Next up: Martin Kobetic, who's going to talk about the security frameworks in Cincom Smalltalk:

This talk will be covering SSL, client authentication, and certificates in Cincom Smalltalk. The web server being used for demonstration is a simple web server implemented in Opentalk. To use a secure connection, the first thing we need is a certificate. Typically, you get a certificate from a trusted source, but you can create them from code (probably for testing), or import one that has been issued:

You can save (and restore) keys that you generate for this to and from disk (or a database, etc). You can save and restore certificates the same way (in fact, I've done that in BottomFeeder). So with that out of the way, Martin is creating a secure (https) server. This looks just like creating a normal one, but with the additional step of handing it a certificate, and telling it to use a transport of https instead if http. With that done, using Firefox, we get the normal "Do you trust this certificate" prompt from the browser.

Unlike browsers, we don't ship CST with pre-trusted certificates. The reason? It's a hard job to make sure that the ones you ship are up to date and valid. You can add certificates to the registry (and save that to disk) pretty easily:

registry := X509Registry new.
registry addTrusted: someCertificate.

Likewise, there's protocol to handle revoking and removal of certificates. Also, you can export the certificates out of the browser and read them in using class CertificateFileReader.

Technorati Tags: smalltalk, cincom smalltalk, users conference