[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r15458: Add instructions on how to run the application (puppetor/branches/gsoc2008/doc)
Author: sebastian
Date: 2008-06-24 16:07:45 -0400 (Tue, 24 Jun 2008)
New Revision: 15458
Modified:
puppetor/branches/gsoc2008/doc/howtosecurermi.txt
Log:
Add instructions on how to run the application
Modified: puppetor/branches/gsoc2008/doc/howtosecurermi.txt
===================================================================
--- puppetor/branches/gsoc2008/doc/howtosecurermi.txt 2008-06-24 19:45:08 UTC (rev 15457)
+++ puppetor/branches/gsoc2008/doc/howtosecurermi.txt 2008-06-24 20:07:45 UTC (rev 15458)
@@ -1,9 +1,47 @@
To securely use PuppeTor to connect a testing network over untrusted networks
-such as the Internet, a public/private key environment is set up. The one instance of PuppeTor that controls the flow of the test and checks milestones will be called the master instance, all others are called slave instances. All slaves verify that the master's certificate to establish a (ssl-secured) connection to the master. The master will then validate that it knows about the client and only allow connections from clients that provide a valid certificate.
-TODO: Write a script that allows easy creation of certificates for a given network
+such as the Internet, a public/private key environment is set up. The one
+instance of PuppeTor that controls the flow of the test and checks milestones
+will be called the master instance, all others are called slave instances. All
+slaves verify that the master's certificate is valid and trusted to establish a
+(ssl-secured) connection to the master. The master will then validate that it
+knows about the client and only allow connections from clients that provide a
+valid certificate.
+TODO: Write a script that allows easy creation of certificates for a given
+network
-Setting up secure RMI
+Setting up the application:
+ To set up the script, please follow the instructions below to create your own
+ certificates. It is advised to create one certificate per slave and one for
+ the master. The master's truststore must contain all the exported certificates
+ of the slaves, whereas all the slaves need only the master's exported cert in
+ their truststore. The keystore will always only contain one private key
+ corresponding to the respective slave or the master. Name the stores
+ appropriatly and place them into the "res" directory of your PuppeTor
+ directory. Inside the rmi.executable package, you will have to change the
+ files PuppeTorMasterProgram.java and PuppeTorSlaveProgram.java to contain the
+ correct path to the stores as well as the passwords. Make sure that port 2050
+ is not firewalled on the computer where you want to run your master, or change
+ the port variable in both files to any other non-firewalled port. Also set the
+ serveraddress to point to the master's IP. You may pick 127.0.0.1 to run a
+ local test.
+
+ Finally, in your console, cd into the PuppeTor-Directory and compile
+ everything into bin/. Then you can start the master like this:
+
+ java -cp bin/:lib/torctl.jar \
+ de.uniba.wiai.lspi.puppetor.rmi.execute.PuppeTorMasterProgram
+
+ and the slave like this:
+
+ java -cp bin/:lib/torctl.jar \
+ de.uniba.wiai.lspi.puppetor.rmi.execute.PuppeTorSlaveProgram
+
+ Optionally, add the option "-Djavax.net.debug=all" to receive debug output in
+ the console window.
+
+Setting up the truststore and keystore
+
Stuff you will need:
* Java version 1.5 or above
* the Java keytool. This is included in the standard Java distributions,