Adobe AIR 中的 SSL 客户端证书身份验证
我正在尝试在 Adobe AIR 中使用 RESTful Web 服务。该服务使用客户端证书进行身份验证,因此我需要在连接到此 RESTful 服务时设置 AIR/Actionscript 的 URLRequest
使用的证书和私钥。
可以在 Adobe AIR 中设置证书/私钥吗?
我确实找到了
I'm trying to use a RESTful web service in Adobe AIR. The service uses client side certificates for authentication, thus I need to set the cert and private key used by AIR/Actionscript's URLRequest
when connecting to this RESTful service.
Is setting the Cert/Private Key possible in Adobe AIR?
I did find some documentation from Adobe pertaining to adding to the SSL certificate store for AIR 1.5 on Linux, but I was hoping for a platform independent solution.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
我找不到任何方法可以做到这一点(好吧,无论如何还没有)。
Adobe 使用底层操作系统证书存储。在 Windows 中,这与 IE(和 Google Chrome)使用的含义相同。
我提出的唯一解决方案是,在 Linux 下,按照您所包含的链接中的说明进行操作,对于 Windows,让用户通过 IE 下载/安装客户端证书(以及服务器根 CA 也是如此,因为我们有组织的自签名证书),然后 Air 使用这些证书。
这会带来一些烦恼 -
Tools ->互联网选项 ->安全->自定义级别 ->杂项 -> “当没有证书或只有一个证书存在时,不提示选择客户端证书”
。这会停止不断的请求(当然,如果有多个证书,则不起作用。Tools -> ; Internet 选项 -> 安全 ->“检查服务证书吊销*”并取消选中此选项,这可能仅适用于不支持吊销的服务器。但我不确定,
正如你所看到的,这一切都是一团糟。
I couldn't find any way of doing this (well, not yet anyway).
Adobe uses the underlying OS certificate store. In Windows, this means the same one that IE (and Google Chrome) use.
The only solution I've come up with is to, under linux, follow the instructions in the link you included, and for Windows, have the user download/install the client certificate via IE (and the server root CA as well, as we've a self-signed certificate for the organisation), then Air uses those certificates.
This comes with some annoyances -
Tools -> Internet Options -> Security -> Custom Level -> Miscellaneous -> "Don't prompt for client certificate selection when no certificate or only one certificate exists"
. This stops the constant requests (though of course, doesn't work if there is more than one certificate.Tools -> Internet Options -> Advanced -> Security -> "Check for service certificate revocation*"
and unchecks this. This is probably only necessary with self-signed server certificates for servers that don't support revocation, but I'm not sure.Anyway, as you can see, it's all a horrible mess.
所以差不多一年后......它可以用 JavaScript 完成,这可能会或可能不会有帮助,使用开源项目 Forge:
http://github.com/digitalbazaar/forge/blob/master/README
WebID 演示当前正在使用 Forge 提供客户端证书作为身份验证机制。这只是一个演示,因此 SSL 证书是自签名的:
https://webid.digitalbazaar.com/manage/
https://payswarm.com/webid-demo/
So almost a year later ... it can be done in JavaScript, which may or may not be of some help, using the opensource project Forge:
http://github.com/digitalbazaar/forge/blob/master/README
A WebID demo is currently using Forge to provide a client-side certificate as an authentication mechanism. It's just a demo, so the SSL certificates are self-signed:
https://webid.digitalbazaar.com/manage/
https://payswarm.com/webid-demo/
有一个类用于此目的:
http://help.adobe.com/en_US /FlashPlatform/reference/actionscript/3/flash/net/SecureSocket.html
我相信addBinaryChainBuildingCertificate方法应该能够完成这个任务。
There is a class for this:
http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/net/SecureSocket.html
I believe that the addBinaryChainBuildingCertificate method should be able to complete this task.