directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Julius Davies" <>
Subject commons-ssl-0.3.4 alpha released
Date Wed, 29 Nov 2006 03:50:45 GMT

I'm writing to announce the alpha release of commons-ssl-0.3.4.  I'm
writing to "", because I borrowed your excellent
ASN.1 parsing code.

I'm hoping to soon either start the Apache Incubation Policy for this
library, or to get it into commons-sandbox.  In the meantime, please
take a look!  It's very useful for working with SSL and Java.  I
thought you guys might find it interesting for working with "ldaps://"
(client or server).  I already use this library at work to connect
from Java to our Microsoft ActiveDirectory servers.

SSLClient extends SSLSocketFactory
SSLClient client = new SSLClient();

// Let's trust usual "cacerts" that come with Java.
// Plus, let's also trust a self-signed cert
// we know of.  We have some additional certs to
// trust inside a java keystore file.
client.addTrustMaterial( TrustMaterial.CACERTS );
client.addTrustMaterial( new TrustMaterial( "/path/to/self-signed.pem" ) );
client.addTrustMaterial( new KeyMaterial( "/path/to/keystore.jks",
"changeit".toCharArray() ) );

// To be different, let's allow for expired certificates (not recommended).
client.setCheckHostname( true );  // default setting is "true" for SSLClient
client.setCheckExpiry( false );   // default setting is "true" for SSLClient
client.setCheckCRL( true );       // default setting is "true" for SSLClient

// Let's load a client certificate (max: 1 per SSLClient instance).
client.setKeyMaterial( new KeyMaterial( "/path/to/client.pfx",
"secret".toCharArray() ) );
SSLSocket s = (SSLSocket) client.createSocket( "", 443 );

Unlike regular Java it can load OpenSSL style private keys and
certficates.  This can be more convenient for users trying to
administer the server side of things.

// Compatible with the private key / certificate chain created from
// following the Apache2 TLS FAQ: "How do I create a self-signed
// SSL Certificate for testing purposes?"

SSLServer server = new SSLServer();

// Server needs some key material.  We'll use an
// OpenSSL/PKCS8 style key (possibly encrypted).
String certificateChain = "/path/to/this/server.crt";
String privateKey = "/path/to/this/server.key";
char[] password = "changeit".toCharArray();
KeyMaterial km = new KeyMaterial( certificateChain, privateKey, password );

server.setKeyMaterial( km );

Finally, I would just like to say thanks for contributing the ASN.1
parsing code to Apache!


Julius Davies

View raw message