|
Home > Archive > Apache Directory Project > November 2006 > commons-ssl-0.3.4 alpha released
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
commons-ssl-0.3.4 alpha released
|
|
| Julius Davies 2006-11-29, 1:11 am |
| Hi,
I'm writing to announce the alpha release of commons-ssl-0.3.4. I'm
writing to "directory-1oDqGaOF3Lkdnm+yROfE0A@public.gmane.org", because I borrowed your excellent
ASN.1 parsing code.
http://juliusdavies.ca/commons-ssl/
I'm hoping to soon either start the Apache Incubation Policy for this
library, or to get it into commons-sandbox. In the meantime, please
take a look! It's very useful for working with SSL and Java. I
thought you guys might find it interesting for working with "ldaps://"
(client or server). I already use this library at work to connect
from Java to our Microsoft ActiveDirectory servers.
SSLClient extends SSLSocketFactory
========================================
========
SSLClient client = new SSLClient();
// Let's trust usual "cacerts" that come with Java.
// Plus, let's also trust a self-signed cert
// we know of. We have some additional certs to
// trust inside a Java keystore file.
client.addTrustMaterial( TrustMaterial.CACERTS );
client.addTrustMaterial( new TrustMaterial( "/path/to/self-signed.pem" ) );
client.addTrustMaterial( new KeyMaterial( "/path/to/keystore.jks",
"changeit".toCharArray() ) );
// To be different, let's allow for expired certificates (not recommended).
client.setCheckHostname( true ); // default setting is "true" for SSLClient
client.setCheckExpiry( false ); // default setting is "true" for SSLClient
client.setCheckCRL( true ); // default setting is "true" for SSLClient
// Let's load a client certificate (max: 1 per SSLClient instance).
client.setKeyMaterial( new KeyMaterial( "/path/to/client.pfx",
"secret".toCharArray() ) );
SSLSocket s = (SSLSocket) client.createSocket( "www.cucbc.com", 443 );
========================================
========
Unlike regular Java it can load OpenSSL style private keys and
certficates. This can be more convenient for users trying to
administer the server side of things.
========================================
========
// Compatible with the private key / certificate chain created from
// following the Apache2 TLS FAQ: "How do I create a self-signed
// SSL Certificate for testing purposes?"
// http://httpd.apache.org/docs/2.2/ss...q.html#selfcert
SSLServer server = new SSLServer();
// Server needs some key material. We'll use an
// OpenSSL/PKCS8 style key (possibly encrypted).
String certificateChain = "/path/to/this/server.crt";
String privateKey = "/path/to/this/server.key";
char[] password = "changeit".toCharArray();
KeyMaterial km = new KeyMaterial( certificateChain, privateKey, password );
server.setKeyMaterial( km );
========================================
========
Finally, I would just like to say thanks for contributing the ASN.1
parsing code to Apache!
--
yours,
Julius Davies
416-652-0183
http://juliusdavies.ca/
| |
| Alex Karasulu 2006-11-29, 1:11 pm |
| Julius Davies wrote:
> Hi,
>
> I'm writing to announce the alpha release of commons-ssl-0.3.4. I'm
> writing to "directory-1oDqGaOF3Lkdnm+yROfE0A@public.gmane.org", because I borrowed your excellent
> ASN.1 parsing code.
Cool thanks for posting about it here. Wish you the best of luck with
your new API.
> http://juliusdavies.ca/commons-ssl/
>
> I'm hoping to soon either start the Apache Incubation Policy for this
> library, or to get it into commons-sandbox. In the meantime, please
> take a look! It's very useful for working with SSL and Java. I
> thought you guys might find it interesting for working with "ldaps://"
> (client or server). I already use this library at work to connect
> from Java to our Microsoft ActiveDirectory servers.
Very cool.
Thanks,
Alex
> SSLClient extends SSLSocketFactory
> ========================================
========
> SSLClient client = new SSLClient();
>
> // Let's trust usual "cacerts" that come with Java.
> // Plus, let's also trust a self-signed cert
> // we know of. We have some additional certs to
> // trust inside a Java keystore file.
> client.addTrustMaterial( TrustMaterial.CACERTS );
> client.addTrustMaterial( new TrustMaterial( "/path/to/self-signed.pem" ) );
> client.addTrustMaterial( new KeyMaterial( "/path/to/keystore.jks",
> "changeit".toCharArray() ) );
>
> // To be different, let's allow for expired certificates (not recommended).
> client.setCheckHostname( true ); // default setting is "true" for
> SSLClient
> client.setCheckExpiry( false ); // default setting is "true" for
> SSLClient
> client.setCheckCRL( true ); // default setting is "true" for
> SSLClient
>
> // Let's load a client certificate (max: 1 per SSLClient instance).
> client.setKeyMaterial( new KeyMaterial( "/path/to/client.pfx",
> "secret".toCharArray() ) );
> SSLSocket s = (SSLSocket) client.createSocket( "www.cucbc.com", 443 );
> ========================================
========
>
>
> Unlike regular Java it can load OpenSSL style private keys and
> certficates. This can be more convenient for users trying to
> administer the server side of things.
>
> ========================================
========
> // Compatible with the private key / certificate chain created from
> // following the Apache2 TLS FAQ: "How do I create a self-signed
> // SSL Certificate for testing purposes?"
> // http://httpd.apache.org/docs/2.2/ss...q.html#selfcert
>
> SSLServer server = new SSLServer();
>
> // Server needs some key material. We'll use an
> // OpenSSL/PKCS8 style key (possibly encrypted).
> String certificateChain = "/path/to/this/server.crt";
> String privateKey = "/path/to/this/server.key";
> char[] password = "changeit".toCharArray();
> KeyMaterial km = new KeyMaterial( certificateChain, privateKey, password );
>
> server.setKeyMaterial( km );
> ========================================
========
>
>
> Finally, I would just like to say thanks for contributing the ASN.1
> parsing code to Apache!
>
>
|
|
|
|
|