Thali could be entirely built using Firefox technologies and in so doing have a single code base that would literally run anywhere. But the complexity of doing so appears so high that for now it seems better to take a different approach.
The end result is that what Thali needs is doable in Firefox. But the cost and complexity seems to high.
The following is the core functionality we are depending on Java for at the moment.
- Generate RSA 2048 or better yet 4096 public/private key and put it in a PKCS12 file
- Generate X.509 cert
- Parse X.509 Cert
- Validate X.509 cert chain
- Open incoming SSL connection using self signed cert (or self signed cert chain) & being able to accept any cert from the client and then get the client cert for further analysis
- Open outgoing SSL connection and be able to specify what cert you expect the server to present (or chain to) and specify what cert you want to present
- HTTP Server that can run over the ssl connection http://mxr.mozilla.org/mozilla-central/source/dom/network/tests/unit/test_tcpsocket.js shows a test for opening both a client and server socket but it doesn’t use SSL which is actually the subject of two open bugs.
- HTTP client that can run over the ssl connection
- SSDP or ZeroConf support and/or the ability to send and receive UDP
http://mxr.mozilla.org/mozilla-central/ident - Provides a search interface over Mozilla’s source code. I’ve been using it to find functionality.
Much thanks (or, depending on how things turn out, curses) to Oleg Romashin and Scott Blomquist for pointing this path out. And to John-Galt (who ever you are) from #addons IRC on Mozilla for pointing out NSS.