Julius Davies wrote:
Hi,
I'm writing to announce the alpha release of commons-ssl-0.3.4. I'm
writing to "[EMAIL PROTECTED]", because I borrowed your excellent
ASN.1 parsing code.
Cool thanks for posting about it here. Wish you the best of luck with
your new API.
http://juliusdavies.ca/commons-ssl/
I'm hoping to soon either start the Apache Incubation Policy for this
library, or to get it into commons-sandbox. In the meantime, please
take a look! It's very useful for working with SSL and Java. I
thought you guys might find it interesting for working with "ldaps://"
(client or server). I already use this library at work to connect
from Java to our Microsoft ActiveDirectory servers.
Very cool.
Thanks,
Alex
SSLClient extends SSLSocketFactory
================================================
SSLClient client = new SSLClient();
// Let's trust usual "cacerts" that come with Java.
// Plus, let's also trust a self-signed cert
// we know of. We have some additional certs to
// trust inside a java keystore file.
client.addTrustMaterial( TrustMaterial.CACERTS );
client.addTrustMaterial( new TrustMaterial( "/path/to/self-signed.pem" ) );
client.addTrustMaterial( new KeyMaterial( "/path/to/keystore.jks",
"changeit".toCharArray() ) );
// To be different, let's allow for expired certificates (not recommended).
client.setCheckHostname( true ); // default setting is "true" for
SSLClient
client.setCheckExpiry( false ); // default setting is "true" for
SSLClient
client.setCheckCRL( true ); // default setting is "true" for
SSLClient
// Let's load a client certificate (max: 1 per SSLClient instance).
client.setKeyMaterial( new KeyMaterial( "/path/to/client.pfx",
"secret".toCharArray() ) );
SSLSocket s = (SSLSocket) client.createSocket( "www.cucbc.com", 443 );
================================================
Unlike regular Java it can load OpenSSL style private keys and
certficates. This can be more convenient for users trying to
administer the server side of things.
================================================
// Compatible with the private key / certificate chain created from
// following the Apache2 TLS FAQ: "How do I create a self-signed
// SSL Certificate for testing purposes?"
// http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#selfcert
SSLServer server = new SSLServer();
// Server needs some key material. We'll use an
// OpenSSL/PKCS8 style key (possibly encrypted).
String certificateChain = "/path/to/this/server.crt";
String privateKey = "/path/to/this/server.key";
char[] password = "changeit".toCharArray();
KeyMaterial km = new KeyMaterial( certificateChain, privateKey, password );
server.setKeyMaterial( km );
================================================
Finally, I would just like to say thanks for contributing the ASN.1
parsing code to Apache!
begin:vcard
fn:Alex Karasulu
n:Karasulu;Alex
org:Apache Software Foundation;Apache Directory
adr:;;1005 N. Marsh Wind Way;Ponte Vedra ;FL;32082;USA
email;internet:[EMAIL PROTECTED]
title:Member, V.P.
tel;work:(904) 791-2766
tel;fax:(904) 808-4789
tel;home:(904) 808-4789
tel;cell:(904) 315-4901
note;quoted-printable:AIM: alexokarasulu=0D=0A=
MSN: [EMAIL PROTECTED]
Yahoo!: alexkarasulu=0D=0A=
IRC: aok=0D=0A=
PGP ID: 1024D/4E1370F8 BBCC E8D8 8756 2D51 C3D4 014A 3662 F96F 4E13 70F8=0D=0A=
x-mozilla-html:FALSE
url:http://people.apache.org/~akarasulu
version:2.1
end:vcard
