directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Karasulu <akaras...@apache.org>
Subject Re: commons-ssl-0.3.4 alpha released
Date Wed, 29 Nov 2006 14:45:33 GMT
Julius Davies wrote:
> Hi,
> 
> I'm writing to announce the alpha release of commons-ssl-0.3.4.  I'm
> writing to "directory@apache.org", because I borrowed your excellent
> ASN.1 parsing code.

Cool thanks for posting about it here.  Wish you the best of luck with 
your new API.

> http://juliusdavies.ca/commons-ssl/
> 
> I'm hoping to soon either start the Apache Incubation Policy for this
> library, or to get it into commons-sandbox.  In the meantime, please
> take a look!  It's very useful for working with SSL and Java.  I
> thought you guys might find it interesting for working with "ldaps://"
> (client or server).  I already use this library at work to connect
> from Java to our Microsoft ActiveDirectory servers.

Very cool.

Thanks,
Alex

> SSLClient extends SSLSocketFactory
> ================================================
> SSLClient client = new SSLClient();
> 
> // Let's trust usual "cacerts" that come with Java.
> // Plus, let's also trust a self-signed cert
> // we know of.  We have some additional certs to
> // trust inside a java keystore file.
> client.addTrustMaterial( TrustMaterial.CACERTS );
> client.addTrustMaterial( new TrustMaterial( "/path/to/self-signed.pem" ) );
> client.addTrustMaterial( new KeyMaterial( "/path/to/keystore.jks",
> "changeit".toCharArray() ) );
> 
> // To be different, let's allow for expired certificates (not recommended).
> client.setCheckHostname( true );  // default setting is "true" for 
> SSLClient
> client.setCheckExpiry( false );   // default setting is "true" for 
> SSLClient
> client.setCheckCRL( true );       // default setting is "true" for 
> SSLClient
> 
> // Let's load a client certificate (max: 1 per SSLClient instance).
> client.setKeyMaterial( new KeyMaterial( "/path/to/client.pfx",
> "secret".toCharArray() ) );
> SSLSocket s = (SSLSocket) client.createSocket( "www.cucbc.com", 443 );
> ================================================
> 
> 
> Unlike regular Java it can load OpenSSL style private keys and
> certficates.  This can be more convenient for users trying to
> administer the server side of things.
> 
> ================================================
> // Compatible with the private key / certificate chain created from
> // following the Apache2 TLS FAQ: "How do I create a self-signed
> // SSL Certificate for testing purposes?"
> // http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#selfcert
> 
> SSLServer server = new SSLServer();
> 
> // Server needs some key material.  We'll use an
> // OpenSSL/PKCS8 style key (possibly encrypted).
> String certificateChain = "/path/to/this/server.crt";
> String privateKey = "/path/to/this/server.key";
> char[] password = "changeit".toCharArray();
> KeyMaterial km = new KeyMaterial( certificateChain, privateKey, password );
> 
> server.setKeyMaterial( km );
> ================================================
> 
> 
> Finally, I would just like to say thanks for contributing the ASN.1
> parsing code to Apache!
> 
> 


Mime
View raw message