fail, with all of this though, unless the user also goes, in IE, to Tools -> Internet Options -> Advanced -> Security -> "Check for service certificate revocation*" and unchecks this. This is probably only necessary with self-signed server certificates for servers that don't support revocation, but I'm not sure.

Anyway, as you can see, it's all a horrible mess.


So almost a year later ... it can be done in JavaScript, which may or may not be of some help, using the opensource project Forge:

http://github.com/digitalbazaar/forge/blob/master/README

A WebID demo is currently using Forge to provide a client-side certificate as an authentication mechanism. It's just a demo, so the SSL certificates are self-signed:

https://webid.digitalbazaar.com/manage/

https://payswarm.com/webid-demo/


There is a class for this: http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/net/SecureSocket.html

I believe that the addBinaryChainBuildingCertificate method should be able to complete this task.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜