Hi, I'm writing to announce the alpha release of commons-ssl-0.3.4. I'm writing to "[EMAIL PROTECTED]", because I borrowed your excellent ASN.1 parsing code.
http://juliusdavies.ca/commons-ssl/ I'm hoping to soon either start the Apache Incubation Policy for this library, or to get it into commons-sandbox. In the meantime, please take a look! It's very useful for working with SSL and Java. I thought you guys might find it interesting for working with "ldaps://" (client or server). I already use this library at work to connect from Java to our Microsoft ActiveDirectory servers. SSLClient extends SSLSocketFactory ================================================ SSLClient client = new SSLClient(); // Let's trust usual "cacerts" that come with Java. // Plus, let's also trust a self-signed cert // we know of. We have some additional certs to // trust inside a java keystore file. client.addTrustMaterial( TrustMaterial.CACERTS ); client.addTrustMaterial( new TrustMaterial( "/path/to/self-signed.pem" ) ); client.addTrustMaterial( new KeyMaterial( "/path/to/keystore.jks", "changeit".toCharArray() ) ); // To be different, let's allow for expired certificates (not recommended). client.setCheckHostname( true ); // default setting is "true" for SSLClient client.setCheckExpiry( false ); // default setting is "true" for SSLClient client.setCheckCRL( true ); // default setting is "true" for SSLClient // Let's load a client certificate (max: 1 per SSLClient instance). client.setKeyMaterial( new KeyMaterial( "/path/to/client.pfx", "secret".toCharArray() ) ); SSLSocket s = (SSLSocket) client.createSocket( "www.cucbc.com", 443 ); ================================================ Unlike regular Java it can load OpenSSL style private keys and certficates. This can be more convenient for users trying to administer the server side of things. ================================================ // Compatible with the private key / certificate chain created from // following the Apache2 TLS FAQ: "How do I create a self-signed // SSL Certificate for testing purposes?" // http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#selfcert SSLServer server = new SSLServer(); // Server needs some key material. We'll use an // OpenSSL/PKCS8 style key (possibly encrypted). String certificateChain = "/path/to/this/server.crt"; String privateKey = "/path/to/this/server.key"; char[] password = "changeit".toCharArray(); KeyMaterial km = new KeyMaterial( certificateChain, privateKey, password ); server.setKeyMaterial( km ); ================================================ Finally, I would just like to say thanks for contributing the ASN.1 parsing code to Apache! -- yours, Julius Davies 416-652-0183 http://juliusdavies.ca/
